Is it secure to give someone my laptop with my Dropbox folder saved on it?
The first rule about computer security:
If I can touch it, I own all data on it.
There are no exceptions to this rule. Physical access = game over. It may take time, but once physical access is obtained, there is nothing you can do to stop a security breach. If you are loaning him the laptop, he certainly has access to every file on that laptop if he wants it.
If you do not wish him to have access to your dropbox or other user files on the machine, remove them from the machine before giving it to him. Ideally, use a file shredder that will overwrite the files on disk.
Ultimately it's up to you to judge the trust in your friend vs. the work required to secure the data against his access, or access he might inadvertently grant to others.
If he needs to install system software, then he will need to have administrator access. If he has administrator access, then he can bypass all OS-level security like file permissions. Only encryption will delay him there, and that's assuming the encryption is properly implemented, and a secure key is used. (Note, I've recovered "average" passwords from the built-in encryption of personal excel 2007 spreadsheets, .rar archives, and windows' EFS. It takes about one day - one week)
If he doesn't have administrator access, he can easily give himself administrator access with the ability to boot the machine from a live CD.
- He will be able to access your dropbox folder, as well as every other file on your system.
- Any software he installs, including viruses, worms, rootkits, and spyware could have access to every file on your system.
- Your dropbox folder is not encrypted on your harddrive, unless you do so manually. You also cannot guarantee that it is encrypted on dropbox's servers (Though I hope that it is, and they say that it is).
Don't forget about temporary files, webbrowser caches, and webbrowser cookies. These can allow him into your web accounts without knowing your password. Please, think of the cookies!
If I were loaning a system to someone I considered a friend for a period of time, I would either swap out the harddrive if I had one hand or could afford a spare, or make a backup of all important information, format the harddrive, and then reinstall the OS. When (s)he returns it, format again and reinstall the OS again. You don't want the viruses (s)he might have picked up, and trying to clean all sensitive information out of a system is extremely difficult.
Not because I necessarily think my friend will abuse the data, but because I don't trust that (s)he won't inadvertently expose the system to someone who does have such desires.
If I considered the person a true friend in the traditional sense, I wouldn't really worry about it. Would you loan this person keys to your house or car?
Anything you really were worried about anyway should be in an high grade encryption volume that requires a key entry on every use since Dropbox isn't really secure anyway.
No, Dropbox is not encrypted for the contents ON your computer. He can access the folder just fine, and virus software will be able to access it without issue
The dropbox is stored (default) in the users directory so if someone has access to that folder then he can read/write the files (which are unencrypted).
Btw, the same is for google drive and possibly other similar services.