Now anyone, not just cops with a warrant, can peek inside your Dropbox
Forensic computer security company ATC-NY on Thursday released a new, free tool called Dropbox Reader which helps investigators read "evidence files" associated with Dropbox cloud storage accounts.
Dropbox Reader is actually a series of six command line Python scripts which parse the configuration and cache files of a Dropbox account, including the user's registered e-mail address, dropbox identifier, software version info and list of recently changed files stored in config.db, the information about shared directories and files marked for sync stored in filecache.db.
According to the readme file accompanying Dropbox Reader, the Python scripts operate on SQLite3 Dropbox database files which are typically stored in the ~/.dropbox
directory on Linux and OS X machines, and in %AppData%\Dropbox on Windows machines.
Two months ago, Dropbox shocked its users with a major change to its terms of service. Previously the service claimed that files could actually be safer while stored in a Dropbox account than on a local drive in some cases. "We use the same secure methods as banks and the military to send and store your data...Nobody can see your private files in Dropbox unless you deliberately invite them or put them in your Public folder."
But then, its ToS changed to include the following: "As set forth in our privacy policy, and in compliance with United States law, Dropbox cooperates with United States law enforcement when it receives valid legal process, which may require Dropbox to provide the contents of your private Dropbox."
Dropbox users expressed anger at the ToS changes. Betanews ran two polls asking readers' reactions. To the first poll, 46 percent were "really ticked off" and 27 percent "kind of peeved." Only 12 percent weren't bothered by the ToS change. The second poll, asking if people would drop Dropbox, was less extreme: 58 percent yes and 42 percent no.
In Dropbox's forums, a subscriber going by the name of "Darren M." summed up why he was abandoning Dropbox, despite its high-quality service: "If the files I uploaded were just pics of me sunburned at the beach or personal financial docs like old bank statements, I might be OK with the new TOS. However, my clients rely on me to keep their private information confidential. And I can't, in good conscience, trust my data (and their confidences) to a service that clearly misled me from the get-go about what it could and could not do."
Dropbox Reader is yet another reason for Dropbox subscribers to be more responsible about how they interact with the cloud service.
Before the ToS change, the service boasted: "Dropbox employees are unable to view user files." Now, not only are the files viewable, but with Dropbox Reader, the very fundamental elements of the account are penetrable.