Dropbox, a well known US based IP Storage service provider was caught red handed for looking into every file uploaded by its user. But the company claims that it is a normal practice and is as per norms and details mentioned in its service level agreement.
The disclosure was made after a test was conducted on the service provider by a security company, where it was practically proven that all “.doc” files uploaded onto the platform were being opened within 10 minutes of upload.
Dropbox’s spying behavior was detected by HoneyDocs, which is a new web based service that keeps a tab with the help of a log file of the documents that were opened or edited.
The experiment involved uploading of “.zip” HoneyDoc Folder to Dropbox which had “.doc” files in it. With the help of HoneyDocs a user can easily set up a sting on a file, where a sms/email can be sent to the document owner if in case it has been opened or altered in some other location. The file will also have a map plotted in its properties where the owner of the file can know the location from where it has been accessed and all that is possible with the help of a HTTP Get Request( also known as buzz) assigned to sting.
It is proven that the first buzz in this case was received within 10 minutes after the file was uploaded with the IP address of an Amazon EC2 instance in Seattle. It is already a known fact that Dropbox platform works on Amazon Cloud Infrastructure.
As per the information available, it can be concluded that Amazon only opens “.doc” files. But still there is a possibility that Dropbox can also open other files uploaded onto its platform as well.
Clearing the air, Dropbox came up with the explanation that the opening of file was for de-duplication purpose and also to simultaneously scan for malware. Additionally, it claims that the file access was also meant for the purpose of building a preview to the document. This move will facilitate the users to open the files directly from browser and will eliminate the need of downloading software programs on to their PCs.
But if that is the case, then why are other files not being opened or are they also being accessed in a secret way? It is to be notified that there is a possibility of data spillage at this point of time creating a preview for the document.
But the IP Storage says that only a small number of employees are allowed to peep into the data which is in the documents and is confident that data spillage will never happen in its organization. The company issued a press statement that it has a strict policy and technical access controls that prohibit its employees from accessing the data, except for some rare circumstances.
But it is hereafter proved that Dropbox peeps in to the data from files uploaded by its users and there is a high possibility that another revelation similar to that made by Edward Snowden on NSA Prism is soon possible in near future.
So, here is another example which proves that user data is not secure on cloud platforms.