The popular cloud hosting and syncing service Dropbox has been in the news lately. First there were reports about Dropbox being insecure because of a configuration file that could allow anyone to access a user's Dropbox storage.
Then there were news that photo galleries might be accessible on the Internet without the user's knowledge.
If that was not already enough, there was an incident with the Open Source project Dropship which used Dropbox for file sharing purposes.
The interview with Dropbox's co-founder and CTO Arash Ferdowsi is about Dropbox's perspective on said issues.
Please tell us a little bit about yourself and your position at Dropbox
A: I'm Arash and I'm the Co-founder and CTO of Dropbox.
Dropbox has seen a big surge in users over the past year, how has the company accommodated the rapid growth?
A: It's a combination of architecture and automation. We carefully think through how our infrastructure is architected to deliver a service that will scale to 50 million, 100 million, 500 million users. We’ve also hired an awesome group of support engineers that not only answer every support ticket that comes in (from free and paid users alike), but who are building automation and auto-suggest systems that allow users find answers to their questions on their own.
Can you tell us about the company’s infrastructure?
A: We store files (after first encrypting them) on Amazon's Simple Storage Service (S3). We also have database servers, web servers, and the rest of our infrastructure outside of Amazon.
Dropbox staff seems very motivated, what’s the secret of the staff’s commitment?
A: Designing a great product is a very creative job. It's amazing to be able to exercise your creativity in a way that makes the lives of millions of people better. We're really fortunate to have that opportunity. It's the best job in the world.
As more and more companies get into the file hosting / synchronization market, how do you differentiate yourselves? Who do you consider your competitors?
A: What makes Dropbox special is that it just works. Every update should make Dropbox not just more powerful but also simpler. We've spent untold hours obsessing over every tiny detail of how Dropbox works, so you don't have to. Software like this simplifies your life and gives you time back.
Any plans to increase the available storage in the near future?
A: We’re looking at offering larger storage options. Businesses and organizations can already purchase more storage with a Dropbox for Teams account.
When did you hear about the issue?
A: We heard about this issue when users wrote into support with the link to the security researcher's blog post.
The issue was controversially discussed on the Internet, was that similar in internal meetings?
A: Not really. As we stated, if your computer is compromised, all your files are already exposed, not just Dropbox. That said, there were things we could do to make Dropbox more resistant to attacks from someone with access to your computer, and we immediately began working on it.
Which steps were taken to resolve the situation?
A: Our client team immediately addressed the permissions issue so that the config.db file can’t be accessed across local user accounts. We also began investigating approaches to encrypting the config.db file and making user credentials harder to steal. We released the first build to our user forums a month later.
How long will it take before 1.2 is released as stable?
A: Probably a few more weeks. Unfortunately the encrypted config.db file breaks several third-party apps so we want to give them a chance to design workarounds.
Are photos that are uploaded to the photo folder automatically public, meaning not protected by a password initially?
A: Actually, they are semi-private. The links include a random sequence of characters and then the filename, and it is possible but unlikely that someone can guess this. Of course, if links are posted on a public site that is crawled by a search engine, it is discoverable.
What can users do who no longer want their photos to be public on the Internet?
A: Simply move them out of the Photos or Public folder. By default, Dropbox doesn’t create publicly accessible URLs for files. The exceptions are those files that are placed in the Public folder and Photos folder.
Can you comment on the Dropship situation?
A: When something pops up that encourages and enables people to use Dropbox for infringing copyright content, you can imagine how that could ruin the service for everyone. Illegal file sharing has never been permitted and we take great pains to keep it off of Dropbox. We have a variety of easy-to-use sharing mechanisms (public links, shared folders, etc.) that people have been using for a long time for legitimate uses.
To clear up any confusion about Dropbox using DMCA to kill an open source project, we never issued a DMCA takedown to anyone. One user posted the source code on Dropbox and we removed it via a support banning tool. Unfortunately, the user received a bizarrely-worded email from us saying that we had received a takedown notice from ourselves (no such notice ever existed), for which we've since apologized.
Could you describe some ingenious uses for Dropbox, for instance how users are making use of Dropbox’s capabilities?
A: Our users write in with stories every day about how Dropbox is simplifying their lives. Astronomers are collaborating across continents by setting telescope data to save directly into their Dropboxes. Disaster response workers used Dropbox to share data and coordinate the relief effort after the Haiti earthquake.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.