A complaint filed with the FTC last week charges that the popular cloud-based storage system Dropbox misled its users about the security and privacy afforded by its services. Although security and privacy have been some of Dropbox’s selling points, the complaint alleges that the company deceived users into thinking their files were completely encrypted and that Dropbox employees could not see the contents of the file.
At issue, in part, were Dropbox’s Terms of Service that stated that “all files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password.” Dropbox recently revised these terms to read simply “All files stored on Dropbox servers are encrypted (AES 256).