Tumblr co-founder airs Dropbox data security concerns

File sharing

Marco Arment, the co-founder of blogging platform Tumblr, has become the latest high-profile name to air concerns about the security of data stored on popular file sharing service Dropbox.

Arment, who left Tumblr in September 2010 to focus on the development of bookmark and reading service Instapaper, expressed his concerns in his weekly Build and Analyse podcast.

During the broadcast, Arment reportedly said he would not store anything he did not want made public on Dropbox.

A Dropbox employee could theoretically view or steal your data.

"Anything that is really sensitive or extremely valuable or needed to be kept very secret, I wouldn't store on anybody else's servers," Arment is reported to have said.

"That seems ridiculous [to me] unless I held the encryption keys, like with the online backup service I use."

Since its launch in 2007, DropBox has quickly established itself as a major player in the online file hosting market, and claims to have more than 50 million users.

However, concerns about data privacy and who owns the copyright of any files stored on its servers have been repeatedly raised by industry watchers.

In a statement, Rob Sobers, technical manager at data security vendor Varonis, backed Arment's view, claiming Dropbox holds the keys needed to encrypt and decrypt data on their servers.

"Dropbox isn't just online backup, it's a collaboration tool. In order to offer public file sharing features, they have to be able to decrypt data stored on their servers," he explained.

"This means that a Dropbox employee could theoretically view or steal your data," added Sobers.

It's not just internal threats Dropbox users should be fearful of, added Sobers, as the site's high profile could make it a ripe target for hackers.

"Public cloud services are more likely to be hit by hackers because they are high value targets and, by definition, accessible over the internet," he said.

"Any time I store something in the cloud be it Dropbox or Twitter or Facebook I ask myself, how would I feel if this data were on the front page of the New York Times tomorrow?'"

IT Pro was awaiting a response from Dropbox about Arment's claims at the time of publication.

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.