Popular cloud-storage service Dropbox has updated its terms of service to include a clause that states it will turn your files over to the government--if the government asks, of course Popular cloud-storage service Dropbox has updated its terms of service to include a clause that states it will turn your files over to the government–if the government asks, of course.This is nothing groundbreaking, Business Insider points out –it’s a fairly common clause that appears in other cloud services’ TOS, including Gmail, Hotmail, and Amazon cloud.Dropbox is one of the leading cloud-storage services, and it works by installing a special “cloud” folder to your computer’s hard disk. Any files you place in this special folder are then synced with your Dropboxes around the world (you can install Dropbox on any number of computers, phones, and tablets), and can be accessed from any Dropbox-enabled device.The updated passage reads: As set forth in our privacy policy, and in compliance with United States law, Dropbox cooperates with United States law enforcement when it receives valid legal process, which may require Dropbox to provide the contents of your private Dropbox. In these cases, Dropbox will remove Dropbox’s encryption from the files before providing them to law enforcement.Ok, so no worries–so long as you’re not doing anything wrong, you should be fine. So why is this news? Well, as programmer Miguel de Icaza points out on his personal blog, Dropbox makes some “bold claims” about security on its Website. Specifically, it says that Dropbox uses “modern encryption methods” to transfer and store your data, and that nobody, not even Dropbox employees, are able to access user files. In fact, here’s the exact wording:“Dropbox employees aren’t able to access user files, and when troubleshooting an account they only have access to file metadata (filenames, file sizes, etc., not the file contents).”De Icaza points out that Dropbox’s claim that it’s able to decrypt user files if the government asks contradicts its previous public statements.“They claim that Dropbox employees aren’t able to access user files,” de Icaza writes, “This announcement means that Dropbox never had any mechanism to prevent employees from accessing your files, and it means that Dropbox never had the crypto smarts to ensure the privacy of your files and never had the smarts to only decrypt the files for you.”Troubling. Perhaps it’s time to rethink your cloud storage service. Also, stop saving your child porn and drug money receipts in your Dropbox folder.Follow Sarah on Twitter (@geeklil) or on Facebook Related content news ChatGPT “not a reliable” tool for detecting vulnerabilities in developed code NCC Group report claims machine learning models show strong promise in detecting novel zero-day attacks. By Michael Hill Oct 04, 2023 3 mins DevSecOps DevSecOps DevSecOps news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability brandpost The advantages and risks of large language models in the cloud Understanding the pros and cons of LLMs in the cloud is a step closer to optimized efficiency—but be mindful of security concerns along the way. By Daniel Prizmant, Senior Principal Researcher at Palo Alto Networks Oct 03, 2023 5 mins Cloud Security news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Vulnerabilities Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe