Even if there is a performance/battery life cost, it’s worth taking the hit. Not until I see figures proving that there is a significant saving. If they’re purposefully sending metadata via http instead of https for performance reasons, or for battery life, I don’t buy it. It would have been nice if they’d mentioned this in their response to me, rather than pretending it’s a new issue. Apparently they’ve already known about it for at least four to five months. I will discuss this further with our mobile team to see if we can offer the option of total transmission encryption on the phone and update this document to reflect the current status of metadata transmission.Ī reasonable response? Maybe… Except that, since they replied, I’ve done some searching and found a thread on their forum which discusses this issue. I'm sorry that this isn't more clearly defined. The information in the help center is in relation to the Dropbox desktop and website and doesn't apply to the mobile interface. I contacted Dropbox and asked for comment. That wouldn’t be the end of the World, but I consider that information to be reasonably private, and I’m sure other people use Dropbox for data that is considerably more private. If somebody happens to be sniffing the network traffic when I view this folder from my phone, they’ll get a list of all my clients (from the filenames), along with approximate dates I worked for them (from the last modified timestamp). I have an “Invoices” folder which contains PDFs of invoices that I have sent out to my clients. The metadata is most definitely sent in the clear. Well, not when using the Android mobile client it isn’t. On it clearly states: "All transmission of file data and metadata occurs over an encrypted channel (SSL)." To my surprise, I noticed that all file metadata was sent in the clear. Out of curiosity, I fired up tcpdump on my router to have a look at the traffic my Android phone’s Dropbox client was transferring during usage. Those of you who don’t, should look it up it’s a really simple cross platform app for syncing files between machines, sharing files and folders with other people, or simply providing near real-time automatic online backups with revision control. I know some of the people who read this blog use Dropbox.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |