Miguel de Icaza:

This announcement means that Dropbox never had any mechanism to prevent employees from accessing your files, and it means that Dropbox never had the crypto smarts to ensure the privacy of your files and never had the smarts to only decrypt the files for you. It turns out, they keep their keys on their servers, and anyone with clearance at Dropbox or anyone that manages to hack into their servers would be able to get access to your files.

That is very concerning for me — I keep just about everything in Dropbox these days. I may have to think about storing more sensitive stuff inside encrypted DMGs on Dropbox.

Posted by Ben Brooks