Criticism of Dropbox

Last updated

Criticism of Dropbox, an American company specializing in cloud storage and file synchronization and their flagship service of the same name, centers around various forms of security and privacy controversies. Issues include a June 2011 authentication problem that let accounts be accessed for several hours without passwords; a July 2011 privacy policy update with language suggesting Dropbox had ownership of users' data; concerns about Dropbox employee access to users' information; July 2012 email spam with reoccurrence in February 2013; leaked government documents in June 2013 with information that Dropbox was being considered for inclusion in the National Security Agency's PRISM surveillance program; a July 2014 comment from NSA whistleblower Edward Snowden criticizing Dropbox's encryption; the leak of 68 million account passwords on the Internet in August 2016; and a January 2017 accidental data restoration incident where years-old supposedly deleted files reappeared in users' accounts.

Contents

April 2011 user authentication file information

Dropbox has been criticized by the independent security researcher Derek Newton, who wrote in April 2011 that Dropbox stored user authentication information in a file on the computer that was "completely portable and is not tied to the system in any way". In explaining the issue, Newton wrote: "This means that if you gain access to a person's config.db file (or just the host_id), you gain complete access to the person's Dropbox until such time that the person removes the host from the list of linked devices via the Dropbox web interface." He updated his post in October 2011 to write that "Dropbox has release version 1.2.48 that utilizes an encrypted local database and reportedly puts in place security enhancements to prevent theft of the machine credentials." [1] A report from The Next Web featured a comment from Dropbox, in which they disagreed with Newton that the topic was a security flaw, explaining that "The researcher is claiming that an attacker would be able to gain access to a user's Dropbox account if they are able to get physical access to the user's computer. In reality, at the point an attacker has physical access to a computer, the security battle is already lost. [...] this 'flaw' exists with any service that uses cookies for authentication (practically every web service)." [2]

May 2011 data deduplication and employee access

In May 2011, a complaint was filed with the U.S. Federal Trade Commission alleging Dropbox misled users about the privacy and security of their files. At the heart of the complaint was the policy of data deduplication, where the system checks if a file has been uploaded before by any other user, and links to the existing copy if so; and the policy of using a single AES-256 key for every file on the system so Dropbox can (and does, for deduplication) look at encrypted files stored on the system, with the consequence that any intruder who gets the key (as well as potential Dropbox employees) could decrypt any file if they had access to Dropbox's backend storage infrastructure. [3] In a response on its blog, Dropbox wrote that "Like most major online services, we have a small number of employees who must be able to access user data when legally required to do so. But that's the exception, not the rule. We have strict policy and technical access controls that prohibit employee access except in these rare circumstances. In addition, we employ a number of physical and electronic security measures to protect user information from unauthorized access." [4] In response to the FTC complaint, Dropbox spokeswoman Julie Supan told InformationWeek that "We believe this complaint is without merit, and raises issues that were addressed in our blog post on April 21." [3]

June 2011 account access without password

On June 20, 2011, TechCrunch reported that all Dropbox accounts could be accessed without password for four hours. [5] In a blog post, co-founder Arash Ferdowsi wrote that "Yesterday we made a code update at 1:54pm Pacific time that introduced a bug affecting our authentication mechanism. We discovered this at 5:41pm and a fix was live at 5:46pm. A very small number of users (much less than 1 percent) logged in during that period, some of whom could have logged into an account without the correct password. As a precaution, we ended all logged in sessions." He wrote that a "thorough investigation" was being conducted, and that "This should never have happened. We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again." [6] Julianne Pepitone, writing for CNNMoney, wrote that "It's the security nightmare scenario: A website stuffed with sensitive documents leaves all of its customer data unprotected and exposed", and featured a comment from Dave Aitel, president and CEO of security firm Immunity Inc., saying "Any trust in the cloud is too much trust in the cloud -- it's as simple as that. [...] It's pretty much the standard among security professionals that you should put on the cloud only what you would be willing to give away." [7]

July 2011 Privacy Policy update

In July 2011, Dropbox updated its Terms of Service, Privacy Policy, and Security Overview agreements. The new Privacy Policy sparked criticism, as noted by Christopher White in a Neowin post, in which he wrote that "They attempted to reduce some of the tedious legalese in order to make it easier for normal people to understand. It appears that they have succeeded in that mission and in the process have taken ownership of every file that uses their service". Citing a paragraph in the updated Privacy Policy that Dropbox needed user permission to "use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display" user's data, White wrote that "This broad terminology is frightening for end users because it clearly lets Dropbox take a person’s work, whether it is photographs, works of fiction, or scientific research, and gives the company the right to do whatever they want with no recourse from the original owner". After users expressed concerns about the change, Dropbox once again updated its policy, adding "This license is solely to enable us to technically administer, display, and operate the Services." White concluded by writing that "While this is a step in the right direction, it still makes no sense as to why a product that is used to move files from one computer to another needs the ability to "prepare derivative works of" anyone's files." [8] [9]

July 2012 email spam and February 2013 reoccurrence

In July 2012, Dropbox hired "outside experts" to figure out why some users were receiving e-mail spam from Dropbox. [10] In a post on its blog, Dropbox employee Aditya Agarwal wrote that "usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We've contacted these users and have helped them protect their accounts." However, Agarwal also noted that "A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam. We're sorry about this, and have put additional controls in place to help make sure it doesn't happen again." One of the additional controls implemented was the introduction of two-factor authentication. [11] [12] In February 2013, users reported additional spam, with the company stating that "At this time, we have not seen anything to suggest this is a new issue", and blamed the earlier e-mail spam issue from the past July. [13]

June 2013 PRISM program

In June 2013, The Guardian and The Washington Post publicized confidential documents suggesting Dropbox was being considered for inclusion in the National Security Agency's classified PRISM program of Internet surveillance. [14] [15]

January 2014 outage

On January 11, 2014, Dropbox experienced an outage. A hacker group called The 1775 Sec posted on Twitter that it had compromised Dropbox's site "in honor of Internet activist and computer programmer Aaron Swartz, who committed suicide a year ago". However, Dropbox itself posted on Twitter that "Dropbox site is back up! Claims of leaked user info are a hoax. The outage was caused during internal maintenance. Thanks for your patience!" [16] [17] [18] In a blog post detailing the issue, Dropbox's Akhil Gupta wrote that "On Friday at 5:30 PM PT, we had a planned maintenance scheduled to upgrade the OS on some of our machines. During this process, the upgrade script checks to make sure there is no active data on the machine before installing the new OS. A subtle bug in the script caused the command to reinstall a small number of active machines. Unfortunately, some master-replica pairs were impacted which resulted in the site going down." Gupta also noted that "Your files were never at risk during the outage". [19]

April 2014 Condoleezza Rice appointment to board of directors

In April 2014, Dropbox announced that Condoleezza Rice would be joining their board of directors, [20] prompting criticism from some users who were concerned about her appointment due to her history as United States Secretary of State and revelations of "widespread wiretapping on US citizens during her time in office". [21] RiceHadleyGates, a consultancy firm consisting of Rice, former US national security adviser Stephen Hadley, and former US Secretary of Defense Robert Gates, had previously advised Dropbox. [22]

In May 2014, Dropbox temporarily disabled shared links. In a blog post, the company detailed a web vulnerability scenario where sharing documents containing hyperlinks would cause the original shared Dropbox link to become accessible to the website owner if a user clicked on the hyperlink found in the document. Some types of shared links remained disabled over the next few weeks until Dropbox eventually made changes to the functionality. [23] [24]

July 2014 Snowden comment

In a July 2014 interview, former NSA contractor Edward Snowden called Dropbox "hostile to privacy" because its encryption model enables the company to surrender user data to government agencies, and recommended using the competing service SpiderOak instead. In response, a Dropbox spokeswoman stated that "Safeguarding our users' information is a top priority at Dropbox. We've made a commitment in our privacy policy to resist broad government requests, and are fighting to change laws so that fundamental privacy protections are in place for users around the world". [25]

October 2014 account compromise hoax

In October 2014, an anonymous user on Pastebin claimed to have compromised "almost seven million" Dropbox usernames and passwords, gradually posting the info. However, in a blog post, Dropbox stated "Recent news articles claiming that Dropbox was hacked aren't true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. [...] A subsequent list of usernames and passwords has been posted online. We've checked and these are not associated with Dropbox accounts." [26] [27] [28]

A long string (750+ comments) of commentaries on Dropbox' own support forum was begun in December 2014, when dropbox introduced 1 TB data storage plans. The string title, "Can we have plans that are smaller than 1 TB?", has a long line of Dropbox users voice concerns that they are not able to grow their plan from the 2 GB free plan by other increments than 1 TB. 2020 the minimum paid data storage account is 2 TB making the incremental increase from the free account to the minimum paid plan 2 TB, and comments requesting smaller plans are still coming in.

In the string more experienced commentators explain that the prize for the minimum 2 TB data plan does not reflect the amount of data storage, but rather the sum of data handling services offered. This prompts criticism from users having been on Dropbox for so long that migrating to another cloud service is made virtually impossible by a large number of outbound shared files via Dropbox links from their Dropbox folder, one of the initial services offered, thus tying users down to either the free 2 GB account or the paid minimum 2 TB plan, if they want to maintain public access to their files from Dropbox links already shared on the internet.

August 2016 password leak

In August 2016, email addresses and passwords for 68 million Dropbox accounts were published online, with the information originating from the 2012 email spam issue. [29] [30] [31] Independent security researcher Troy Hunt checked the database against his data leak website, and verified the data by discovering that both the accounts belonging to him and his wife had been disclosed. Hunt commented that "There is no doubt whatsoever that the data breach contains legitimate Dropbox passwords, you simply can't fabricate this sort of thing". [32] In a blog post, Dropbox stated: "The list of email addresses with hashed and salted passwords is real, however we have no indication that Dropbox user accounts have been improperly accessed. We're very sorry this happened and would like to clear up what's going on." The company outlined details that the information was "likely obtained in 2012", with the company first hearing about the list two weeks earlier, at which time they immediately started an investigation. "We then emailed all users we believed were affected and completed a password reset for anyone who hadn't updated their password since mid-2012. This reset ensures that even if these passwords are cracked, they can't be used to access Dropbox accounts." [33]

January 2017 accidental data restoration

In January 2017, Dropbox restored years-old supposedly deleted files and folders in user accounts. In one example, a user reported that folders from 2011 and 2012 returned. In explaining the issue, a Dropbox employee wrote on its forum that "A bug was preventing some files and folders from being fully deleted off our servers, even after users had deleted them from their Dropbox accounts. While fixing the bug, we inadvertently restored the impacted files and folders to those users' accounts. This was our mistake; it wasn't due to a third party and you weren't hacked. Typically, we permanently remove files and folders from our servers within 60 days of a user deleting them. However, the deleted files and folders impacted by this bug had metadata inconsistencies. So we quarantined and excluded them from the permanent deletion process until the metadata could be fixed". [34] [35]

July 2018 anonymized data analysis

In July 2018, researchers at Northwestern University published an article [36] in Harvard Business Review on the analysis of the habits of tens of thousands of scientists using anonymized data provided by Dropbox. The data used was over the period from May 2015 to May 2017 from all scientists using the platform across 1000 universities. [37] Personal names attached to the data was removed by Dropbox, but according to Casey Fiesler, researcher at Colorado University, the folder titles and file structures that were provided could be used to identify individuals. Dropbox, later in a blog post, [38] said that the reverse identification of the data was impossible. The data was provided without the express consent of the 16 thousand people whose information was accessed.

February 2021 allegations by former employees of gender discrimination

In February 2020, a document containing interviews with 16 current and former Dropbox employees claimed to be victims of gender discrimination was obtained by VentureBeat. The subjects of the report alleged discrimination point to examples such as "changing standards for promotions, unequal compensation, being set back in their careers after maternity leave, and experiencing retribution when they take their cases to HR". The report also detailed instances of alleged harassment and demotion after employees filed a complaint with Dropbox HR or returned to work following maternity leave. [39]

Related Research Articles

Gmail Email service provided by Google

Gmail is a free email service provided by Google. As of 2019, it had 1.5 billion active users worldwide. A user typically accesses Gmail in a web browser or the official mobile app. Google also supports the use of email clients via the POP and IMAP protocols.

Yahoo! Mail American email service

Yahoo! Mail is an email service launched on October 8, 1997, by the American company Yahoo, Inc. The service is free for personal use, with an optional monthly fee for additional features. Business email was previously available with the Yahoo! Small Business brand, before it transitioned to Verizon Small Business Essentials in early 2022. As of January 2020, Yahoo! Mail has 225 million users.

A file-hosting service, cloud-storage service, online file-storage provider, or cyberlocker is an internet hosting service specifically designed to host user files. It allows users to upload files that could be accessed over the internet after a user name and password or other authentication is provided. Typically, the services allow HTTP access, and sometimes FTP access. Related services are content-displaying hosting services, virtual storage, and remote backup.

The following tables compare general and technical information for a number of notable webmail providers who offer a web interface in English.

A Google Account is a user account that is required for access, authentication and authorization to certain online Google services. It is also often used as single sign on for third party services.

Data breach Intentional or unintentional release of secure information

A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Other terms are unintentional information disclosure, data leak, information leakage, and data spill. Incidents range from concerted attacks by individuals who hack for personal gain or malice, organized crime, political activists or national governments, to poorly configured system security or careless disposal of used computer equipment or data storage media. Leaked information can range from matters compromising national security, to information on actions which a government or official considers embarrassing and wants to conceal. A deliberate data breach by a person privy to the information, typically for political purposes, is more often described as a "leak".

SpiderOak

SpiderOak is a US-based collaboration tool, online backup and file hosting service that allows users to access, synchronize and share data using a cloud-based server, offered by a company of the same name. Its first offering, its online backup service later branded "SpiderOak ONE", launched in December 2007. SpiderOak is accessible through an app for Windows, Mac and Linux computer platforms, and Android, N900 Maemo and iOS mobile platforms.

Outlook.com Microsoft web app

Outlook.com is a personal information manager web app from Microsoft consisting of webmail, calendaring, contacts, and tasks services. Founded in 1996 by Sabeer Bhatia and Jack Smith as Hotmail, it was acquired by Microsoft in 1997 for an estimated $400 million and relaunched as MSN Hotmail, later rebranded to Windows Live Hotmail as part of the Windows Live suite of products. Microsoft phased out Hotmail in October 2011, relaunching the service as Outlook.com in 2012.

This is a comparison of online backup services.

Dropbox is a file hosting service operated by the American company Dropbox, Inc., headquartered in San Francisco, California, U.S. that offers cloud storage, file synchronization, personal cloud, and client software. Dropbox was founded in 2007 by MIT students Drew Houston and Arash Ferdowsi as a startup company, with initial funding from seed accelerator Y Combinator.

A recent extension to the cultural relationship with death is the increasing number of people who die having created a large amount of digital content, such as social media profiles, that will remain after death. This may result in concern and confusion, because of automated features of dormant accounts, uncertainty of the deceased's preferences that profiles be deleted or left as a memorial, and whether information that may violate the deceased's privacy should be made accessible to family.

The 2011 PlayStation Network outage was the result of an "external intrusion" on Sony's PlayStation Network and Qriocity services, in which personal details from approximately 77 million accounts were compromised and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service. The attack occurred between April 17 and April 19, 2011, forcing Sony to turn off the PlayStation Network on April 20. On May 4, Sony confirmed that personally identifiable information from each of the 77 million accounts had been exposed. The outage lasted 23 days.

Google Drive Cloud storage and file synchronization service developed by Google

Google Drive is a file storage and synchronization service developed by Google. Launched on April 24, 2012, Google Drive allows users to store files in the cloud, synchronize files across devices, and share files. In addition to a web interface, Google Drive offers apps with offline capabilities for Windows and macOS computers, and Android and iOS smartphones and tablets. Google Drive encompasses Google Docs, Google Sheets, and Google Slides, which are a part of the Google Docs Editors office suite that permits collaborative editing of documents, spreadsheets, presentations, drawings, forms, and more. Files created and edited through the Google Docs suite are saved in Google Drive.

The 2012 LinkedIn hack refers to the computer hacking of LinkedIn on June 5, 2012. Passwords for nearly 6.5 million user accounts were stolen. Yevgeniy Nikulin was convicted of the crime and sentenced to 88 months in prison.

Tresorit is a cloud storage service with end-to-end encryption.

ProtonMail End-to-end encrypted email service

Proton Mail is an end-to-end encrypted email service founded in 2013 in Geneva, Switzerland. Proton Mail uses client-side encryption to protect email content and user data before they are sent to Proton Mail servers, unlike other common email providers such as Gmail and Outlook.com. The service can be accessed through a webmail client, the Tor network, or dedicated iOS and Android apps.

In July 2015, a group calling itself "The Impact Team" stole the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. The group copied personal information about the site's user base and threatened to release users' names and personally identifying information if Ashley Madison would not immediately shut down. On 18 and 20 August, the group leaked more than 60 gigabytes of company data, including user details.

Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames and/or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.

The Internet service company Yahoo! was subject to the largest data breach on record. Two major data breaches of user account data to hackers were revealed during the second half of 2016. The first announced breach, reported in September 2016, had occurred sometime in late 2014, and affected over 500 million Yahoo! user accounts. A separate data breach, occurring earlier around August 2013, was reported in December 2016. Initially believed to have affected over 1 billion user accounts, Yahoo! later affirmed in October 2017 that all 3 billion of its user accounts were impacted. Both breaches are considered the largest discovered in the history of the Internet. Specific details of material taken include names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords. Further, Yahoo! reported that the late 2014 breach likely used manufactured web cookies to falsify login credentials, allowing hackers to gain access to any account without a password.

References

  1. Newton, Derek (April 7, 2011). "Dropbox authentication: insecure by design". Derek Newton. Retrieved February 17, 2017.
  2. Brian, Matt (April 8, 2011). "Dropbox security hole could let others access your files [Updated]". The Next Web. Retrieved February 17, 2017.
  3. 1 2 Schwartz, Mathew (May 16, 2011). "Dropbox Accused Of Misleading Customers On Security". InformationWeek . UBM plc. Archived from the original on October 20, 2012. Retrieved February 17, 2017.
  4. Houston, Drew; Ferdowsi, Arash (April 21, 2011). "Privacy, Security & Your Dropbox (Updated)". Dropbox Blog. Dropbox. Retrieved February 17, 2017.
  5. Kincaid, Jason (June 20, 2011). "Dropbox Security Bug Made Passwords Optional For Four Hours". TechCrunch . AOL . Retrieved February 17, 2017.
  6. Ferdowsi, Arash (June 20, 2011). "Yesterday's Authentication Bug". Dropbox Blog. Dropbox. Retrieved February 17, 2017.
  7. Pepitone, Julianne (June 22, 2011). "Dropbox's password nightmare highlights cloud risks". CNNMoney . Time Warner . Retrieved February 17, 2017.
  8. White, Christopher (July 2, 2011). "Dropbox can legally sell all of your files [Update]". Neowin . Retrieved February 17, 2017.
  9. Houston, Drew; Ferdowsi, Arash (July 1, 2011). "Changes to our policies (updated)". Dropbox Blog. Dropbox. Retrieved February 17, 2017.
  10. Brodkin, Jon (July 18, 2012). "Dropbox hires "outside experts" to investigate possible e-mail breach". Ars Technica . Condé Nast . Retrieved February 17, 2017.
  11. Agarwal, Aditya (July 31, 2012). "Security update and new features". Dropbox Blog. Dropbox. Retrieved February 17, 2017.
  12. Brodkin, Jon (August 1, 2012). "Dropbox confirms it got hacked, will offer two-factor authentication". Ars Technica . Condé Nast . Retrieved February 17, 2017.
  13. Robertson, Adi (February 28, 2013). "Dropbox users claim email addresses leaked to spammers, company blames 2012 security breach". The Verge . Vox Media . Retrieved February 17, 2017.
  14. Greenwald, Glenn; MacAskill, Ewen (June 7, 2013). "NSA Prism program taps in to user data of Apple, Google and others". The Guardian . Guardian Media Group . Retrieved February 17, 2017.
  15. Gellman, Barton; Poitras, Laura (June 7, 2013). "U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program". The Washington Post . Retrieved February 17, 2013.
  16. "Dropbox site is back up! Claims of leaked user info are a hoax. The outage was caused during internal maintenance. Thanks for your patience!". Twitter. January 11, 2014. Retrieved February 17, 2017.
  17. Swartz, Jon (January 11, 2014). "Dropbox says outage arose from routine maintenance". USA Today . Gannett Company . Retrieved February 17, 2017.
  18. "Dropbox hit by outage on Friday, denies that it was hacked". PC World . International Data Group. January 10, 2014. Retrieved February 17, 2017.
  19. Gupta, Akhil (January 12, 2014). "Outage post-mortem". Dropbox Blog. Dropbox. Retrieved February 17, 2017.
  20. Houston, Drew (April 9, 2014). "Growing our leadership team". Dropbox Blog. Dropbox. Retrieved February 8, 2017.
  21. "Controversy flares as Condoleezza Rice joins Dropbox board". BBC News . April 11, 2014. Retrieved February 8, 2017.
  22. Stone, Brad; Levy, Ari (April 11, 2014). "Dropbox's Next Chapter: Corporate Customers, IPO, Condi Rice, and Eddie Vedder". Bloomberg L.P. Retrieved February 8, 2017.
  23. Agarwal, Aditya (May 5, 2014). "Web vulnerability affecting shared links". Dropbox Blog. Dropbox. Retrieved February 17, 2017.
  24. Lee, Dave (May 6, 2014). "Warning over unintentional file leak from storage sites". BBC News . Retrieved February 17, 2017.
  25. Yadron, Danny; MacMillan, Douglas (July 17, 2014). "Snowden Says Drop Dropbox, Use SpiderOak". The Wall Street Journal . News Corp . Retrieved February 17, 2017.(subscription required)
  26. Mityagin, Anton (October 13, 2014). "Dropbox wasn't hacked". Dropbox Blog. Dropbox. Retrieved February 17, 2017.
  27. Lomas, Natasha (October 14, 2014). "Dropbox Confirms Compromised Account Details But Says Its Servers Weren't Hacked". TechCrunch . AOL . Retrieved February 17, 2017.
  28. Lewis, Dave (October 14, 2014). "Was Dropbox Hacked? Not So Fast". Forbes . Retrieved February 17, 2017.
  29. Mendelsohn, Tom (August 31, 2016). "Dropbox hackers stole e-mail addresses, hashed passwords from 68M accounts". Ars Technica . Condé Nast . Retrieved February 17, 2017.
  30. Brandom, Russell (August 31, 2016). "Dropbox's 2012 breach was worse than the company first announced". The Verge . Vox Media . Retrieved February 17, 2017.
  31. McGoogan, Cara (August 31, 2016). "Dropbox hackers stole 68 million passwords - check if you're affected and how to protect yourself". The Daily Telegraph . Telegraph Media Group . Retrieved February 17, 2017.
  32. Gibbs, Samuel (August 31, 2016). "Dropbox hack leads to leaking of 68m user passwords on the internet". The Guardian . Guardian Media Group . Retrieved February 17, 2017.
  33. Heim, Patrick (August 25, 2016). "Resetting passwords to keep your files safe". Dropbox Blog. Dropbox. Retrieved February 17, 2017.
  34. Tung, Liam (January 25, 2017). "Dropbox bug kept users' deleted files on its servers for six years". ZDNet . CBS Interactive . Retrieved February 18, 2017.
  35. Hackett, Robert (January 25, 2017). "Dropbox Didn't Actually Delete Your 'Deleted' Files". Fortune . Time Inc. Retrieved February 18, 2017.
  36. "A Study of Thousands of Dropbox Projects Reveals How Successful Teams Collaborate". Harvard Business Review. 2018-07-20. ISSN   0017-8012 . Retrieved 2020-12-16.
  37. "Was It Ethical for Dropbox to Share Customer Data with Scientists?". Wired. ISSN   1059-1028 . Retrieved 2020-12-16.
  38. "5 traits that distinguish high-performing teams". blog.dropbox.com. Retrieved 2020-12-16.
  39. "Dozens of current and former Dropbox employees allege gender discrimination". Venture Beat. Retrieved 2021-02-15.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.