It turned out to be a bug, but this is less than ideal –
Dropbox is one of the most popular cloud-based services for storing and sharing files across multiple computers and with others. It has a strict policy on what happens to any files you’ve decided to delete from your account: they are kept for 30 days just in case you change your mind, but after that they are purged.
That’s the policy anyway. BadCyber brought to our attention the fact that some users discovered not all of their deleted files were purged from Dropbox’s servers. In fact, files that were deleted as far back as seven years ago reappeared in some Dropbox folders last week.
The truth of the matter is, when we store our data with a third party service, we’re trusting that company to do what they can to keep it secure, and also do what they say they’re going to do in terms of deleting data we delete from our accounts. When they don’t, that trust is broken. As a Dropbox user myself, I’m hopeful that the bug has been fixed and everything is now working the say it’s supposed to, but I can’t really verify that, can I?
Given that reality, we should be thinking about what kind of data we would want to store with a third party, and how we want to store it. Should it be encrypted before it’s ever sent up to the cloud? Should certain types of data simply not be stored there?
It’s worth thinking about, since we really are left with just trusting them.