nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

back to article
Dropbox: Oops, yeah, we didn't actually delete all your files – this bug kept them in the cloud

Anonymous Coward
Anonymous Coward

Until our storage admin dropped a sonic screwdriver into the drive rack...

and we started seeing files returning from half a century ago! Documents from the Apollo 1 fire, some kind of Outer Space Treaty, and a bunch of other crap from 1967. These weren't even on disk back then, but that didn't seem to matter. Don't worry though, we'll have them removed in a jiffy!

Anonymous Coward
Anonymous Coward

Delete from the Cloud -> <NULL>

Just like Microsoft's new Windows 10 Privacy Portal, deleting the private data MIcrosoft has collected on you web history etc, has absolutely no real effect. It doesn't delete anything as such. It's a ridiculous notion due to regulatory systems in place on that cloud data.

The idea Dropbox deletes user files in 60 days is a superficial statement at best, due to multiple backups/redundancy retaining that data across multiple sites. What this has proven is Dropbox don't even delete it after 5 years, even if you specifically did so. This is no metadata mix-up.

Woodnag

Yup

I'd love to see any cloud storage document that guarantees that all copies of a deleted file are unrecoverable after ANY time window. I expect that the only action that happens when a file is deleted by a user is that it is marked as invisible to the user.

It wil be very interesting when Dropbox (for example) is subpoenaed in a civil case for 'deleted' data. For example to get one of a divorcing couple's secret bank account data. What will they do if Big Gov forces them to deny? Perjury?

hellwig
Silver badge

Re: Delete from the Cloud -> <NULL>

How much data do we need to store on DropBox before this practice becomes, impractical? What's the free limit, 5GB? So I upload a 5GB file, delete it, and upload a different one, rinse and repeat. Surely they'll be forced to purge their system, will they not? Economically it won't make sense after a while.

My ISP doesn't meter uploads ;)

The Man Who Fell To Earth
Silver badge
Stop

Re: Delete from the Cloud -> <NULL>

Which is exactly why you should always locally encrypt your files (using a wrapper application like nCrypted Cloud if need be) before putting them on a cloud drive.

TDog

Just when you thought it was safe

It was Mr. Dropbox, in the Study, with the Bug.

TDog
Unhappy

Just when you thougjt it was safe

It was Mr. DropBox, in the Study, with the Bug.

Sampler

Why

"However, the deleted files and folders impacted by this bug had metadata inconsistencies,"

...

"So we quarantined and excluded them from the permanent deletion process until the metadata could be fixed."

Why? They have meta-data inconsistencies? Big freaking deal, they're going to be deleted, what matter does the metadata mean in relation to a file that no longer exists?

frank ly
Silver badge

Re: Why

What it means is that they need to put more thought into their explanations and run them by a few more people before they release statements.

littlejohnny

Re: what matter does the metadata mean in relation to a file that no longer exists?

By identifying statistical patterns in the corrupt metadata our time machine has discovered in 2016 that you didn't wanted to delete this file back in 2011. Hence we walked the extra mile to move those files for you across the space-time warp. Customer interests first!

John Robson
Silver badge

Re: Why

"Why? They have meta-data inconsistencies? Big freaking deal, they're going to be deleted, what matter does the metadata mean in relation to a file that no longer exists?"

Maybe to make sure that it really was the data you thought it was?

If the meta data is broken then you don't actually know what is in the file - has someone tried to delete one file, but another has been selected due to the mixup?

LDS
Silver badge

Re: Why

The "metadata inconsistencies" looks to be exactly the "deleted" attribute....

VinceH
Silver badge

Re: Why

"Maybe to make sure that it really was the data you thought it was?

If the meta data is broken then you don't actually know what is in the file - has someone tried to delete one file, but another has been selected due to the mixup?"

However, this is years old data, which the affected users believed had been deleted. If the issue was as you suggest, surely there would have been cries - a similar number of years ago - from the same people affected by this reappearance now to say "I deleted this file from DropBox, but this other one appears to have gone instead" ?

Doctor Syntax
Silver badge

Re: Why

"what matter does the metadata mean in relation to a file that no longer exists?"

They made a mess of the deletion date so they don't know when they should actually clear it?

malle-herbert
Silver badge
Big Brother

Looks like...

They accidentally restored a backup from the NSA...

TReko
WTF?

Re: Looks like...

I would imagine that storage space is Dropbox's main cost. Surely they would notice this?

One the other hand Condi Rice is on their board, so maybe the NSA paranoia is not so far fetched.

Oengus
Silver badge

When is deleted not deleted

Now I know where the ex-Ashley Maddison employees went... Trust us we will delete your information when you ask...

Criminny Rickets

Um What???

-- "Typically, we permanently remove files and folders from our servers within 60 days of a user deleting them. However, the deleted files and folders impacted by this bug had metadata inconsistencies," Dropbox employee Ross S said on the company's support forum.

-- "So we quarantined and excluded them from the permanent deletion process until the metadata could be fixed."

If the files were scheduled for permanent deletion anyway, metadata inconsistencies would have been a moot point. Would this be another example of an alternative fact?

Dan 55
Silver badge
Black Helicopters

Re: Um What???

They can't permanently delete it yet, the backup to the Utah data centre has to be made before that.

fajensen
Silver badge

Re: Um What???

Typically, we permanently remove files and folders from our servers within 60 days of a user deleting them.

Soo much weasel-craft in just one sentence. Tony Blair must work there.

"Typically" -> "if it's some good shit, we definitely keep it around for Later"

"Our servers" -> "the servers we contractually own, that outsourced storage we rent in Utah ... whatever. They don't tell and we don't ask."

"User" -> "who is that, exactly. Browser, Client software, Person"

"Deleting" -> "Now, that is a subtle term with many definitions. So we have this here 70000 pages TOS to explain it".

A Non e-mouse
Silver badge

Why 60 days?

Why does it take 60 days to delete a file when things are all OK? Surely it should only take a few minutes for the delete command to replicate through their system? Or is deleting done via RFC 1149?

Doctor Syntax
Silver badge

Re: Why 60 days?

"Why does it take 60 days to delete a file when things are all OK?"

Probably to protect users from themselves. Remember that "deletion" on many desktop systems - not just Windows - is "move to wastepaper basket", not "rm $FILE". That's fair enough but it should also have the equivalent of "empty wastepaper basket NOW".

Spacedinvader
Happy

Re: Why 60 days?

RFC 1149 thanks for that, bloody brilliant :)

anothercynic
Silver badge

Re: Why 60 days?

They leave it for 60 days in case *you* want to undelete it for some reason. Just in case. And yes, I've made use of *that* before (and been thankful for it).

War President
Joke

Re: Why 60 days?

"Or is deleting done via RFC 1149?"

I apologise for any lost packets, but if it is any consolation, they were delicious.

arsado

Re: Why 60 days?

Absolutely not that reason. Your data may be stored on many different servers across different data centers. Some servers may be offline, some may be busy. Server infrastructure doesn't allow end users to instantly control all your copies of data. 60 days is just expected time for all servers and offline backup systems to react

Ken Moorhouse
Silver badge

...THIS...

...is another reason for not recommending cloud data storage.

Just Remember: In the absence of SomeOne to blame, there is the ultimate scapegoat: "Well, who recommended we use DropBox then?"

wolfetone
Silver badge

A Bug you say?

Surely the NSA and GCHQ would call that a feature?

0laf
Silver badge

Not really a shock is it

And this is why (amongst other things) why I tell Dropbox to bugger off when they keep phoning me to tell me how wonderful their product is for business and it's sooo safe for personal data and sooo compliant with the DPA. Except when it isn't.

Barely registers
Black Helicopters

Encrypt first

Once your data is out of your network, it's not your data anymore.

I use a pre-Dropbox system - anything I want to hold off-site gets dropped into a holding folder, which a task picks up and encrypts the file using 7-Zip (AES-256, and with filename encryption enabled). The task then puts the resulting .7z file into the Dropbox sync folder for uploading to Dropbox.

Obviously, this isn't suitable for mass sharing. But for off-site storage whilst keeping my data private, I think it works a treat and means that if anyone wants to pry, they're going to have to ask me first.

Doctor Syntax
Silver badge

"at no time did any third party have access to the exposed files."

...unless they ask us for them.

Anonymous Coward
Anonymous Coward

Dropbox has a very handy feature for NSA/GCHQ.

This is very likely a change to Dropbox that has been subpoenaed on them, along with a gagging order, by the incoming Trump Presidency.

Given the timing. It's likely Powers that be, said they want additional access to all deleted files on those Dropbox accounts too, not just active files as an extension to the current access granted via a NSA portal (whether by Court order or not, the detail is unimportant in this context).

During the process to put this measure in place, in retrieving past deleted data to meet this order, they accidently exposed the new measure to users too. Dropbox has always been a target for NSA/GCHQ because of its handy security flaw/"feature" (see below). Dropbox stores files unencrypted (unless you pre-encrypt those files), accessible by a few key staff.

Dropbox has always had a security flaw, in that you can present any Dropbox account - a file, and it will instantly appear in the account if that file already exists somewhere in the Dropbox cloud, with no need to upload it.

So you can throw 'known files' (say, known to contain illegal content/Intellectual IP) at it and if they are "already up there" (in Dropbox's Cloud) the file will instantly appear on the dropbox account without uploading it, Dropbox effectively "give you that file", because they can see you already have it. If the file starts to upload (i.e. Dropbox doesn't have it), it can be cancelled, so doing this is cheap, effective and not a security threat "as such".

If Dropbox worked with Security Services, you could have a method to do AI based part matches, with a percentage match, but out the box, Dropbox is good for matching exact files.

NSA/GCHQ then go knocking on Dropbox's virtual door (which in reality is via a NSA portal), to get all the accounts that specific file is been stored. i.e. a very handy "fishing tool", just on the right side of legal, because its using the flaws/"features" of Dropbox.

fajensen
Silver badge

Re: Dropbox has a very handy feature for NSA/GCHQ.

This is very likely a change to Dropbox that has been subpoenaed on them, along with a gagging order, by the incoming Trump Presidency.

Well, I'd say that this kind of Identity Politics is a strong signal that the USA should *definitely* make the investment on replacing all those lead pipes and in general get the water supplies up to 1'st world levels.

Otherwise, that great country will never return to sanity! Dumb-assery and Snowflakeness will take over!!

Truth is: Obama left the surveillance machine to Donald Trump, all gassed up, tuned to perfection and with the keys still in the ignition.

Just because Obama was assumed to be "our president" doesn't mean that Obama's surveillance state was not a totally retarded, dangerous and wrong idea all along - it is so sad that it takes "the wrong president" getting elected before "anyone" is capable of even uttering the thought.

Anonymous Coward
Anonymous Coward

Re: Dropbox has a very handy feature for NSA/GCHQ.

Totally agree regards Obama, it's more the timing of this, which links it to Trump. I see it as something Hilary Clinton would likely have done too (though probably not with immediate effect like Trump). Gagging orders mean we will never know.

We have definitely crossed the fundamental line between very limited surveillance to protect from real harm, to obsessive mass surveillance to control, manipulate and corrupt and above all make money for those with access to this knowledge, who strangely seem to keep their Privacy.

Doctor Syntax
Silver badge

Re: Dropbox has a very handy feature for NSA/GCHQ.

"This is very likely a change to Dropbox that has been subpoenaed on them, along with a gagging order, by the incoming Trump Presidency."

Don't forget US Gov already has their woman on the board there. Are you sure a subpoena is even needed.

Ken Moorhouse
Silver badge

Re: Dropbox has a very handy feature for NSA/GCHQ.

Your data will be safe in Mexico, once a wall has been built to house it.

Dwarf
Silver badge

Yet more reasons to put trust into the cloud.

Doctor Syntax
Silver badge

"put trust into the cloud"

Not possible. It's someone else's computer. You can't trust it.

Dwarf
Silver badge

@syntax

You missed the irony in the previous statement ..

Doctor Syntax
Silver badge

"You missed the irony in the previous statement "

No, I considered the previous statement very carefully. "In" would have been ironic but "into", being a different word, must mean a something different so I rejected the possibility of its being ironic.

Using the correct word is essential if you want to communicate what you mean. If you don't use the word that expresses what you intend to say you end up saying something different and should not complain if you're misconstrued as a consequence.

Apptifred

Now, this makes you think twice again about Dropbox security. Deleting files doesn't delete files. They can come back as zombies and haunt you. What more do they claim, that really doesn't happen?

This post has been deleted by its author

Ken Moorhouse
Silver badge

Many people think that data is safe once encrypted.

It is today.

It maybe tomorrow.

But when whatever method of encryption was used becomes deprecated, x years down the line, all those encrypted files lying around will be decipherable.

Queasy Rider

Re: Many people think that data is safe once encrypted.

In other words, your data is not, and never will be safe in the cloud. The only solution is to keep that data in house, encrypted, and when it must be deleted, to replace and then destroy the old hard drive. In other words, the modern equivalent of shredding then burning old paper files. Sad times.

soulrideruk
Bronze badge

Re: Many people think that data is safe once encrypted.

In other words, your data is not, and never will be safe.

There FTFY :)

101

Cloud Services

Do they ALL lie, or just most of them?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing