When you post certain types of private documents to Dropbox and tell Dropbox to share them with no one, Dropbox itself will still open them up and take a look.
It does this in order to make a “preview” version of the document, the company says.
The fact that Dropbox is opening documents came to light when security expert who writes for WNC InfoSec Blog (and asked that we not use his real name), was playing with a new service called HoneyDocs. It tags a document and then privately tells you every time someone opens it.
The InfoSec blogger wanted to see if cloud storage documents were being viewed in ways he didn’t know about. So he uploaded a bunch of files to his Dropbox account.
Lo and behold, Honeydocs told him that all of the documents with a “.doc” extension had been opened.
What’s going on? Dropbox says it does this to be helpful.
“Dropbox allows people to open and preview files from their browser. This blog post relates to back end processes that automatically create these document previews, making it easier for people to view docs within their Dropbox,” a spokesperson told us.
This news comes just two weeks after security researchers published a report showing how Dropbox can be hacked, if hackers could compromise a user’s entire PC.
For many people, the convenience of seeing a preview is worth having a Dropbox bot opening files.
But for enterprises who worry that employees are using Dropbox to share sensitive data, this sort of thing is scary. It helps explain why Dropbox is the No. 1 app that enterprises ban, according to research by Fiberlink.