As a number of people in the infosec community have pointed out this week, anonymized data may not always be truly anonymous. But Dropbox’s explanation of the process is short on details. The Dropbox spokesperson also told WIRED it grouped the dataset into “wide ranges” so no identifying information could be derived. I’d like to believe that a company like Dropbox wouldn’t use an insecure, deprecated hashing algorithm like MD5 or SHA-1, but there’s plenty of evidence those algorithms are still used by many organizations today. Why did Dropbox randomize *or* hash the datasets? Why did the company use two different approaches to anonymizing the user data? And how did it decide which types of data to hash and which types to randomize?įurthermore, how was the data hashed? Dropbox didn’t say, but that’s an important question. A Dropbox spokesperson told WIRED the company “randomized or hashed the dataset” before sharing the user data with NICO. There are still issues and questions for Dropbox, starting with the anonymized data itself. I have to believe the article went through some kind of review process from Dropbox before it was published.īut let’s assume one of the leading cloud collaboration companies in the world simply screwed up the article rather than the process of handling and sharing customer data. ![]() That’s an extremely big error for the authors to make (if indeed it was an error) about who anonymized the data and when the data was anonymized - especially considering article was co-authored by a Dropbox manager (Rebecca Hinds, head of Enterprise Insights at Dropbox).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |