Here's Why Dropbox Has Been Opening Your Private Documents


Drew Houston

Johannes Simon/Getty Images

Dropbox CEO Drew Houston

When you post certain types of private documents to Dropbox and tell Dropbox to share them with no one, Dropbox itself will still open them up and take a look.


It does this in order to make a "preview" version of the document, the company says.

The fact that Dropbox is opening documents came to light when security expert Winn Schwartau, who pens the WNC InfoSec Blog, was playing with a new service called HoneyDocs. It tags a document and then privately tells you every time someone opens it.

Schwartau wanted to see if cloud storage documents were being viewed in ways he didn't know about. So he uploaded a bunch of files to his Dropbox account.

Lo and behold, Honeydocs told him that all of the documents with a ".doc" extension had been opened.


What's going on? Dropbox says it does this to be helpful.

"Dropbox allows people to open and preview files from their browser. This blog post relates to back end processes that automatically create these document previews, making it easier for people to view docs within their Dropbox," a spokesperson told us.

This news comes just two weeks after security researchers published a report showing how Dropbox can be hacked, if hackers could compromise a user's entire PC.

For many people, the convenience of seeing a preview is worth having a Dropbox bot opening files.

But for enterprises who worry that employees are using Dropbox to share sensitive data, this sort of thing is scary. It helps explain why Dropbox is the No. 1 app that enterprises ban, according to research by Fiberlink.