Trust Dropbox Security

Hello and thanks in advance for your help!

I am new to Scrivener and I am just getting ready to start my first book (very excited and very grateful too for this really cool software).

I really want to use the iOS Dropbox sync because it would make the process so much easier than doing the iTunes sync BUT I am concerned with “putting my work out there.”

I had an issue once where I put a password protected Word document out on Dropbox (with my passwords - I know not very smart) and somehow I was hacked. To be fair to Dropbox, I can’t say for sure that it happened at Dropbox but I can’t really say it didn’t either.

I read thru the security docs on the Dropbox website and they even admit that some of their staff have access to my files - There’s no way around it.

I just want to be sure that my work is for my eyes only until I am ready.

Anyway - here’s my question: Does anyone else here have the same concern OR am I being a bit irrational?

Thanks again!


You are being a bit irrational.

If your stuff is so sensitive that there must be zero risk of anyone else seeing it, you shouldn’t use any internet based communication involving your data. Anything can be hacked, icluding your computer if you have it connected.

What if you turn the question around? Who would want to see your half finished stuff?

I can’t say you’re being irrational without knowing what’s in your files.

I would not recommend Dropbox for sensitive financial or medical information, either yours or someone else’s. (And if it’s someone else’s, there are probably regulations describing where you can and can’t put it.) It’s also not a great idea if you’re a journalist whose beat involves war zones, Chinese dissidents, government whistleblowers, or others who would be harmed if their identity were known.

That’s not because Dropbox isn’t trustworthy, but because that kind of data is very sensitive AND there are people with significant capabilities actively looking for it.

But be realistic. The Dark Web just doesn’t have a lot of demand for unfinished books by unknown authors.


Along with the views that have been, and will be, posted in this thread, do a forum wide search of this board and search the WWW regarding Dropbox. There’s plenty of available discussion regarding privacy, security, performance and operation that’ll give you pause or confidence to use Dropbox.

After thorough research if you can’t reach a conclusion either way, you can always set your mind at ease by using iTunes. Once your strategies and habits are formed, it becomes a mostly minor inconvenience.

And no, it doesn’t sound that you’re being a “bit irrational”. Fully vetting a company, the servers they use and their software that will have access to your (and/or shared) data is a rational choice. Shortchanging the research to satisfy a yen for convenience, isn’t one. You’re in charge.

Side point: one person doesn’t get to make that determination for another person with a relationship in place that meets a specific level of trust. Starting off a response like this only alienates the person you are having a conversation with.

It all comes down to risk analysis:

  1. What scenario am I worried about?
  2. How likely is that scenario?
  3. What are the consequences if that scenario comes about?
  4. What steps I can take to mitigate that scenario?
  5. Is the cost of those steps higher than the benefit I will receive?

It sounds like the OP has a couple of different scenarios they may be worried about.

a) Their computer getting hacked. If that happens, then either iTunes or Dropbox may be equally risky as a vector for exposing that book data.
b) A misconfiguration of Dropbox leaving the book data exposed.
c) Dropbox workers having access to the book data even if a) and b) aren’t in play.

Starting off a response like this might do the same… cough

The opening question was “Does anyone else here have the same concern OR am I being a bit irrational?”. I admit that there there could be someone else that have the same concern but the way the question was framed (“I just want to be sure that my work is for my eyes only until I am ready” … to be published, I assumed, which suggested that it was mainly a question of copyright and not of state security) I wanted to give the OP another angle. My opening statement was a prosaic way of getting the readers attention, a literary figure so to speak, not a legal statement.

Side point: I would guess that a majority of the readers/writers in here are not native English speakers and those that are should keep this in mind when they read posts in here. We do our best to communicate with you lot in your native language because ‘annars skulle ni få det väldigt besvärligt att förstå våra inlägg’, right? 8)
So if a post feels impertinent or impolite, or strangely phrased, it might simply be a question of language problem. Or it might be an attempt to make a joke in a foreign language.

PS. Devinganger, you’re welcome to answer me in my native language. :wink:

Å nej! Ordböckerna vid gryningen!


I would say that this is an extremely low probability risk. Not zero, but low.

The data is encrypted while on the Dropbox servers. Dropbox employees may need to inspect the server file structure in order to ensure that everything is working correctly, but they can do that without having access to the encryption keys that protect the contents of the files.

Assuming that Dropbox management is not stupid, the encryption keys are held in a secure store, access to which is both controlled and logged. There is no universal key, so a nosy employee would have to access the key store separately (and be logged doing so) for each account they wanted to examine. Poking through encryption keys without a clearly articulated business reason is almost certainly a firing offense, and the number of acceptable business reasons is probably very short. It includes things like “received court order,” but absolutely not “wondered what Mike65 is writing about.”

The risk is not zero, which is why Dropbox is a bad choice for the kind of extremely sensitive data I described up thread. But it’s very low.


Katherine, my analysis of my potential risk agrees with yours. I merely offer the framework for analysis for others who have different comfort points.

Hello everyone and I really appreciate your input - You gave me a lot to think about!

After a lot of thought, I am leaning toward starting with iTunes sync initially, and then I can always switch to DropBox down the road should I change my mind.

My decision comes down to comfort vs. efficiency. If I didn’t have that hack issue with my password document I might already be syncing using DropBox and on my way without much thought about it all. But it happened and that’s that.

And let’s face it, some people steal and call it their own. I see it on blog posts everyday (I do a lot of research). Someone spends their time brainstorming, researching, outlining, writing, editing, etc., posts their work AND THEN someone else scoops it up and puts it on their website as their own - pathetic!

And I’m not being all cocky thinking my work is going to be this incredible thing that everyone is going to want to steal… BUT my work will be coming from a very personal experience - it’s mine - and I guess, initially anyway, I just want it to be as protected as I can make it and iTunes seems to be the sweet spot method.

I get comfort and the cost of that comfort is that I will have to spend a couple of extra minutes manually syncing - no big deal!

Works for me - although when I was reading about how to do sync iTunes it did seem a bit confusing BUT I will try it and if I have issues I will be back here for some help :slight_smile:

Thanks again!