In 2011, for about four hours, Dropbox allowed any password to log into any account. For a service that stores unencrypted personal data, a bug of this scale is a major failing.
In 2012, due in part to lax employee password requirements, company documents were stolen and the email addresses of customers were spammed.
You may only resolve disputes with us on an individual basis, and may not bring a claim as a plaintiff or a class member in a class, consolidated, or representative action. Class arbitrations, class actions, private attorney general actions, and consolidation with other arbitrations aren’t allowed.
It’s the tone that makes it hard to swallow. A comment on their blog really captures it:
Nobody would ever opt-in because it is nowhere near the customer’s best interest, and putting a policy that is not in my best interest as the default option and placing the burden on me to recognize it doesn’t sit well with me.
I want a company that I trust with my data to be willing to defend itself in open court should it ever commit a violation against me that warrants legal action.
My trust in Dropbox hasn’t been high for a while. I really love the service, and there’s nothing that comes close. I wish I could use it for more than just syncing my 1Password keychain without feeling exposed.
Realistically, I’m never going to sue Dropbox. Now, nobody else is, either.