Search the Dropbox Watchdog archive
30 documented issues in 2018, concentrated in product changes & user backlash. The most serious was The CLOUD Act (2018): a US warrant can reach your files wherever they sit.
The 2018 CLOUD Act amended US law so that a US-based provider like Dropbox can be compelled to produce a user's data regardless of which country the data is physically stored in — meaning a US warrant can reach an overseas user's files.
Dropbox has published a biannual Transparency Report since 2012, and its own figures document a steady, long-run climb in government and law-enforcement demands for user data — including reporting periods where US legal-process requests jumped by roughly a third.
Dropbox encrypts files at rest, but the encryption keys belong to Dropbox, not the user. This server-side model — chosen to enable deduplication, previews, and search — means the company can read user files, the root cause critics return to again and again.
Dropbox's Terms of Service require binding individual arbitration and waive your right to join a class action — so even after a breach or billing dispute, most users cannot sue Dropbox or band together in court.
Since its 2018 IPO, Dropbox has steadily reoriented around higher-paying business customers and a 'Smart Workspace' strategy, layering price increases and feature-gating onto individual plans while shifting investment toward enterprise revenue.
Many third-party integrations request broad, full-Dropbox access rather than scoped, folder-limited permissions — so a single connected app, if compromised, can expose everything in an account.
The DropSmack proof-of-concept warned that synced Dropbox folders could be a covert C2 and exfiltration channel; multiple real malware families — including BoxCaon, Crutch and tooling used by Kimsuky — went on to abuse Dropbox folders and the Dropbox API exactly that way.
Dropbox's OAuth model historically let third-party apps request full account access, and tokens persist until revoked — so a single over-permissioned or compromised integration can read, write or delete a user's entire Dropbox without any further prompt.
The referral program that powered Dropbox's early viral growth — once worth substantial free storage — was steadily devalued, and some long-time users reported referral-earned space being clawed back to the bare 2GB minimum.
Four California district attorneys accused Dropbox of violating the state's Automatic Renewal Law for its Dropbox Pro subscriptions; Dropbox settled for $2.15 million and agreed to change its renewal disclosures, without admitting liability.
Dropbox announced that from November 2018 its Linux client would sync only on unencrypted ext4, abruptly breaking sync for users on XFS, Btrfs, ZFS, and encrypted volumes — including encrypted ext4.
Dropbox's transparency reporting centers on US legal process, but as a global service it also faces foreign-government and cross-border demands — an area where its disclosures are thinner and the CLOUD Act blurs jurisdictional lines.
Dropbox gave Northwestern University researchers project-folder metadata covering some 16,000 scientists to study collaboration patterns. Users were never told their activity would be used for research, and academics warned the 'anonymized' data could re-identify individuals.
From 7 November 2018 Dropbox dropped sync support on Linux for every filesystem except unencrypted ext4, instantly breaking syncing for users on XFS, ZFS, ext3, Btrfs, and encrypted setups — making their data unavailable through Dropbox overnight.
Dropbox told Linux users that from November 2018 its client would sync only on unencrypted ext4, abruptly stripping support for XFS, Btrfs, ZFS, and encrypted setups — communicated as a terse desktop notification with little explanation.
On the eve of Dropbox's 2018 IPO, CEO Drew Houston received a stock award reported at about $110 million for 2017 — a performance grant that could be worth up to roughly $930 million — even as the company would later cut thousands of jobs across 2021, 2023, and 2024.
Because Dropbox holds the keys to decrypt users' files, a valid legal order doesn't just get a government encrypted data it can't read — it gets readable file content. The design choice is what makes lawful compulsion effective.
Synchronoss Technologies accused Dropbox of infringing three data-synchronization patents; Dropbox won summary judgment of non-infringement and invalidity in 2019, and the Federal Circuit affirmed in 2021.
A persistent class of complaints describes Dropbox files that sit indefinitely in a 'syncing' state and never finish, leaving users unsure whether their data was actually uploaded — in some reported cases for months, with support unable to resolve it.
Thru Inc. claimed it had used the term 'Dropbox' since 2004 and threatened the company's trademark; Dropbox sued first for declaratory relief, won summary judgment, and the Ninth Circuit affirmed — with a roughly $2.3 million attorneys'-fee award against Thru.
China's Great Firewall has blocked Dropbox since 2014 — at one point cutting users off from their own files overnight without warning — leaving the service reachable in the country only via VPNs that are themselves restricted.
When Dropbox cannot reconcile two versions of a file, it preserves both — saving the loser as a duplicate stamped 'conflicted copy' — a data-safety mechanism that in practice creates lasting duplication and version confusion that users cannot turn off.
Because Dropbox mirrors a permissive server namespace onto stricter local filesystems, files with disallowed characters, over-long paths, or trailing periods can fail to sync or be silently renamed — sometimes without any clear warning to the user.
Dropbox has kept its free Basic plan at just 2GB since its early days, even as Google Drive offered 15GB, OneDrive 5GB, and rivals like Mega offered 20GB — leaving Dropbox with the stingiest free allowance among the major cloud providers.
Dropbox publishes no list price for its Enterprise plan, requiring buyers to contact sales for a custom quote — an opacity that lets pricing vary by negotiation and obscures the true cost of moving an organization onto Dropbox.
Dropbox's 'Drop-ins' — the Chooser and Saver widgets that let any app use Dropbox as an open/save dialog — launched in 2013 with fanfare, but the iOS and Android Choosers were later deprecated and the program stagnated as Dropbox steered its platform away from third-party developers toward its own collaboration features.
Linux users found Dropbox's system-tray icon — their primary way to see sync status and open the menu — broken or missing as desktops moved away from legacy tray icons toward AppIndicator, leaving Dropbox's status menu unreliable across popular distributions.
Dropbox's March 2018 IPO created a multi-class share structure concentrating voting power with co-founders Drew Houston and Arash Ferdowsi, limiting ordinary shareholders' say over the company's direction.
To comply with US trade sanctions and embargoes, Dropbox does not provide service in regions such as Crimea, North Korea, and Syria — meaning users there can be cut off from their existing files by their provider's home-country law.
Names that are distinct on Dropbox's case-sensitive, Unicode-tolerant servers but identical on Windows or macOS collide on sync, and Dropbox resolves the clash by silently appending '(Case Conflict)' or '(Unicode Encoding Conflict)' to one of the files.