Dropbox Lied to Users About Data Security, Complaint to FTC Alleges. Just a reminder: anyone using something like Dropbox (or any of the other services with similar functionality) should encrypt client-side (on Macs, sparse bundles are suitable), if it's critical or personal content. Because even if a service promises to encrypt everything and no one can read the data, this service can simply lie. Or have a wrong implementation. The deduplication, the folder sharing and the fact that for some versions a public URL is generated for each file - and thus in both cases people get access to files to whom you have not revealed your password - should make it clear that Dropbox must be able to decrypt server-side. Which of course does not make the wrong presentation on their advertising pages any better - yes, it was just omitting information, but with security statements you'd better say a bit more to make it clear what you actually guarantee. If you leave out essential information, you should not be surprised if you (rightfully!) are called a liar. And especially in the USA, something like this could put a company in quite a predicament.