Ask this question, “Where does my file go?” Can the provider provide an audit trail—not just to the individuals with whom you have chosen to share your file, but perhaps more importantly, individuals and organizations you have not chosen to share with. When a file is deleted, is it gone? What surprises may be found six months from now—or six years? Even if the file is not directly shared, what about the content? Providers routinely scrape file content so that full-text searching can be performed. But other purposes can be applied to that scraped content as well: tagging and matching files, recommendations to related services (advertising), and even notifications.
For most service providers, file sharing and collaboration is nothing more than a commodity service. Accessibility trumps security. It is easier to answer the question, “Can I access I my files?” than it is to ask the question, “Who else can access my files?” If the provider cannot or will not answer that second question, then seriously consider what information you are willing to post.
Articles are becoming increasingly common raising this question. Virtually all of the major providers have undergone some form of review and critique. With a commodity service, agreements are limited and often in the favor of the service provider. Some providers have admitted to back-end sharing of data. Some scan the content of all files posted to provide additional services such as directed advertisements and connecting interested parties.
Any service provider that offers “free” or “freemium” service is likely making up the cost through one of these methods. Careful review of the service agreement often demonstrates exactly what rights to security and privacy the end-user is giving up when posting content to these providers.