The author points to the behavior as a "flaw", but I disagree. There's no defect or bug in the software, it's an architectural design. It would be a flaw if Dropbox claimed that each user's data was individually encrypted with a private key tied to the user's account credentials, but I don't think that claim was made. I, for one, think that the deduplication is actually a huge benefit, saving time and bandwidth in unnecessarily uploading files.

As the author suggested, the only way to ever ensure that you're files are inaccessible to anyone but yourself is to encrypt them locally with something like EncFS or TrueCrypt.

Maybe from the perspective of Dropbox it's "an architectural design", but from the perspective of a user facing an RIAA lawsuit, it would be a flaw.

Its a pity this wasn't upvoted more ... I guess we'll have to wait for an incident of this to actually happen before people come back to this post to ooh and aah over how prescient it was. Good writeup.