Dropbox works by storing the actual files that a user uploads and the basic information related to the files in separate servers. Users can then access the files via any device that can connect to Dropbox.
To ensure that the files are secure, Dropbox handles user requests to upload and download files through multiple secure socket layers. When a user uploads a file, it first goes through a single SSL and reaches the processing servers that encrypt the files. The processing server then sends the file to the storage servers, which keep the files in encrypted blocks. Similarly to the first step, the file goes through an SSL layer on its way to the storage servers.
Meanwhile, Dropbox also sends the metadata of the file to a separate server. The metadata contains information such as the last time the file was altered, its name and the file format. The metadata first goes through an SSL layer and then moves to the database that informs the notification service. When the user checks the metadata of a file on Dropbox, the information comes directly from the notification server and does not require SSL protection, as it went through a layer of SSL while uploading.
Downloads work in a similar way. The file first moves out of the storage servers and into the processing servers while passing through a layer of SSL. The processing servers then send the file to the user through another layer of SSL. Because the metadata is on a completely different server, the fact that it does not pass through SSL protection when the user accesses it poses a privacy risk.