Decryption keys are stored on Dropbox's servers, which makes this encryption pointless if the company turns evil.

Not all decryption needs to be end to end encryption. I’m not sure when this idea developed, but it’s silly.

If your threat model mandates that you use end to end encryption, go for it, and choose something other than Dropbox. But saying the encryption is pointless just because the organization that manages the keys could become “evil” is hyperbole.

Dropbox deduplicates files across user accounts to minimize storage. Effectively, this means all accounts share one private key for encryption...

Edit: to be clear, I believe it is an option on enterprise accounts to use your own key.

This shouldn’t be downvoted. The page states clearly that data is encrypted both in transit and at rest.