Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dropbox Attempts To Kill Open Source Project

Posted by CmdrTaco on from the draw-your-swords dept.

Meskarune writes "Dropbox is trying to kill the Dropship project, a useful program that allows users to import files into their accounts using hashes and bypassing the need to make files public. Dropbox sent out fake DMCA requests to all parties involved, and is banning and censoring the program."

42 of 250 comments (clear)

  1. Is that fraud? by Sprouticus · · Score: 4, Interesting

    Wouldn't an attempt to intentionally mislead someone with regard to DMCA be regarded as fraud?

    1. Re:Is that fraud? by drosboro · · Score: 5, Informative

      Well, intentionality would seem to be missing. As I quoted in a comment below, the update at the bottom of the article now reads as follows:

      Update: I want clear up a few things. As far as I’m aware all of the Dropship repositories and archives that were taken down was done so voluntarily. Dropbox never made threats, legal or otherwise. It appears the DMCA notice was automatically sent to me when the file was banned from public sharing. There was no real DMCA takedown issued. It was an edge case bug in their file removal system.

    2. Re:Is that fraud? by DrgnDancer · · Score: 4, Informative

      Except if you read the article, only one "fake" DCMA notice was sent out, and it appears to have been a legitimate accident. While the author of the article is not exactly happy with Dropbox's response to this matter he is not nearly as down on it as the summary suggests, and Dropbox's behavior was no near as flagrant as the summary suggests. This is not "nothing", but it's not anywhere near the level of "awful" suggested in the summary. Whole situation is somewhere between "tempest in teapot" and "very mildly concerning".

      --
      I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
    3. Re:Is that fraud? by mcmonkey · · Score: 2, Interesting

      None of which makes me feel any better.

      The statement that no threats, legal or otherwise, were made is false. Even if the threats were made accidentally, threats were made. Saying an automated email was kicked off inadvertently does not mean the email was never sent.

      Then there's the issue of the mistakenly activated automated email. Why do they have a process that automatically sends out DCMA notices?

      Then there's the action of removing the files at issue. I'm not sure how I feel about the selective action on files. If I'm breaking the ToS, why not freeze my account? On the one hand, I can appreciate the effort to not freeze accounts, but at the same time, I don't want the admins at Dropbox going through my files.

    4. Re:Is that fraud? by Anonymous Coward · · Score: 2, Informative

      Except if you read the article, only one "fake" DCMA notice was sent out

      It wasn't even a DMCA notice. It was an erroneous letter from provider to customer informing customer that the provider received a DMCA notice, when the provider had not (the provider was exercising their privilege of removing the file).

    5. Re:Is that fraud? by Anonymous Coward · · Score: 2, Funny

      So this really should read,

          "Blogging Blogger Libels DropBox"

      Correct?

    6. Re:Is that fraud? by Hatta · · Score: 2, Insightful

      It appears the DMCA notice was automatically sent to me when the file was banned from public sharing. There was no real DMCA takedown issued. It was an edge case bug in their file removal system.

      There are no edge cases in the DMCA. Either it was a valid DMCA request or it was perjury.

      --
      Give me Classic Slashdot or give me death!
    7. Re:Is that fraud? by Hijacked+Public · · Score: 5, Insightful

      I don't want the admins at Dropbox going through my files.

      Don't put them on Dropbox's servers.

      --
      "Sacrifice for the good of The State" - The State
    8. Re:Is that fraud? by _0xd0ad · · Score: 4, Insightful

      There was never a DMCA takedown notice.

      The DMCA takedown notice is what a copyright holder sends to a content host.

      The e-mail from the content host to the user saying "we deleted your file because ______" is not a DMCA takedown notice, regardless of what the reason they give.

      Content hosts are supposed to notify users whose content has been removed due to DMCA takedown notices so that the users have the opportunity to file counter-notices under the DMCA, but that correspondence is not itself a DMCA takedown notice.

    9. Re:Is that fraud? by LordLimecat · · Score: 5, Interesting

      It was not a DMCA "request". It was a notification that they were removing the file in order to comply with DMCA Section 512 C-1-c, which indicates "No liability if ... upon obtaining knowledge or awareness, OSP expeditiously removes Work"

      In other words, they believed the material to infringe on DMCA, and as the file host, they have the right and duty to remove such a file when they believe it to be infringing. See, Dropbox isnt just the potentially "injured party", they are also the service provider-- and that is the capacity they were issuing the notice in. (NB- IANAL)

    10. Re:Is that fraud? by DarwinSurvivor · · Score: 2
      Libel must be:
      1. Written: check
      2. Damaging to the reputation of the defendant: check
      3. False: check
      4. Reasonably known to be false at the time of publishing: FAIL

      The further correction makes it even MORE not libel.

    11. Re:Is that fraud? by Unequivocal · · Score: 5, Informative

      Use SpiderOak instead - zero prior knowledge encryption so no one but the password holder can see the files. (My relation to SO is as a non-paying customer).

    12. Re:Is that fraud? by icebraining · · Score: 2

      Or just use Dropbox's folder as the storage directory for encfs, and then mount it somewhere else - it's what I've been doing.

      --
      Dilbert RSS feed
    13. Re:Is that fraud? by _0xd0ad · · Score: 2

      So they either lied about the existence of the notice, or actually went and delivered themselves the notice.

      They either lied about the existence of the notice, or the system simply sent that in error due to an honest mistake on their part. But either way it wasn't illegal.

      And they obviously didn't deliver themselves a notice... that would make no sense whatsoever.

  2. Maybe a BIT sensationalistic... by drosboro · · Score: 5, Informative

    Okay, according to the update at the bottom of the link (I know, I RTFA, weird, eh?),

    Update: I want clear up a few things. As far as I’m aware all of the Dropship repositories and archives that were taken down was done so voluntarily. Dropbox never made threats, legal or otherwise. It appears the DMCA notice was automatically sent to me when the file was banned from public sharing. There was no real DMCA takedown issued. It was an edge case bug in their file removal system.

    Apparently, Dropbox is asking nicely, but when they flagged the file it triggered an accidental DMCA notice, for which they seem to be apologizing.

    1. Re:Maybe a BIT sensationalistic... by xMrFishx · · Score: 4, Interesting

      Why is there even a default DMCA notice in the system in the first place? Surely these things should be manually handled, rather than essentially "spammed" out. This is the sort of realm of Auto-Lawsuits where everyone got a letter through their mail box. This sort of thing should not be automatic in any sense of the word.

    2. Re:Maybe a BIT sensationalistic... by 0100010001010011 · · Score: 4, Interesting

      VIA post at slashdot.org

      Re: Copyright Claim

      The Slashdot Hosting Company:

      I am the copyright owner of the post being infringed at:

      http://news.slashdot.org/comments.pl?sid=2105778&cid=35944048

      Copies of the post being infringed are included to assist with their removal from the infringing Web sites.

      This letter is official notification under the provisions of Section 512(c) of the Digital Millennium Copyright Act (“DMCA”) to effect removal of the above-reported infringements. I request that you immediately issue a cancellation message as specified in RFC 1036 for the specified postings and prevent the infringer, who is identified by its Web address, from posting the infringing photographs to your servers in the future. Please be advised that law requires you, as a service provider, to “expeditiously remove or disable access to” the infringing photographs upon receiving this notice. Noncompliance may result in a loss of immunity for liability under the DMCA.

      I have a good faith belief that use of the material in the manner complained of here is not authorized by me, the copyright holder, or the law. The information provided here is accurate to the best of my knowledge. I swear under penalty of perjury that I am the copyright holder.

      Please send me at the address noted below a prompt response indicating the actions you have taken to resolve this matter.

      Sincerely,

      0100010001010011

    3. Re:Maybe a BIT sensationalistic... by drosboro · · Score: 2

      Presumably because the requirements of the DMCA legislation in the US is so onerous on services like Dropbox that an automated system is the only reasonable way to go. I'm not sure, being a Canadian (and waiting with great anticipation for our new government to slap our own version of the DMCA down on us)...

      Seems to me that if I were the coder in question, I might be tempted to say "okay, the only reason we're ever going to block anything from public sharing is because someone filed a DMCA complaint... so let's just fire off the automatic notification when we block the file. There, three lines of code and a template email, and I can go grab a coffee". Yes, it's a shortcut, but it's also not completely out-of-the-realm-of-reasonability.

    4. Re:Maybe a BIT sensationalistic... by 0100010001010011 · · Score: 5, Funny

      Oh shit. Sorry about that. I don't know what the system was thinking.

  3. "Useful" by AdmiralXyz · · Score: 4, Insightful

    Useful though it may be, it's very clearly against Dropbox's Terms of Service. That doesn't give them the right to issue takedown notices to other sites on copyright grounds, but let's separate, "evil for issuing fake takedown notices" (which they are), from "evil for wanting to prevent this kind of activity" (which is perfectly reasonable).

    They're not running a filesharing service, that's not their business model, and they don't want to end up like Rapidshare or any of the N other filesharing services in legal hot water. I love Dropbox, and I would hate to see one of it's most useful features- public collaboration folders- shut down because some asshats can't obey the TOS and just use torrents instead. Dropbox should be trying to find a technical solution to block something like this, but if that's not possible, what can they do?

    --
    Dislike the Electoral College? Lobby your state to join the National Popular Vote Interstate Compact.
  4. where's the firehose by penguinchris · · Score: 4, Informative

    Vote this article down - it's misleading flamebait in the extreme. In particular, it fails to mention that the software was designed to facilitate anonymous filesharing, which would most certainly be used for copyright infringement and illegal purposes. And, the whole thing goes against Dropbox's TOS, even if it isn't used for dubious file sharing purposes.

    1. Re:where's the firehose by Gaygirlie · · Score: 4, Informative

      Vote this article down - it's misleading flamebait in the extreme. In particular, it fails to mention that the software was designed to facilitate anonymous filesharing, which would most certainly be used for copyright infringement and illegal purposes. And, the whole thing goes against Dropbox's TOS, even if it isn't used for dubious file sharing purposes.

      Agreed. The TOS is pretty darn clear on this and as such there is no reason to complain, they are fully in their rights to do this.

    2. Re:where's the firehose by h4rr4r · · Score: 2

      Or maybe people just want to share files privately. Not everyone wants to make their files public to share them.

      Everything these days is "Oh noes, teh illegal stuffs", get fucking over it. Baseball bats have lots of illegal uses, no one fights the sales of those.

      The TOS violation is the only thing that matters here. It is also why I never used dropbox and never will. I will keep my own files on my own server thank you.

    3. Re:where's the firehose by Jonner · · Score: 3, Insightful

      According to some, 90% of all email is spam. Does that make SMTP an illegitimate protocol? Often, the easiest way to find copyright infringing works is using Google. Does that make the search engine illegitimate? Porn drove early VCR development. Is VHS an illegitimate technology?

  5. Meh by Haedrian · · Score: 4, Insightful

    I'm with dropbox on this one. The idea of converting dropbox into some sort of filesharing/torrent service, for passing potentially illegal files around is not good.

    I can see why Dropbox doesn't want to be linked to such a thing, when the big media people come a knocking, who do you think is going to end up getting sued?

    And just because its open source doesn't make it right, or wrong, or change anything.

  6. Re:Are they fake though? by Jonner · · Score: 2

    I mean, from the FA, it talks about how Dropship is exploiting the Dropbox hashing algorithm, which might be copyrighted along with the rest of Dropbox (I don't know). If it was, then I could see why there would be grounds for copyright infringement, unless the OSS project could demonstrate that it arrived at that dropbox hashing algorithm through blackbox testing.

    Thankfully, copyright does not apply to algorithms and the US has a legal system based on the idea that people are innocent until proven guilty.

  7. Re:Encryption? by h4rr4r · · Score: 4, Informative

    If they used real encryption they would have to host files over and over again. Encryption breaks file deduping. No way is dropbox going to do something like that, there is no advantage in it for them.

  8. Re:Fake DMCA request by _0xd0ad · · Score: 5, Informative

    Sending a fake DMCA takedown is illegal, yes, but an e-mail that says "we deleted your file due to DMCA takedown notice we received" isn't a DMCA takedown notice. And apparently that e-mail just went out automatically any time they banned a file from someone's account. Apparently it never occurred to whoever designed their system that a file might be removed for anything other than copyright violation... or maybe the admin just didn't select the correct reason when he banned it.

  9. Re:Don't understand by VGPowerlord · · Score: 2

    >import files into their accounts using hashes and bypassing the need to make files public.

    ???

    It bypasses the need to make files public?

    So, when you use Dropbox, you have to make files public? Isn't DropBox a way to share email attachments without attaching it to an email?

    Why would you want to make it public?

    My understanding is that you normally have to invite people one by one to see your non-public files.

    However, it's apparently possible for people to just have the hash and add it to their own dropbox account using Dropship to gain access to it.

    --
    GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
  10. Re:Encryption? by Jonner · · Score: 4, Informative

    It's already been shown that Dropbox's claims about security are mostly bogus. If Dropbox can Hand Over Your Files to the Feds If Asked then the encryption method they use to store files on their servers is meaningless since they have the private keys anyway.

  11. Re:Don't understand by VGPowerlord · · Score: 2

    To put it in DMCA terms (since this is eventually where it will end up), Dropship

    is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title

    -- U.S. Code, Title 17, Chapter 12, Section 1201(a)(2)(A)

    ...although I am not a lawyer.

    --
    GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
  12. Re:Don't understand by HTH+NE1 · · Score: 2

    Or generate random hashes and see what they get?

    --
    Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
  13. Re:Fake DMCA = illegal, right? by denis-The-menace · · Score: 2

    According to an anonymous comment on the blog:

    The perjury provision (17 U.S.C. 512(c)(3)(A)(vi)) applies to persons who submit formal complaints to service providers. It does not apply to informational messages that service providers may send to their users. So even if DropBox had intentionally lied about receiving a DMCA takedown notice (which it didnâ(TM)t; see Arashâ(TM)s comment noting that the DMCA message was mistakenly autogenerated in response to banning the file), it would still not implicate the DMCA perjury provision.

    IOW: If you can get ISPs to be your puppets to send "kind" emails to their users, nobody is at fault regardless of the damages done by the emails.

    DMCA: Best draconian law you can buy!

    --
    Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
  14. Last Straw by Sensiblemonkey · · Score: 2

    Slashdot has become increasingly misleading and sensationalist in recent years. So much so that I'm moving Slashdot's RSS feed to bottom of my pile; to be seen only in moments of extreme boredom. I have far better things to do with my time that wade through the constant stream of FUD that this site is generating these days.

  15. Censoring? by ScentCone · · Score: 2

    This isn't censoring. This isn't the government. That word is going to stop meaning something if people can't use it in some sort of rational context. Never mind that Dropbox is just trying to prevent their system from being turned into a big anonymous piracy farm - a very real concern, and one that they have every reason (and latitude within their TOS) to fight. But ... "censoring?" Why not just call them fascists, while we're at it? Idiots. This article it inaccurate, alarmist trolling.

    --
    Don't disappoint your bird dog. Go to the range.
  16. Re:Don't understand by pmontra · · Score: 3, Insightful

    Basically that means that the secrecy of that hash is the only thing that protects our files on Dropbox. They probably encrypt the files but if anybody has the right hashes s/he can decrypt them. The hash is the key and invites and sharing are not even checked.

  17. Re:DMCA or not by ScentCone · · Score: 2

    they clearly want a open source program off the internet

    No. What they clearly want is to not have their reputation and business model tarnished by having their system turned into a big content piracy farm by people who are violating their very reasonable TOS.

    --
    Don't disappoint your bird dog. Go to the range.
  18. Bullshit by wlad · · Score: 5, Informative

    Hi, I'm the person why wrote dropship. This thread is completely bogus, as there were no DMCA requests issued at all. They mailed me and asked me nicely to take the code down from github, which I did.

    The DMCA confusion is because they stopped a file from being shared on their own service, which generated a silly mail that a DMCA request had been received from themselves and hence a file was taken down. The blogger confused this with a DMCA request (and corrected it afterwards, but it seems slashdot missed this).

    So can we cut it with the flamebait title?

  19. Re:Don't understand by xMrFishx · · Score: 2

    Yeah, unfortunately you're right but I found it funny to write non the less. On the other hand, if only my botnet of PS3s were working, I could try more hashes at a time...[shakes fist] Damn You Sooonnnnyyyyyyyy!

  20. Re:Encryption? by h4rr4r · · Score: 2

    Encrypting after dedupe breaks the whole point of encryption. It means every copy of the same file is encrypted the same way. That means I can tell who has what files. At that point you are encrypting only to claim you do it.

  21. It's a shame SpiderOak's sync funtion doesn't work by Overzeetop · · Score: 3, Interesting

    Never has, never will based on the replies from CS/Tech Support. Seems that it will work okay with a simple setup and small data set, but get one thing off or try to use what you paid for (in my case, about 100GB of corporate data), and you can just give up. I spend two months, five re-installs, and countless hours trying to get things to work - we finally just gave up and went with an inferior service that we could make work acceptably.

    FWIW - SO's backup service was flawless. I never found a missing file or had a problem with it keeping the backup data working.

    --
    Is it just my observation, or are there way too many stupid people in the world?
  22. Re:Encryption? by Jonner · · Score: 2

    Jungle Disk claims "The master key is based on a password YOU choose, known only to you and not stored with Jungle Disk." It doesn't say where the encrypted private key is stored, but at least they say they don't know the password used to encrypt the key.