Slashdot Mirror
Dropbox TOS Includes Broad Copyright License
mrtwice99 writes "Dropbox recently updated their TOS, Privacy Policy, and Security Overview. Included in the TOS is the following statement: 'By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent we think it necessary for the Service.' I think Dropbox is a great service, but what is the significance of granting them such broad usage rights?"
Elsewhere in the same Terms of Service, which are a few notches above the norm in both brevity and readability, Dropbox says both "Dropbox respects others’ intellectual property and asks that you do too," and "You retain ownership to your stuff."
It's the usual clause companies have to put now a day so that some asshat won't sue them for millions of dollars even if the service providers offered the services like advertised. Dropbox probably needs this clause to show your content in a public link that you link to others. Youtube and any other user submitted service has similar clauses. The law probably needs fixing, but that isn't the companies fault - blame the asshats abusing it.
and don't give them the password.
yes, dropbox can be useful.
all files im uploading there are encrypted.
on this occasion, i'd like to ask: Who Messed With My Anti-paranoia Shot?
Google, deviantArt, Facebook, et al, they all have very similar or same wording in their TOS's. Point is, if they transfer data from your account to someone else's account, it is considered distribution, performance if they show video to others, etc, etc. So they need you to license your stuff to them so they're permitted to carry out their services. The fact that it, on paper, gives them right to do many other things is worrying, but not at all unusual. Good thing about Dropbox version is that it at least has the "to the extent we think we think it necessary for the Service." That is an improvement.
Every harsh word you utter has the right address. It only sounds harsh because the one on the envelope is the wrong one.
If you read the whole agreement, it isn't as scary as the poster has implied.
Your Stuff & Your Privacy
By using our Services you may give us access to your information, files, and folders (together, “your stuff”). You retain ownership to your stuff. You are also solely responsible for your conduct, the content of your files and folders, and your communications with others while using the Services.
We sometimes need your permission to do what you ask us to do with your stuff (for example, hosting, making public, or sharing your files). By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent we think it necessary for the Service. You must ensure you have the rights you need to grant us that permission.
How we use your stuff is also governed by the Dropbox Privacy Policy, which you acknowledge. You acknowledge that Dropbox has no obligation to monitor any information on the Services, even though we may do so. We are not responsible for the accuracy, completeness, appropriateness, or legality of files, user posts, or any other information you may be able to access using the Services. We may disclose information about your account or your stuff to law enforcement officials as outlined in our Privacy Policy.
The material in your dropbox account could be produced in a lawsuit by your opposition. Not that you have anything to hide but who knows what inferences and entanglements could come from that.
Wait a minute. I'm a manager, and I've been reading a lot of case studies and watching a lot of webcasts about The Cloud. Based on all of this glorious marketing literature, I, as a manager, have absolutely no reason to doubt the safety of any data put in The Cloud.
The case studies all use words like "secure", "MD5", "RSS feeds" and "encryption" to describe the security of The Cloud. I don't know about you, but that sounds damn secure to me! Some Clouds even use SSL and HTTP. That's rock solid in my book.
And don't forget that you have to use Web Services to access The Cloud. Nothing is more secure than SOA and Web Services, with the exception of perhaps SaaS. But I think that Cloud Services 2.0 will combine the tiers into an MVC-compliant stack that uses SaaS to increase the security and partitioning of the data.
My main concern isn't with the security of The Cloud, but rather with getting my Indian team to learn all about it so we can deploy some first-generation The Cloud applications and Web Services to provide the ultimate platform upon which we can layer our business intelligence and reporting, because there are still a few verticals that we need to leverage before we can move to The Cloud 2.0.
In the Privacy Policy (https://www.dropbox.com/privacy) they outline how or why they would share your content. IANAL, so any further insight would be great. Here's another relevant part of the T&C's from the Privacy Policy.
"Compliance with Laws and Law Enforcement Requests; Protection of Dropbox's Rights. We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox."
If it bothers you that much, don't bee a freetard, get yourself a basic website with webspace, and you control your own domain and don't have to worry about companies making up such TOCs where they think they own copyrights they have no right to. (this was not a troll posting).
Take Nobody's Word For It.
I'm going out on a limb here and not automatically assuming that legalese = evil (naieve, I know). Fairly certain enough of you will make up for my doe-eyed nature with the ferocity of your knee-jerk reactions, so I thank you for picking up my slack.
To the point: how many times have we seen the RIAA/MPAA cry foul about the evils of file copying? How many slashdot articles have passed by discussing the potential headaches incurred by Amazon's/Google's/Apple's/et al cloud music services? Does nobody even vaguely remember the legal arguments from Capitol v Jammie Thomas or Sony BMG vs. Joel Tenenbaum?
For fuck's sake, you've signed up for an automatically-syncing remote file hosting service. Did you not trust them to make your files available to you worldwide, through the intertubes owned by various non-Dropbox-owned ISPs? Did you not give them permission to copy your files to multiple computers, of your choosing, without them having to pay you licensing fees?
I may not be a lawyer, but I've at least passed out of high school with serviceable reading comprehension skills.
You are giving dropbox the rights to do whatever they want to with your content, according to this. All of thye examples are just that - examples. The terms give them the right to make the judgment on what they want to do. And, since they are free to change the privacy policy at will, just as they changed the TOS, you have no protections.
They can write this much more tightly to protect themselves and give you absolute control. The problem is that to do so it will be very long and "legalese" and not friendly/simple. They should protect their users and the users' intent in choosing the service and do whatever they have to do to deliver what you thought you were getting.
So after having a problem where access given was access forever and when people could get to your stuff without a password they are now pretending they own everything people put there? Maybe it's time for law enforcement to get involved with these clowns and hit them with fraud for pretending to have a secure service.
If you use Dropbox you really - really - should be storing all such files using an encrypted disk image or file of some kind. Knox for the Mac comes to mind, as well as TrueCrypt for multiple platforms. Between this legalese and their recent total security failure, I see this as an absolute *requirement*.
And if your stuff is encrypted properly, they won't be able to claim ownership to it or use it. Problem solved. Ergo, encryption > copyright.
here in merica we aint be readin much. readin is the road to the devil i know cuz my pastor says so. i aint gonna read books cuz there might be athiest or evolution in them. i aint gonna read newspapers cuz i dont care bout the news and i dont want satans words sittin on my kitchen table when im tryna have a beer n some eggs. i aint even gonna read tv cuz im watchin football not some readin shows. so dont try n trick me into burnin in hell by readin your posts cuz i aint goin ta do it. i aint goin to hell and there aint nothin you can do bout it bro.
Is it still safe to store my Bitcoin wallet there, so I can access it from anywhere?
At the end of the day, dropbox is really just a fancy front end bolted on to Amazon's s3 service. So basically if Amazon demanded no copyrighted material be stored on the service, dropbox must change it's TOS to match..... Ultimately your dropbox data is essentially in the hands of not just one, but 2 different companies.
Monstar L
It leaves off the last sentence of the quoted paragraph from the TOS: "You must ensure you have the rights you need to grant us that permission."
IANAL, but I suspect that this is the linchpin of the terms. In order for any of the foregoing rights to be granted to dropbox, you must actually have rights in the first place. You are completely on the hook if you sync anything improperly.
This all sounds fine in theory, but I bet there's not a single dropbox customer who isn't running afoul of this term. It's not really dropbox's fault, it's the fault of our cockamamie copyright laws which grant automatic copyright on EVERYTHING on first publication.
When everything's covered, nothing's covered. Except for those who have the deep pockets to bring suit.
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
"You are giving dropbox the rights to do whatever they want to with your content, according to this. "
Let's qualify this. They can do what they want in order to deliver the advertised Service. They can't just up and decide to sell your stuff, for example, as that is not a Service they sell.
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
"We reserve the rights to be douchebags if we want, but we promise we won't be."
BeauHD. Worst editor since kdawson.
Apparently the submitter has never read a TOS before. That statement's been in almost every major corporation's TOS that I've read to date, and it's mostly an ass-covering line as mentioned by other posters. While I don't like the policy of including unreasonable policies in a TOS, this is hardly unique to dropbox and appears to be part of a mudslinging campaign instead of actual news.
"Our goal each year should be to increase the number of goals we set for ourselves!"
No, they can do whatever THEY think is necessary. It's no different than a clause reading "in our sole judgement".
Problem solved.
---- Booth was a patriot ----
Wuala offers both encryption and cheap storage via data deduplication. They simply AES encrypt your stuff using it's own SHA as the key. And they use the encrypted file's SHA for the identifier. In this way, any two people should encrypt the same file to the same encrypted file, but nobody who's never seen the original file could read it, including Wuala.
Soon, we'll see the MafiAA perusing people's DropBox accounts to delete pirated content and/or sue its possessors. Wuala doesn't offer that much more technical protection here since they'll simply subpoena the list of people possessing a particular file, but they cannot actually just browse your account because each directory gets encrypted too and directories are usually unique. Also, Wuala is far more likely to fight a MafiAA subpoena because they're (a) based in Switzerland, (b) started as a P2P network, and (c) started by academics.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
Derivative work must be an _original_ work of _human_ authorship.
As I understand the subject matter requirement of U.S. copyright law, this is true in the United States. It may not be true in countries that use sweat-of-the-brow.
Removing my shit and uninstalling dropbox as I type this.
Dropxbox is nothing but convenient and lazy way to get your data in places.
Even if this shit I copy around is irrelevant and 'cheap' fuck this license.
-- All Gods were immortal.
-- S. Lem
My main concern isn't with the security of The Cloud, but rather with getting my Indian team to learn all about it
The Cloud runs on Apache. Your Indian team should have no problem.
IANAL, but it seems to me it would be hard to argue in court that Dropbox selling my content for money is necessary for the service or that they could reasonably think that necessary for executing the service.
They want each transmission over your local hardware to be counted as an individual performance, and that you pay per stream.
One would hope that the judge either doesn't amuse easily, or is having a bad day and wants to take it out on idiotic companies and their lawyers who try and write their own law. Dropbox would only try it the once then.
no text, innit
Damn it, now my rc.conf file, and my conkyrc file will be there for the world to exploit. People will realize how I got mpd to display album art on my desktop, and they'll know which services I start in the background when my machine loads! THE HORROR
They can think that it's necessary to sell some of your stuff to keep their unprofitable Service up and running.
Would it be absurd? Sure. Would it be acceptable under their terms? Sure.
The terms are too broad. You can't trust any corporation. Thus.. the possibility of you getting screwed in the future is moderate/high.
Everyone knows that it is more than time to leave Dropbox etc. behind and make a free and opensource piece of software which also can be installed on the own server. Is there a alternative already? I found nothing good enough.
So I plan to start a own project - with version control, a web interface, etc. and a platform-independent client with also platform-independent hotfolder mechanism.
If someone wants to join, write somethin here:
http://groups.google.com/group/FilePyle/browse_thread/thread/7defeeb886c64217
What do they want with my homework?
MS Skydrive service agreement has similar wording:
Except for material that we license to you, we don't claim ownership of the content you provide on the service. Your content remains your content. We also don't control, verify, or endorse the content that you and others make available on the service.
[...]
You understand that Microsoft may need, and you hereby grant Microsoft the right, to use, modify, adapt, reproduce, distribute, and display content posted on the service solely to the extent necessary to provide the service.
Its probably in case they have another password malfunction and allow just anyone to download your data. With the new terms, they are allowed to.
Also remember that Dropbox works internationally, and not every country has the same "fair use" laws as the US.
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
Which is the real reason i would give 2 poos. I just don't want to pass some genius idea over drop box to my employer and have it show up for sale somewhere else the next day. We're moving to svn.
After re-reading Dropbox ToS, I decided to give a try to Wuala instead:
- data is encrypted locally before being stored on the "cloud"
- if you want to buy storage, it's about 50% cheaper than Dropbox
- if you have a computer almost permanently online (this is slashdot, right?) you can "trade" local disk space for online storage
The UI needs some polishing, especially on Android, but the service looks like a nicer alternative to Dropbox.
The only thing you cannot do is to share documents and/or make them public - so keeping a Dropbox account for sharing stuff, and a Wuala account for backups and safe storage, seems a good solution.
http://www.google.com/accounts/TOS, says in clause 11.1:
By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This license is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.
They didn't say "reasonably" until the world exploded around them.
Contracts are contracts. In the US (where Dropbox and probably most of its users are based), courts rarely do anything but follow their express terms. It's a fundamental aspect of the common-law heritage of our legal system that virtually anything is subject to contract under virtually any terms. Exceptions are few, and aside from contracts calling for manifestly criminal conduct, most of the exceptions come from either express law forbidding certain terms (itself rare and sometimes subject to constitutional challenges -- I'm not kidding, contracts are explicitly mentioned in the US constitution) or actual fraud. Neither applies in this case.
The best you can hope for is that it is declared a "contract of adhesion" and fails the closer scrutiny due such contracts. It's quite rare to even get a contract recognized as a "contract of adhesion", however, particularly when the contract involves a highly competitive field with a low barrier to entry where consumers have a wide variety of easily-made choices, and even once the determination is made, actually convincing the court not to enforce its terms is still difficult.
"You retain ownership to your stuff."??????
Surely they mean:
"You retain ownership IN your stuff."
or
"You retain ownership AND your stuff."
or any other random preposition, apart from the correct 'OF'.
Idiots.
and the small print taketh away.
Not sure if the "all your content are belong to us" statements are worse than the "you agree that this is only a license, not a purchase" statements on items you've already purchased. For example, in a moment of weakness and nostalgia, had actually purchased Duke Nukem Forever. On the screen prior to play, it requires that you accept that you have not *bought* the game but are essentially renting a license. A nice little bit of bullshit for something I've already paid for and don't seem to have a viable means of refund....
At the very least, you can view the dropbox license before you drop cash on the damn service. I wish that somebody would draft a law against un-necessarily and uneven licensing/agreements though, as it's getting more and more crazy everyday.
Before jumping on the bandwagon, READ the TOS
We need an open source version of Dropbox that we can host on our own servers.
SugarSync has a similar service and their Terms of Usage are much more like what you would expect.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
"You are giving dropbox the rights to do whatever they want to with your content, according to this. "
Let's qualify this. They can do what they want in order to deliver the advertised Service. They can't just up and decide to sell your stuff, for example, as that is not a Service they sell.
Nope, your are granting them rights, not on your content, but on the content that you are uploading, potentially content to which you may not be the copyright holder and therefore have no right to grant them even a limited license on the the content unless you are the original author and copyright holder.
Alarmist much, Chicken Little? Dropbox has file sharing so they need this. Duh. Your tin foil hat is crooked.
Look at what they advertise and what they will deliver and you will begin to understand why I mentioned fraud. It's a simple consumer affairs issue and has nothing to do with "internet police".
If they want to pretend they are one step ahead of normal web hosting that every ISP on the planet can do they have an obligation to deliver something better than FTP reinvented incredibly badly and an expectation that people will let them do whatever they like with the items placed on their server. Their customers actually have an expectation that this service can be used for secure business communication yet dropbox want to introduce a condition that would allow them to sell whatever they find on their servers to the highest bidder.
Dropbox needs that change in their TOS because of the way they store user files. Unlike any other file storage service (to my knowledge), Dropbox needs to access users unencrypted files because when a user uploads a file they scan the file contents to see if they have a duplicate file out of the 200 millions plus users in their system. If they do find a duplicate they will not upload the file but will use the other users duplicate instead, thus saving server space and creating a competitive advantage over it's competitors. For instance, if you upload an E-Book you purchased, if Dropbox finds a duplicate, they will not upload yours, but will use someone elses E-Book that is already stored on their servers. This is my guess for the copyright change as they are using someones personal file to service many other users. They are sharing your files!
Dropbox has had a series of security debacles recently. I try to have a reasonable approach to security -- I figure that the flip side of the defense-in-depth principle is that it's foolish to overreact to a revelation of a minor security problem, as you should have been assuming there were security vulnerabilities anyway. However, when Dropbox left all files for all users completely exposed for four hours, and I only found out after the fact when my partner read a third party's blog, I had to conclude that Dropbox was both incompetent and unprincipled.
A lot of commenters are comparing the TOS for Dropbox to that of services like Youtube. There's a big difference: one uploads a file to Youtube for the explicit purpose of sharing it with the world at large, so sharing ownership of the files involved with Youtube makes sense. The primary use of Dropbox is for a user to sync some files between different computers, for the private use of that user. Sharing files with a discrete list of other users is a secondary use, and publishing a file for general access is a tertiary use, which seems an afterthought in the Dropbox documentation. Only in that last case can I see any point to the comparison with Youtube.
And somehow, Spideroak can offer all these services, without claiming joint ownership of a user's private documents, or the right to create derivative works. Given that all files are encrypted, client-side, with a private key, it's clear that Spideroak couldn't steal user content even if it wanted to.