Slashdot Mirror
Dropbox TOS Includes Broad Copyright License
mrtwice99 writes "Dropbox recently updated their TOS, Privacy Policy, and Security Overview. Included in the TOS is the following statement: 'By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent we think it necessary for the Service.' I think Dropbox is a great service, but what is the significance of granting them such broad usage rights?"
Elsewhere in the same Terms of Service, which are a few notches above the norm in both brevity and readability, Dropbox says both "Dropbox respects others’ intellectual property and asks that you do too," and "You retain ownership to your stuff."
It's the usual clause companies have to put now a day so that some asshat won't sue them for millions of dollars even if the service providers offered the services like advertised. Dropbox probably needs this clause to show your content in a public link that you link to others. Youtube and any other user submitted service has similar clauses. The law probably needs fixing, but that isn't the companies fault - blame the asshats abusing it.
and don't give them the password.
yes, dropbox can be useful.
all files im uploading there are encrypted.
on this occasion, i'd like to ask: Who Messed With My Anti-paranoia Shot?
Google, deviantArt, Facebook, et al, they all have very similar or same wording in their TOS's. Point is, if they transfer data from your account to someone else's account, it is considered distribution, performance if they show video to others, etc, etc. So they need you to license your stuff to them so they're permitted to carry out their services. The fact that it, on paper, gives them right to do many other things is worrying, but not at all unusual. Good thing about Dropbox version is that it at least has the "to the extent we think we think it necessary for the Service." That is an improvement.
Every harsh word you utter has the right address. It only sounds harsh because the one on the envelope is the wrong one.
If you read the whole agreement, it isn't as scary as the poster has implied.
Your Stuff & Your Privacy
By using our Services you may give us access to your information, files, and folders (together, “your stuff”). You retain ownership to your stuff. You are also solely responsible for your conduct, the content of your files and folders, and your communications with others while using the Services.
We sometimes need your permission to do what you ask us to do with your stuff (for example, hosting, making public, or sharing your files). By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent we think it necessary for the Service. You must ensure you have the rights you need to grant us that permission.
How we use your stuff is also governed by the Dropbox Privacy Policy, which you acknowledge. You acknowledge that Dropbox has no obligation to monitor any information on the Services, even though we may do so. We are not responsible for the accuracy, completeness, appropriateness, or legality of files, user posts, or any other information you may be able to access using the Services. We may disclose information about your account or your stuff to law enforcement officials as outlined in our Privacy Policy.
The material in your dropbox account could be produced in a lawsuit by your opposition. Not that you have anything to hide but who knows what inferences and entanglements could come from that.
If it bothers you that much, don't bee a freetard, get yourself a basic website with webspace, and you control your own domain and don't have to worry about companies making up such TOCs where they think they own copyrights they have no right to. (this was not a troll posting).
Take Nobody's Word For It.
The case studies all use words like "secure", "MD5", "RSS feeds" and "encryption" to describe the security of The Cloud. I don't know about you, but that sounds damn secure to me! Some Clouds even use SSL and HTTP. That's rock solid in my book.
And there I was trying to make my service actually secure when all I needed to do was sprinkle our blurb with some secure-sounding keywords. Thanks for the tip. :)
Every harsh word you utter has the right address. It only sounds harsh because the one on the envelope is the wrong one.
You are giving dropbox the rights to do whatever they want to with your content, according to this. All of thye examples are just that - examples. The terms give them the right to make the judgment on what they want to do. And, since they are free to change the privacy policy at will, just as they changed the TOS, you have no protections.
They can write this much more tightly to protect themselves and give you absolute control. The problem is that to do so it will be very long and "legalese" and not friendly/simple. They should protect their users and the users' intent in choosing the service and do whatever they have to do to deliver what you thought you were getting.
So after having a problem where access given was access forever and when people could get to your stuff without a password they are now pretending they own everything people put there? Maybe it's time for law enforcement to get involved with these clowns and hit them with fraud for pretending to have a secure service.
Is it still safe to store my Bitcoin wallet there, so I can access it from anywhere?
At the end of the day, dropbox is really just a fancy front end bolted on to Amazon's s3 service. So basically if Amazon demanded no copyrighted material be stored on the service, dropbox must change it's TOS to match..... Ultimately your dropbox data is essentially in the hands of not just one, but 2 different companies.
Monstar L
It leaves off the last sentence of the quoted paragraph from the TOS: "You must ensure you have the rights you need to grant us that permission."
IANAL, but I suspect that this is the linchpin of the terms. In order for any of the foregoing rights to be granted to dropbox, you must actually have rights in the first place. You are completely on the hook if you sync anything improperly.
This all sounds fine in theory, but I bet there's not a single dropbox customer who isn't running afoul of this term. It's not really dropbox's fault, it's the fault of our cockamamie copyright laws which grant automatic copyright on EVERYTHING on first publication.
When everything's covered, nothing's covered. Except for those who have the deep pockets to bring suit.
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
"You are giving dropbox the rights to do whatever they want to with your content, according to this. "
Let's qualify this. They can do what they want in order to deliver the advertised Service. They can't just up and decide to sell your stuff, for example, as that is not a Service they sell.
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
"We reserve the rights to be douchebags if we want, but we promise we won't be."
BeauHD. Worst editor since kdawson.
Apparently the submitter has never read a TOS before. That statement's been in almost every major corporation's TOS that I've read to date, and it's mostly an ass-covering line as mentioned by other posters. While I don't like the policy of including unreasonable policies in a TOS, this is hardly unique to dropbox and appears to be part of a mudslinging campaign instead of actual news.
"Our goal each year should be to increase the number of goals we set for ourselves!"
No, they can do whatever THEY think is necessary. It's no different than a clause reading "in our sole judgement".
Problem solved.
---- Booth was a patriot ----
Wuala offers both encryption and cheap storage via data deduplication. They simply AES encrypt your stuff using it's own SHA as the key. And they use the encrypted file's SHA for the identifier. In this way, any two people should encrypt the same file to the same encrypted file, but nobody who's never seen the original file could read it, including Wuala.
Soon, we'll see the MafiAA perusing people's DropBox accounts to delete pirated content and/or sue its possessors. Wuala doesn't offer that much more technical protection here since they'll simply subpoena the list of people possessing a particular file, but they cannot actually just browse your account because each directory gets encrypted too and directories are usually unique. Also, Wuala is far more likely to fight a MafiAA subpoena because they're (a) based in Switzerland, (b) started as a P2P network, and (c) started by academics.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
Derivative work must be an _original_ work of _human_ authorship.
As I understand the subject matter requirement of U.S. copyright law, this is true in the United States. It may not be true in countries that use sweat-of-the-brow.
My main concern isn't with the security of The Cloud, but rather with getting my Indian team to learn all about it
The Cloud runs on Apache. Your Indian team should have no problem.
IANAL, but it seems to me it would be hard to argue in court that Dropbox selling my content for money is necessary for the service or that they could reasonably think that necessary for executing the service.
They want each transmission over your local hardware to be counted as an individual performance, and that you pay per stream.
One would hope that the judge either doesn't amuse easily, or is having a bad day and wants to take it out on idiotic companies and their lawyers who try and write their own law. Dropbox would only try it the once then.
no text, innit
Damn it, now my rc.conf file, and my conkyrc file will be there for the world to exploit. People will realize how I got mpd to display album art on my desktop, and they'll know which services I start in the background when my machine loads! THE HORROR
MS Skydrive service agreement has similar wording:
Except for material that we license to you, we don't claim ownership of the content you provide on the service. Your content remains your content. We also don't control, verify, or endorse the content that you and others make available on the service.
[...]
You understand that Microsoft may need, and you hereby grant Microsoft the right, to use, modify, adapt, reproduce, distribute, and display content posted on the service solely to the extent necessary to provide the service.
Its probably in case they have another password malfunction and allow just anyone to download your data. With the new terms, they are allowed to.
Also remember that Dropbox works internationally, and not every country has the same "fair use" laws as the US.
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
http://www.google.com/accounts/TOS, says in clause 11.1:
By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This license is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.
They didn't say "reasonably" until the world exploded around them.
Contracts are contracts. In the US (where Dropbox and probably most of its users are based), courts rarely do anything but follow their express terms. It's a fundamental aspect of the common-law heritage of our legal system that virtually anything is subject to contract under virtually any terms. Exceptions are few, and aside from contracts calling for manifestly criminal conduct, most of the exceptions come from either express law forbidding certain terms (itself rare and sometimes subject to constitutional challenges -- I'm not kidding, contracts are explicitly mentioned in the US constitution) or actual fraud. Neither applies in this case.
The best you can hope for is that it is declared a "contract of adhesion" and fails the closer scrutiny due such contracts. It's quite rare to even get a contract recognized as a "contract of adhesion", however, particularly when the contract involves a highly competitive field with a low barrier to entry where consumers have a wide variety of easily-made choices, and even once the determination is made, actually convincing the court not to enforce its terms is still difficult.
and the small print taketh away.
Not sure if the "all your content are belong to us" statements are worse than the "you agree that this is only a license, not a purchase" statements on items you've already purchased. For example, in a moment of weakness and nostalgia, had actually purchased Duke Nukem Forever. On the screen prior to play, it requires that you accept that you have not *bought* the game but are essentially renting a license. A nice little bit of bullshit for something I've already paid for and don't seem to have a viable means of refund....
At the very least, you can view the dropbox license before you drop cash on the damn service. I wish that somebody would draft a law against un-necessarily and uneven licensing/agreements though, as it's getting more and more crazy everyday.
This is a TOS change. Many of those complaining on this thread have just closed their accounts in response to the TOS change
The problem isn't that the ToS is written in legalese. They are all written in legalese. There is nothing evil about legalese.
The problem is that this company is assigning itself an unreasonable, unnecessary and unethically expansive set of rights to other people's intellectual property - essentially every right short of actual ownership.
That isn't such a big deal if we are talking about what you type in to the Google-search box; it IS a big deal when the whole point of the service is to provide backup and synchronization for your personal data. If you are writing a book, writing software, using the service to work on some tracks or digital paintings or photos, it is pretty darned likely that you would use such a service for these things.
Are there ways to avoid the problem? Sure, don't use the service. But this kind of clause is still poisonous and abusive and should condemned by everyone. This isn't necessary and it is wrong, Dropbox should stop or they will continue to see this kind of bad press.
SugarSync has a similar service and their Terms of Usage are much more like what you would expect.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
"You are giving dropbox the rights to do whatever they want to with your content, according to this. "
Let's qualify this. They can do what they want in order to deliver the advertised Service. They can't just up and decide to sell your stuff, for example, as that is not a Service they sell.
Nope, your are granting them rights, not on your content, but on the content that you are uploading, potentially content to which you may not be the copyright holder and therefore have no right to grant them even a limited license on the the content unless you are the original author and copyright holder.
Alarmist much, Chicken Little? Dropbox has file sharing so they need this. Duh. Your tin foil hat is crooked.
Look at what they advertise and what they will deliver and you will begin to understand why I mentioned fraud. It's a simple consumer affairs issue and has nothing to do with "internet police".
If they want to pretend they are one step ahead of normal web hosting that every ISP on the planet can do they have an obligation to deliver something better than FTP reinvented incredibly badly and an expectation that people will let them do whatever they like with the items placed on their server. Their customers actually have an expectation that this service can be used for secure business communication yet dropbox want to introduce a condition that would allow them to sell whatever they find on their servers to the highest bidder.
Dropbox has had a series of security debacles recently. I try to have a reasonable approach to security -- I figure that the flip side of the defense-in-depth principle is that it's foolish to overreact to a revelation of a minor security problem, as you should have been assuming there were security vulnerabilities anyway. However, when Dropbox left all files for all users completely exposed for four hours, and I only found out after the fact when my partner read a third party's blog, I had to conclude that Dropbox was both incompetent and unprincipled.
A lot of commenters are comparing the TOS for Dropbox to that of services like Youtube. There's a big difference: one uploads a file to Youtube for the explicit purpose of sharing it with the world at large, so sharing ownership of the files involved with Youtube makes sense. The primary use of Dropbox is for a user to sync some files between different computers, for the private use of that user. Sharing files with a discrete list of other users is a secondary use, and publishing a file for general access is a tertiary use, which seems an afterthought in the Dropbox documentation. Only in that last case can I see any point to the comparison with Youtube.
And somehow, Spideroak can offer all these services, without claiming joint ownership of a user's private documents, or the right to create derivative works. Given that all files are encrypted, client-side, with a private key, it's clear that Spideroak couldn't steal user content even if it wanted to.
I don't see how. Most other commercial webhosting providers I have used have the same babble. I would assume the reason why this even exists is because of dropbox's 'Public' folder.
This clause even existed in the 90s on Geocities.
Change is certain; progress is not obligatory.