Dropbox's New Policy of Scanning Files For DMCA Issues

Advocatus Diaboli (1627651) writes "This weekend a small corner of the Internet exploded with concern that Dropbox was going too far, actually scanning users' private and directly peer-shared files for potential copyright issues. What's actually going on is a little more complicated than that, but shows that sharing a file on Dropbox isn't always the same as sharing that file directly from your hard drive over something like e-mail or instant messenger. The whole kerfuffle started yesterday evening, when one Darrell Whitelaw tweeted a picture of an error he received when trying to share a link to a Dropbox file with a friend via IM. The Dropbox web page warned him and his friend that 'certain files in this folder can't be shared due to a takedown request in accordance with the DMCA.'"

Later Dropbox!

Its been nice while it lasted, now on to other services!

Re:Later Dropbox!

[noblebeast]

MEGA is looking like a better alternative every day. End-to-end encryption, and 50GB(!) free storage.

Re:Later Dropbox!

Take that you fucking geek hipsters, you just dont learn do yah?

Its going to happen over and over again until you learn to buy a fucking HDD.

Re:Later Dropbox!

[MightyYar]

And then mail it to your friends and colleagues? Might slow things down a bit, but it makes me feel nostalgic. Just today I considered faxing something, just for the pure walk down memory lane. Beeep. Beeep. Beeep. X-FER FAIL.

Re:Later Dropbox!

My brother and few friends used to send me emails asking me to create a Dropbox account so they could get more storage space. Im the only one that can see beyond my fucking nose.

The internet as we knew it is long gone, there is only a NSA/Facebook/Google/Amazon shared intranet these days. My shit is mine and no one else, it shall not end up in their servers.

I guess Stevie Wonder was wrong when he said "people keep on learning"...

Re:Later Dropbox!

[MightyYar]

I hear ya', but some things... it simply doesn't matter what server they end up on.

Re:Later Dropbox!

[mister_playboy]

For the kind of usage TFA talks about ("public" links), I recommend 1fichier.

50GB(!) max file size, unlimited storage, 60 days retention for free users.

https://www.1fichier.com/

Re:Later Dropbox!

[hodet]

I just use my own VPS. Amazing what people will go through to save $10/month.

Re:Later Dropbox!

Using a service like mega is just asking to be surveilled. Really. Common sense dictates you do nothing to attract attention to yourself. Using a service like mega begs for all users to be on a list. No, thank you.

Re:Later Dropbox!

Yes, Dropbox is one thing... but when I toss files into a TrueCrypt container using keyfiles (I use keyfiles to prevent password/passphrase brute forcing), the files stored become a lot harder to index.

However, I don't use Dropbox for sharing unencrypted data. I use PGP files that were encrypted with a private key, then tossed in an encrypted WinRAR archive. (I like using symmetric encryption as the outer layer so someone who might intercept the link and slurp the file wouldn't have a clue on what public key it is encrypted to.)

Re:Later Dropbox!

[neonKow]

By whom, exactly? At the moment, using the INTERNET means your data goes through NSA servers, but that's not exactly a list. The people who'd care to put you on a list are people like the MPAA and RIAA, and I seriously doubt they have a digital surveillence arm. Are you just spewing random paranoia to sound smart?

Re:Later Dropbox!

[noblebeast]

Given the choice between my data being flagged for later surveillance (MEGA service, with e2e encrypt), or being automatically harvested by by the dragnet because it's "in the clear" (Dropbox, no e2e encrypt), I think the first choice is obviously the better one.

Re:Later Dropbox!

...I seriously doubt they have a digital surveillence arm...

But they do. The government is always at their service. Or what, you think they don't expect something in return for all those "donations" they make to the party of their choice? Quid pro quo all around, sir, it's part and parcel to the game.

Re:Later Dropbox!

I like Box.com. I get 50GB free, it supports WebDAV and I can upload whatever I want.

Re:Later Dropbox!

[spire3661]

There are no other services, they are all going to do this. Roll your own.

Re:Later Dropbox!

I'm not trying to sound smart. I know how the game is played very well. Having worked for the largest ISPs in the world as an IT security engineer, I know exactly what happens. Mega is of interest to multiple parties, not the least of which are various federal governments and their surveillance arms. Using Mega attracts attention beyond using something benign like Dropbox. They are all of interest in one way of another, but sites like Mega, Wikileaks, and the like beg your name to be put on a list. Not worth the aggro.

Re:Later Dropbox!

What is with that "60 day retention" bullshit? That makes the service utterly worthless.

Use OneDrive, Google Drive or Box and you don't ever have to worry about your stuff disappearing.

Re:Later Dropbox!

[Pausanias]

Yes! Hand over your files to a convicted criminal! That will be better.

Is the sync client open source, so that I can check it's not snooping?

Re:Later Dropbox!

[noblebeast]

Some services/plugins DO support private key management. In other words: you have the key, and the company doesn't have the capacity to decrypt your files even if they wanted to. For example: https://www.safemonk.com/ http://www.infrascale.com/file...

Re:Later Dropbox!

[GameboyRMH]

I guess Stevie Wonder was wrong when he said "people keep on learning"...

He's right in the long term, but the process is VERY slow and sometimes stalls and regresses, even for centuries at a time.

Re:Later Dropbox!

[jmcvetta]

people like the MPAA and RIAA, and I seriously doubt they have a digital surveillence arm.

Actually, I've seen several job ads to write digital surveillance software for the bigmedia cartels. There are also a good number of small companies (startup & otherwise) who make it their business to surveil the users of cultural data.

Re:Later Dropbox!

if only they had a proper "download" system, it's horrible...

Re:Later Dropbox!

[The+MAZZTer]

encfs looks really cool in that it will transparent encrypt files and they look like regular files to dropbox etc, but they can go on any file system and encfs will still recognize the encryption when they come out. So that's always an option.

Sadly, the Windows port of it that I've tried is really buggy. I had to use it inside a Linux VM to really use it.

Re:Later Dropbox!

If you bothered to use Tor's .onion services, or I2P's i2p services, none of you would have this problem.
Problem is, you're all to damned impatient to wait just the little bit longer it takes to share and get
your stuff via these secure services. Therefore, YOU GET WHAT YOU DESERVE.

That's it

[GeekHillbilly]

If Dropbox is doing that,then their service will get dropped like an overheated potato.I won't use them,that's for sure.

Re:That's it

[Richard_at_work]

But this isn't new, its been going on since Dropbox implemented their DCMA violation checking system a few years ago, and you can see *why* they are doing it.

Lets clarify a few things for those that aren't going to RTFA - this isn't for private shared folders, or for folders within your own Dropbox. This is for when you create *public* links, by either using the "Shared Links" facility or when you create a public link from the old style Public folder.

Thats it. The files Dropbox is including in these scans are *publicly linked* to - and they are fair game if Dropbox wants to stay ahead of the legal system on this front. Dropbox has no idea that you only intend to share it with yourself, or one other person, and there is no mechanism by which you can ensure that yourself anyway.

Yet again its forced outrage against basically something which is common sense - if the file has been taken down before, its going to be again, and the less man power Dropbox expends while handling DCMA requests the better for them as a company.

Re:That's it

Lets clarify a few things for those that aren't going to RTFA - this isn't for private shared folders, or for folders within your own Dropbox. This is for when you create *public* links, by either using the "Shared Links" facility or when you create a public link from the old style Public folder.

It is of course up to every individual to decide if they trust Dropbox with that distinction.
Reading the article is pretty pointless if you don't trust the source.

Yet again its forced outrage against basically something which is common sense - if the file has been taken down before, its going to be again, and the less man power Dropbox expends while handling DCMA requests the better for them as a company.

That is outrageous, copyright has to be considered on an individual basis. What is fair use in one case isn't necessarily in another. DMCA isn't something that should/can be properly automated.
It is also outrageous (But not surprising) that Dropbox decides to bend over for a third party rather than contest it. It is insane for a company to value a third party over their customers.
Why would I choose Dropbox if I know that they will shut me down at the request of a third party without even verifying if they claims are true or not. (Yes it is possible to make false DMCA claims and it is done a lot.)
This seems like a short term saving that will pass over any false DMCA filings to the user base that will then switch over to other services.

Re:That's it

[Dcnjoe60]

Do you know if dropbox is trying to determine what is a DMCA violation and stopping the share or if they have received actual takedown notices? I ask because if somebody shares something and dropbox recieves a takedown notice, then I would be okay with that. On the other hand, if they are trying to police what is out there, I'm not sure how they can make that determination or why they would stop at just shared content.

Not trying to troll or inflame the discussion, just actually wondering how the process works.

Re:That's it

[Richard_at_work]

Its only if they have received take down notices for that specific item with that specific cryptographic hash before - if the item you are sharing has never been the subject of a take down request, then you are free to share it, there is no proactive policing going on.

Re:That's it

[hattig]

Or you could read the article and get answers immediately.

They use file hashes of previous DMCA requests when new files are shared. If it transgresses, it's blocked just like this situation.

It's not "policing", it's blacklisting the sharing of specific files via comparing file's hash against a list of blacklisted hashes.

I just hope they're not using CRC16.

Re:That's it

RTFA:
All files on Dropbox are hashed, this is used for de-duplication to reduce storage requirements. When they get a DMCA request they remove the requested link(s) and flag the *hash*.

Any time someone tries to access a DMCA flagged file via a public interface it'll refuse, this is probably necessary to avoid being found liable under the DMCA given the way they does their de-duplication.

Others have noted that private folders and even non-public shared folders isn't affected by this so it appears that they only do this when required by law to avoid loosing the DMCA shield.

To reduce user confusion, when you try to make a public link Dropbox checks all hashes underneath and if one (or more) are flagged it'll tell you about it. I don't think there's a legal requirement to warn but if they didn't they'd have a lot of consumer support requests which would cost them money to handle.

Re:That's it

[Lightning+McQueen]

No, actually. The rest of us knew when we created our dropbox accounts NOT to put material there that might cause a problem. I don't put material I don't want anyone to see there - ya know like social security numbers, credit card numbers, passwords, etc - unless I've encrypted it before hand. This goes for all shared services. Anyone who believes the 'we promise we won't look at your stuff' line is naive. It may very well be corporate policy and they may try very hard to follow that, but it only takes one bad apple employee to go snooping through your stuff and commit identity theft!

Re:That's it

[mysidia]

Dropbox has no idea that you only intend to share it with yourself, or one other person, and there is no mechanism by which you can ensure that yourself anyway.

Well.... if more than 3 IP addresses retrieve the link, then assume it has been shared with other people.

Re:That's it

[Lightning+McQueen]

Why 3 IP addresses? Where did you get that number from?

Re:That's it

[fsagx]

Just remember to add one byte to the end of any questionable file --> new hash, no takedown.

dd if=/dev/zero count=1 bs=1 >> old_file_gets_new_hash.mp4

Re:That's it

The DMCA notice, takedown, dispute procedure is complicated because it creates a balance of power between the publisher (in this case, Dropbox's user) and the alleged rightsholder, so even if a creative regime seems like "common sense," it may be tilting that balance.

Part of the balance is simply who does the work, at scale. While there might not be a good common sense answer to this question that is essentially fair, it's obviously something negotiated into the DMCA when it was passed, so it ought to matter. If you give rightsholders a fancy web tool and tell publishers to send paper mail waiting 8 weeks for counternotices, you are tilting the balance. This should be "common sense," too. What they are doing seems like a less drastic version of this.

For another example, one user may have the rights to publish something while another does not, yet both are publishing the same hash. Dropbox may consider this case (an automatic takedown that shouldn't have happened) so rare that they "forgot how to count that low," but if it's ok for ISP's to do that then publishers who actually have licensed rights trying to publish something get driven from one host to another, causing outages and raising the price they pay, because everyone "forgot how to count that low." This antipattern is one thing DMCA's "common carrier" rules would seem to prevent: you only get protections from the DMCA if you actually serve everyone "fairly" as the DMCA defines it, and don't discriminate by overcharging and punishing with flakey service those customers who are participating in the copyright regime, by fully implementing the pre-lawsuit procedures. If you set up some other goofy thing that's more convenient for you, then you don't get the common carrier protections.

My question is then: was he able to file a counterclaim immediately upon receiving the automatic takedown, and if he does that does the link immediately and automatically go back up? If not, then this sounds definitely bogus to me. If so, it might be bogus. IANAL but we need to go a bit further than "common sense."

Re:That's it

[Richard_at_work]

New hash, no *immediate* take down, but be prepared to be on the receiving end of one, which I would consider mildly worse than having Dropbox say "nope" before the lawyers get involved.

Re:That's it

[Travelsonic]

Yet again its forced outrage against basically something which is common sense

*sighs*... I hate these phrases - faux outrage, forced outrage, since they are used in the least applicable places. Misleading outrage isn't forced - it's still misleading, but it's still real. I's like when you mishear that somebody was banging your GF, and you momentarily get pissed before the person repeats themselves... the outrage in that split second was no less real.

Re:That's it

[Drethon]

If they don't delete local files, I'll wait and see before claiming the sky is falling.

Re:That's it

[bberens]

If you're not distributing copyrighted material I fail to see how this could be a problem in practice. You'd have to create a public link to your copyrighted file and that link would have to somehow wind up in the hands of the MPAA or other representative of copyright holders.

Re:That's it

[Richard_at_work]

No, I specifically meant what I typed - the article is written in the way that you are intended to be left feeling as if Dropbox is deliberately doing something morally, ethically and socially unacceptable, and that they have just started doing it. The article writer and subjects mentioned within it are outraged that Dropbox is doing what they are doing, regardless of the fact that an average person wouldn't have any issues with what Dropbox are doing in this instance.

Its the article writers and subjects which have the forced outrage, because forced indifference doesn't cause page clicks.

Re:That's it

[TangoMargarine]

What if I access it from 4 locations myself? e.g. home, work, friend's house, public library.

Boom. "Infringement."

Re:That's it

[DrXym]

Even if that's all they are doing, they're only one lawsuit away from handing over the names of everyone who has a duplicate of that hashed file on their own account. Or any other list they are presented with. I assume the MPAA / RIAA have it in their power to hash up the top 100 downloads from TPB in any given week and go fishing for infringement on cloud services. The likes of Google, Amazon, Apple, Microsoft also have a good incentive to comply too since they sell content.

Of course this is an issue that could be avoided if cloud providers offered a simple way for users to enable client side encryption, not just of the content but the entire file system. Then they literally have no idea what they are storing and it's hard to see how any court could compel them to reveal it either.

Re:That's it

So putting it in your public folder and just e.g. IM'ing or emailing the URL should still presumably work; it's just the social media sharing that doesn't?

Re:That's it

[X.25]

Yet again its forced outrage against basically something which is common sense - if the file has been taken down before, its going to be again, and the less man power Dropbox expends while handling DCMA requests the better for them as a company.

As we have seen before, noone would ever file an invalid DMCA takedown request.

Are you a fucking idiot, or you work at DropBox?

Re:That's it

[TangoMargarine]

If you're not distributing copyrighted material I fail to see how this article is relevant at all. They wouldn't care.

Re:That's it

You get an error when creating a link, that's it. They don't delete any files (they delete the link in response to the DMCA takedown).

Re:That's it

[AntiSol]

Well, technically, after enough time somebody *will* eventually try to upload a perfectly legitimate file which just happens by coincidence to have the same hash as something that was taken down, and that uploader will get an erroneous error message blocking them from sharing their own work.

So you don't have to be distributing copyrighted material for this to be a problem, but probability is on your side - it's probably not likely to happen for decades or centuries, depending on the hashing algorithm used. But it just might happen to you tomorrow.

Re:That's it

[Richard_at_work]

And you've completely missed the point of this entire thread, congratulations :)

Re:That's it

This will inevitably happen to any and all Cloud based services. That is why they "Cloud" is not a great place to work from, and why you should think about using your local machine or one that you own with encryption.

Re:That's it

[suutar]

How does the existence of invalid DMCA requests cause it to be in Dropbox's interest to expend more manpower handling DMCA requests than necessary? You think even if they did it one request at a time by hand it would prevent fake DMCA requests from getting processed? Not happening. Their safe harbor is based on them processing the request on the assumption that it's legit. You, the file holder, can then challenge that and it's no longer their problem. But the initial request is gonna get honored.

Re:That's it

[lister+king+of+smeg]

Dropbox has no idea that you only intend to share it with yourself, or one other person, and there is no mechanism by which you can ensure that yourself anyway.

Well.... if more than 3 IP addresses retrieve the link, then assume it has been shared with other people.

So I keep my dropbox account synced to my server, my desktop, my laptop, VM at the college computer lab, phone and tablet, that's six potentially unique IP addresses just for me more if I use tor as a vpn at a wifi access point I don't trust. Again people IP addresses do not equal individuals.

Re:That's it

[ganjadude]

I know im not the only one who thought that dropbox was already looking at my files, I like the software it "just works" but i only trust it with trivial things, photos that i have backed up somewhere else but might want quick and easy access to, a resume a few text files that dont have anything important on it

Re:That's it

No. This will not happen by accident, not today or tomorrow or in this century.
What do you think they are using, CRC-32?

Re:That's it

[franciscohs]

So let me get this straight, dropbox has the ability to identify individual users on the amount of files that they have which are identified as "pirate" files?, no matter if they match your files against hashes or whatever (and they aren't actually scanning each individual file), but I'm concerned I'm boing flagged as a pirate for uploading to my private folder any kind of file I have.

Re:That's it

[mlts]

It is only going to backfire. If people realize that their files are being scanned and access blocked because they might be looked at, Dropbox will either become a ghost town or people will just grab a copy of TrueCrypt and start encrypting everything, and then everything goes dark in regards of scanning. If DB blocks encryption, then people will just give them the middle finger and move to GDrive which offers a lot more storage for the unit of currency.

The last thing Dropbox needs is bad publicity. Google is nipping on their heels with very inexpensive storage. Google's app may not be as polished as DB's for photo uploads on iOS, but it is still usable.

Re:That's it

If you're not distributing copyrighted material I fail to see how this article is relevant at all. They wouldn't care.

All material is copyrighted, unless explicitly placed in the public domain.

Re:That's it

[neonKow]

You don't need public links for keeping your own account in sync.

Re:That's it

[neonKow]

You should probably reread the article (if you did at all), because you have gotten it anything but straight. Dropbox is doing this with public files, no private ones, and it's just notifying you that some files can't be shared.

Since your unencrypted files are on Dropbox servers, they have had "the ability" to identify pirate files at any point that they decided to code that, but anyone with a basic knowledge of how "files stored on someone else's computer" works should already know this.

Re:That's it

[spire3661]

They are actively comparing files against hash database automatically when you go to share.

Re:That's it

If you're not distributing copyrighted material I fail to see how this article is relevant at all. They wouldn't care.

The very simple reason that such systems have an incredibly high false-positive rate. You will simply not be allowed to upload lots of your files. Because it might look like something with a copyright...

Re:That's it

Exactly. Encrypt your shit before you upload and it won't be a problem.

Re:That's it

[TangoMargarine]

Hmm. Yeah, I suppose that's a good point.

Re:That's it

[omnichad]

I think the bigger problem if that happened would be the havoc on their de-duplication system. If you manage to create a collision, could download a copy of someone else's file.

Re:That's it

[omnichad]

Thankfully, no one goes after "possession" for illicit content. It's only attempts to share that have been prosecuted. With P2P, downloading means sharing - but not with Dropbox.

Re:That's it

[thegarbz]

Yet again its forced outrage against basically something which is common sense

The only thing that is common sense is that Dropbox have claimed end-to-end encryption. Then they were caught out a few years ago de-duping and they promised to fix their practice and then assured us that they don't look at content. Now they are apparently scanning your supposedly encrypted content for DCMA violations?

I don't give a crap about scanning for DCMA violations. I am outraged that this is possible from a company which has come out publicly and said "Look at us, we're so secure even we don't know what you're uploading."

Re:That's it

[AntiSol]

Um, yes, It *WILL* happen sooner or later.

I was being conservative, and they don't say what they're using. Based on my experience with people (they're often incompetent morons), CRC16 wouldn't suprise me.

Re:That's it

[geekbastard]

All material is copyrighted, unless explicitly placed in the public domain.

Nothing has a copyright until a copyright is applied for and granted

Re:That's it

[david_thornley]

That's how it used to be. Nowadays, copyright exists once a creative work is put into tangible form (this comment is creative enough to be covered, and is copyrighted as I type it, since computer memory is tangible). I believe this is the case in all Bern convention countries.

That doesn't mean there aren't advantages to registering a copyright, but if you bother to look up the law, you'll find that this comment is copyrighted.

Re:That's it

[david_thornley]

It will of course happen if enough stuff gets uploaded. Depending on what they're using for a hash, it may not happen before the heat death of the Universe.

Re:That's it

[david_thornley]

I've got material copyrighted by other people or companies, and legitimately purchased or licensed for free download, on Dropbox. A list of people with those files would be useless for prosecution.

Re:That's it

[Marxist+Hacker+42]

Warning: Your posts on slashdot have exactly the same security as Dropbox.

Re:That's it

[Marxist+Hacker+42]

So if you don't share, you don't get a DMCA takedown on that file. Good to know.

Two solutions (Encrypt or leave)

[kye4u]

If you are determined to use drop box, use an open source software as 7zip that will encrypt and zip. Otherwise, stop using drop box and move on to something else. One of the consequences of using the magical cloud is that your are bound to somebody else's rules for how they manage your data. Also note that those rules are subject to change at any time, and you don't have any say in those changes (I guess the only option is to speak with your wallet and move to greener pastures).

Re:Two solutions (Encrypt or leave)

[Xest]

I stopped using DropBox when it's Android app started asking for access to my contacts etc.

Anything that asks for permissions unnecessary to its key purpose is dead to me.

Re:Two solutions (Encrypt or leave)

[rudy_wayne]

Otherwise, stop using drop box and move on to something else.

And that "something else" will still be subject to the same bad laws (DMCA) as Dropbox.

One of the consequences of using the magical cloud is that your are bound to somebody else's rules for how they manage your data.

The problem is, this isn't Dropbox's rules. They are following the law.

Re:Two solutions (Encrypt or leave)

[GeekHillbilly]

Dropbox just shot their business model in the head.I hope they realize that.

Re:Two solutions (Encrypt or leave)

[Sockatume]

Isn't that so that you can send links to contacts? Android has no granular permissions support so if you ever want to be able to email a link from the app, you have to grant that permission.

Re:Two solutions (Encrypt or leave)

[jellomizer]

For an app intended to share data with different people, being able to access your contacts would make the program easier to use assuming that you are sharing data with people on your contact list.

That said most apps work if you say No. I wouldn't call it an unnecessary request to ask for permission.
 

Re:Two solutions (Encrypt or leave)

[aviators99]

If you encrypt, it's not very convenient to do what the person in the article did: link to a video. His IM buddy would have to download/decrypt before seeing the video. Your point is well-taken, of course. But leaving for another cloud provider is likely not going to make things any better. Cloud storage, by its broad definition, is sacrificing security for convenience (to some extent). You can certainly mitigate that via encryption, but at the loss of much of the convenience, especially when it comes to this particular use case, which is the sharing of a video.

Re:Two solutions (Encrypt or leave)

[iq-0]

One of dropbox's key features is it's ability to share your files. So I hardly think access to your addressbook is really wrong. If they'd be sending that data to their server or whatever that would be unacceptable.
You should actually be more annoyed with the Android permission system in this case, because it doesn't let you prohibit that part of the functionality. The current permissions system is that you must allow all permissions an app might need, eventhough you'll never use (or want to use) that part of it's functionality. Even delaying the accepting of the permssion would in many cases be preferable for these kinds of permissions that are related to your specific use-case for that app.

Re:Two solutions (Encrypt or leave)

Encrypting incriminating material could be considered a violation in itself.

Good luck! IANAL.

Captcha: adviser

Re:Two solutions (Encrypt or leave)

[Walter+White]

That said most apps work if you say No. I wouldn't call it an unnecessary request to ask for permission.

On Android you cannot install the app if you say no. The question is asked during installation or update.

Re:Two solutions (Encrypt or leave)

That said most apps work if you say No. I wouldn't call it an unnecessary request to ask for permission.

Under iOS this is true, but not under Android. Android's permission scheme is all-or-nothing: either you grant an app all the permissions it asks for, or Android just won't let it run.

Re:Two solutions (Encrypt or leave)

Honestly, if you can you should be running android 4.3+ so you can access the feature "AppOps" which does give granular control over application permissions. Not surprisingly Google hid this feature 4.4+ but it can still be accessed via third party applications.

Re:Two solutions (Encrypt or leave)

[Chrisq]

Isn't that so that you can send links to contacts? Android has no granular permissions support so if you ever want to be able to email a link from the app, you have to grant that permission.

Its a shame that you cannot just deny that right and have it fail if you ever tried the email functionality. Or even let the application know what's granted so that it can disable the email options.

Re:Two solutions (Encrypt or leave)

[Xest]

Yes I believe that's the claim, but I'm more than content to just have a "Copy link to clipboard" button so I can paste it wherever I want - all they need to do is let me take the link where I want.

Too many companies use such data for other purposes in the background (and ship your contacts etc. off to their servers) that it's a poison chalice to even ask for such permissions if it's not necessary to the underlying point of the application.

I get that they want to make it easier for some users and I fully sympathise with the usability reasons for doing so, but ultimately when they do shit like this it just reinforces my view that it's not a permission I can trust most such companies with.

They say they'll never do something, and they resist for a while, then they finally break, "just this once" they tell themselves. Like fuck "just this once".

I used to have the Facebook app on my phone and I did give that permission - not because I trust them, but because I was going in knowing full well what they were going to do with it, but I drew the line at that app when it started asking permission to draw over other apps and such - what the fuck? No. Just no. There's not a chance in hell you're having permissions to view and render over the pixels on screen on my banking app or whatever.

Now I'm far more tough with apps in general, which is why I wouldn't touch drop box anymore with this permissions change. Tired of being told our data wont be read, will be held securely and then suddenly such data turns up in completely unrelated places, like when contacts I only had through my MSN messenger list magically turned up as recommendations on LinkedIn despite me never having given permission for MS to share that data with LinkedIn nor LinkedIn permission to receive that data from MS.

I used to be more laissez faire with my data, because I was lazy enough to put convenience over privacy, but each time I gave a company the trust they asked for based on the assurances they gave they really did lie and abuse it, so fuck them.

Even something as innocent as a university course I did in my spare time has me getting text messages (2), e-mails (about 5), phone calls (7 of - land line and mobile), letters through the post (3) telling me to fill in the UK's student survey. Eventually I relented, any other comments? Yes, "Fuck your survey, all data I filled in is false. Leave me alone". Apparently I should've opted out of said survey, now if only I was ever given that choice.

You literally can't put your data anywhere anymore without it being used to harass you. The convenience is no longer worth the inevitable follow on harassment which is anti-convenient, it's a distraction, a disruption, a pain in the fucking arse.

I buy a TV and I have to give a postcode and house number so they can pass it on to the TV licensing authorities "It wont get used for junk mail, just for licensing" and what comes through the door after a year? "Your warranty is due to expire, your TV wont be covered if it breaks blah blah blah" - no it's fucking not, I'm covered by the consumer protection act you lying dipshits. Last time I bought one I gave the shop the postcode and number of their very own store, knowing full well the question would be coming having looked it up before hand, amusingly my theory that the sales drones would be too fucking dumb to notice was proven right.

So it may be to let you more conveniently send a link directly, but you always pay in the end, that convenience doesn't come free, you lose the time gained by that convenience dealing with advertising crap, being sent friend invites from people you don't want, sorting junk mail into a recycle bin and phoning them to ask never to spam you again, or dealing with security nightmares because some retard company holding far more of your data than it ever needed got hacked.

And that's why they can take their lame little "share this" or whatever button and fuck themselves with it.

Re:Two solutions (Encrypt or leave)

[Xest]

I agree the Android permissions system is part of the problem in this particular scenario, but see my post here as to why I don't want them to access data that isn't essential to the use of the application:

http://slashdot.org/comments.p...

Long story short, accessing my contact list just allows them to add fluff, and the fluff to risk of privacy violation ratio is too high. I used their application fine without that option in the past, I don't need it now.

Re:Two solutions (Encrypt or leave)

[bill_mcgonigle]

There's not a technical reason why browsers couldn't support stream ciphers for media playback. If the need becomes great enough somebody will do it.

Re:Two solutions (Encrypt or leave)

[Sockatume]

You make a compelling case for them to do so.

Re:Two solutions (Encrypt or leave)

[Jmc23]

That's rich. Protect your data?

This is about pirated material. If you aren't a pirate, there's absolutely nothing to worry about. rtfa before making something else up.

Re:Two solutions (Encrypt or leave)

If you aren't a pirate, there's absolutely nothing to worry about.

It is obvious you don't think much.

Here are some things smart people will be concerned about :

1) Security
2) Privacy
3) Mistakes by Dropbox which lead to false claims which nevertheless must be defended in court.

Re:Two solutions (Encrypt or leave)

[jedidiah]

No. You are just taking it as an article of faith that your corporate masters are always right and never make a mistake or abuse the DMCA takedown system for selfish or evil purposes.

Re:Two solutions (Encrypt or leave)

But the browser makers will argue that TLS is already providing a stream cipher for media playback, and then they will go back to pandering to the interests of web "properties" rather than end users. They know who feeds them.

Re:Two solutions (Encrypt or leave)

[Phs2501]

They're working on it.

Re:Two solutions (Encrypt or leave)

[Jmc23]

Whichever path chosen, there is always the possibility of mishap. If you refuse to choose, stick in the mud.

Re:Two solutions (Encrypt or leave)

[Kevin1Kanode]

Or simply use EncFS encrypted file system and sync the sync files to Dropbox. See this: http://ninjatips.com/encrypt-d...

Re:Two solutions (Encrypt or leave)

[spire3661]

ORRRR you could copy the link and paste it. Convenience v. Security.

Re:Two solutions (Encrypt or leave)

[lonOtter]

Yes, I'm sure corporations never make mistakes and your absolute faith in them is not misplaced at all. Oh, wait; you're an idiot. This is like saying "If you have nothing to hide, you have nothing to fear."

Many aspects of the DMCA are pieces of garbage and need to be thrown out. Especially the part about DMCA notices.

Re:Two solutions (Encrypt or leave)

[lonOtter]

"This is about pirated material. If you aren't a pirate, there's absolutely nothing to worry about."

That statement that you made is blatantly false. Own up to it.

Re:Two solutions (Encrypt or leave)

[thegarbz]

It is fascinating to me that this entire permissions thing has blown up since the era of the mobile phone. Its gotten to the point where people now actively complain about new features being added and don't give any regard as to why the program needs to do what it does. Drawing over a part of the screen? OMG the sky is falling! This isn't actually the point I'm trying to make but just for your information the drawing over the screen allows the app to draw a bubble that allows you to use messaging from outside the app. Yeah multi-tasking is scary when it asks for permission to do so.

But more importantly I wonder what a computer would look like if it asked for permission for everything we do. Do you actually know if Google Chrome is scraping your Outlook contacts? Or secretly storing stuff for you? Maybe you're actually part of the cloud right now! Does plants vs zombies on the PC actually attempt to locate bluetooth devices, or identify your computer based on your hardware? How would you know? Maybe the reason EA games is worth so much is because when Origin is running in the background it captures keystrokes while you log into your bank account.

We've been installing applications for 20 years with effectively zero sandboxing, and we've been cool with it. Now when we know what an app needs to do we loose our collective shits because of features that in the past we've been screaming we want to have.

There's nothing new in this world. We just know more, and we're all scared because of it.

Re:Two solutions (Encrypt or leave)

[radarskiy]

"One of dropbox's key features is it's ability to share your files. So I hardly think access to your addressbook is really wrong."

The point of sharing with Dropbox is not to share files via email, it's to share files via Dropbox. If I wanted to share files via email I wouldn't need Dropbox.

Re:Two solutions (Encrypt or leave)

[Jmc23]

Sorry, logic doesn't apply to paranoid USians living in a police state.

Re:Two solutions (Encrypt or leave)

[lonOtter]

Sorry, logic doesn't apply to paranoid USians living in a police state.

I didn't see any logic whatsoever; just blind faith.

Re:Two solutions (Encrypt or leave)

[Jmc23]

ah shit, my mistake, I left out the bipolar personality disorder.

It's where the automatic reaction of a religious nutter/science fanboi,conservative/liberal,capitalist/commie is to automatically assume the other person belongs to the enemy camp and that their argument boils down to the stupidest, most improbable, idiotic choice, and then the whooping and hollering ensues as they descend upon their diy strawmen.

There is a reason you saw no logic. We only recognise that which we know and you live in the land of good and evil.

Re:Two solutions (Encrypt or leave)

[lonOtter]

It's where the automatic reaction of a religious nutter/science fanboi,conservative/liberal,capitalist/commie is to automatically assume the other person belongs to the enemy camp and that their argument boils down to the stupidest, most improbable, idiotic choice, and then the whooping and hollering ensues as they descend upon their diy strawmen.

Your blind faith makes you resemble a religious nutter. There was no straw man. I'm going to quote you directly:

"That's rich. Protect your data?

This is about pirated material. If you aren't a pirate, there's absolutely nothing to worry about. rtfa before making something else up."

Re:Two solutions (Encrypt or leave)

[Xest]

On a PC you get far more control, it's far less easy to conceal things, outbound connections are trivially spotted with firewalls and netstat etc. and access to personal data can be controlled much more easily with permissions, encrypted files and so forth.

Phones are still too much of a black box.

Re:Two solutions (Encrypt or leave)

[thegarbz]

Nothing on the PC will allow you to control access to any bit of hardware or other software on the computer. Saying it's ok because "look: firewall", is absurd especially in a world where non internet connected software often needs an internet connection to activate. The computer is no different with permissions either. There's no system on a Windows machine that will allow one program access to one file then forbid it from another. There's only separation of users, which Android provides as well (giving access to the contacts does not give access to contacts of other users on a multi-user device).

Incidentally there's nothing stopping you from encrypting the files on your android device. You'll need a separate program just like you would on a PC. There's also nothing stopping you seeing outbound connections on an Android device. Just fire up a terminal and run netstat or install an app which does it, or monitor it at your router etc. There have been several cases of both mobile and PC apps which are leaking data discovered. It's no more difficult on one device than the other.

Oh as a side note, I also run a per app firewall on my Android phone. So the PC doesn't get a pass in that regard either.

All of these complains sound like people whining that the company should protect us, it's all too hard, while at the same time having accepted the fact that their PCs are even less secure.

Re:Two solutions (Encrypt or leave)

[Xest]

"Nothing on the PC will allow you to control access to any bit of hardware or other software on the computer"

Sorry but that's nonsense. On the PC it's trivial for me to see what any application is doing with a debugger. I can intercept all outbound traffic and many such things to know what an application is doing. This is much harder on Android, especially if you have a phone you can't root, or at least wont root because it'll void your warranty or ability to get updates.

It's the openness and ease of seeing what an application is doing on a PC relative to smartphones that is precisely what allows us much more knowledge of what our PCs are doing.

"There's no system on a Windows machine that will allow one program access to one file then forbid it from another."

That's not true either, you can trivially keep content in a file with permissions restricted to certain users such as a different user account than that is currently logged in preventing an application accessing it without an access control prompt. You can restrict permissions on individual files to certain roles also which can also act to block access to an application. Android has multiple users but it's implementation is bad and there's no way to use the system (let alone provision for roles) to control access.

Re:Two solutions (Encrypt or leave)

[thegarbz]

Sorry you're comparing the overall security of a platform and the bitchfest on here to the ability to install a third party app. I think you've actually lost the original point I was trying to make. People do NOT know what their PCs are up to. Debuggers? Right, maybe a few people on slashdot. Why not ask your dad how netstat -an works on a Linux machine. Is he going to give you a baffled look? Yes. Now ask him what the permissions mean that he's shown when he installs an app. They are written in plain english. The phone has just provided the AVERAGE user (you're clearly not average anymore talking about debuggers, root, and all that other wonderful stuff) with more insight than they will ever have on their PC.

Let's give your usage a pub test shall we? Next time you're out drinking with your programming buddies ask them how many of them have segregated a program that stores contacts using a separate user account (something which is quite trivial to do on any Android tablet or phone supporting the multi-user features may I add). Next ask them how many of them have busted out a debugger to check to see if any of their software is doing anything untoward.

Your phone is telling you things you never knew (not never were able to know, but never bothered to even check) on a PC. Yet you and half of this site is upset about it. It's an interesting double standard for security.

Re:Two solutions (Encrypt or leave)

[Kevin1Kanode]

You can also use viivo which encrypt the files on the client side

Re:Two solutions (Encrypt or leave)

[Xest]

"People do NOT know what their PCs are up to. Debuggers? Right, maybe a few people on slashdot."

Right, and most people don't understand pretty much every scientific paper that gets published, but it doesn't matter, because as long as there is a decent size enough pool of people who do then there are people who can verify the reliability of said papers.

The same is true with the PC, there are plenty enough people who build their own systems, who peek and poke around with what their system is doing for the security of most hardware and software to be verifiable. The same isn't true of smartphones where it's hard enough to get full control of the software without problems, let alone build something based on custom hardware. The pool of people who can verify security by comparing and contrasting results produced by different hardware is pretty much restricted to those in the very companies we'd normally be verifying against.

So unless your argument is that we shouldn't trust any science that everyone can understand the peer reviewed paper about, meaning we should basically never ever trust science then I don't know what your point is. You don't need everyone to be able to verify something is safe and secure for it to be safe and secure, but you do need at least some reasonably sized pool of people.

Re:Two solutions (Encrypt or leave)

[thegarbz]

Right so PC developers count but Android developers don't because they need to root their devices? You do realise that many devices are available which provide root out of the box? I assume you also realise that the official reference device (Nexus) provides instructions for rooting on Google's own website?

Man the XDA-Developers forum would have something to say to you. You know, the people who do all the things you suggest can't be done for some reason? The people who have discovered most of the "bugs" where data is being leaked back to companies, the people who have investigated and called out exactly the permissions that you're complaining about, and most importantly the people who you seem to think don't exist.

If you don't see the double standard you're applying here, then there is really no more point in continuing this conversation. Let me make something very simple:

PC: Developers and tinkers can see the inner workings.
Android: Developers and tinkers can see the inner workings, and common plebs get a complete list of all access requirements for any application on install.

If after all that you still think that Android is somehow worse then please don't bother replying.

Re:Two solutions (Encrypt or leave)

[Xest]

"You do realise that many devices are available which provide root out of the box?"

It doesn't matter, most phones people are using don't, whilst all PCs follow a standard open architecture.

Re:Two solutions (Encrypt or leave)

[thegarbz]

Right so your argument boils down to:

Phones provide information for plebs and access for experts to do some serious debugging.
Computers provide access for experts to do some serious debugging.

Therefore computers are better.

Thanks I've heard enough.

Re:Two solutions (Encrypt or leave)

[Xest]

No, it boils down to:

PCs follow a standardise open architecture, you can verify one and that verification follows comfortably onto others

Most phones follow a black box architecture, you can verify an open phone but it tells you nothing about the hardware or software on the majority of other phones that people are using.

Apparently you can't grasp this simple argument though in your desperation to pursue the nonsense idea that phones are somehow as safe and as well understood from a security standpoint as PCs.

Drop dropbox

Feels almost as good as dropping a good douce

Defeat it this way.

Create a readme ,txt file then .rar that together with your original file.

Tip: Use Truecrypt

Because I don't trust Dropbox and the like, I will put "private" files in a Truecrypt file before uploading to "the cloud".

Huh?

[StripedCow]

So, if I get this correctly, Dropbox will prevent you from sharing a file that was blocked due to somebody else uploading it and getting busted?

What does somebody else's data have to do with your data?
And what if there is a hash collision?

Re:Huh?

[Sockatume]

The DMCA is concerned with whether Dropbox is hosting an infringing file, not who they may be hosting the file for or for what purpose. Unfortunately this approach is forced upon Dropbox by a US law passed in an era of dial-up modems.

Re:Huh?

[thue]

> And what if there is a hash collision?

Cryptographical hashes are designed to make that ridiculously unlikely. Go play buy a single ticket to the national lottery instead - you are far more likely to win the biggest price there than to every find a hash collision.

Re:Huh?

[Ash+Vince]

What does somebody else's data have to do with your data?

There is no "your" data or "there" data. There is only dropbox data. It seems at the point you upload a file they check it to see if they already have a copy and of they do they just add a pointer to the existing file rather than store a fresh copy.

And what if there is a hash collision?

By the sounds of it they must actually do a direct file compare rather than use a hash. They probably use some kind of hash to narrow down the options of stuff to compare it with but in the fallback case of a hash collision, and both files being exactly the same size they must have to do an exact comparison. That probably does not happen very often though and it sounds like this is process is only done once at the point a file is stored.

Re:Huh?

[StripedCow]

you are far more likely to win the biggest price there than to every find a hash collision.

That, of course, only makes it more painful to encounter a hash collision.

Re:Huh?

[iq-0]

Part of it is in the 'terms of service' where you specifically allow dropbox to do certain things (like deduplication and retention after you've deleted it).

They're not actively searching *your* files to seek out these violations, they got a specific complaint about that file's data, which they are obliged to make publicly inaccessible. If you also share that file's data than that too is, according to the DMCA, in infringing and is prohibited from being shared.

About the hashes: they most certainly only use to hashes to find candidates for deduplication. All files with the same hash are most likely first compared byte-for-byte before they're really considered the same.
The 'takedown' probably happens on the deduplicated file's entry in some database, where it's marked as a 'DMCA violation'. Any attempt to access it via a share will notice that flag and show the appropriate message. They wouldn't need to actually "go through your files" to look for violation, but in case they want to they can simply look who has a reference to the deduplicated file and whether or not it's shared by them in order to notify them of the fact (in that case they's still not be going through your files, but just following the link back to your account).

They are actually very correct about it, since they only disable the sharing, not your access to the file (since that is yours and thus not necessarily infringing on the DMCA). They are just not allowing you to use their service to distribute a copyrighted work about which they we're told it's not allowed to be distributed by them.

Re:Huh?

[StripedCow]

But computing a hash-value IS going through your files.

What if they use a hash that is computed like this:
1. compute md5sum of the data
2. make the last bit zero or one, depending on whether the file has some interesting property.

Suddenly, they can profile you based on "hash-value" alone.

Re:Huh?

So the solution to this is to append few null bytes to the end of the file. This way it will be unique and won't match and DMCA flagged files.

Re:Huh?

[FireFury03]

> And what if there is a hash collision?

Cryptographical hashes are designed to make that ridiculously unlikely. Go play buy a single ticket to the national lottery instead - you are far more likely to win the biggest price there than to every find a hash collision.

Its not quite the same thing. If you buy a lotto ticket then you have a single change of winning. In the case of dropbox, you have many chances of "winning" (consider how many files dropbox stores).

Of course you're right that a collision is incredibly unlikely, but I don't think your example is especially comparable.

Re:Huh?

[Half-pint+HAL]

I suspect that they use more than just a plain hash. Even if you just use hash plus explicit filesize, you've narrowed down the chance of hash collisions massively.

Re:Huh?

[gnasher719]

So, if I get this correctly, Dropbox will prevent you from sharing a file that was blocked due to somebody else uploading it and getting busted?
What does somebody else's data have to do with your data?
And what if there is a hash collision?

If there was a DMCA request, it means that Dropbox was told by a copyright holder that uploading this file is infringing someone's copyright. Therefore Dropbox knows that you are infringing the same copyright (except if you are the copyright holder, in which case - well, tough). Since they _know_ it is copyright infringement, it would be quite possible to argue that not blocking it would be Dropbox colluding in copyright infringement. And I mean you are not claiming that you have any right whatsoever to upload infringing content?

Hash collisions: They don't happen. If they happened, people would be complaining about losing data. But they don't happen.

The only people with a valid complaint would be copyright owners who ever sent a DMCA notice and then find out that they are unable to legally upload contents that would be illegal for others to upload. Maybe Dropbox should update their T&Cs if they haven't.

Re:Huh?

[TangoMargarine]

There is no "your" data or "there" data

Or "their" data, even.

Re:Huh?

[blueg3]

But computing a hash-value IS going through your files.

In the same sense that receiving them from you, storing them, or transmitting them to others (at your request) is "going through" your files.

Dropbox already uses SHA-256 hashes internally for file identification and deduplication. So it's been hashing all of your data this whole time.

Re:Huh?

[suutar]

It's not quite the same thing, but the lottery is still more likely. Assume a trillion files (1e12). Assume Sha-1, for 160 bit hashes. Then the probability of a collision is less than or equal to 1e24/2 * 1/2^160. 1e3 is _rougly_ 2^10 so call it 2^80/2 * 1/2^160, with a final result of about 1/2^79. Your odds of winning the powerball on one ticket are more on the order of 1 in a couple of billion (2 * 1e9, call it 2^31) so you're still vastly more likely to win the lottery than find a collision in a trillion files.

Re:Huh?

[blueg3]

He wasn't making an analogy between how you find a hash collision and how you win the lottery -- only comparing the odds.

Dropbox uses SHA-256 hashes. I'm assuming this is what they use for this feature, since it's what they use internally for file identification and deduplication. They actually hash 2 MB file chunks, which means that any file more than 2 MB produces multiple hashes (one per chunk, naturally).

The "many chances of winning" you're referring to here is the birthday collision problem. A good, rough approximation is that for an N-bit hash, while the number of different hashes is 2^N, the number you can generate before risking a collision is about 2^(N/2). So, with SHA-256, we run no significant risk of collision until we've generated around 2^128 ~= 10^38 hashes.

The total amount of data stored worldwide is on the order of 1 ZB. That's room enough for about 10^15 2-MB chunks. Of course, some of our files might be smaller than this 2 MB chunk size, enabling us to be more efficient with storage. We might be able to get somewhere around 10^20 different files in there.

That's a strange and untenable use of all of the world's storage, and it still puts us about 18 orders of magnitude short of being able to risk a SHA-256 collision. If you had this giant set of a ton of different files, the probability of a collision existing is about 1 in 10^37.

So, short of a flaw in SHA-256, you can assume that a hash collision will never happen. We know of no such flaws. (If we do, it will almost certainly be the case that the collision only occurs because one of the two files was specifically manipulated to produce the collision.)

On the other hand, the odds of winning the lottery are rarely worse than 1 in 10^9.

Re:Huh?

[mythosaz]

Except, of course, that it will, since they hash in 2M chunks, and your 700M movie will have 348 consecutive matching hashes.

Re:Huh?

[david_thornley]

Except that Dropbox isn't stopping anybody from storing files that are often pirated. Dropbox, after all, has no way of telling if your copy of the file is legitimate. Dropbox is stopping people from putting files in public access folders.

You wanted privacy?

[DMacedo]

This is news, in the sense that Dropbox now actively crawls your files (DMCA still went about for publicly listed files anyway).

But my question is why are there people in the tech industry still surprised by the fact that Dropbox does not encrypt it's users's files and can read them outright...
That's how they do sharing between users, as well as file deduplication (Which probably works best for larger copyrighted files, funnily enough!)

I still use Dropbox, and promote it slightly: with the stern advise to use it simply as a convenient way of sharing crap, but treat it as a "public USB drive"!

Just never, ever, store sensitive data, like your business or evil masterplans, or your personal/bank/etc account details on it. But if you're sharing that MP3 you recorded on yesterday's block party, go right ahead!

Re:You wanted privacy?

[TheCarp]

That is pretty much exactly why I don't use dropbox. I have enough ways to quickly share a few files, and this doesn't add much real convenience over others; for me anyway. I see why others may find it useful.

The thing is, the only gaps I have that dropbox would fill, are gaps I wouldn't trust it to fill.

Re:You wanted privacy?

[Ash+Vince]

This is news, in the sense that Dropbox now actively crawls your files (DMCA still went about for publicly listed files anyway).

You obviously didn't bother to read the article.

The truth is that they always scan every single file uploaded to make sure they do not already have a copy of that file stored on their network. If they do, they throw your copy in the bin and just add an extra link to that stored copy in your account. That keeps their data usage lower as it means they never store duplicate copies of the same file, even if they are uploaded by completely different people.

So there is no crawling involved, this was done at the point of upload. They found that the same file had already been uploaded by someone else, shared, and that user got the shared copy of that file DMCA'd. Once a file has been DMCA'd in their system it seems it is blocked from being shared so only people uploaded that file also get to download it.

Re:You wanted privacy?

[Demonantis]

If this is what is going on in the background are they are using hashing to identify the files? What is the risk of a hash collision? Would this be a legitimate concern using the service?

Re:You wanted privacy?

[suutar]

1. Yes.
2. Negligible. (I calculated in another post that the odds of a hash collision for SHA-1 and a trillion files was about 1 in 2^79; I have since learned that they actually use SHA-256, so make that 1 in 2^175).
3. If you think it's worth worrying about then it's a legitimate concern for you; I wouldn't worry about it.

Re:You wanted privacy?

I wonder if they have a hash collision detection routine in place. Say in the event you have matching hashes, it would make sense to read out up to the first 1kb of each file and do a direct comparison. If there are any deviations in that amount of space, it would be obvious you're dealing with two different files, and the extremely unlikely possibility of a hash collision has occurred.

Re:You wanted privacy?

Yeah, it seems to me that they have the right to de-dup on their side. Having one copy is cheaper than 5000. If that one file has been DMCA'd they can't serve it (unless it gets contested, etc.). So if you have a collision with a DMCA'd file, they would serve you a DMCA notice.

The only privacy issue I see here is if Dropbox claims client side encryption, in which case de-dup shouldn't work.

Re:You wanted privacy?

Why you fucking morons don't simply offer your files on Tor Hidden Services, or I2P eepsites is beyond me. What a bunch of complete old world morons you are. You deserve every bit of what you get.

Encrypt with publicly known key

All that's required of users is to use a encryption mechanism, even weak, to encrypt said files prior to uploading.

You could potentially even use an encryption key as weak as "password" because DropBox aren't going to be in the business of guessing encryption keys (won't have the CPU grunt) so anything is going to deceive them - potentially even just XOR. Or even use the file's name.

The only downside will be that DropBox will be just that little bit harder to use without some sort of application to make encryption and decryption of files easy.

Re:Encrypt with publicly known key

[jandrese]

Or just put the password in the file name.

Not as bigger deal as it sounds if you RTFA

[Ash+Vince]

This whole issue can be summarized as:

1) User wants to ignore copyright law and share something they have no legal right to via a public service
2) Public service being used has no idea how many people will want to access the shared resource but they do know it is copyrighted as they auto match everything uploaded so they can avoid keeping to separate copies of identical files and save storage space and had a DMCA take down request for that same file previously.
3) Public service errs on the side of not getting their arse sued off by the various content owner conglomerates legal attack dogs and refuses to allow the file to be shared even though the person who uploaded it can still see it.

All in all seems pretty reasonable. Until copyright law is changed (like that is ever going to happen) dropbox have to follow it to the letter. I suppose they could have avoided the whole thing by storing more data and then not doing the duplicate file scan thing but even that is no guarantee it would prevent them from being sued to oblivion.

The only safe option for them that would also keep things private would be to use encryption keys that were only kept in the client. That way if you needed to share a particular folder you selected to store that under a different encryption key, and gave that key to other person / people who needed to access it.

The big problem with this is that it then becomes more awkward to provide web access to the files. People are comfortable remembering a username and password, they are not so comfortable remembering a bunch of encryption keys. If you store the encryption keys on a server at your end anywhere then you can access the files so you therefore get the legal responsibility to make sure your system is not being used to flout copyright law. The only legal way to run this sort of service and not be liable for it's misuse is to design it in such a way that you cannot see what is being stored at all.

Re:Not as bigger deal as it sounds if you RTFA

The only legal way to run this sort of service and not be liable for it's misuse is to design it in such a way that you cannot see what is being stored at all.

Incidentally, this is also the only secure way.

Captcha: reuses

Re:Not as bigger deal as it sounds if you RTFA

[Half-pint+HAL]

First of all, learning and understanding what it is to be human shows that we are creatures who literally NEED to create and share.

On the other hand, it could be argued by the same token that internet sharing and lolcatz-esque memes are actually a drug that latches onto that need, corrupting it and distracting us from the act of creation by giving us a false sense of achievement through constant sharing. If we take pride in posting other people's creations, we cheat ourselves of the urge to create something unique ourselves.

After all, why should I suffer hours of preparation to put something on the net and get a few dozen views, when for a few minutes work I can copy someone else's file and get a million views?

Re:Not as bigger deal as it sounds if you RTFA

[Half-pint+HAL]

The only legal way to run this sort of service and not be liable for it's misuse is to design it in such a way that you cannot see what is being stored at all.

YANAL. The DMCA states that companies must take reasonable steps to prevent reuploading. Designing a system with the express purpose of not being able to prevent uploading would be thoroughly illegal.

Re:Not as bigger deal as it sounds if you RTFA

[erroneus]

You don't "suffer." That's the first lie. If it's suffering to create, then you're doing it wrong.

Re:Not as bigger deal as it sounds if you RTFA

[Uberbah]

YANAL.

And you are?

The DMCA states that companies must take reasonable steps to prevent reuploading. Designing a system with the express purpose of not being able to prevent uploading would be thoroughly illegal.

[Citation needed]

Re:Not as bigger deal as it sounds if you RTFA

[Oligonicella]

You do understand that you're not the gatekeeper to any nuance that may or may not be used by others during conversation, right? You're simply promoting your specific, narrowed definition of words as being the correct ones. The artist doesn't "suffer"? Ask Michelangelo that. Or perhaps you could have had an in depth conversation about it with van Gogh, if you could have pulled him out of the mental anguishes which fueled his art. Or maybe Poe. Poe was a little more linguistically oriented.

Re:Not as bigger deal as it sounds if you RTFA

[TangoMargarine]

Someone (GP)'s been drinking the Kool-Aid...

I was under the impression that DMCA only required you to accede to takedown requests. It's the big content owners that are leaning on everybody to do their job for them, of finding infringing materials and remove them preemptively.

Re:Not as bigger deal as it sounds if you RTFA

[suutar]

While the text does not specifically address reuploading that I see, I think it would be very hard to make a case that seeing the same file uploaded again would not constitute being "aware of facts or circumstances from which infringing activity is apparent" [sec 202, squiggle 512 (c) "INFORMATION RESIDING ON SYSTEMS OR NETWORKS AT DIRECTION OF USERS" (1)(A)(ii)]. However, in the absence of a specific statement, I don't see that designing a system to avoid being able to prevent uploading would be illegal. It would probably get questioned and even accused of being contributory, and it would likely have to avoid deduplication or any other automatic comparison of files, which would increase costs, but I don't see that it would be illegal.

Re:Not as bigger deal as it sounds if you RTFA

[erroneus]

You are trying to equate a work with value. You think it has value simply because great effort was involved. I disagree.

If you should "suffer" it should be because that's what you want to do. And the reward is something you are proud of. If the reward is money, and that is the measure of your pride? Hrm... does anyone need to elaborate more on the folley? Could anyone who measures success in money ever be happy? Is there ever enough money for people who are motivated by it?

Here's a clue: Happiness doesn't come from that. It comes from comfort and peace and an ease from fear and pain... from a lack of suffering. If you SUFFER for happiness, you're doing it wrong.

Re:Not as bigger deal as it sounds if you RTFA

To live is to suffer. Works created without suffering are dead.

Re:Not as bigger deal as it sounds if you RTFA

[Ash+Vince]

You are trying to equate a work with value. You think it has value simply because great effort was involved. I disagree.

If you should "suffer" it should be because that's what you want to do. And the reward is something you are proud of. If the reward is money, and that is the measure of your pride? Hrm... does anyone need to elaborate more on the folley? Could anyone who measures success in money ever be happy? Is there ever enough money for people who are motivated by it?

Here's a clue: Happiness doesn't come from that. It comes from comfort and peace and an ease from fear and pain... from a lack of suffering. If you SUFFER for happiness, you're doing it wrong.

People always spout stuff like that until they have a family to feed. Once you have no other source of income other than that which you earn by creating stuff you look at the world very differently. In my part of the world you need to earn a very good wage in order to afford enough space for a family with 2 kids, that only comes from earning roughly twice what most people earn or by having a mummy and daddy with lots of cash.

Since I come from a single parent family and my mother has sod all I have to earn every penny I ever expect to need in life for myself. That includes any money to send my kids to college, and hopefully one day for them to be as privileged as you sound.

Your right in that money doesn't buy happiness, but if you have ever tried to live and bring up kids without any and with the bailiffs constantly knocking at your door you realise pretty quick that it can certainly stave off misery.

Re:Not as bigger deal as it sounds if you RTFA

[Uberbah]

You would have to have a content checking system that would compare incoming files to a blacklist. DMCA came out in '96...you'd think we would have heard of databases of blacklisted checksums before now, the onerous overhead imposed on hosting companies, and the various inaccuracies and court cases by now....almost 20 years later.

Re:Not as bigger deal as it sounds if you RTFA

[erroneus]

I have three sons and a long career in IT and other creative endeavors. I don't believe in copyright in its current form or the notion that a person can perform a single work and collect money on it for effectively forever. It's a complete violation of the original and intended notion of copyright. I am the sole source of income for my family which includes a wife, an elementary school student and a young adult in college. I also have a son in the service. I am a wartime veteran and was in Operation Desert Shield/Desert Storm.

Don't assume I am younger than you because my wisdom and opinions differ from yours. I work for the money I bring home and no one gives me anything for things I have already been paid for. And let's stop having delusions about who is really profiting from the 'works' in the industry. It's not the creator. The laws have been perverted and twisted to support a massive business model that takes without giving back as the original letter and spirit of the agreement had been.

Did you know that presently under current physical media, the material will deteriorate before the works go into the public domain? And that's every single form of media not stored in any particular archived format. And the copyright holders are not obligated in any way to preserve or republish the works prior to entering the public domain and so availability of the works may very well vanish off the face of the earth forever and many, many works have been lost already.

I'm far from priviledged. I work every day. I live clean but I've never owned a car that cost more than $15k in my life. I hope this clarifies just about every misconception you seem to have.

Re:Not as bigger deal as it sounds if you RTFA

[Half-pint+HAL]

You've never been involved in any commercial film production then: it's a long, arduous process. Or code development: it's also a long, arduous process. Perhaps in these cases it's the toolchain that's at fault, but at present, suffer you will. But there's nothing that you can do to stop your fingers hurting if you want to learn the guitar to a really high level.

Re:Not as bigger deal as it sounds if you RTFA

[Half-pint+HAL]

Yes, and someone suffered to bring you that video... just not the uploader. There is more suffering in a vapid Hollywood blockbuster than in a 3 minute homemade short, but the repeated uploading of the same blockbuster does not constitute new art.

Re:Not as bigger deal as it sounds if you RTFA

[Ash+Vince]

I don't believe in copyright in its current form or the notion that a person can perform a single work and collect money on it for effectively forever.

I don't believe in endless copyright either but I do believe that in the initial period (say 10 or 20 years) that copyright should be enforceable. The problem I have is with the great many privileged young folk, still living off the back of mum and dad while they are at university advocating the abolition of copyright law just so they can watch some crappy film without paying.

Usually when people carp on about abolishing copyright it is simply because all they do is consume digital content without actually creating any of their own. This makes them net gainers if they never had to pay anything for that which they create.

It's a complete violation of the original and intended notion of copyright. I am the sole source of income for my family which includes a wife, an elementary school student and a young adult in college. I also have a son in the service. I am a wartime veteran and was in Operation Desert Shield/Desert Storm.

So you actively fought in a war to support the capitalist way of life (Desert Storm was a war to ensure Saddam did not gain possession of Kuwaiti oil, not about democracy as Kuwait was very far from a democracy to begin with), you are obviously proud of your child doing the same (Afghanistan is also about securing oil supplies) but neglect to understand that a key part of capitalism is that it also applies to digital works as well as physical goods?

Most of the US GDP now comes from the creation of copyrightable works rather than by physical production, without international consensus on copyright the US would be even more bankrupt than it already is as exporting copyrighted digital works is one of the few things that helps the countries balance of payments. Copyright, is a necessary part of capitalism. Without it, the system will fail. This was clearly understood by economists pretty much as soon as the printing press was invented.

Nothing has changed with the advent of the digital world in this regard yet as we still lack the ability to endlessly copy food and shelter which are the greatest human needs. In order to encourage people to enter the creative arts they need to be able to exchange their services for money in order to buy those essentials.

Re:Not as bigger deal as it sounds if you RTFA

[suutar]

I assume you're addressing the "seeing the same file uploaded again" part, since you seem to agree with what it would take to avoid noticing that. The thing is, most file hosting sites I've heard of either (a) don't claim to be deduplicating stuff or... well, really, aside from Dropbox, I don't know of a file sharing site that claims to deduplicate. Most of them don't see a need to release implementation details like that. Dropbox, however, is known to compare incoming files to existing files, with extreme accuracy, at which point keeping a blacklist of items which should not be distributable is trivial and the *AA could easily assert (and sound sort of reasonable) that it's their responsibility to do so. They may have even said as much to Dropbox already. And since Dropbox wants to stay out of court and in business, and it is such an easy step to take to cut down on distribution of questionable materials (not storage, please note) there we go.

Scanning for DMCA issues is like the TSA

[erroneus]

Enough said?

Inevitable

[slfnflctd]

Anyone who finds this unexpected really hasn't been paying attention. I and many others have assumed this was only a matter of time since the first day we heard about Dropbox and their ilk.

Only publicly shared files are scanned

Publicly shared files that match known hashes are restricted, but not deleted, and any file can be shared to anyone privately without restriction, just not publicly to the world. Not much of a story. Read TFA.

Re:Only publicly shared files are scanned

Yeah it's been well known that Dropbox has a hash of all the file so when you put a file in your Dropbox that someone else has it doesn't need to upload it.

So someone must have had a copyrighted file that they shared and then Dropbox got a DCMA take down request so now they have that hash blacklisted so if someone else tries to share it blocks it.

Since they aren't deleting it from your own Dropbox/PC (since it may be a legit legal file you own) I don't see the big deal.

Now if they suddenly went through and had Dropbox auto delete all flagged content then that would be a huge issue.

But this sounds fair and it's not like someone at Dropbox is snooping around peoples files it's just they already have hashes for every file on their servers.

Very likely they aren't actually scanning...

1. The de-duplication process eliminates storing identical data.
2. The identified data is replaced by a pointer to the previously stored data.
3. That "previously stored data" may have been made public.
4. If that previously stored data has been tagged as a DMCA issue, then so does the de-duplicated data.
5. thus, no scanning of private data.

Truecrypt

[stevegee58]

The only thing I store in my dropbox folder is a truecrypt container file. Have at it.

Re:Truecrypt

[noblebeast]

Doesn't that mean every change you make/new file you add requires the entire container file to be re-uploaded?

Re:Truecrypt

[Richard_at_work]

Good for you, but you wouldn't have fallen foul of this issue anyway because you wouldn't be linking your files publicly.

Re:Truecrypt

[heypete]

Doesn't that mean every change you make/new file you add requires the entire container file to be re-uploaded?

No. Dropbox uses delta sync (they use a modified version of rsync): it will only upload the changed blocks, not the entire file.

Re:Truecrypt

[noblebeast]

That's news to me. Thanks!

monday bloody monday

greed fear ego based spiritless WMD on credit cabals' dream come true http://www.youtube.com/results?search_query=nazi+zion+conquest+censored&sm=3

Drop box .... Meh!

[DaMattster]

Drop Box is nothing more than a gussied up repackaging of a SFTP or FTPS and a nice fancy ol' GUI. Drop Box does not do anything radically different or innovative. If you don't like the way drop box works, it's trivial to roll your own solution or have someone do it for you. You set up a server for SFTP or FTPS and download a nice, friendly little program called FileZilla. Viola! Your own secure solution without being totally at the whim of a corporation. You can even get a virtual server for basically peanuts per month to facilitate this through providers like VPSCheap.net.

Re:Drop box .... Meh!

[wonkey_monkey]

Drop Box is nothing more than a gussied up repackaging of a SFTP or FTPS and a nice fancy ol' GUI.

The post office is nothing but a gussied up repackaging of walking to your friend's house and giving him the letter yourself.
The fax machine is nothing but a waffle iron with a phone attached!

No, it's slightly more than that.

You set up a server for SFTP or FTPS and download a nice, friendly little program called FileZilla.

...and then? Will Filezilla run on startup, settle itself inconspicuously in the systray without a running window you could accidentally close, connect to the SFTP server, download files automatically to local directories so they're instantly accessible, then monitor, sync and notify you of any changes? Will it allow you to dish out invitations to share directories and files direct from your desktop, and manage those permissions for an unlimited number of users and directories?

Re:Drop box .... Meh!

[Alioth]

> Viola!

I fail to understand what a stringed instrument, slightly larger than a violin, has to do with it...

Re:Drop box .... Meh!

[cheesybagel]

...and then? Will Filezilla run on startup, settle itself inconspicuously in the systray without a running window you could accidentally close, connect to the SFTP server, download files automatically to local directories so they're instantly accessible, then monitor, sync and notify you of any changes? Will it allow you to dish out invitations to share directories and files direct from your desktop, and manage those permissions for an unlimited number of users and directories?

You can do that with rsync and I have seen plenty of SFTP and FTP clients which can manage to do the same less efficiently as well.

Permission schemes... You would think you could do that with UNIX and separate login accounts no?

Re:Drop box .... Meh!

> Viola!

I fail to understand what a stringed instrument, slightly larger than a violin, has to do with it...

This frequent mistake for " Voilà ! " deserves your sarcasm.
Thank you.

Re:Drop box .... Meh!

[CanHasDIY]

...and then? Will Filezilla run on startup, settle itself inconspicuously in the systray without a running window you could accidentally close, connect to the SFTP server, download files automatically to local directories so they're instantly accessible, then monitor, sync and notify you of any changes? Will it allow you to dish out invitations to share directories and files direct from your desktop, and manage those permissions for an unlimited number of users and directories?

You can do that with rsync and I have seen plenty of SFTP and FTP clients which can manage to do the same less efficiently as well.

Permission schemes... You would think you could do that with UNIX and separate login accounts no?

Is it easy for a 'non-techie' to set up and use such a system? No; now you see the niche that companies like Dropbox seek to fill.

Come up with a secure, self-hosted system with one-click setup and simple configuration, and you might actually give them a run for their money.

Re:Drop box .... Meh!

[jedidiah]

>> Drop Box is nothing more than a gussied up repackaging of a SFTP or FTPS and a nice fancy ol' GUI.
>
> The post office is nothing but a gussied up repackaging of walking to your friend's house and giving him the letter yourself.

Your analogy is retarded. Installing your own application on some PC is nothing like being your own mail man.

That's all this is really about. It's the rough equivalent of installing the latest high res shooter on your overpowered Windows gaming machine.

If Windows makes it a problem then that's Windows being crapulent as usual.

Re:Drop box .... Meh!

Also (and my main reason for using Dropbox) - will Filezilla run on my Android phone & my wife's iPhone, and automatically upload new photos to my virtual server, and then let me easily browse those photos on my tablet?
Sure, it could be duplicated, but it makes some things very simple.

Re:Drop box .... Meh!

[TangoMargarine]

Drop Box is nothing more than a gussied up repackaging of a SFTP or FTPS and a nice fancy ol' GUI.

The same thing could be said for early Ubuntu. That doesn't mean it's not worthwhile.

A) Hosting an FTP server is "nice and friendly"? *cough cough cough*
B) Since when has SFTP/FTPS been considered more than minimally secure?

Re:Drop box .... Meh!

[suutar]

It's more of a repackage of rsync, hooked into a daemon that watches the filesystem. I still wouldn't call it trivial, or I'd have my own version working between my fileserver and my laptop already.

Re:Drop box .... Meh!

[cheesybagel]

Come up with a secure, self-hosted system with one-click setup and simple configuration, and you might actually give them a run for their money.

Dropbox does not do that either. Plus you have been able to do everything else you said with Vuze for years.

Re:Drop box .... Meh!

[cheesybagel]

s/Vuze/eMule.

Re:Drop box .... Meh!

[CanHasDIY]

The "secure" is just a personal preference. Although, theoretically, so long as I don't give anyone my Dropbox account info...

And, of course, Dropbox isn't self-hosted.

But I can set it up on almost any computer with a simple installer, and configuring my devices was a breeze.

I suppose I don't understand what, precisely, you mean by "that" in your first sentence.

Re:Drop box .... Meh!

[Overzeetop]

Dropbox is not useful because of what it does - it's useful because of how it does it (seamless for a non-technical end user) and its integration into other, especially mobile, applications. Until you can roll-your-own references into commercial mobile apps, or make sharing a cloud file with a colleague with a different OS and no access to your private net available with a single click, whatever you hack together won't be Dropbox.

Re:Drop box .... Meh!

[wonkey_monkey]

Your analogy is retarded.

Why?

Dropbox is an application that can be installed by anyone with just a rudimentary level of computer skill. OP's suggestion was far more complicated and time-consuming and wouldn't provide as many features - in fact, it wouldn't even provide those features which practically define Dropbox as a service. Just like being your own mail man is more complicated, more time-consuming and doesn't provide as many features. I think my analogy holds up pretty well.

Re:Drop box .... Meh!

[Mryll]

I would seriously think that you could build something user-friendly around rsync - the guts are all about efficient file replication. I use it extensively to sync backups of data on the home network and sync music to a few devices and USB stick. You have to take responsibility for keeping a server up 24/7 or whenever you want to sync data, deal with bandwidth etc, some things that the service provides for you.

OwnCloud

[fwarren]

This is what OwnCloud is made for.

I know not everyone is able to set up their OwnCloud server. There are places that will host it and set it up for you.

I am truely sorry that DMCA is slowly but surely choking the web, In the end it will go away. Kids that are 15 today, when they are 45 will not convict someone of piracy, they just wont see anything wrong, same thing for the judges and prosecutors. In the shot term it could get alot worse. If you don't have the skills to circumvent it all I can do is quote John Wayne. "Life is hard, it is even harder when you are stupid"

Re:OwnCloud

[heypete]

This is what OwnCloud is made for.

I know not everyone is able to set up their OwnCloud server. There are places that will host it and set it up for you.

OwnCloud is great, with one exception: the slightest change to a file necessitates an upload of the entire file. Dropbox does delta syncs using a modified version of rsync, so it only uploads change portions of a file.

For typical files and fast connections, the lack of delta sync is tolerable, but when you're dealing with large files or slower transfer speeds it's an issue: if you, for example, you keep a large TrueCrypt container file in OwnCloud and make a change to a small file stored in the container, OwnCloud needs to reupload the entire container. Dropbox would just update the blocks that changed.

Until OwnCloud implements some sort of delta sync functionality it is considerably less practical than Dropbox.

Re:OwnCloud

What about Seafile?
http://seafile.com/en/home/

Re:OwnCloud

[Areyoukiddingme]

Dropbox does delta syncs using a modified version of rsync, so it only uploads change portions of a file.

They had better not be. Dropbox offers no source downloads, but rsync is GPL. If they are using some form of the rsync protocol, they had better be using their own clean-room implementation, or they're currently in violation of the GPL.

Re:OwnCloud

Another problem with owncloud is that it creates a shitload of duplicates even if the file wasn't changed. Could be related to syncing with more than one device. Very annoying and a waste of ressources.

DMCA is an Illegal law... Take it to Court

Due to provisions in the DMCA, the law is 110% illegal, and here's why.

There's no escrow mechanism for the encryption keys of the media protected under the DMCA.

Why does this matter?

Because of the wording of the DMCA, any encrypted file cannot be decrypted without permission from the copyright holder - EVER.

Without escrow storage of the encryption keys, it extends copyright to infinity, or for as long as the copyright holder wishes to hold onto those keys.

That makes the DMCA provisions illegal, as it circumvents copyright law to whatever the holders want.

Write to your congress-critter, write to your lawyer, it's time to get this illegal law wiped from the face of the planet.

Re:DMCA is an Illegal law... Take it to Court

[skywire]

If I read you right, you are saying that it is illegal to use a technological measure such as encryption to prevent others from accessing data that are not copyrighted works. Please cite some authority for that claim.

Re:DMCA is an Illegal law... Take it to Court

[suutar]

While I dislike many things about the DMCA, I believe you are in error. The DMCA text (yeah, it's a weird place to find it, but it's what I found first) specifies that you can't decrypt a work _protected by this title_ (which is to say, Title 17, which contains copyright law). Once it's out of copyright, it's no longer protected and the prohibition no longer applies.

Re:DMCA is an Illegal law... Take it to Court

I'm saying that without a means to decrypt legally, ie, put the encryption keys in escrow, the copyright holder has in effect extended their copyright to infinity.

You never get to decrypt it legally if they don't give you the keys. The keys which you should get when the copyright expires (which is another topic entirely as that should be no more than 5 years max)

Re:DMCA is an Illegal law... Take it to Court

But where are the keys to decrypt the title? Without those, your little provision is meaningless.

XPrivacy does exactly that

A) you do not need access contacts to send links, android's built in sharing feature makes that just fine.

B) Assuming you took control of your phone (e.g. rooting it), XPrivacy offers a nice firewall against unwanted data snooping. You can block app access to a wide range of functions (e.g. GetContacts, GetPhoneNumber, GetLocation, etc. ) per app either completely, by feeding it crap or by randomizing the data on on each API at reboot or on access

It's useful for privacy, useful for poisoning databases and useful for dealing with region limitations (everyone seems to love GetNetworkCountryIso). And you can always just make the location API return the coordinates of NSA headquarters if you feel like it.

You Can

[brunes69]

It's called AppOps. Was in Android hidden, then removed, but still ships in standard Cyanogenmod.

Is porn covered?

Is porn covered by DMCA? It is? @#$%

Well, then stop sharing a copy of

[Lightning+McQueen]

copyrighted material. Share a link to the original material.

Re:Well, then stop sharing a copy of

In the form of a data URI

Whomade the DMCA complaint ?

[Alain+Williams]

The image of the error message did not say who, or which corporation, had made the DMCA complaint. I thought that in order for something to be taken down under the DMCA the user had to be told who was complaining.

In this case: the user admits that the file was something that he should not be sharing, but there have been cases where the DMCA is being used to prevent legal files - in a case like that the user must be told who is complaining so that they can challenge the DMCA complaint.

Re:Whomade the DMCA complaint ?

[david_thornley]

You're making the common mistake of considering the DMCA process mandatory. In reality, it's a safe harbor provision.

If Dropbox removes public access for files on receiving a DMCA takedown notice, it is not liable to the party sending the notice for copyright violations (much as the MAFIAA wants to change that). If Dropbox then passes that on to you, and puts it up again on getting a proper counter-notice, is is not liable to you for not publicly hosting your file. Approximately nobody disregards the DMCA notice, since the penalties for disregarding it can be pretty hefty. Lots of providers have no actual duty to host anything you want, either because there's no contractual arrangement or because the contract says they can take down files, and in this case there's no legal penalty to not passing on the DMCA notices or disregarding counter-notices.

In point of fact, following the whole safe-harbor practice is somewhat expensive, and many services are free or low-cost, and can't afford to do that precisely.

Well duh

[DrXym]

Anyone who uploads copyright infringing content to a cloud server and entrusts it to the care of a company is an idiot. There are various ways that files could be scanned simply from looking at the filename or hash all the way through to analysis of the tag / contents / watermark.

And DropBox is probably the most benign of mainstream cloud hosts. Google, Amazon, Apple and Microsoft all sell content and sign voluminous contracts for the sale of said content. It's not hard to imagine that they would or could be obliged to scan for infringing content and notify the content providers when they find any.

They're using hashes

[Quila]

Change a character in the metadata fields, hash changes. If they're scanning the actual video portion of files, add a byte at the end. I don't think that would affect playback.

Presumtion of Guilt

Of course it goes without saying that if I simply create a link to a file in "my" account that I must be intending to let someone who does not have rights to that file to access it. ThoughtCrime.

The idea that any two people might both have access right to a copyrighted work seems to escape the apologists here.

Re:Presumtion of Guilt

[Overzeetop]

Ahhh, but you've created a PUBLIC link, not a private one. Since you don't own the copyright, you don't get to make a public link. You can make as many private links as you like, and that's arguably fair use, and you're not limited. It's like claiming that publishing a torrent link doesn't mean anything because the person who might download it could own a license.

Permissions on Android are a mess

From the number of apps I've investigated, Android's permission structure is a fiasco. You have to grant broader access than you should and they've coupled some features you might want access to in with others you definitely don't want to grant access to. It's one of the crappier aspects of their OS and a major mess.

Permission Observatory and a few other permission management tools in the Android market let you selectively 'de-authorize' individual permissions for installed applications. It may be that the app doesn't function at all or it may be that only a feature you don't use (like in my case, anything justified by g+ or FB, twitter, etc) doesn't work and the rest of the app does. You need to experiment per-app.

That does not require a rooted phone.

And as to Dropbox: Use encryption. Or host the files you want to share with only a few people on a secure web or ftp server on your own machine if it is a low-volume thing. When they get a BLOB that looks like random noise, they have no idea what's in it, DMCA stupidity notwithstanding.

I don't advocate depriving creators of their rewards, but the current corporate cronyism and abuses of copyright and other intellectual property concepts in current implementations of associated laws is ludicrous and unwarranted under the mantle of 'rewarding creators'.

Re: Three Solutions (Encrypt, Leave or YouTube)

If you need to share video, you sure as hell don't use dropbox for that when YouTube is around. Haven't uploaded anything to youtube so don't know if it's possible to restrict access but I'd think it would be a given that some files are restricted and not public.

Cue the raging content copiers

[GodfatherofSoul]

"Waaah, someone won't let us share another person's products I torrented for free! Now I have to find another free site to find stolen binaries! DropBox is the Man!"

Re:Cue the raging content copiers

Yes, that's the point, well done.

Obvious?

[duke_cheetah2003]

Encrypt your data before putting it on Dropbox? You mean you weren't doing that already?

Simple answer.

[Lumpy]

password protected zip files in dropbox. they cant scan them.

We get it, you don't agree with copyright

[Overzeetop]

What it is to be human shows that we are creatures who literally NEED to kill everyone who bars our way. But this kind of indiscriminate killing doesn't play well with "society" and stability, so we make laws against it.

Arguing that you should be able to share your Miley Cyrus collection because it's human nature to share ignores all of the other human instincts to subjugate, kill, and procreate to pass on the most powerful genes of the pack - all of which we have made illegal, for much of the same reason copyright originally existed. Just because you don't agree with it doesn't make it null and void.

Re:We get it, you don't agree with copyright

[erroneus]

That's an amazingly horrible set of eyes through which you see the world. I'd consider recommending getting a new set but we aren't there technologically yet. But it is very telling of how you think based on how you see the world.

No, human nature isn't to kill everyone who gets in our way. Only a small subset of people exhibit this nature. Those who seek to force their will onto others have their own mental and emotional issues which do not reflect inner satisfaction.

As for the desire to share? We have a great natural desire to share the things we enjoy. I dislike your M.Cyrus example as I am the opposite of a fan. Some people like to share meals. Others music or books or movies or stories. Sharing is caring and it is one of the brighter sides of human nature. That a selfish person would want to take that part of humanity, put it into boxes and parcel it out in limited quantities is simply inhuman.

Much, Much Later

[Jane+Q.+Public]

I refused to use Dropbox ever since its "end to end encryption" claim was shown to be false, and they were de-duping your files. (De-duping required access to the original files, which Dropbox tried to claim they didn't have.)

Then they said they were changing that practice. But how far could you trust them, considering that they had already lied to everybody? Fool me once, and all that.

NOW, apparently they're checking your files -- which back when they again claimed they weren't accessing -- for copyrighted content, which again requires access to your original files. (Even if you're just doing an MD5 hash or some such, you still need access to the original file to do it.)

So, yeah. For all those who didn't drop Dropbox when I did, maybe it's time.

Re:Much, Much Later

[jimbo]

I've used EncFS and BoxCryptor with Dropbox from day one and 'd do that with any cloud storage solution, no matter what they claim it is irrelevant. It is my data, by choice I'm retaining the responsibility for it's safety/security.

I'll continue to use Dropbox because I never trusted them and made sure I didn't have to.

Re:Much, Much Later

[Lord+Crc]

I refused to use Dropbox ever since its "end to end encryption" claim was shown to be false, and they were de-duping your files.

I simply never assumed my Dropbox files were private to begin with.

While I don't share everything in my public folders, I don't put anything in Dropbox that I don't mind the whole world to see.

Re:Much, Much Later

[Jane+Q.+Public]

"I'll continue to use Dropbox because I never trusted them and made sure I didn't have to."

Good for you. But my point was not so much that I'm skeptical of trusting them, but rather that they've already clearly demonstrated -- it looks like twice now -- that they aren't trustworthy.

Still, as you point out: if you pre-encrypt everything, it doesn't matter so much.

Re:Much, Much Later

[Fr33z0r]

they were de-duping your files. (De-duping required access to the original files, which Dropbox tried to claim they didn't have.)

You're thinking of single instance storage. Block-level deduplication works fine on encrypted data.

sheeva plug + 2xTB external USB drives + dyndns

[splatter]

Seriously it's not that hard to setup your own cloud service. I spent under $400 for the whole setup that includes backups. For the lazy or people that don't want to mess with a headless Linux box, seagate sells a LAN / dyndns enabled device that is marketed exactly as a "personal cloud". Why would you trust a service when you can easily DIY?

Re:sheeva plug + 2xTB external USB drives + dyndns

[david_thornley]

You can't easily DIY if you look at everything Dropbox provides.

First, Dropbox provides an off-site backup. (Backup: a copy of a file that won't go away for the same reason your main copy does - me.) It's likely to lose copies by going out of business rather than by fire or flood or other disaster that wipes out everything in your house. (If Dropbox goes away, all my files on there are still on my desktop and laptop, so I'm not losing anything.)

Second, it doesn't provide the same amount of synchronization. If I'm at an internet cafe with my laptop, and I change a Dropbox file, it automatically changes on my desktop back home. That won't happen for a LAN-based device unless I specifically make it so.

Third, how much data do you want to store on Dropbox? 100G costs about $100/year, which means if that's all you use your $400 device has about a four-year payback, assuming that you don't have to replace anything in those four years. A more expensive appliance solution will likely cost more.

Fourth, I'm willing to bet that Dropbox is easier to set up than any other system you can suggest, with the possible exception of Apple's Time Machine.

Most people think Dropbox is "secure"

"But I thought that they were encrypting everything ?!"
Most people think that "secure" is only a question of "https" or not on the URL bar.
Encrypting data on Dropbox's disks is a complete fake security as long as they still own the keys.

For really secured share/cloud I use subMeet, it's end2end encryption ..

how did his video get a takedown request?

[sixsixtysix]

I didn't rtfa, but..

The Dropbox web page warned him and his friend that 'certain files in this folder can't be shared due to a takedown request in accordance with the DMCA.

AFAIK, takedown requests happen after it is suspected that a file may violate the DMCA.
So, can you just browse/search publicly shared folders? Otherwise, how would any content company know what is shared (unless posted on some public page), so they could then file a takedown request?

" that MP3 you recorded on yesterday's block party

>"But if you're sharing that MP3 you recorded on yesterday's block party, go right ahead!"
Better hope there's no music at that party.

75% of online services are NSA listening posts

The other 25% are for cat videos.

One word...

SpiderOak

On a related snooping issue ...

Last week my ISP, Suddenlink Communications, disconnected me from the Internet by blocking the assignment of dynamic IP address to my location! I rebooted the router several times, and no IP address was assigned when an address was requested. I even reset the cable modem device, and still, no IP address was assigned. When I call their tech support I was that they had purposefully taken that action because they had determined that a copyrighted video had been downloaded to my location. In order to be able to be reconnected I was told I had to agree to thoroughly search any and all computers at my location to find any and all copies of the video they said had been downloaded and permanently delete them.

What this tells me is that this ISP is actively and purposely snooping through all network traffic that passes through their system. Completely disconnecting this location from the Internet, to me, seems to be an exceedingly drastic action to take. What do you thing?

Re:On a related snooping issue ...

[DewDude]

They did that suddenly like that? Doesn't sound like them.

Use IPv6

[dbIII]

Amazing what people will go through because they are stuck behind NAT and can't send things directly or allow people to pick things up directly from them.

SUICIDE SWITCH...

ENCFS like functionality will MAKE MILLIONS...

Just in time for BitTorrent Sync 1.3!

[erth64net]

Wow - just in time for BitTorrent Sync 1.3.

this is why YOU should encrypt your shit

before uploading it to some cloud. Web services are never to be trusted, because as soon as you send them a file they are legally responsible and open to state extortion to reveal what they host. No need to make this a moral thing against Dropbox. They're a public company, of course they operate within the law, so why trust them in the first place?

An Alturnative; Spideroak

SPIDEROAK; Zero-Knowledge, $125.00 per year / Unlimited Data

Mega is fantastic

I've been using Mega for the last year+ for a large project exchange and it's been overall excellent. A few weird glitches here and there but overall very good, fast, and 50Gb!! Support KimDotCom - we all bitch and moan about the heartless capitalist and how they don't care about freedoms or personal liberties, and then one comes along who is championing those very things - if we don't all get behind him then we're a bunch of sorry ass hypocrites.

You could always "do the right thing (tm)"...

[dequire]

Use open source software and licenses, and these issues mean nothing.