Dropbox's New Policy of Scanning Files For DMCA Issues 243
Advocatus Diaboli (1627651) writes "This weekend a small corner of the Internet exploded with concern that Dropbox was going too far, actually scanning users' private and directly peer-shared files for potential copyright issues. What's actually going on is a little more complicated than that, but shows that sharing a file on Dropbox isn't always the same as sharing that file directly from your hard drive over something like e-mail or instant messenger. The whole kerfuffle started yesterday evening, when one Darrell Whitelaw tweeted a picture of an error he received when trying to share a link to a Dropbox file with a friend via IM. The Dropbox web page warned him and his friend that 'certain files in this folder can't be shared due to a takedown request in accordance with the DMCA.'"
You wanted privacy? (Score:3, Interesting)
This is news, in the sense that Dropbox now actively crawls your files (DMCA still went about for publicly listed files anyway).
But my question is why are there people in the tech industry still surprised by the fact that Dropbox does not encrypt it's users's files and can read them outright...
That's how they do sharing between users, as well as file deduplication (Which probably works best for larger copyrighted files, funnily enough!)
I still use Dropbox, and promote it slightly: with the stern advise to use it simply as a convenient way of sharing crap, but treat it as a "public USB drive"!
Just never, ever, store sensitive data, like your business or evil masterplans, or your personal/bank/etc account details on it. But if you're sharing that MP3 you recorded on yesterday's block party, go right ahead!
Encrypt with publicly known key (Score:2, Interesting)
All that's required of users is to use a encryption mechanism, even weak, to encrypt said files prior to uploading.
You could potentially even use an encryption key as weak as "password" because DropBox aren't going to be in the business of guessing encryption keys (won't have the CPU grunt) so anything is going to deceive them - potentially even just XOR. Or even use the file's name.
The only downside will be that DropBox will be just that little bit harder to use without some sort of application to make encryption and decryption of files easy.
Re:Two solutions (Encrypt or leave) (Score:4, Interesting)
I stopped using DropBox when it's Android app started asking for access to my contacts etc.
Anything that asks for permissions unnecessary to its key purpose is dead to me.
Re:Later Dropbox! (Score:5, Interesting)
Re:Two solutions (Encrypt or leave) (Score:5, Interesting)
Yes I believe that's the claim, but I'm more than content to just have a "Copy link to clipboard" button so I can paste it wherever I want - all they need to do is let me take the link where I want.
Too many companies use such data for other purposes in the background (and ship your contacts etc. off to their servers) that it's a poison chalice to even ask for such permissions if it's not necessary to the underlying point of the application.
I get that they want to make it easier for some users and I fully sympathise with the usability reasons for doing so, but ultimately when they do shit like this it just reinforces my view that it's not a permission I can trust most such companies with.
They say they'll never do something, and they resist for a while, then they finally break, "just this once" they tell themselves. Like fuck "just this once".
I used to have the Facebook app on my phone and I did give that permission - not because I trust them, but because I was going in knowing full well what they were going to do with it, but I drew the line at that app when it started asking permission to draw over other apps and such - what the fuck? No. Just no. There's not a chance in hell you're having permissions to view and render over the pixels on screen on my banking app or whatever.
Now I'm far more tough with apps in general, which is why I wouldn't touch drop box anymore with this permissions change. Tired of being told our data wont be read, will be held securely and then suddenly such data turns up in completely unrelated places, like when contacts I only had through my MSN messenger list magically turned up as recommendations on LinkedIn despite me never having given permission for MS to share that data with LinkedIn nor LinkedIn permission to receive that data from MS.
I used to be more laissez faire with my data, because I was lazy enough to put convenience over privacy, but each time I gave a company the trust they asked for based on the assurances they gave they really did lie and abuse it, so fuck them.
Even something as innocent as a university course I did in my spare time has me getting text messages (2), e-mails (about 5), phone calls (7 of - land line and mobile), letters through the post (3) telling me to fill in the UK's student survey. Eventually I relented, any other comments? Yes, "Fuck your survey, all data I filled in is false. Leave me alone". Apparently I should've opted out of said survey, now if only I was ever given that choice.
You literally can't put your data anywhere anymore without it being used to harass you. The convenience is no longer worth the inevitable follow on harassment which is anti-convenient, it's a distraction, a disruption, a pain in the fucking arse.
I buy a TV and I have to give a postcode and house number so they can pass it on to the TV licensing authorities "It wont get used for junk mail, just for licensing" and what comes through the door after a year? "Your warranty is due to expire, your TV wont be covered if it breaks blah blah blah" - no it's fucking not, I'm covered by the consumer protection act you lying dipshits. Last time I bought one I gave the shop the postcode and number of their very own store, knowing full well the question would be coming having looked it up before hand, amusingly my theory that the sales drones would be too fucking dumb to notice was proven right.
So it may be to let you more conveniently send a link directly, but you always pay in the end, that convenience doesn't come free, you lose the time gained by that convenience dealing with advertising crap, being sent friend invites from people you don't want, sorting junk mail into a recycle bin and phoning them to ask never to spam you again, or dealing with security nightmares because some retard company holding far more of your data than it ever needed got hacked.
And that's why they can take their lame little "share this" or whatever button and fuck themselves with it.
Re:OwnCloud (Score:5, Interesting)
This is what OwnCloud is made for.
I know not everyone is able to set up their OwnCloud server. There are places that will host it and set it up for you.
OwnCloud is great, with one exception: the slightest change to a file necessitates an upload of the entire file. Dropbox does delta syncs using a modified version of rsync, so it only uploads change portions of a file.
For typical files and fast connections, the lack of delta sync is tolerable, but when you're dealing with large files or slower transfer speeds it's an issue: if you, for example, you keep a large TrueCrypt container file in OwnCloud and make a change to a small file stored in the container, OwnCloud needs to reupload the entire container. Dropbox would just update the blocks that changed.
Until OwnCloud implements some sort of delta sync functionality it is considerably less practical than Dropbox.
Re:Much, Much Later (Score:5, Interesting)
I've used EncFS and BoxCryptor with Dropbox from day one and 'd do that with any cloud storage solution, no matter what they claim it is irrelevant. It is my data, by choice I'm retaining the responsibility for it's safety/security.
I'll continue to use Dropbox because I never trusted them and made sure I didn't have to.