Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Dropbox's New Policy of Scanning Files For DMCA Issues

samzenpus posted about 6 months ago | from the lets-see-what-you-have-there dept.

Privacy 243

Advocatus Diaboli (1627651) writes "This weekend a small corner of the Internet exploded with concern that Dropbox was going too far, actually scanning users' private and directly peer-shared files for potential copyright issues. What's actually going on is a little more complicated than that, but shows that sharing a file on Dropbox isn't always the same as sharing that file directly from your hard drive over something like e-mail or instant messenger. The whole kerfuffle started yesterday evening, when one Darrell Whitelaw tweeted a picture of an error he received when trying to share a link to a Dropbox file with a friend via IM. The Dropbox web page warned him and his friend that 'certain files in this folder can't be shared due to a takedown request in accordance with the DMCA.'"

Sorry! There are no comments related to the filter you selected.

Later Dropbox! (5, Insightful)

Anonymous Coward | about 6 months ago | (#46619833)

Its been nice while it lasted, now on to other services!

Re:Later Dropbox! (5, Interesting)

noblebeast (3440077) | about 6 months ago | (#46619999)

MEGA is looking like a better alternative every day. End-to-end encryption, and 50GB(!) free storage.

Re:Later Dropbox! (1)

Anonymous Coward | about 6 months ago | (#46620203)

Take that you fucking geek hipsters, you just dont learn do yah?

Its going to happen over and over again until you learn to buy a fucking HDD.

Re:Later Dropbox! (5, Funny)

MightyYar (622222) | about 6 months ago | (#46620359)

And then mail it to your friends and colleagues? Might slow things down a bit, but it makes me feel nostalgic. Just today I considered faxing something, just for the pure walk down memory lane. Beeep. Beeep. Beeep. X-FER FAIL.

Re:Later Dropbox! (0)

Anonymous Coward | about 6 months ago | (#46620787)

My brother and few friends used to send me emails asking me to create a Dropbox account so they could get more storage space. Im the only one that can see beyond my fucking nose.

The internet as we knew it is long gone, there is only a NSA/Facebook/Google/Amazon shared intranet these days. My shit is mine and no one else, it shall not end up in their servers.

I guess Stevie Wonder was wrong when he said "people keep on learning"...

Re:Later Dropbox! (1)

MightyYar (622222) | about 6 months ago | (#46620947)

I hear ya', but some things... it simply doesn't matter what server they end up on.

That's it (1)

Geek Hillbilly (2975053) | about 6 months ago | (#46619841)

If Dropbox is doing that,then their service will get dropped like an overheated potato.I won't use them,that's for sure.

Re:That's it (5, Insightful)

Richard_at_work (517087) | about 6 months ago | (#46619917)

But this isn't new, its been going on since Dropbox implemented their DCMA violation checking system a few years ago, and you can see *why* they are doing it.

Lets clarify a few things for those that aren't going to RTFA - this isn't for private shared folders, or for folders within your own Dropbox. This is for when you create *public* links, by either using the "Shared Links" facility or when you create a public link from the old style Public folder.

Thats it. The files Dropbox is including in these scans are *publicly linked* to - and they are fair game if Dropbox wants to stay ahead of the legal system on this front. Dropbox has no idea that you only intend to share it with yourself, or one other person, and there is no mechanism by which you can ensure that yourself anyway.

Yet again its forced outrage against basically something which is common sense - if the file has been taken down before, its going to be again, and the less man power Dropbox expends while handling DCMA requests the better for them as a company.

Re:That's it (0)

Anonymous Coward | about 6 months ago | (#46620013)

Lets clarify a few things for those that aren't going to RTFA - this isn't for private shared folders, or for folders within your own Dropbox. This is for when you create *public* links, by either using the "Shared Links" facility or when you create a public link from the old style Public folder.

It is of course up to every individual to decide if they trust Dropbox with that distinction.
Reading the article is pretty pointless if you don't trust the source.

Yet again its forced outrage against basically something which is common sense - if the file has been taken down before, its going to be again, and the less man power Dropbox expends while handling DCMA requests the better for them as a company.

That is outrageous, copyright has to be considered on an individual basis. What is fair use in one case isn't necessarily in another. DMCA isn't something that should/can be properly automated.
It is also outrageous (But not surprising) that Dropbox decides to bend over for a third party rather than contest it. It is insane for a company to value a third party over their customers.
Why would I choose Dropbox if I know that they will shut me down at the request of a third party without even verifying if they claims are true or not. (Yes it is possible to make false DMCA claims and it is done a lot.)
This seems like a short term saving that will pass over any false DMCA filings to the user base that will then switch over to other services.

Re:That's it (1)

Drethon (1445051) | about 6 months ago | (#46620929)

If they don't delete local files, I'll wait and see before claiming the sky is falling.

Re:That's it (2)

Dcnjoe60 (682885) | about 6 months ago | (#46620111)

Do you know if dropbox is trying to determine what is a DMCA violation and stopping the share or if they have received actual takedown notices? I ask because if somebody shares something and dropbox recieves a takedown notice, then I would be okay with that. On the other hand, if they are trying to police what is out there, I'm not sure how they can make that determination or why they would stop at just shared content.

Not trying to troll or inflame the discussion, just actually wondering how the process works.

Re:That's it (1)

Richard_at_work (517087) | about 6 months ago | (#46620219)

Its only if they have received take down notices for that specific item with that specific cryptographic hash before - if the item you are sharing has never been the subject of a take down request, then you are free to share it, there is no proactive policing going on.

Re:That's it (2)

hattig (47930) | about 6 months ago | (#46620241)

Or you could read the article and get answers immediately.

They use file hashes of previous DMCA requests when new files are shared. If it transgresses, it's blocked just like this situation.

It's not "policing", it's blacklisting the sharing of specific files via comparing file's hash against a list of blacklisted hashes.

I just hope they're not using CRC16.

Re:That's it (1)

fsagx (1936954) | about 6 months ago | (#46620703)

Just remember to add one byte to the end of any questionable file --> new hash, no takedown.

dd if=/dev/zero count=1 bs=1 >> old_file_gets_new_hash.mp4

Re:That's it (1)

Richard_at_work (517087) | about 6 months ago | (#46620803)

New hash, no *immediate* take down, but be prepared to be on the receiving end of one, which I would consider mildly worse than having Dropbox say "nope" before the lawyers get involved.

Re:That's it (2)

bberens (965711) | about 6 months ago | (#46621193)

If you're not distributing copyrighted material I fail to see how this could be a problem in practice. You'd have to create a public link to your copyrighted file and that link would have to somehow wind up in the hands of the MPAA or other representative of copyright holders.

Re:That's it (0)

Anonymous Coward | about 6 months ago | (#46620343)

RTFA:
All files on Dropbox are hashed, this is used for de-duplication to reduce storage requirements. When they get a DMCA request they remove the requested link(s) and flag the *hash*.

Any time someone tries to access a DMCA flagged file via a public interface it'll refuse, this is probably necessary to avoid being found liable under the DMCA given the way they does their de-duplication.

Others have noted that private folders and even non-public shared folders isn't affected by this so it appears that they only do this when required by law to avoid loosing the DMCA shield.

To reduce user confusion, when you try to make a public link Dropbox checks all hashes underneath and if one (or more) are flagged it'll tell you about it. I don't think there's a legal requirement to warn but if they didn't they'd have a lot of consumer support requests which would cost them money to handle.

Re:That's it (1)

mysidia (191772) | about 6 months ago | (#46620575)

Dropbox has no idea that you only intend to share it with yourself, or one other person, and there is no mechanism by which you can ensure that yourself anyway.

Well.... if more than 3 IP addresses retrieve the link, then assume it has been shared with other people.

Re:That's it (1)

Lightning McQueen (3342905) | about 6 months ago | (#46620621)

Why 3 IP addresses? Where did you get that number from?

Re:That's it (0)

Anonymous Coward | about 6 months ago | (#46620723)

The DMCA notice, takedown, dispute procedure is complicated because it creates a balance of power between the publisher (in this case, Dropbox's user) and the alleged rightsholder, so even if a creative regime seems like "common sense," it may be tilting that balance.

Part of the balance is simply who does the work, at scale. While there might not be a good common sense answer to this question that is essentially fair, it's obviously something negotiated into the DMCA when it was passed, so it ought to matter. If you give rightsholders a fancy web tool and tell publishers to send paper mail waiting 8 weeks for counternotices, you are tilting the balance. This should be "common sense," too. What they are doing seems like a less drastic version of this.

For another example, one user may have the rights to publish something while another does not, yet both are publishing the same hash. Dropbox may consider this case (an automatic takedown that shouldn't have happened) so rare that they "forgot how to count that low," but if it's ok for ISP's to do that then publishers who actually have licensed rights trying to publish something get driven from one host to another, causing outages and raising the price they pay, because everyone "forgot how to count that low." This antipattern is one thing DMCA's "common carrier" rules would seem to prevent: you only get protections from the DMCA if you actually serve everyone "fairly" as the DMCA defines it, and don't discriminate by overcharging and punishing with flakey service those customers who are participating in the copyright regime, by fully implementing the pre-lawsuit procedures. If you set up some other goofy thing that's more convenient for you, then you don't get the common carrier protections.

My question is then: was he able to file a counterclaim immediately upon receiving the automatic takedown, and if he does that does the link immediately and automatically go back up? If not, then this sounds definitely bogus to me. If so, it might be bogus. IANAL but we need to go a bit further than "common sense."

Re:That's it (1)

Travelsonic (870859) | about 6 months ago | (#46620903)

Yet again its forced outrage against basically something which is common sense

*sighs*... I hate these phrases - faux outrage, forced outrage, since they are used in the least applicable places. Misleading outrage isn't forced - it's still misleading, but it's still real. I's like when you mishear that somebody was banging your GF, and you momentarily get pissed before the person repeats themselves... the outrage in that split second was no less real.

Re:That's it (1)

Richard_at_work (517087) | about 6 months ago | (#46621199)

No, I specifically meant what I typed - the article is written in the way that you are intended to be left feeling as if Dropbox is deliberately doing something morally, ethically and socially unacceptable, and that they have just started doing it. The article writer and subjects mentioned within it are outraged that Dropbox is doing what they are doing, regardless of the fact that an average person wouldn't have any issues with what Dropbox are doing in this instance.

Its the article writers and subjects which have the forced outrage, because forced indifference doesn't cause page clicks.

Re:That's it (1)

Lightning McQueen (3342905) | about 6 months ago | (#46620513)

No, actually. The rest of us knew when we created our dropbox accounts NOT to put material there that might cause a problem. I don't put material I don't want anyone to see there - ya know like social security numbers, credit card numbers, passwords, etc - unless I've encrypted it before hand. This goes for all shared services. Anyone who believes the 'we promise we won't look at your stuff' line is naive. It may very well be corporate policy and they may try very hard to follow that, but it only takes one bad apple employee to go snooping through your stuff and commit identity theft!

Two solutions (Encrypt or leave) (5, Insightful)

kye4u (2686257) | about 6 months ago | (#46619849)

If you are determined to use drop box, use an open source software as 7zip that will encrypt and zip. Otherwise, stop using drop box and move on to something else. One of the consequences of using the magical cloud is that your are bound to somebody else's rules for how they manage your data. Also note that those rules are subject to change at any time, and you don't have any say in those changes (I guess the only option is to speak with your wallet and move to greener pastures).

Re:Two solutions (Encrypt or leave) (4, Interesting)

Xest (935314) | about 6 months ago | (#46619897)

I stopped using DropBox when it's Android app started asking for access to my contacts etc.

Anything that asks for permissions unnecessary to its key purpose is dead to me.

Re:Two solutions (Encrypt or leave) (4, Informative)

Sockatume (732728) | about 6 months ago | (#46619991)

Isn't that so that you can send links to contacts? Android has no granular permissions support so if you ever want to be able to email a link from the app, you have to grant that permission.

Re:Two solutions (Encrypt or leave) (0)

Anonymous Coward | about 6 months ago | (#46620109)

Honestly, if you can you should be running android 4.3+ so you can access the feature "AppOps" which does give granular control over application permissions. Not surprisingly Google hid this feature 4.4+ but it can still be accessed via third party applications.

Re:Two solutions (Encrypt or leave) (3, Insightful)

Chrisq (894406) | about 6 months ago | (#46620123)

Isn't that so that you can send links to contacts? Android has no granular permissions support so if you ever want to be able to email a link from the app, you have to grant that permission.

Its a shame that you cannot just deny that right and have it fail if you ever tried the email functionality. Or even let the application know what's granted so that it can disable the email options.

XPrivacy does exactly that (0)

Anonymous Coward | about 6 months ago | (#46620267)

A) you do not need access contacts to send links, android's built in sharing feature makes that just fine.

B) Assuming you took control of your phone (e.g. rooting it), XPrivacy offers a nice firewall against unwanted data snooping. You can block app access to a wide range of functions (e.g. GetContacts, GetPhoneNumber, GetLocation, etc. ) per app either completely, by feeding it crap or by randomizing the data on on each API at reboot or on access

It's useful for privacy, useful for poisoning databases and useful for dealing with region limitations (everyone seems to love GetNetworkCountryIso). And you can always just make the location API return the coordinates of NSA headquarters if you feel like it.

You Can (4, Informative)

brunes69 (86786) | about 6 months ago | (#46620317)

It's called AppOps. Was in Android hidden, then removed, but still ships in standard Cyanogenmod.

Permissions on Android are a mess (0)

Anonymous Coward | about 6 months ago | (#46620987)

From the number of apps I've investigated, Android's permission structure is a fiasco. You have to grant broader access than you should and they've coupled some features you might want access to in with others you definitely don't want to grant access to. It's one of the crappier aspects of their OS and a major mess.

Permission Observatory and a few other permission management tools in the Android market let you selectively 'de-authorize' individual permissions for installed applications. It may be that the app doesn't function at all or it may be that only a feature you don't use (like in my case, anything justified by g+ or FB, twitter, etc) doesn't work and the rest of the app does. You need to experiment per-app.

That does not require a rooted phone.

And as to Dropbox: Use encryption. Or host the files you want to share with only a few people on a secure web or ftp server on your own machine if it is a low-volume thing. When they get a BLOB that looks like random noise, they have no idea what's in it, DMCA stupidity notwithstanding.

I don't advocate depriving creators of their rewards, but the current corporate cronyism and abuses of copyright and other intellectual property concepts in current implementations of associated laws is ludicrous and unwarranted under the mantle of 'rewarding creators'.

Re:Two solutions (Encrypt or leave) (4, Interesting)

Xest (935314) | about 6 months ago | (#46620209)

Yes I believe that's the claim, but I'm more than content to just have a "Copy link to clipboard" button so I can paste it wherever I want - all they need to do is let me take the link where I want.

Too many companies use such data for other purposes in the background (and ship your contacts etc. off to their servers) that it's a poison chalice to even ask for such permissions if it's not necessary to the underlying point of the application.

I get that they want to make it easier for some users and I fully sympathise with the usability reasons for doing so, but ultimately when they do shit like this it just reinforces my view that it's not a permission I can trust most such companies with.

They say they'll never do something, and they resist for a while, then they finally break, "just this once" they tell themselves. Like fuck "just this once".

I used to have the Facebook app on my phone and I did give that permission - not because I trust them, but because I was going in knowing full well what they were going to do with it, but I drew the line at that app when it started asking permission to draw over other apps and such - what the fuck? No. Just no. There's not a chance in hell you're having permissions to view and render over the pixels on screen on my banking app or whatever.

Now I'm far more tough with apps in general, which is why I wouldn't touch drop box anymore with this permissions change. Tired of being told our data wont be read, will be held securely and then suddenly such data turns up in completely unrelated places, like when contacts I only had through my MSN messenger list magically turned up as recommendations on LinkedIn despite me never having given permission for MS to share that data with LinkedIn nor LinkedIn permission to receive that data from MS.

I used to be more laissez faire with my data, because I was lazy enough to put convenience over privacy, but each time I gave a company the trust they asked for based on the assurances they gave they really did lie and abuse it, so fuck them.

Even something as innocent as a university course I did in my spare time has me getting text messages (2), e-mails (about 5), phone calls (7 of - land line and mobile), letters through the post (3) telling me to fill in the UK's student survey. Eventually I relented, any other comments? Yes, "Fuck your survey, all data I filled in is false. Leave me alone". Apparently I should've opted out of said survey, now if only I was ever given that choice.

You literally can't put your data anywhere anymore without it being used to harass you. The convenience is no longer worth the inevitable follow on harassment which is anti-convenient, it's a distraction, a disruption, a pain in the fucking arse.

I buy a TV and I have to give a postcode and house number so they can pass it on to the TV licensing authorities "It wont get used for junk mail, just for licensing" and what comes through the door after a year? "Your warranty is due to expire, your TV wont be covered if it breaks blah blah blah" - no it's fucking not, I'm covered by the consumer protection act you lying dipshits. Last time I bought one I gave the shop the postcode and number of their very own store, knowing full well the question would be coming having looked it up before hand, amusingly my theory that the sales drones would be too fucking dumb to notice was proven right.

So it may be to let you more conveniently send a link directly, but you always pay in the end, that convenience doesn't come free, you lose the time gained by that convenience dealing with advertising crap, being sent friend invites from people you don't want, sorting junk mail into a recycle bin and phoning them to ask never to spam you again, or dealing with security nightmares because some retard company holding far more of your data than it ever needed got hacked.

And that's why they can take their lame little "share this" or whatever button and fuck themselves with it.

Re:Two solutions (Encrypt or leave) (1)

Sockatume (732728) | about 6 months ago | (#46620873)

You make a compelling case for them to do so.

Re:Two solutions (Encrypt or leave) (2)

jellomizer (103300) | about 6 months ago | (#46620007)

For an app intended to share data with different people, being able to access your contacts would make the program easier to use assuming that you are sharing data with people on your contact list.

That said most apps work if you say No. I wouldn't call it an unnecessary request to ask for permission.
 

Re:Two solutions (Encrypt or leave) (1)

Walter White (1573805) | about 6 months ago | (#46620073)

That said most apps work if you say No. I wouldn't call it an unnecessary request to ask for permission.

On Android you cannot install the app if you say no. The question is asked during installation or update.

Re:Two solutions (Encrypt or leave) (0)

Anonymous Coward | about 6 months ago | (#46620097)

That said most apps work if you say No. I wouldn't call it an unnecessary request to ask for permission.

Under iOS this is true, but not under Android. Android's permission scheme is all-or-nothing: either you grant an app all the permissions it asks for, or Android just won't let it run.

Re:Two solutions (Encrypt or leave) (2)

iq-0 (313030) | about 6 months ago | (#46620025)

One of dropbox's key features is it's ability to share your files. So I hardly think access to your addressbook is really wrong. If they'd be sending that data to their server or whatever that would be unacceptable.
You should actually be more annoyed with the Android permission system in this case, because it doesn't let you prohibit that part of the functionality. The current permissions system is that you must allow all permissions an app might need, eventhough you'll never use (or want to use) that part of it's functionality. Even delaying the accepting of the permssion would in many cases be preferable for these kinds of permissions that are related to your specific use-case for that app.

Re:Two solutions (Encrypt or leave) (1)

Xest (935314) | about 6 months ago | (#46620259)

I agree the Android permissions system is part of the problem in this particular scenario, but see my post here as to why I don't want them to access data that isn't essential to the use of the application:

http://slashdot.org/comments.p... [slashdot.org]

Long story short, accessing my contact list just allows them to add fluff, and the fluff to risk of privacy violation ratio is too high. I used their application fine without that option in the past, I don't need it now.

Re:Two solutions (Encrypt or leave) (-1, Flamebait)

Anonymous Coward | about 6 months ago | (#46620527)

"If they'd be sending that data to their server or whatever that would be unacceptable."

Ebonics on /.
Now I've seen everything,

Re:Two solutions (Encrypt or leave) (1)

rudy_wayne (414635) | about 6 months ago | (#46619921)

Otherwise, stop using drop box and move on to something else.

And that "something else" will still be subject to the same bad laws (DMCA) as Dropbox.

One of the consequences of using the magical cloud is that your are bound to somebody else's rules for how they manage your data.

The problem is, this isn't Dropbox's rules. They are following the law.

Re:Two solutions (Encrypt or leave) (0)

Geek Hillbilly (2975053) | about 6 months ago | (#46619957)

Dropbox just shot their business model in the head.I hope they realize that.

Re:Two solutions (Encrypt or leave) (3, Insightful)

aviators99 (895782) | about 6 months ago | (#46620015)

If you encrypt, it's not very convenient to do what the person in the article did: link to a video. His IM buddy would have to download/decrypt before seeing the video. Your point is well-taken, of course. But leaving for another cloud provider is likely not going to make things any better. Cloud storage, by its broad definition, is sacrificing security for convenience (to some extent). You can certainly mitigate that via encryption, but at the loss of much of the convenience, especially when it comes to this particular use case, which is the sharing of a video.

Re:Two solutions (Encrypt or leave) (1)

bill_mcgonigle (4333) | about 6 months ago | (#46620809)

There's not a technical reason why browsers couldn't support stream ciphers for media playback. If the need becomes great enough somebody will do it.

Re: Three Solutions (Encrypt, Leave or YouTube) (0)

Anonymous Coward | about 6 months ago | (#46621081)

If you need to share video, you sure as hell don't use dropbox for that when YouTube is around. Haven't uploaded anything to youtube so don't know if it's possible to restrict access but I'd think it would be a given that some files are restricted and not public.

Re:Two solutions (Encrypt or leave) (0)

Anonymous Coward | about 6 months ago | (#46620067)

Encrypting incriminating material could be considered a violation in itself.

Good luck! IANAL.

Captcha: adviser

Re:Two solutions (Encrypt or leave) (1)

Jmc23 (2353706) | about 6 months ago | (#46621025)

That's rich. Protect your data?

This is about pirated material. If you aren't a pirate, there's absolutely nothing to worry about. rtfa before making something else up.

Re:Two solutions (Encrypt or leave) (0)

Anonymous Coward | about 6 months ago | (#46621105)

If you aren't a pirate, there's absolutely nothing to worry about.

It is obvious you don't think much.

Here are some things smart people will be concerned about :

1) Security
2) Privacy
3) Mistakes by Dropbox which lead to false claims which nevertheless must be defended in court.

Re:Two solutions (Encrypt or leave) (1)

jedidiah (1196) | about 6 months ago | (#46621183)

No. You are just taking it as an article of faith that your corporate masters are always right and never make a mistake or abuse the DMCA takedown system for selfish or evil purposes.

Drop dropbox (0)

Anonymous Coward | about 6 months ago | (#46619853)

Feels almost as good as dropping a good douce

Defeat it this way. (0)

Anonymous Coward | about 6 months ago | (#46619871)

Create a readme ,txt file then .rar that together with your original file.

Tip: Use Truecrypt (0)

Anonymous Coward | about 6 months ago | (#46619873)

Because I don't trust Dropbox and the like, I will put "private" files in a Truecrypt file before uploading to "the cloud".

Huh? (1)

StripedCow (776465) | about 6 months ago | (#46619875)

So, if I get this correctly, Dropbox will prevent you from sharing a file that was blocked due to somebody else uploading it and getting busted?

What does somebody else's data have to do with your data?
And what if there is a hash collision?

Re:Huh? (2)

Sockatume (732728) | about 6 months ago | (#46619913)

The DMCA is concerned with whether Dropbox is hosting an infringing file, not who they may be hosting the file for or for what purpose. Unfortunately this approach is forced upon Dropbox by a US law passed in an era of dial-up modems.

Re:Huh? (1)

thue (121682) | about 6 months ago | (#46620069)

> And what if there is a hash collision?

Cryptographical hashes are designed to make that ridiculously unlikely. Go play buy a single ticket to the national lottery instead - you are far more likely to win the biggest price there than to every find a hash collision.

Re:Huh? (1)

StripedCow (776465) | about 6 months ago | (#46620103)

you are far more likely to win the biggest price there than to every find a hash collision.

That, of course, only makes it more painful to encounter a hash collision.

Re:Huh? (1)

FireFury03 (653718) | about 6 months ago | (#46620335)

> And what if there is a hash collision?

Cryptographical hashes are designed to make that ridiculously unlikely. Go play buy a single ticket to the national lottery instead - you are far more likely to win the biggest price there than to every find a hash collision.

Its not quite the same thing. If you buy a lotto ticket then you have a single change of winning. In the case of dropbox, you have many chances of "winning" (consider how many files dropbox stores).

Of course you're right that a collision is incredibly unlikely, but I don't think your example is especially comparable.

Re:Huh? (1)

Half-pint HAL (718102) | about 6 months ago | (#46620497)

I suspect that they use more than just a plain hash. Even if you just use hash plus explicit filesize, you've narrowed down the chance of hash collisions massively.

Re:Huh? (2)

Ash Vince (602485) | about 6 months ago | (#46620099)

What does somebody else's data have to do with your data?

There is no "your" data or "there" data. There is only dropbox data. It seems at the point you upload a file they check it to see if they already have a copy and of they do they just add a pointer to the existing file rather than store a fresh copy.

And what if there is a hash collision?

By the sounds of it they must actually do a direct file compare rather than use a hash. They probably use some kind of hash to narrow down the options of stuff to compare it with but in the fallback case of a hash collision, and both files being exactly the same size they must have to do an exact comparison. That probably does not happen very often though and it sounds like this is process is only done once at the point a file is stored.

Re:Huh? (2)

iq-0 (313030) | about 6 months ago | (#46620189)

Part of it is in the 'terms of service' where you specifically allow dropbox to do certain things (like deduplication and retention after you've deleted it).

They're not actively searching *your* files to seek out these violations, they got a specific complaint about that file's data, which they are obliged to make publicly inaccessible. If you also share that file's data than that too is, according to the DMCA, in infringing and is prohibited from being shared.

About the hashes: they most certainly only use to hashes to find candidates for deduplication. All files with the same hash are most likely first compared byte-for-byte before they're really considered the same.
The 'takedown' probably happens on the deduplicated file's entry in some database, where it's marked as a 'DMCA violation'. Any attempt to access it via a share will notice that flag and show the appropriate message. They wouldn't need to actually "go through your files" to look for violation, but in case they want to they can simply look who has a reference to the deduplicated file and whether or not it's shared by them in order to notify them of the fact (in that case they's still not be going through your files, but just following the link back to your account).

They are actually very correct about it, since they only disable the sharing, not your access to the file (since that is yours and thus not necessarily infringing on the DMCA). They are just not allowing you to use their service to distribute a copyrighted work about which they we're told it's not allowed to be distributed by them.

Re:Huh? (2)

StripedCow (776465) | about 6 months ago | (#46620271)

But computing a hash-value IS going through your files.

What if they use a hash that is computed like this:
1. compute md5sum of the data
2. make the last bit zero or one, depending on whether the file has some interesting property.

Suddenly, they can profile you based on "hash-value" alone.

Re:Huh? (0)

Anonymous Coward | about 6 months ago | (#46620291)

So the solution to this is to append few null bytes to the end of the file. This way it will be unique and won't match and DMCA flagged files.

Re:Huh? (1)

gnasher719 (869701) | about 6 months ago | (#46621065)

So, if I get this correctly, Dropbox will prevent you from sharing a file that was blocked due to somebody else uploading it and getting busted?
What does somebody else's data have to do with your data?
And what if there is a hash collision?

If there was a DMCA request, it means that Dropbox was told by a copyright holder that uploading this file is infringing someone's copyright. Therefore Dropbox knows that you are infringing the same copyright (except if you are the copyright holder, in which case - well, tough). Since they _know_ it is copyright infringement, it would be quite possible to argue that not blocking it would be Dropbox colluding in copyright infringement. And I mean you are not claiming that you have any right whatsoever to upload infringing content?

Hash collisions: They don't happen. If they happened, people would be complaining about losing data. But they don't happen.

The only people with a valid complaint would be copyright owners who ever sent a DMCA notice and then find out that they are unable to legally upload contents that would be illegal for others to upload. Maybe Dropbox should update their T&Cs if they haven't.

You wanted privacy? (3, Interesting)

DMacedo (1989924) | about 6 months ago | (#46619881)

This is news, in the sense that Dropbox now actively crawls your files (DMCA still went about for publicly listed files anyway).

But my question is why are there people in the tech industry still surprised by the fact that Dropbox does not encrypt it's users's files and can read them outright...
That's how they do sharing between users, as well as file deduplication (Which probably works best for larger copyrighted files, funnily enough!)

I still use Dropbox, and promote it slightly: with the stern advise to use it simply as a convenient way of sharing crap, but treat it as a "public USB drive"!

Just never, ever, store sensitive data, like your business or evil masterplans, or your personal/bank/etc account details on it. But if you're sharing that MP3 you recorded on yesterday's block party, go right ahead!

Re:You wanted privacy? (1)

TheCarp (96830) | about 6 months ago | (#46619951)

That is pretty much exactly why I don't use dropbox. I have enough ways to quickly share a few files, and this doesn't add much real convenience over others; for me anyway. I see why others may find it useful.

The thing is, the only gaps I have that dropbox would fill, are gaps I wouldn't trust it to fill.

Re:You wanted privacy? (4, Informative)

Ash Vince (602485) | about 6 months ago | (#46619961)

This is news, in the sense that Dropbox now actively crawls your files (DMCA still went about for publicly listed files anyway).

You obviously didn't bother to read the article.

The truth is that they always scan every single file uploaded to make sure they do not already have a copy of that file stored on their network. If they do, they throw your copy in the bin and just add an extra link to that stored copy in your account. That keeps their data usage lower as it means they never store duplicate copies of the same file, even if they are uploaded by completely different people.

So there is no crawling involved, this was done at the point of upload. They found that the same file had already been uploaded by someone else, shared, and that user got the shared copy of that file DMCA'd. Once a file has been DMCA'd in their system it seems it is blocked from being shared so only people uploaded that file also get to download it.

Re:You wanted privacy? (1)

Demonantis (1340557) | about 6 months ago | (#46620983)

If this is what is going on in the background are they are using hashing to identify the files? What is the risk of a hash collision? Would this be a legitimate concern using the service?

Encrypt with publicly known key (2, Interesting)

Anonymous Coward | about 6 months ago | (#46619887)

All that's required of users is to use a encryption mechanism, even weak, to encrypt said files prior to uploading.

You could potentially even use an encryption key as weak as "password" because DropBox aren't going to be in the business of guessing encryption keys (won't have the CPU grunt) so anything is going to deceive them - potentially even just XOR. Or even use the file's name.

The only downside will be that DropBox will be just that little bit harder to use without some sort of application to make encryption and decryption of files easy.

Not as bigger deal as it sounds if you RTFA (4, Insightful)

Ash Vince (602485) | about 6 months ago | (#46619919)

This whole issue can be summarized as:

1) User wants to ignore copyright law and share something they have no legal right to via a public service
2) Public service being used has no idea how many people will want to access the shared resource but they do know it is copyrighted as they auto match everything uploaded so they can avoid keeping to separate copies of identical files and save storage space and had a DMCA take down request for that same file previously.
3) Public service errs on the side of not getting their arse sued off by the various content owner conglomerates legal attack dogs and refuses to allow the file to be shared even though the person who uploaded it can still see it.

All in all seems pretty reasonable. Until copyright law is changed (like that is ever going to happen) dropbox have to follow it to the letter. I suppose they could have avoided the whole thing by storing more data and then not doing the duplicate file scan thing but even that is no guarantee it would prevent them from being sued to oblivion.

The only safe option for them that would also keep things private would be to use encryption keys that were only kept in the client. That way if you needed to share a particular folder you selected to store that under a different encryption key, and gave that key to other person / people who needed to access it.

The big problem with this is that it then becomes more awkward to provide web access to the files. People are comfortable remembering a username and password, they are not so comfortable remembering a bunch of encryption keys. If you store the encryption keys on a server at your end anywhere then you can access the files so you therefore get the legal responsibility to make sure your system is not being used to flout copyright law. The only legal way to run this sort of service and not be liable for it's misuse is to design it in such a way that you cannot see what is being stored at all.

Re:Not as bigger deal as it sounds if you RTFA (-1)

erroneus (253617) | about 6 months ago | (#46620085)

Your reality is actually quite distorted.

First of all, learning and understanding what it is to be human shows that we are creatures who literally NEED to create and share. That there is industry which literally seeks to create artificial limits on this and to control the supply of it is against nature and especially human nature. Common core is just the most recent example of how copyright issues are being used to extract more money from the public.

The whole of human knowledge and its legacy of creativity is being shrink-wrapped and packaged and controlled and it's completely tragic. There is something bigger than the notion that law is used to create and sustain a business model. There is a place and even a need for some limits, and it has to do with commercial exploitation of creative works for profit.

Some would say "information wants to be free" and that is a simplification. The reality is that teaching and sharing and creating are an inherent part of what it means to be human. What's truly wrong is taking that best part of our nature and putting limits on it and even destroying and losing parts of our human legacy in support of it. Due to current copyright laws, the lifetimes of copyright now exceed the life expectancy of the media the works are published on. The problems are real and obvious. The answer to the problem is sharing and constant copying and archiving.

A distinct, small and peculiarly non-contributing group of people are literally usurping human legacy. This is literally a crime against humanity of the worst type. If you think the dark ages was bad for humanity, then surely you must see how this is a darkness of its own.

Re:Not as bigger deal as it sounds if you RTFA (1)

Half-pint HAL (718102) | about 6 months ago | (#46620557)

First of all, learning and understanding what it is to be human shows that we are creatures who literally NEED to create and share.

On the other hand, it could be argued by the same token that internet sharing and lolcatz-esque memes are actually a drug that latches onto that need, corrupting it and distracting us from the act of creation by giving us a false sense of achievement through constant sharing. If we take pride in posting other people's creations, we cheat ourselves of the urge to create something unique ourselves.

After all, why should I suffer hours of preparation to put something on the net and get a few dozen views, when for a few minutes work I can copy someone else's file and get a million views?

Re:Not as bigger deal as it sounds if you RTFA (2)

erroneus (253617) | about 6 months ago | (#46620617)

You don't "suffer." That's the first lie. If it's suffering to create, then you're doing it wrong.

Re:Not as bigger deal as it sounds if you RTFA (0)

Anonymous Coward | about 6 months ago | (#46620119)

The only legal way to run this sort of service and not be liable for it's misuse is to design it in such a way that you cannot see what is being stored at all.

Incidentally, this is also the only secure way.

Captcha: reuses

Re:Not as bigger deal as it sounds if you RTFA (0)

Half-pint HAL (718102) | about 6 months ago | (#46620581)

The only legal way to run this sort of service and not be liable for it's misuse is to design it in such a way that you cannot see what is being stored at all.

YANAL. The DMCA states that companies must take reasonable steps to prevent reuploading. Designing a system with the express purpose of not being able to prevent uploading would be thoroughly illegal.

Re:Not as bigger deal as it sounds if you RTFA (2)

Uberbah (647458) | about 6 months ago | (#46620931)

YANAL.

And you are?

The DMCA states that companies must take reasonable steps to prevent reuploading. Designing a system with the express purpose of not being able to prevent uploading would be thoroughly illegal.

[Citation needed]

Scanning for DMCA issues is like the TSA (0)

erroneus (253617) | about 6 months ago | (#46619935)

Enough said?

Inevitable (1)

slfnflctd (1050758) | about 6 months ago | (#46619943)

Anyone who finds this unexpected really hasn't been paying attention. I and many others have assumed this was only a matter of time since the first day we heard about Dropbox and their ilk.

Only publicly shared files are scanned (2, Informative)

Anonymous Coward | about 6 months ago | (#46619945)

Publicly shared files that match known hashes are restricted, but not deleted, and any file can be shared to anyone privately without restriction, just not publicly to the world. Not much of a story. Read TFA.

Re:Only publicly shared files are scanned (0)

Anonymous Coward | about 6 months ago | (#46620725)

Yeah it's been well known that Dropbox has a hash of all the file so when you put a file in your Dropbox that someone else has it doesn't need to upload it.

So someone must have had a copyrighted file that they shared and then Dropbox got a DCMA take down request so now they have that hash blacklisted so if someone else tries to share it blocks it.

Since they aren't deleting it from your own Dropbox/PC (since it may be a legit legal file you own) I don't see the big deal.

Now if they suddenly went through and had Dropbox auto delete all flagged content then that would be a huge issue.

But this sounds fair and it's not like someone at Dropbox is snooping around peoples files it's just they already have hashes for every file on their servers.

Very likely they aren't actually scanning... (0)

Anonymous Coward | about 6 months ago | (#46619953)

1. The de-duplication process eliminates storing identical data.
2. The identified data is replaced by a pointer to the previously stored data.
3. That "previously stored data" may have been made public.
4. If that previously stored data has been tagged as a DMCA issue, then so does the de-duplicated data.
5. thus, no scanning of private data.

Truecrypt (1)

stevegee58 (1179505) | about 6 months ago | (#46619959)

The only thing I store in my dropbox folder is a truecrypt container file. Have at it.

Re:Truecrypt (1)

noblebeast (3440077) | about 6 months ago | (#46619983)

Doesn't that mean every change you make/new file you add requires the entire container file to be re-uploaded?

Re:Truecrypt (1)

heypete (60671) | about 6 months ago | (#46620609)

Doesn't that mean every change you make/new file you add requires the entire container file to be re-uploaded?

No. Dropbox uses delta sync (they use a modified version of rsync): it will only upload the changed blocks, not the entire file.

Re:Truecrypt (1)

Richard_at_work (517087) | about 6 months ago | (#46619993)

Good for you, but you wouldn't have fallen foul of this issue anyway because you wouldn't be linking your files publicly.

monday bloody monday (0)

Anonymous Coward | about 6 months ago | (#46619973)

greed fear ego based spiritless WMD on credit cabals' dream come true http://www.youtube.com/results?search_query=nazi+zion+conquest+censored&sm=3

Drop box .... Meh! (0)

DaMattster (977781) | about 6 months ago | (#46620041)

Drop Box is nothing more than a gussied up repackaging of a SFTP or FTPS and a nice fancy ol' GUI. Drop Box does not do anything radically different or innovative. If you don't like the way drop box works, it's trivial to roll your own solution or have someone do it for you. You set up a server for SFTP or FTPS and download a nice, friendly little program called FileZilla. Viola! Your own secure solution without being totally at the whim of a corporation. You can even get a virtual server for basically peanuts per month to facilitate this through providers like VPSCheap.net.

Re:Drop box .... Meh! (4, Informative)

wonkey_monkey (2592601) | about 6 months ago | (#46620131)

Drop Box is nothing more than a gussied up repackaging of a SFTP or FTPS and a nice fancy ol' GUI.

The post office is nothing but a gussied up repackaging of walking to your friend's house and giving him the letter yourself.
The fax machine is nothing but a waffle iron with a phone attached!

No, it's slightly more than that.

You set up a server for SFTP or FTPS and download a nice, friendly little program called FileZilla.

...and then? Will Filezilla run on startup, settle itself inconspicuously in the systray without a running window you could accidentally close, connect to the SFTP server, download files automatically to local directories so they're instantly accessible, then monitor, sync and notify you of any changes? Will it allow you to dish out invitations to share directories and files direct from your desktop, and manage those permissions for an unlimited number of users and directories?

Re:Drop box .... Meh! (1)

cheesybagel (670288) | about 6 months ago | (#46620311)

...and then? Will Filezilla run on startup, settle itself inconspicuously in the systray without a running window you could accidentally close, connect to the SFTP server, download files automatically to local directories so they're instantly accessible, then monitor, sync and notify you of any changes? Will it allow you to dish out invitations to share directories and files direct from your desktop, and manage those permissions for an unlimited number of users and directories?

You can do that with rsync and I have seen plenty of SFTP and FTP clients which can manage to do the same less efficiently as well.

Permission schemes... You would think you could do that with UNIX and separate login accounts no?

Re:Drop box .... Meh! (1)

CanHasDIY (1672858) | about 6 months ago | (#46620589)

...and then? Will Filezilla run on startup, settle itself inconspicuously in the systray without a running window you could accidentally close, connect to the SFTP server, download files automatically to local directories so they're instantly accessible, then monitor, sync and notify you of any changes? Will it allow you to dish out invitations to share directories and files direct from your desktop, and manage those permissions for an unlimited number of users and directories?

You can do that with rsync and I have seen plenty of SFTP and FTP clients which can manage to do the same less efficiently as well.

Permission schemes... You would think you could do that with UNIX and separate login accounts no?

Is it easy for a 'non-techie' to set up and use such a system? No; now you see the niche that companies like Dropbox seek to fill.

Come up with a secure, self-hosted system with one-click setup and simple configuration, and you might actually give them a run for their money.

Re:Drop box .... Meh! (4, Funny)

Alioth (221270) | about 6 months ago | (#46620285)

> Viola!

I fail to understand what a stringed instrument, slightly larger than a violin, has to do with it...

Re:Drop box .... Meh! (0)

Anonymous Coward | about 6 months ago | (#46620351)

> Viola!

I fail to understand what a stringed instrument, slightly larger than a violin, has to do with it...

This frequent mistake for " Voilà ! " deserves your sarcasm.
Thank you.

OwnCloud (1)

fwarren (579763) | about 6 months ago | (#46620175)

This is what OwnCloud is made for.

I know not everyone is able to set up their OwnCloud server. There are places that will host it and set it up for you.

I am truely sorry that DMCA is slowly but surely choking the web, In the end it will go away. Kids that are 15 today, when they are 45 will not convict someone of piracy, they just wont see anything wrong, same thing for the judges and prosecutors. In the shot term it could get alot worse. If you don't have the skills to circumvent it all I can do is quote John Wayne. "Life is hard, it is even harder when you are stupid"

Re:OwnCloud (4, Interesting)

heypete (60671) | about 6 months ago | (#46620239)

This is what OwnCloud is made for.

I know not everyone is able to set up their OwnCloud server. There are places that will host it and set it up for you.

OwnCloud is great, with one exception: the slightest change to a file necessitates an upload of the entire file. Dropbox does delta syncs using a modified version of rsync, so it only uploads change portions of a file.

For typical files and fast connections, the lack of delta sync is tolerable, but when you're dealing with large files or slower transfer speeds it's an issue: if you, for example, you keep a large TrueCrypt container file in OwnCloud and make a change to a small file stored in the container, OwnCloud needs to reupload the entire container. Dropbox would just update the blocks that changed.

Until OwnCloud implements some sort of delta sync functionality it is considerably less practical than Dropbox.

DMCA is an Illegal law... Take it to Court (1)

Anonymous Coward | about 6 months ago | (#46620265)

Due to provisions in the DMCA, the law is 110% illegal, and here's why.

There's no escrow mechanism for the encryption keys of the media protected under the DMCA.

Why does this matter?

Because of the wording of the DMCA, any encrypted file cannot be decrypted without permission from the copyright holder - EVER.

Without escrow storage of the encryption keys, it extends copyright to infinity, or for as long as the copyright holder wishes to hold onto those keys.

That makes the DMCA provisions illegal, as it circumvents copyright law to whatever the holders want.

Write to your congress-critter, write to your lawyer, it's time to get this illegal law wiped from the face of the planet.

Re:DMCA is an Illegal law... Take it to Court (0)

skywire (469351) | about 6 months ago | (#46620941)

If I read you right, you are saying that it is illegal to use a technological measure such as encryption to prevent others from accessing data that are not copyrighted works. Please cite some authority for that claim.

Is porn covered? (0)

Anonymous Coward | about 6 months ago | (#46620433)

Is porn covered by DMCA? It is? @#$%

Well, then stop sharing a copy of (1)

Lightning McQueen (3342905) | about 6 months ago | (#46620561)

copyrighted material. Share a link to the original material.

Whomade the DMCA complaint ? (2)

Alain Williams (2972) | about 6 months ago | (#46620595)

The image of the error message did not say who, or which corporation, had made the DMCA complaint. I thought that in order for something to be taken down under the DMCA the user had to be told who was complaining.

In this case: the user admits that the file was something that he should not be sharing, but there have been cases where the DMCA is being used to prevent legal files - in a case like that the user must be told who is complaining so that they can challenge the DMCA complaint.

Well duh (3, Informative)

DrXym (126579) | about 6 months ago | (#46620681)

Anyone who uploads copyright infringing content to a cloud server and entrusts it to the care of a company is an idiot. There are various ways that files could be scanned simply from looking at the filename or hash all the way through to analysis of the tag / contents / watermark.

And DropBox is probably the most benign of mainstream cloud hosts. Google, Amazon, Apple and Microsoft all sell content and sign voluminous contracts for the sale of said content. It's not hard to imagine that they would or could be obliged to scan for infringing content and notify the content providers when they find any.

They're using hashes (4, Informative)

Quila (201335) | about 6 months ago | (#46620697)

Change a character in the metadata fields, hash changes. If they're scanning the actual video portion of files, add a byte at the end. I don't think that would affect playback.

Presumtion of Guilt (0)

Anonymous Coward | about 6 months ago | (#46620891)

Of course it goes without saying that if I simply create a link to a file in "my" account that I must be intending to let someone who does not have rights to that file to access it. ThoughtCrime.

The idea that any two people might both have access right to a copyrighted work seems to escape the apologists here.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?