
How Dropbox Knows When You’re Sharing Copyrighted Stuff - antr
http://techcrunch.com/2014/03/30/how-dropbox-knows-when-youre-sharing-copyrighted-stuff-without-actually-looking-at-your-stuff/
======
qwerta
Yet another reason not to use cloud services. For start dropbox is
infrastructure provider and they have no right to snoop inside your files. If
they start blocking stuff at their own will they are judge and executor.

Secondly there is lot of potential for abuse. Hacker could sneak hash
collision into their database and essentially censor-ship any document he
wants.

And finally I do not understand why there has to be protection from working
with copyrighted stuff. Most of work I created is copyrighted, nearly every
open-source product have copyright.

Even if there would be a movie there, it does not strictly mean it is illegal.
Most people have right to create backups of their DVDs. Many jurisdictions
allow to create copy for personal use and so on.

~~~
forrestthewoods
"For start dropbox is infrastructure provider and they have no right to snoop
inside your files."

Uh sure they do. Both legally and morally. It's their servers! Their right to
snoop files stored on their servers is quite strong. Your right to store files
on someone else's servers is zero. If you would like to pay someone to store
your stuff on their servers that is a business deal which can be arranged and
the fine print can be negotiated between the two private parties.

~~~
waterlesscloud
What if I transmit data over someone else's wires? Do they have the legal and
moral right to snoop at it?

What if it's stored within a government's territorial jurisdiction? Do they
have the legal and moral right to snoop?

Why not?

~~~
rayiner
Yes to both, save for the limitations these parties themselves agree to. That
is, after all, what the 4th amendment is: a limitation on the United States'
sovereign rights.

------
akerl_
This whole story brings increasing clarity on the difference between "we don't
look at your files" and "we can't look at your files", as outlined by Colin
Percival:

[http://www.daemonology.net/blog/2012-01-19-playing-
chicken-w...](http://www.daemonology.net/blog/2012-01-19-playing-chicken-with-
cat-jpg.html)

Obviously, the sharing and interoperability of Dropbox are key features, but
for lots of use cases I'd much prefer technical barriers to policy barriers.

The article claims that technical barriers exist at Dropbox as well, but
considering they hold all the encryption keys, and I have to trust they're
even encrypting in the first place, any "technical barriers" they erect are
really no more assurance than policy.

------
justin66
Dropbox certainly has a very dedicated advocate in Techcrunch. I wonder why.

~~~
ayberkt
Exactly. Quoting Dropbox's terms of service:

> We need your permission to do things like hosting Your Stuff, backing it up,
> and sharing it when you ask us to. Our Services also provide you with
> features like photo thumbnails, document previews, email organization, easy
> sorting, editing, sharing and searching. These and other features may
> require our systems to access, store and scan Your Stuff. You give us
> permission to do those things, and this permission extends to trusted third
> parties we work with.

However congenial this sounds, they reserve the right to look at your stuff ——
worth noting.

------
dantiberian
I've seen a lot of outrage about this on Twitter, what annoys me most is that
these people who are outraged for the most part consider piracy to be
acceptable. Then when a company tries to enforce copyright law and protect the
rights of the content owners they go on a tirade that their personal privacy
is being breached.

I know that the rights holders haven't been blameless in their history but
piracy is still wrong and getting upset about people trying to stop it is
wrong.

EDIT: I also think that Dropbox's method of detecting copyrighted files is a
perfectly reasonable way of doing it. By now we all (should) know the rights
we give up for the convenience we get when using consumer cloud services. I
think Dropbox are well within their legal and moral rights to do this.

~~~
6cxs2hd6
Although I'm not one of the outraged, I think this sentence from the article
talks about two very different situations:

> Only when a file is shared from user-to-user (or with the Internet at large)
> does the DMCA check system come into play.

Doing a DMCA takedown on a broadcast share with the whole internet? OK. Fine.

Doing it on a share with a specific other user? Not OK. Bad.

IANAL, but: There are limited exceptions such as fair use. For example if a
teacher were sharing copyrighted work with a student or another teacher, that
could be appropriate. I think it is inappropriate for Dropbox to prevent an
appropriate share like this. Their ToS may allow them to do so, but I'm saying
they ought not to do so. I think that's taking it too far.

~~~
dantiberian
I think your fair use argument is reasonable. Interestingly fair use for sheet
music (as one example) in an educational context is far more limited than you
might think [1]. There are a number of limited exceptions for sharing
copyrighted materials with a student but all of them would involve
transforming the sheet music by only sharing part of it. In this scenario this
would change the hash of the file and the file blacklist wouldn't pick it up.

[1]
[http://copyright.lib.utexas.edu/musguid.html](http://copyright.lib.utexas.edu/musguid.html)

------
pkill17
As long as the files aren't being removed and marked inaccessible by the
owner, I see no malicious intent by Dropbox here. I'm sure they were pressured
by the MPAA and other similar organizations to actively remove/refuse to host
these files, and Dropbox implemented this instead.

------
cottonseed
Yes, it is sketchy. The architecture of Dropbox is sketchy. The only
acceptable solution is end-to-end encryption with an open protocol. I've moved
from Dropbox to btsync and started contributing to the ClearSkies project.

------
27182818284
I was under the impression they knew, but didn't care. In the past I had
uploaded GB-sized HDTV stuff and had it instantly uploaded and available to a
friend. I figured they just hashed it, realized someone else already put it
up, and added that file to my account or otherwise linked it into my account.

------
NotOscarWilde
Almost all the recent news and tweets sidestep around the main question, which
should be answered in a FAQ somewhere:

 _If I have copyrighted data on my Dropbox folder, and the system detects it,
what happens? If I sync the copyrighted data with several of my computers,
does that count as sharing?_

Yes, I know what hashing is and yes, it seems the original reporter of the
DMCA may have shared the file link through email or a website. Still, I need
assurance that my data (including the copyrighted ones) will be backed up at
Dropbox and available for my use at my leisure, indefinitely -- provided I
don't "share" them in any public way.

Side note: all of my data on Dropbox is encrypted by a separate system, so
it's unlikely that I'll be affected, but I still am interested in the issue.

------
chimeracoder
> Dropbox checks the hash of a shared file against a banned list, and blocks
> the share if there’s a match.

Encoding an mp3 is not a deterministic process. So if multiple people start
with the same .wav file ripped from a CD (which itself may introduce errors)
and then downcode it, they will end up with files which sound the same but are
slightly different (and therefore hash differently).

So, it should be straightforward to test whether Dropbox does anything more
sophisticated than what's described in the article.

~~~
RaphiePS
That brings up an interesting question. At what point does a modified file no
longer fall under copyright?

If I had a copyrighted ebook and changed a single "o" to "0" I bet I could
still be busted for distributing it (although it appears Dropbox would no
longer automatically catch me). But what if I changed every single "o" to a
"0"? Re-arranged words? Chapters? Upcased every lowercase letter?

My guess is that's it's based around "intent" which is hard to quantify, but
it's still interesting to ponder.

~~~
cheese1756
It would fall under the same rules as fair use. If the modified file is close
enough to the original that it could deprive the creator of a sale, then it is
certainly infringement. If you made it so different that it would not deprive
the creator of a sale (for example, if you re-arranged every single word so
that the words in the book were in an entirely random order), that would most
likely be fair use.

~~~
Retric
It's not quite that simple, something can be a derivative work even if none of
the original content remains and it's purpose changes dramatically. Generally
speaking fan-fiction infringes copy-write when someone trys to make money off
of it. However, the same work may be free and clear if you don't try and make
money from it.

Teachers can generally copy something to use in class as an example. However,
they may not copy the same content every year after that. Same action, but
slightly different context.

------
lalos
They use the same logic to save time when uploading a file that has already
been uploaded by another user. Check hash of large file, see if it is already
on the server and then just link it to your account.

~~~
unlimited_power
I believe they stopped doing multi-user deduplication a while ago.

------
viseztrance
I can't help of thinking that Google's and Microsoft's cloud offerings have a
more honest EULA.

------
orthecreedence
Here's my rebuttal: [http://turtlapp.tumblr.com/post/81222024691/how-turtl-
has-no...](http://turtlapp.tumblr.com/post/81222024691/how-turtl-has-no-idea-
when-youre-sharing-copyrighted)

~~~
psc
Just curious, are you storing the keys? Or at the very least the login info
from which you could regenerate the keys? If so, there's no reason a
government couldn't ask for you to hand the info over, so even though this is
a step more complex that Dropbox, it doesn't add too much security.

Now, if users provide their own key and it's never transmitted, that would be
secure, but obviously the data would be un-decryptable if the key is lost.

~~~
orthecreedence
You're right, storing keys would completely defeat the purpose. We don't do
it. Master keys are generated from a user's login information, which we have
no knowledge of.

Right now if you forget your login/password your account is lost
unrecoverably. We have a feature slated that would let you download a file
version of your account key, meaning if you lost your username or password,
you could log in with the special key file and reset your info. Obviously,
you'd have to keep the file encrypted/safe, but that's the user's
responsibility ultimately.

------
faddotio
They are _scanning_ your content!! Mobilize the "scropboxed!" campaign!

------
ds9
Maybe I'm being daft here, but why don't would-be file-sharers just encrypt
files and send their friends passwords along with the links? Neither the
provider nor the copyright holders would be able to tell who was sharing what,
unless they monitored IM, email etc..

Of course it does seem that anyone can abuse the DMCA with impunity, so
strictly speaking this wouldn't stop the "notice and takedown" actions. It
would however prevent the automated detection and might increase cost and
difficulty for copyright complainers.

~~~
elpool2
Yeah, anyone can easily modify a file so it doesn't match the blacklisted hash
and share it with their friends. Once you start sharing it with millions of
people across the internet though, the copyright holder is likely to find out
about and issue another DMCA takedown. So this is a system that doesn't
prevent small scale sharing, but might be somewhat successful at preventing
large scale infringement.

------
dpweb
If you don't control them, they're not yours.

~~~
coldtea
So if you don't control, say, your family they are not your family?

~~~
rakoo
I believe he was talking about possessions. You don't own humans.

------
betadreamer
Workaround: Just edit the file's time edited by "saving as" and it will change
the hash.

------
mrottenkolber
Imagine to rely on a storage service that decides wether you may have a
certain file. Not even once.

------
siliconc0w
Enter service to add random metadata to your files to trivially thwart
protection scheme.

