
Dropbox buys HelloSign (YC W11) for $230M - azhenley
https://techcrunch.com/2019/01/28/dropbox-snares-hellosign-for-230m-gets-workflow-and-esignature/
======
spking
HelloSign is one of the few utility SaaS products I use somewhat regularly
that just nails it perfectly (and for free). Please don't screw this up,
Dropbox.

~~~
fillskills
Second that. I came here to say the same. Been enjoying Hellosign as a
paying/free customer for years. Absolutely love their product.

------
tombert
I don't mean to ask this ironically; how do these companies come up with these
numbers during a sale? Jet.com was sold for $3 Billion, but Craftsman Tools
was sold for only $900 Million.

I don't really know anything about HelloSign, but can someone tell me roughly
why they might have come up with the $230M number?

~~~
tomasien
revenue * multiple

let's say $10m in ARR * a 23x multiple

The way you get to the multiple is a combination of how fast the revenue is
growing, how long you think that will keep up, and the margin of the revenue.

Craftsman Tools, for example, was probably not growing much or shrinking and
likely had low margin revenue but I don't know.

~~~
bufferoverflow
Revenue is almost meaningless. At least use a multiple of profits or of net
income.

You know, you can have a crazy revenue, and still lose money, and your company
can be bankrupt in a few months.

~~~
fjp
Those issues end up being reflected in the multiple.

Revenue * multiple is just a common way of talking about it, especially
because companies within the same industry tend to have similar multiples. In
reverse if you notice two public (since the information is easy to
find)companies with seemingly-similar businesses that have very different
multiple, you can start looking into why, and the quarterly financial reports
with high-level numbers like cash burn, outstanding debt, profits, or net
income would be a great place to start :)

~~~
mbesto
> Revenue * multiple is just a common way of talking about it, especially
> because companies within the same industry tend to have similar multiples.

This is the common way _media_ talks about it, either because they are (1)
uniformed or (2) they only hear of top line revenue.

Companies are _typically_ acquired for EBITDA * Multiple. However when their
is a "strategic" acquisition (which this one is) then there is all sorts of
weird math that potentially goes on.

Examples: (napkin math)

\- Company being acquired has $100M in revenue, and $20M in EBITDA. Post
close, they realize $20M in synergies, so they might buy the company at 20x *
$40M Adjusted EBIDTA ($20M EBITDA + $20M new EBITDA from synergies)

\- Company being acquired has $100M in revenue, and $20M in EBITDA. The
acquirer is going to remove 100 engineers post close (100 _120k /yr = $12M)
and therefore the new EBITDA is going to be $32M, and the company gets bought
at 20x _ $32M EBITDA

At the end of the day, the ROI is really what matters.

It's also worth noting - most M&A does not realize the hypothesized deal
value. So yes people are right to be critical, but without full details, being
precise about what the true value of a company is nigh impossible.

~~~
dpark
All acquisitions are “strategic”. Even holding companies acquire assets that
they believe accrue toward their strategic vision.

The EBITDA calculation is at best a sanity check for the acquirer.

~~~
mbesto
> All acquisitions are “strategic”.

I'm just using industry nomenclature. When people sell to a PEG, they don't
say "we're selling to a strategic".

------
brightball
EXCELLENT! I've been saying Dropbox needed to add this type of functionality
to their existing offering for a while now so this is very exciting.

It's a natural fit with everything else that they are doing with Dropbox
Paper.

Now they just need to add a direct integration for something like eFax and it
will be on the short list of indispensable SMB tooling.

EDIT: Didn't realize HelloSign had the fax capability already...so all around
great news. This is probably the most well aligned acquisition I can recall
seeing.

------
rrggrr
This acquisition will fail if Whitney, Neal and the HelloSign team isn't given
the freedom and authority to direct integration, marketing and product
direction going forward.

HelloSign has demonstrated competencies Dropbox has not. Great that Dropbox
nailed sync, desktop integration and sharing years ago; but since then they've
done little to show any vision or execution in marketing, sales or product
direction.

As a Dropbox shareholder and user I am hoping the Dropbox team will give their
HelloSign colleagues the freedom and authority needed to save Dropbox from
almost certain failure. The sync, store and search ship sailed long ago.

There are two more acquisitions I'd like to see Dropbox make this year of
private companies to round out the product line.

~~~
tln
Have you used Paper? Also an acquired team, and a great product that has seen
a bevy of improvements since being under Dropbox.

~~~
rmkrmk
Paper is a security nightmare. Every document is automatically accessible
publicly if you know the url. You need to set each document individually to
private. At least for the Personal/Pro plans.

~~~
eridius
The URLs contain a long random string in them, no? This makes them
unguessable. Public-by-default seems to enable easy sharing of documents. I
would hope that corporate plans would impose stricter privacy controls, but
for personal use, being able to share a document just by sharing its URL seems
very convenient. Though I suppose defaulting the permissions such that anyone
with the URL can edit the document seems maybe too permissive.

~~~
mevile
This is security by obscurity, it's still technically possible to access the
documents. Like if you accidentally revealed the URL somehow. You shouldn't
have to worry about things like that.

~~~
jph
Surprisingly, it turns out that using security based on a URL with a random
string is /not/ security by obscurity.

The security pattern of a URL with a random string is security-equivalent to a
pubic username and a random string password, and also equivalent to the
security pattern of a bearer token: so long as the URL is shared only with
authorized users, it's the same security hardness.

The pattern can tune the security by using more randomness, such as more
characters. There are implementation areas to consider, such choosing a random
number generator with high quality randomness like /dev/urandom. There are
some access control areas to consider, such as all the people having the same
bearer token, which means there's no way to do finer-grained permissions per-
user or per-role or per-attribute. There are some user interface areas to
consider, such as if a user/agent doesn't treat the URL as secret, because it
shows content rather than masking characters such as " __ __ __* ".

For comparison, "security by obscurity" means there's a weakness in how the
security is built, such that if you saw the source code, or the physical
insides of a lock, then you would understand more about how to crack the
security.

In URL pattern, an example of security by obscurity would be if the URL string
was not actually random but instead was simply incrementing, or was based on a
reversible function of the time or username, etc. If you read the source code,
you would discover that there's guessable sequence or guessable trick, and
thus become much more likely to break the security.

Edit: I strongly favor higher security, and fine-grained access control, and
multi-factor authentication, and UI/UX masking, etc. This post is just to look
at security by obscurity.

~~~
jblow
Browsers do not treat URLs as secure. If you just go to the page and happen to
be live-streaming on Twitch or whatever, anyone can access the document
because the information is printed visibly on the screen. This makes it
starkly different from a password.

~~~
eridius
And if you type your password onto a keyboard and happen to be live-streaming
your physical self on Twitch or whatever from an angle where people can see
your hands, they know your password too.

------
PStamatiou
This is awesome news, congrats folks!! Have relied on hellosign over the
years, including doing all of my home buying paperwork with it.

~~~
joeblau
I've used HelloSign as well, but every other app that I used that Dropbox
bought has been discontinued so while I'm happy for the team, I don't have
high long term hopes for the project.

~~~
tradesmanhelix
This. After Dropbox acquired and then unceremoniously killed one of my all-
time-favorite apps (Umano), I greet most of their acquisitions with dread.

------
gruez
There's something I never understood about e-signature services: how are they
legally binding? Why do we need them at all? The end users don't have control
over any of the keys, so it all hinges on the e-signature service telling the
truth. It's significantly less secure than say, S/MIME with a proper CA-signed
certificate. Is the bar for legal "signatures" really that low?

~~~
chrisseaton
The law isn’t like programming.

The reason you sign something is to show clear intent that you intended to
agree to something.

Nobody’s under the impression a paper signature cannot be forged either. It’s
no different.

It’s social not mathematical.

~~~
gruez
Then that leads to my second question

>Why do we need them at all?

Why not just email the contract, and the person replies back with "I agree to
this"? Simpler and cheaper than paying $150/year.

~~~
chrisseaton
Because the ceremony of a signature has been socially recognised for thousands
of years. That's what our society expects.

~~~
gruez
>Because the ceremony of a signature

Come to think of it, I remember "signing" pdfs in adobe reader by clicking a
form field that produced a signature similar to[1]:

    
    
       John Smith
       Digitally signed by
       CN=John Smith
       [...]
    

This would satisfy the "ceremony" requirement. According to adobe[2] it looks
like you can do this with self signed certificates, so it's completely free as
well. But this option is significantly less popular than hellosign/docusign. I
guess the value-add for them is having a web interface, but I'm not convinced
it's worth the $150/year (significantly more for "business" or "enterprise"
plans) for a web interface that essentially signs pdfs with self-signed
certificates.

[1]
[https://helpx.adobe.com/content/dam/help/en/acrobat/11/using...](https://helpx.adobe.com/content/dam/help/en/acrobat/11/using/signing-
pdfs/_jcr_content/main-
pars/procedure_1345595113/proc_par/step/step_par/image/signature-placed.png)

[2] [https://helpx.adobe.com/acrobat/11/using/signing-
pdfs.html#S...](https://helpx.adobe.com/acrobat/11/using/signing-
pdfs.html#SignaPDFusingadigitalID)

~~~
twunde
The main benefit is around workflows. First and foremost, if you are in a
position where you need external people to sign documents (say you're a
photographer and need signed releases), it's a lot easier to send someone a
link to the standard document and get them to sign a release then to email
them and then call the person and walk them through digitally signing a
document. Especially if you're doing this 50+ times a year. And you typically
get the documents signed much quicker. It's pretty much the difference between
having to mail in a check for every payment vs using a web portal. It's more
convenient and there's a faster turnaround time. Oh and you've removed the
risk that something isn't signed correctly (was there a section that wasn't
initialed?) or that something was redlined. It's certainly not for everyone or
every business, but there are certain use cases where the money is well worth
it.

~~~
laurihy
It's also a huge win if you need multiple people to sign a document.

Without a tool like HelloSign you need to email the document to each person
one by one to get everyone to sign on the same "paper". It's a mess and takes
up a lot of time and coordination.

With HelloSign (and other similar tools), you can just send out an email with
a link to everyone at once. They can sign the document asynchronously in
whichever order they want, and when everyone has done that, you get a
notification.

------
chatmasta
Given DocuSign's market cap of $8B, does this price seem low?

~~~
nostromo
DocuSign makes like $700 million a year.

HelloSign makes less than $4 million a year (according to Crunchbase at
least).

If Dropbox was buying revenue then by Docusign's multiple they handsomely
overpaid for HelloSign. But they're not buying revenue, so who knows if they
over or underpaid.

~~~
santiagobasulto
That can't possibly accurate, right? If their revenue is 4M, the acquisition
is 57x their rev. That's crazy. Except if they have long time contracts signed
maybe?

------
azhenley
Dropbox's announcement: [https://blog.dropbox.com/topics/company/dropbox-is-
acquiring...](https://blog.dropbox.com/topics/company/dropbox-is-acquiring-
hellosign-to-improve-document-workflows-for)

"Dropbox is acquiring HelloSign to improve document workflows for hundreds of
millions of users."

------
janlukacs
is this a 70X acquisition multiple? I read somewhere they had ~3mil in
turnover?

~~~
jbverschoor
They raised 16m. So it's 14x

~~~
tvladeck
Turnover typically refers to revenue, not equity raised.

------
Liron
I wonder what was their revenue?

------
passive
Neat. I've used HelloSign for several things over the years, with their fax
support saving me a ton of time on numerous occasions. They've always been
very easy to deal with.

------
randomacct3847
As someone who has never worked in an enterprise SaaS will never fully
understand the hype or secret sauce around building and selling eSignature
software.

~~~
aero142
because printing a document, signing it with a pen, taking a photo of it, and
emailing it back is a thing rich investors keep having to do.

~~~
randomacct3847
You can sign docs with free Apple software on Mac/iPhone

------
Zelphyr
Wow. I’ve been a user since the beginning and I seem to recall a point where
they almost closed their doors. Talk about it paying off to keep going.

------
amyjess
Hmm... the headline has me wondering what was the first time one YC startup
bought another YC startup.

Is this the first time? Or has it happened before?

~~~
jhurwitz
Dropbox previously acquired Hackpad (YC W12), Snapjoy (WC S11), and TapEngage
(WC S11).

~~~
amyjess
Thank you!

------
dangrossman
Does this include HelloFax?

------
cribbles
From 2014, still germane: [https://www.drop-dropbox.com/](https://www.drop-
dropbox.com/)

------
chosenbreed37
> Dropbox snares HelloSign (YC W11) for $230

The title appears to have a negative slant. Is the modern jargon for
acquisitions of this nature?

~~~
azhenley
I don’t think it is meant to be negative. I think “snares” could be positive
or negative.

I interpreted it as Dropbox was fortunate to acquire HelloSign.

Also, this may just be some creative writing. Dropbox’s announcement did not
use such language.

~~~
chrisseaton
> I think “snares” could be positive or negative.

You know a snare is a hidden trap for animals? I can't imagine being snared to
be positive - it implies you're going to be skinned or eaten.

~~~
DenverCoder009
It also implies you've caught something of value. And get to have stew.

------
happyhueman
Congrats John, Sarah and Ron!

------
aaron_altamura
Hellosign is great, however please add tags!!!

------
trentellingsen
Congratz!

------
asah
well deserved.

------
ykevinator
In love hello sign but it feels like a few weeks of work to build. Feels like
they dodged a bullet.

------
hashkb
Finally DropBox will offer a useful product.

~~~
dymk
You think their core offering isn't useful?

~~~
g45y45
How many companies are either Office 365 or GSuite? You get document storage
and syncing as standard these days. You need a compelling reason to use
Dropbox over GDrive/OneDrive.

------
nothrows
Got this email from them a couple days ago:

We’ve noticed you haven’t used your XXX@XXX.com Dropbox account in over one
year and have closed your account for you. Devices connected to this account
have now stopped syncing. Any remaining files in your account will be subject
to deletion.

Sincerely, \- The Dropbox Team

There goes my files. Fuck dropbox. Stick to google drive.

