
Study of Thousands of Dropbox Projects Reveals How Successful Teams Collaborate - m0nhawk
https://hbr.org/2018/07/a-study-of-thousands-of-dropbox-projects-reveals-how-successful-teams-collaborate
======
kerng
>> Dropbox gave us access to project-folder-related data, which we aggregated
and anonymized[...]

Wait, Dropbox gave away non-anonymized data to a third party and they then
anonymized it. Wow, what could go wrong? Just thinking of the endless
possibilities of where all that data is now... Its deeply troubling how much
unwarranted trust there is when it comes to handling of personal data.

~~~
xevb3k
This is not at all surprising.

Dropbox put Condoleezza Rice on their board, who supports warrentless wiretaps
[1].

I deleted my account when they did that. Not so much because it would have any
direct effect, but because it’s clear that we have differing views on how user
data should be treated.

I surprised that people are shocked by them treating user data like this, it’s
absolutely in character.

[1] [http://www.drop-dropbox.com](http://www.drop-dropbox.com)

~~~
TomK32
just deleted mine (which I hadn't used in years anyways).

------
plg
This is deeply troubling. As a scientist who uses* Dropbox I gave no informed
consent. I know they claim personally identifiable information was removed but
still I gave no consent for this.

*not for long, perhaps

~~~
ErikVandeWater
This may come across as argumentative, but it's still a valid question -
What's the harm to you?

~~~
ggg9990
Imagine you have a folder in your Dropbox with 237 subfolders, and each of
those subfolders has a certain number of files in it. The largest folder has
1,132 files, for example, the second largest has 916, the third-largest has
771, etc.

Then imagine you have a second folder with 117 subfolders with another pattern
like above.

Now imagine that the first folder structure matches a torrent of embarrassing
pornography and the second appears to be a superset of a project published to
GitHub under your name (i.e. with some directories being gitignored)

------
zkms
> Dropbox gave us access to project-folder-related data, which we aggregated
> and anonymized, for all the scientists using its platform over the period
> from May 2015 to May 2017 — a group that represented 1,000 universities.
> This included information on a user’s total number of folders, folder
> structure, and shared folder access

This seems like heaven for industrial espionage purposes. Just because there's
some anonymisation doesn't mean that the metadata is useless. I sincerely hope
they get GDPR'd over this.

~~~
kimdotcom
It is only data from universities, not real for-profit businesses.

~~~
bigkm
ha. Have you seen what some countries charge for tuition.

~~~
jessaustin
University administrators are not shareholders! Their greed is much better for
society...

~~~
toast_coder
Why the heck would an administrator care if they 'hold shares' when they are
pulling 200k-500k per year as base pay?

------
bmarquez
The lack of consent requested is ridiculous. There may be some sort of
'obscure paragraph in the terms and conditions that says Dropbox can do
whatever they want' but this is horrible for privacy and business security.
I'm glad I've been client-side encrypting my Dropbox files.

For the past two years I've using a free open-source encryption app called
Cryptomator ([https://cryptomator.org/](https://cryptomator.org/)) for my
Dropbox folder without problems. The only caveat is the mobile apps aren't
free.

Another Dropbox encryption app is BoxCryptor, but I quit using them when they
went subscription-only.

~~~
ycombinete
I've just looked on Boxcryptor, and they appear to have a free tier. Are you
sure it's subscription only?

~~~
bmarquez
Boxcryptor used to be a one-time purchase to allow an unlimited number of
cloud providers and devices.

However they decided they needed a consistent revenue stream so they renamed
their software "Boxcryptor Classic", stopped updating it, and now users have
to pay $48/year to get features previously available as a one-time fee. This
was about 2 years ago, by now they've probably scrubbed all references to the
"Classic" version on their website.

To be fair the subscription version does have new group/admin features for
multiple users or businesses.

~~~
ycombinete
Ah, okay I see. Thanks man.

------
tempaccount777
Dropbox sharing your data without consent? Nothing new. I've been using
dropbox paper for a year now and only recently found out that by default all
docs are shareable. That means, if you log into dropbox -> open a dropbox-
paper doc -> Logout you're not safe. Anybody with your browsing history can
re-access the document you've been working on even after you log out. So
essentially if you're using dropbox paper on a shared computer or on a
public/library computer and logout, people will still have accesss to your
docs that you've worked on. Only way to turn this off, is to manually click
the 'invite' button and uncheck the share option for each and every document
seperately. I had some personal/sensitive info on a few docs and was shocked
to learn of this. Completely unacceptable from dropbox!

~~~
ebikelaw
If you are leaving browser history in public libraries, you have bigger
problems than Dropbox Paper.

~~~
j_koreth
Care to expand? I wouldn't usually think of browser history as particularly
sensitive.

~~~
ebikelaw
There are a _LOT_ of services that treat the URL as a secret. If you're
leaving these URLs in your browser history on a public computer other people
can access them. For example, the images served up by Google Photos, that have
the form lh3.googleusercontent.com/[kilobytes of base64-encoded spew], can be
accessed by anybody having the URL. So if you use a public computer to access
these, even though you need to be authenticated to browse Google Photos, and
despite the fact that you conscientiously logged out, anybody with access to
the history can still look at your photos. This is not be any means the only
such example.

------
whitepoplar
I love Dropbox, but this kind of data-gathering without explicit permission is
bananas. What I'd really love to see added to Dropbox is client-side
encryption (i.e. I want to manage my own keys so nobody can monkey with my
data). And yes, I know I can store an encrypted container inside Dropbox, but
that defeats the purpose of _easily_ accessing my data from every device.

~~~
swaroop
See [https://cryptomator.org/](https://cryptomator.org/)

~~~
kilroy123
Didn't know about this. Thank you!

------
unepipe
What kind of junk statistics are these? HBR ought to be more discerning in
what it publishes.

"How successful teams collaborate"... wait, I meant "the average number of
users who update the same directories in Dropbox from institutions that tend
to have influential research.

Sound insights. Make sure you're collaborating with no more than 2.3 people or
else you'll have to move your research projects over to Yale.

~~~
projectramo
Yes this was curious. I wonder if these insights (2.3 v 3 collaborators over
180 vs 130 days with the top person contributing x%) was really effective or
just a coincidence.

~~~
jpmattia
> _2.3 v 3 collaborators over 180 vs 130 days_

Yeah, that caught my eye too especially the missing RMS so we could see
whether the difference between 2.3 and 3 is significant.

------
primedteam
\- The researchers claimed they could see "every Dropbox folder associated
with a given researcher."

\- Dropbox denies giving researchers non-anonymized user data

[https://www.zdnet.com/article/dropbox-denies-giving-
research...](https://www.zdnet.com/article/dropbox-denies-giving-researchers-
non-anonymized-user-data/)

~~~
staticfloat
As the linked article states, all personally identifiable information is
removed, but you still want to be able to say "Alice worked with Bob in folder
1, and that same Alice worked with Charlie in folder 2", so you assign unique
identifiers to each user, such that you can't tie Alice to "Prof. Smith at
University of Chicago", but you can tie folder 1 and folder 2 to the same
Alice.

~~~
krageon
The GDPR has provisions for information like this, specifically to say that
small pieces of information can together still constitute personal data.
Consider that you can retrieve names if you map someone's professional
interactions with this kind of detail.

Regardless of whether or not the GDPR applies to these people, it's a useful
tool to illustrate why this kind of data is still wrong to share (especially
without any kind of consent!).

------
sbr464
If using a Mac, it’s pretty easy to encrypt a drive and store it in Dropbox,
then mount it when you want to use it. Kind of negates the whole point of
Dropbox (mobile access, small sync etc) but I started doing it for more
sensitive things.

Doesn’t require any 3rd party addons.

I really can’t believe they shared this data. Universities do work for
businesses all the time. Imagine a folder of research subjects organized by
geo/age/sex then full patient name or SSN, under a folder called HIV survey or
something. I mean really?

------
brian_herman
I am sorry this might be a cliched post and doesn't add to the discussion but
if they do things like this to academics what do they do with other peoples
private data that we dont know about?

------
newscracker
This was a very poor read, and just listed correlations based on some numbers.
I personally didn't learn anything that I, or anyone else, could apply. It's
just a "correlation=causation" based list.

------
mywacaday
How is this analysis even valuable "The average number of people on a project
at a top-10% university was 2.3"

Analysis where the majority of the projects have less than 3 people tells you
nothing on how to collaborate.

------
rahimnathwani
"To invesitage the impact on peformance"

Wow, can't HBR afford a proofreader?

~~~
Cyphase
Or a spell-checker at least.

------
herf
How do you determine "whether they were senior or junior faculty" from
anonymized data?

------
projektir
> Teams at lower-performing institutions were more likely to have one person
> or a small number of people doing more of the “heavy lifting.”

Is there some way to address this when it does happen? Or is it just a matter
of the right people being involved?

~~~
munchbunny
My guess is that this is a symptom of only specific people being
competent/engaged. Alternatively, this is specific team members hating
process.

In the latter case, I think that means you adjust process to be lighter. In
tbe former, there is no procedural fix, only hiring fixes.

------
Dowwie
I am surprised by the comments here. No one seems to have actually read the
article nor taken the time to learn about how Dropbox partners with
researchers: [https://blogs.dropbox.com/business/2018/06/nico-customer-
sto...](https://blogs.dropbox.com/business/2018/06/nico-customer-story/)

------
chiefalchemist
The five rules listed feels more like correlation and less like cause.

Also, there's more to true collaboration than sharing files.

