
Boxopus lets you download torrents to Dropbox anonymously + w/o a Torrent client - kapkapkap
http://torrentfreak.com/boxopus-downloads-torrents-to-dropbox-120623/
======
petercooper
This is relevant but forgetting torrenting for just a moment.. I believe
Dropbox uses hashing to identify files in their system, since sometimes you
can copy a large file into your Dropbox and it syncs immediately (without an
upload).

Given this, rather than using torrents, could there theoretically be a way to
tell your Dropbox account you "have" a certain file that, indeed, you do not,
merely by using the hash? For example, if I know the hash for the latest
episode of a TV show is "ab12de" (gross simplification!) and I can make
Dropbox think I "have" that file, if someone else already uploaded that file
to _their_ Dropbox, I could grab it too?

~~~
bryanh
This has been done and the exploit has been (mostly?) closed. Google
"dropship" for all the details.

~~~
gibybo
How does their dedupe method work now? Shouldn't it still be possible under
the same principle?

~~~
kirubakaran
Client: I have the file with hash 0x47fed9.

Server: Okay, tell me what byte 1257 (randomly chosen) of that file is and
I'll mark you as having the file.

Client: Ummm ...

~~~
invisible
So a client could theoretically talk to another client that knows what byte
1257 is and the file would appear to answer what the question implied.

~~~
jgeralnik
If there is cooperation with another client who has the file you could just
get the file from them in the first place.

~~~
0x0
Perhaps the bandwidth between (dropbox + all your syncing devices) is greater
than what the conspiring client can provide, so such a scheme may still be
beneficial.

~~~
nilved
I think they could just share the folder with you on Dropbox, allowing you to
download it from there.

------
LocalPCGuy
Pretty much boilerplate, but don't think this is going to protect you if the
torrents being downloaded are illegal:

"Boxopus may disclose Personally Identifiable Information if required to do so
by law or in the belief that such action is necessary to: (a) comply with law
or legal process, court order or a subpoena served on Boxopus or the Site to
cooperate with law enforcement authorities; (b) investigate, prevent or take
action regarding suspected or actual illegal activity or fraud on the Site;"

~~~
koala_advert
And even if Boxopus claimed to protect you like some VPNs do, unless they also
encrypt the files before uploading them to Dropbox, wouldn't you still be at
legal risk with Dropbox? Or are Dropbox contents automatically encrypted upon
upload so that employees have no way of knowing what they contain?

~~~
TylerE
As long as you're not sharing your Dropbox, it doesn't matter at point.
Copyright Infringement is a crime of distribution (or more strictly speaking,
reproduction), NOT possession.

~~~
jeffool
In the US copyright includes the right to make copies. As an individual you do
not have the right to freely make copies for yourself. That's reproduction,
and is expected to get you in trouble. The idea that "it's legal to download,
just not upload", is a defense that's been long been claimed, but to my
knowledge, has never been tested in court.

To be fair, though, I believe they (the RIAA, MPAA) haven't tested that case
either. Maybe they're not 100% sure either.

Now, in Canada? I believe private-use MUSIC downloading is legal. (Due to
shenanigans involving the fine levied on blank media made for the purpose of
burning music. Basically, Canadians already pay the fine for music piracy, so,
they get to do it. That's my understanding.)

~~~
DanBC
In the UK it's not legal to download, but the only damages are the costs of
one copy of the item. Doing all the paperwork and filing all the legal stuff
is time consuming and expensive, thus companies don't bother with it just to
recoup £14 for a movie.

But if you're uploading then the costs are the cost of the media * number of
people in the swarm. And going after those people has -they hope- a chilling
effect, preventing people from doing it.

This is "civil law" (A UK lawyer probably knows the correct terminology.)

If you're infringing copyright as part of trade -selling bootleg DVDs on a
market stall, for example- it becomes a criminal offence, and is enforced by
police and trading standards officers.

~~~
polshaw
Got a citation on the damages amounts? Haven't heard that before.

------
iandanforth
Doesn't this make Boxopus a honey pot for MPAA subpoenas?

~~~
Estragon
That hadn't occurred to me until I read your comment, but I came over here to
ask a related question: What is the business model? Who is paying for the
bandwidth boxopus is using by downloading all these torrents for people?

------
kenrikm
Wow, in before API access is cut to prevent the mountain of lawsuits that
would hit Dropbox if it's not. API cut in 3... 2... 1...

~~~
Jach
Why would Dropbox be hit by lawsuits now due to their API? Amazon's web
services and every other cloud storage site has no less risk. I am betting on
lawsuits for this Boxopus service since they're actually doing the downloading
and distributing, even if it's on a user's behalf.

~~~
catch23
why would they be suing boxopus? that would be like suing the creators of the
bittorrent client. boxopus doesn't store any data, nor provide links to
torrents for people, it's simply a service like your bt client. If anything,
this seems like this would be an easier way to catch the actual users.

~~~
stephengillie
So they'd sue boxopus to get their user data (IP addresses)? Or is this an
RIAA/MPAA honeypot?

~~~
kenrikm
They'd sue them to try and bleed them into the grave regardless of if they
have any legal basis to do so.

------
joejohnson
Torrent Reactor has already added a Boxopus ("Download to Dropbox") option to
their torrent pages.

------
orbitahl
I have actually had similar service running on my servers for a while now
(took me about almost 3 months to design, code and test), though it makes
legally no sense to make it available to the public, as you will need a solid
ISP that will guarantee you that it won't abandon you as soon as they receive
a letter from the Copyright Mafia. The service will eventually resemble a
glorified cyber locker, since it makes no sense to delete the most popular
files. Secondly, you aren't really protecting your customers unless you can
provide payments through bitcoin, but even that wouldn't be safe enough.

------
SCdF
So maybe I'm overreacting or misunderstanding, but if this kind of thing
became popular (using a service to push torrents, which are by and large used
for things lawmen don't like, to your dropbox account) could dropbox face
similar issues to those faced by MegaUpload?

I kind of feel like at this point my data should be stored a in a 'RACS'
configuration: a Redundant Array of Cloud Storage.

At least with DB you usually also run the d/t client and so have the data
'checked out' in local drives, but I do know people who just use the web
client (locked down computers).

------
liammcurry
I've done something similar with an IFTTT recipe, where I can email the URL of
a .torrent file and it will be automatically added to a folder in my Dropbox.
Then I have my torrent client setup to watch that folder for .torrent files.
This works nicely when I'm not at my computer and want to start downloading
something.

Here's the recipe: <http://ifttt.com/recipes/100>

------
smallegan
This brings to mind lots of questions like, Does this take advantage of
Dropbox's single instance file storage? As in, are they uploading completed
files and saving themselves the bandwidth of having to actually do the upload
because dropbox likely already has a copy of that file hosted? Also, if
multiple users are requesting the same file is Boxopus downloading this more
than once?

------
leke
Let's say I'm a copyright holder and I see my content on the bittorent
network. Would the IP address of the downloader on the network belong to
boxopus? If so, if I then asked boxopus to hand over the all user's details
(dropbox accounts and email addresses I guess) that accessed the torrent in
question through their service, would they have that data on their servers?

------
joejohnson
Has anyone been able to download through this? I tried about 30 minutes ago
and the torrent still says it's waiting in their queue. This seems like a very
slow way to download a torrent.

------
chrischen
This is basically a torrent VPN service that goes through DropBox.

------
Tichy
I don't understand it. What is the difference to just configuring a dropbox
folder as the download destination in the BitTorrent client of your choice?

~~~
fishbacon
Your connection is not used for torrent packages but Dropbox packages. So it
is, in some sense, anonymous.

------
suprgeek
Excellent innovation. This is like waving a red flag in the face of the MPAA,
RIAA, and all the other entrenched monopolies that are seeking to extend their
outdated business models by using old-school Mafioso tactics. I would be very
surprised if Boxopus, Dropbox (or both) wasn't pressurized to discontinue this
service in some way. API changes by Dropbox (or TOS violation based
suspension), Lawsuit for BoxOpus, etc to follow...

~~~
ethank
You do realize the trade groups (riaa, mpaa) exist to prevent collusion? Aka
mafioso tactics?

Not saying the represent a valid continual business model (currently, we can
hope for evolution) but lets leave the hyperbole at the door.

------
samrat
Does this have a file size limit? I'm pretty sure dropbox's API has a 300MB
limit.

~~~
SoftwareMaven
They undoubtably put the file in their own Dropbox, then copy it into yours.
That also allows the dedup algorithm to run to save bandwidth.

And the limit is 150mb otherwise.

------
benguild
Can you seed with this?

------
smashingeeks
Please vote this <http://news.ycombinator.com/item?id=4153077>

~~~
icebraining
Flagged for spam.

