
1password explain the new Dropbox terms - davidedicillo
http://blog.agilebits.com/2011/07/dropbox-terms/
======
swombat
The DropBox hoopla shows the downside of writing your terms in a readable
language: people actually read them out of curiosity.

And since people have no clue how to interpret the legal bits that are
necessarily included if you don't want to be sued into oblivion, they
completely misunderstand them.

So the lesson is: keep your T&Cs cryptic, unintelligible, long, boring, etc -
so that people don't read them. This way you can put whatever you want in
them, including potentially nasty clauses (unlike the clause we're discussing
here), since no one will read it anyway.

~~~
neetij
I can't tell if your opinion is lathered with sarcasm or brutal honesty.

BagCheck has a nicely done Terms page which annotates legalese with Plain
English - <http://bagcheck.com/terms>

It is odd (and somewhat heartening) to learn that so many people _still_ read
those paragraphs of text nobody is supposedly reading.

------
yellowredblack
Here's my complaint. The author is complaining about a big furor over the
TOCs, and then proceeds to show us the TOCs that "seems" to be behind it.

Here are the facts:

    
    
      * Dropbox released new TOCs.
      * There was a big furor.
      * Dropbox *modified* the TOCs.
      * Furor ended.
    

Regardless of whether or not, in your opinion, the TOCs were significantly
modified, the fact is that:

    
    
      * The author presents the modified version of the TOCs.
      * The author claims that the modified version caused the furor.
    

This is patently false.

------
aaaron
Does Dropbox keep a revision history of your 1password data? It does that by
default with other files.

If there is a Dropbox breach, I would want to prevent hackers from getting
their hands on older versions of my passwords locked with an outdated (eg, no
longer top secret) master password.

------
iuguy
WebDAV is too slow? Really? Wow, I guess all those sharepoint users around the
world must be cursing Webdav, along with the MobileMe users (and soon to be
iCloud users, no doubt).

Also claims that APIs aren't available for other platforms, I find a little
disingenuous. Wuala supports iPhone, Android as well as Win, Mac and Linux. I
would struggle to understand how Wuala wouldn't want to provide 1Password with
access to an already existing API on the aforementioned mobile platforms.

~~~
halostatue
I curse Sharepoint with every time I have to use it (and its WebDAV
implementation only works _well_ with Windows). If you haven't noticed, iDisk
is one of those things that doesn't work well with MobileMe.

1Password also uses a _lot_ of _tiny_ files in its workflow (one of my items,
a license stored in 1Password, ffdfa… has a 5k PNG, a 261 byte plist, and a
791 byte JSON file in two different directories; those separate files and
directories are what make the sync efficient). Share point deals with larger
files over WebDAV, where it can be more efficient for those files.

If you spent five minutes on the Wuala website you would notice that they
_only_ have a GET series of APIs, not anything that the 1Password guys can use
because the mobile apps can _write_ as well as read. So, no, they aren't
wrong.

------
yellowredblack
Except that the excerpt you posted is the new, modified version after all the
furor.

[http://hardware.slashdot.org/story/11/07/02/0515218/Dropbox-...](http://hardware.slashdot.org/story/11/07/02/0515218/Dropbox-
TOS-Includes-Broad-Copyright-License)

Compare the above version to this new form: "This license is solely to enable
us to technically administer, display, and operate the Services"

It would appear that you didn't look into the issue at all before jumping to
the defense of your main service provider. Is this the level of diligence we
can expect from your product?

But, hey, welcome to the party.

------
yellowredblack
Dont fucking mod me down. The author claims that this is the paragraph that
caused the furor:

 _We sometimes need your permission to do what you ask us to do with your
stuff (for example, hosting, making public, or sharing your files). By
submitting your stuff to the Services, you grant us (and those we work with to
provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable
rights to use, copy, distribute, prepare derivative works (such as
translations or format conversions) of, perform, or publicly display that
stuff to the extent reasonably necessary for the Service. This license is
solely to enable us to technically administer, display, and operate the
Services. You must ensure you have the rights you need to grant us that
permission. [Emphasis added]_

When in fact this is the _modified_ version that was posted after the furor.
The original version is this:

 _By submitting your stuff to the Services, you grant us (and those we work
with to provide the Services) worldwide, non-exclusive, royalty-free,
sublicenseable rights to use, copy, distribute, prepare derivative works (such
as translations or format conversions) of, perform, or publicly display that
stuff to the extent we think it necessary for the Service._

Significantly different. And it was changed for a reason.

~~~
trotsky
_to the extent we think it necessary for the Service._

I know HN only has one viewpoint on these matters. However, I was hoping
someone could explain to this poor soul how a scenario like the following is
ruled out by this language:

I'm the dropbox CEO. I provide a free service for most of my users. As time
goes on, I'm having trouble making ends meet. I find that unless I get more
cash in the next 7 days, I will be unable to pay my hosting bill and my
service will be shuttered. Thus, obtaining more cash is _necessary for the
Service_.

Now along comes a firm, we'll just call them SLP. SLP is willing to give me a
bridge loan on very good terms immediately. The only catch is that they
require me to sublicense worldwide royalty-free rights to use, copy and
publicly display all works stored in the dropbox service. Their purposes for
wanting the data is unclear, however it is quite clear that I won't have
oversight on the use of the data. I can imagine, however, that they might be
interested in using it for data mining, advertising or industrial espionage.
We don't speak of any details, though. If I revoke the license, the bridge
loan plus penalties immediately comes due.

I can find no other source of funding at this time - I've played all my other
cards. I, as the CEO, believe taking this loan at these terms is absolutely
necessary if I am going to continue providing the service. So, I sign,
sublicense, and don't actually inform even many people in my company let alone
the user base. SLP quietly gets read only access to all the data. To whatever
extent SLP uses this data, they believe their use of it is _necessary for the
Service_ in that they don't believe the bridge loan will ever be repaid and
they believe it is necessary to extract value from the data to recoup any
losses they expect on the loan.

Now, mind you, I don't actually believe that dropbox has any sort of intent of
doing something like this, or that they'd be likely to do so even if their
back was against the wall. I also agree it's a pretty far fetched scenario.

I'm simply wondering how a license like this (and the multitide of others like
it, I'm not intending to single dropbox out at all) prevents this behavior.
You know, because I'm one of the total morons that can't understand simple
english.

~~~
swombat
IANAL, but the "service" and the "company's survival" are not the same
concept. When, as GrantTree, I sign an NDA to file a grant application for a
client, it states, like most NDAs do, that I can disclose it to
subcontractors/advisers/etc "for the performance of their work".

As a programmer, you might say, like you just have, "AHA! But if you don't pay
your subcontractors, they won't do their work. So, for the performance of
their work, you can sell your data to anyone, if the company's survival is
threatened!"

Unfortunately (or fortunately), lawyers, judges, prosecutors and juries are
not programmers, and I think you'll find they don't interpret it that way.
"For the performance of their work" is clearly intended to mean "directly
linked to their work" as well.

The same is true of the DropBox terms. "Necessary for the Service" does not
mean "whatever you might imagine could be necessary if you were arguing with a
magical genie as to the possible definitions of terms" - it means "what is
directly necessary so that the service can operate as normal". So I don't
think any judge or jury would accept that selling out all their customers was
"necessary for the Service", in the hypothetical case you mention.

Remember, law isn't about theoretical logic - it's about practically resolving
disputes between people.

