For all employees that are considering joining a startup as rank-and-file engineers and putting in years of effort, remember that your compensation will be paltry compared to founders and top execs. When your work finally pays off, it will mostly pay off for them.
Good for you if you're OK with that extreme imbalance. But, I know too many people that discovered only upon an exit, that the financial reward was never destined for them.
so personally? I don't care about the imbalance, I care about what I'm getting and how that compares to what I can get elsewhere. I understand I'm playing in a rich man's sandbox, and I'm okay with that. The fact that the man three levels up makes ridiculously more than I do doesn't diminish the fact that I'm getting treated better (mostly measured in getting paid better) than I would be at the next best job I could get.
That said, if I was an investor in the company and not another beneficiary of investor largess, I'd be pissed.
Why? Because when enough of us care, we can change the sandbox itself. None of this stuff is set in stone.
Great that you're content with crumbs, but I'm not, and I certainly don't want to see the next generation of technicians laboring under the same conditions as so many of ours has done. I'll do my part to leave the world a better place for my successors; not just the same status quo. What's the point of life otherwise?
dude, I'm a silicon valley computer technician. I literally make 10x what the service people I see every day make, and on top of that, my employer cooks gourmet meals for me, 3x a day, and provides a luxury bus system. Yes, I'm at near the bottom of my local technical prestige hierarchy, but If you think these are crumbs, If you don't think that this is worth a little bit of bowing and scraping, I think you need to stop and look around... look at how normal people live.
If you want to work to make the world a better place, If you want to alleviate suffering, work to raise the salaries of those who make 1/10th what we do.
Telling me to focus on the low-paid service workers is a nice distraction, but that's what it is: there are other groups working to improve their working conditions and working lives. I'm not connected to them, because I'm in the same pretty-well-compensated boat as you.
Maybe you're paid well, maybe you don't think you deserve more. Your employer almost certainly could pay you more, could give you more time off, more say in your job role, more flex time, whatever, but you don't seem to want more.
Again, good for you. Just don't tell the rest of us that none of us should want more pay, time off, autonomy, a voice in how the company is run, or whatever. If you want to hold fast to your own one-man empire of crumbs, go for it.
The rest of us can band together and work for more of that good stuff that comes with working and bargaining together.
The problem is that I don't think this will work, for the same reason that management generally doesn't unionize. Management doesn't unionize because their role is to act in the interest of capital. If capital thinks that management is in it for themselves, management becomes dramatically less useful. (and really, I think that we see a lot of management capture of resources that would normally flow to capital. Management is less useful to capital than it has been in the past. Capital knows this.)
In the ways that matter to these discussions, people who create and manage automation infrastructure are management. It's just that we manage machines that do work, rather than humans that do work. For the same reason that management that was not seen as acting in the interests of capital is worthless, developers who are seen as not acting in the interests of capital will be seen as worthless, too. (I mean, from the perspective of capital.)
Now, I do think that culturally, we are very different and there are some things we could argue for that would improve our lot and that of capital. really, in some ways, I'm very much in agreement that technical workers should be getting a lot of what capital currently gives to management. We can start by making a culture of open salaries. this will eliminate a lot of what management's job is, at our level, which is to individually and secretly negotiate salaries. There's no reason to pay tech workers who negotiate well more than those who don't, so job roles should have pay rates that are known throughout the company. (Of course, there is still negotiation involved in who gets what role, but I think that's negotiation that the technically inclined are better equipped to deal with than straight secret salary negotiations.)
If I'm going to be an Adam Smith-style rational economic actor, I'm going to seek to maximize my profit. If I don't, I'm leaving money/time/autonomy/working conditions on the table, and why on earth would I do that?
If the most effective way to do that is to organize and negotiate together with my fellow workers at Megacorp X--which is both ethically permissible (freedom of assembly, etc) and our legal right--why wouldn't I do that??
If your answer comes down to "you have enough" then you're already behaving like an irrational economic actor and I have no idea why I'd listen to you.
If your answer comes down to "it's hard," well, buck up, kid, life is hard.
Sure, if that's the best bang for your negotiation buck... but there are a bunch of problems with the approach; the hardest to overcome is the fact that many technical jobs are essentially management jobs, except that we're managing machines for capital rather than managing labor for capital.
Do you understand what is special about 'management' as opposed to 'labor' here? I mean, management is labor, but it's different, because in labor, traditionally, you expect a human to execute a task. Management figures out what tasks ought to be executed in order to maximize the return to capital. You can see how this precludes management from unionizing in the traditional American way.
My argument is that same thing applies to the higher end individual contributor technical jobs, too. If I'm right here, American-style unionization would decrease the value we bring to the table and probably the value we can take from the table.
If you want to usefully organize, I suggest you spend your time looking at the IT jobs that are more regimented, where you follow procedures. Those jobs could be usefully unionized.
You want to do that? You do you.
That's not the mark of a rational economic actor, willingly selling themselves short on a deal.
You can dress it up by saying "well, we work with machines," but at the end of the day, the machines don't own the company, the machines don't sign your check.
The bosses do, and they're the ones you've decided to give up your maximal time/money/autonomy/working conditions to.
Again, you do you, but the minute you say "we should all willingly give up some of our time/money/autonomy/working conditions to the bosses and owners," well, now you're telling all of us to stop being rational economic actors, which I can't get behind.
This has to be the most pretentious thing I read in a while. You get paid 6-figures with incredible benefits, while making 2-3x of what the median HOUSEHOLD in this country makes, with one of the highest average base salaries, and your individual income ceiling is approximately $180-$200k.
All of this, without having to risk your health like many other blue collar jobs.
All of this, attainable very quickly after graduating college (if you even get to graduating).
Feel free to demand the amount of money you think you deserve. I do think programmers are underpaid for the value they create. But don't make it seem like engineers are lowly serfs or something of that ilk. You have it so much better than most Americans.
 $59,039 http://www.businessinsider.com/us-census-median-income-2017-...
Imagine you were at Thanksgiving dinner. Everyone gets a full plate of food, but you only get a quarter of a plate. Is that fair? Should you keep quiet since you're fortunately to have any food at all, rather than homeless on the street? It's all about relativity. Compare apples to apples.
One is that it accepts the imperfect was of others instead of deriding that others are not perfect from a moral high ground. The other is that it prevents ourselves from playing the victim.
It acknowledges the common strengths in each human by also acknowledging the common weaknesses.
At each level of the "game" , whichever game you playing, there always exists a master/slave winner/loser relationship. A pseudo happiness is achieved when comparing with other games and works both ways. "I'm glad I'm not a minimal wage monkey" and "I'm glad I'm not a souless sellout."
The games can be stratified into economic divisions but in terms of striving and human drama they are quite similar. The poor person who has never tasted really expensive food gets the same pleasure from something more simple than a rich person who has numbed his palate does from the most expensive things.
Acknowledging this constant suffering by everyone is the most humane thing you can do and is the only way out of the game of dehumanization others for the purpose of humanizing the self.
My argument is that this is not true. there's a threshold below which not having enough causes significantly more suffering. having to wait two generations before buying the latest apple gadget is not the same level of suffering as having to delay a medical procedure because your job doesn't give you insurance until you've been there 6 months.
I don't know where the line is, but I am saying that going from $20K to $40K a year in total resources available to you makes more difference to your quality of life than going from $100K to $200K. - By a lot.
I mean, your description of being poor as eating plain foods sounds like you might have had a life like mine. Yes, there were times in my life where I had to eat inexpensive food, and yeah, it really wasn't so bad. But... I really think that's a fundamentally different kind of problem than having times in your life where there wasn't enough food at all.
Having times when you might have to get a smaller apartment or even roommates is also unpleasant... but I don't think it compares at all to having times where you might become homeless.
My friend who started out in the army, though, tells me that the food here in silicon valley is way better.
For myself, I don't think I'm really together enough (and I don't really have the tolerance for authority) to make it in the armed forces.
It would be extremely naive to think otherwise at this point, so I'm sure the parent is aware and enjoys the benefits despite the ulterior motives behind them.
I'm not being fooled. I totally understand the company's goal is to get more work out of me, but they are doing that in ways that make my life better, too. It's one of those situations where both parties to a trade come out better..
the food is really good, which means I don't waste time going across town (one of the unfortunate realities of most of silicon valley is that the homes, the food, and the offices almost always require driving to get between) - and dinner? well, again, I could drive more, or I could prepare food myself. Both are things I don't enjoy, that take a lot of time and that I'm not very good at. Employer provided food solve that problem, and saves me significant time. If they want some of that saved time? it still seems win win to me.
My employer providing good food makes my food situation almost as good as it would be if I lived in a real city with a good mix of offices and restaurants, and it gives me that without making me leave silicon valley (which has cultural and career conditions that suit me better than I think moving to new york would.)
The upshot is that if I get a job around here that doesn't give me three squares, I've gotta schedule another hour or so of effort into my day; effort that is as hard, for me as work, but where I'm not advancing my career or studying something I want to learn. Yes, my employer benefits a lot from giving me food... but I benefit, too.
I think that in a real way, people who create and maintain automation infrastructure are playing a role a lot like the role of management in the economy, except we manage machines that do the job of the worker rather than managing workers. Capital can pay for management to figure out how to pay the old professions to get a job done, or capital can pay us to automate that job away.
> I certainly don't want to see the next generation of technicians laboring under the same conditions as so many of ours has done.
Oh please. US West coast engineers already have it nearly as good as it can possibly get on this planet, in all of human history. The violin playing for the horrible conditions they must endure is very small if at all existent.
I'd be totally with you if you were advocating for a fairer CEO/Owner vs Worker pay in general, but singling out 'techies' is kind of a disingenuous way to go about it.
And, so, you do agree with me, but don't like some of my word choices? Can you maybe put that stuff aside and see that, organizing and negotiating together in our very individualistic field starts somewhere?
The workers themselves seem to be resistant (or perhaps fearful) to organizing in a manner that would give them more rights and fairer compensation.
And yeah, I think there's a big element of fear to it--fear of losing what is, right now, a pretty sweet deal for a lot of technical folks. That fear isn't entirely misplaced, anyway; individually, any of us could get fired for almost anything at almost any time. And there's a long and storied history of firing folks when they even whisper about organizing.
So I don't think the fear of organizing is irrational--but it is a fear that, I think, should be overcome, because the benefits are, of course, huge.
I dunno, I don't think it's all fear, I just think that's a much larger underlying force than people really want to recognize. If the risk were minimal, why wouldn't people be lining up to do this stuff?
OH, and FYI I am all in on addressing CEO/worker pay disparity. And, while we're at it, on how low-paid workers (janitors, call center stuff, etc.) get outsourced to another corp, etc.
Those are just problems that, I think, would need to be addressed directly through the political system, and not one that workers can take on in an organizing campaign of their own. They're all part of this constellation of "the American worker is getting screwed" but I feel like I gotta pick my battles, at least when I'm posting on the internet.
no need to wait, you can change the sandbox right now, you can create your own startup and give equal ownership to everyone.
And, at the same time, my fellow techies in any given megacorp (I'm not in one now, used to be long ago) can start organizing and negotiating together, to establish better working conditions, better pay, more autonomy, more of a say in how the company is run.
This isn't an either/or situation.
“Be the change you wish to see in the world.”
These ideas and methods aren't new (organizing and negotiating together), and they've been largely effective in this country and elsewhere.
And, hey, like I said to the other person, you don't have to do it, if you're happy with the crumbs the owners toss your way. You do you.
For the rest of us, we don't have to be content with our lot in life--we can be the change we wish to see. Good quote!
I dunno; co-ops have been successful in other areas of endeavor. It's as reasonable a way of organizing a company as any other.
I mean, mostly they are businesses that provide goods and services for money; businesses who's value rests mostly at their profit in a point in time, but it's possible you could come up with a co-op like structure that would work for a tech company where a lot of the value is in the company and getting the company bought out by a larger entity.
I don't know how you'd do it, but I don't see any reason why it couldn't be done.
I can tell you that as a tech worker with options, I would be whole hell of a lot more likely to join a pre-IPO company if they structured the thing in a way that was more transparent and respectful to the workers when it came to the equity component of their compensation.
What field are you in in this industry? I started making more than my parents combined income by 25. This industry pays incredibly well.
Additionally, you're not all addressing any imbalance in impact. "Imbalance" as seen from a perspective of dollars per worker isn't very meaningful unless you advocate for removing incentives and defaulting to a system more reminiscent of communism.
I actually... want to point out that there's a lot of disagreement there, at least in the technical field. There are a lot of people who claim that money is mostly a 'hygiene issue' in that you need to pay something in the realm of what your people could get elsewhere or else people will leave, but that actually paying more doesn't make that much difference.
Personally, I think it varies a lot. I know that you can pretty reliably get me to switch jobs by offering me an additional 20%... but I know people in my field who are better than I am, technically, who basically don't ask for raises, and end up making a lot less than I do simply because I ask for more. These people mostly only switch jobs when the situation forces it. And some of those people are brilliant people and incredible workers.
I mean, we're talking on the order of 10 and 20%, not orders of magnitude here, but the point being that the relationship between money and motivation is not as clear cut as it is, say, in sales
Another interesting side is that while you can totally get me to switch jobs by giving me more money, I'm not sure you can get me to do much better at my current gig by offering me more money; I think I'm already in the neighborhood of doing the best I can. But, would this change if my salary stopped going up?
Yeah that's how they get you.
I'm thinking we could have a group of 10 people working on 10+ different projects, and we would each own 10% of the parent company. Then we could try a bunch of different ideas and focus on the ones that work. I would want to build passive "lifestyle businesses" that make 4-5 figures per month, and we wouldn't need to aim for an exit. We could just take a salary and retire, or keep making apps and games because it's a lot of fun.
It would be awesome to share a lot of boilerplate code, so it's super fast to get started on a new idea. We'd also have a single kubernetes cluster on AWS that runs all of the backend services, maybe with something like Deis Workflow. And who knows, maybe we turn that into a business as well, and provide hosting to other companies.
Sorry for the tangent, but that could be one way to solve the imbalance.
Here's another discussion about tech coops: https://news.ycombinator.com/item?id=7634152
EDIT: I decided to put together an application form to see if anyone is interested: https://docs.google.com/forms/d/1dnm-SZxbcKuQ7PUU9ArRnlD1LiK...
There will be a lot of challenges, but I think it could work. Just need to find the right people.
I am curious what contributions can a single executive make to a company that justify $34 million dollars in compensation?
More so what contributions did that individual make in less than 6 months that can justify this obscene level of compensation? Did they create 3x or 5x of this compensation in value?
Remember this the next time a recruiter at some startup tries to tell they offer options in lieu of cash because the company wants you "to have skin in the game."
> But, I know too many people that discovered only upon an exit, that the financial reward was never destined for them.
When I interview at pre-ipo companies, they usually tell me how many options they are giving me and a per-option strike price, but no idea of how many outstanding shares there are.
In this case, I think it's deeply irrational to assume that you are getting anything at all; if a professional is offering you something of value as an inducement, they are going to make damn sure you know what that value is.
The upshot is that when you interview at these companies, make them compete for you on salary, benefits and working conditions. If they also want to give you a mystery box, that's cool, but understand that it's a mystery box, and probably won't be worth much at all even if there is an exit.
Well, it'll mostly pay off for major capital holders (which founders are likely but not certain to be, depending on the course of business before then, and top executives at the time may or may not.) Top executives as such (outside of their role, if any, as capital holders) may get more benefit than you, but even if so it will be much less than the capital holders.
The moonshot of UBI is an acrobatic avoidance of Marx, relatable if you were raised with the American indoctrination of Marx == Hitler (yeah I know but the lack of ideological overlap, or any overlap at all, hasn’t mattered because patriotism). We are due some maturity in this area.
And on another hand, one should be forgiven for mistaking the open source movement for Marxism.
Sure, I'm fine with executives that come much later to be paid more than many that come before him/her. Should a number as high as $34m justify the kind of value he/she puts into the company? I dunno if I can agree with that, and in an early employee's perspective, I'd like to be proven otherwise. Then again, I don't work for Dropbox and do not know the scale of the problem in which this exec has been brought in to solve.
Ultimately, my core principles/values have to do with loyalty and being nice. As founder(s), you must not forget those who brought the company this far. They did unglamorous work and put in crazy hours to help the company achieve product market fit. Founder(s) risk breaking the trust of their employees < no.100 when they see people coming after them being compensated / valued 100x more than they do, not because they are just paid higher. That scale is the root cause for frustration.
The counterpoint to this is when the company scales, all other numbers will scale with it too (revenue numbers, employee headcount etc.), and sometimes hiring a key person who can, in the long term, cut costs by $100m might justify his/her salary. Capitalism works like that.
UPDATE: Curious to hear what thoughts founder(s) active in the HN community have about this though. Open to hear decisions on your end. I struggle to come up with a good answer myself.
But I fail to see how someone would be worth this kind of money as, what's mostly a people manager of a (late) startup.
His own rank and file have to work 30 years to make what he makes in a year. Sorry but ... that makes me want to drop my (paid) Dropbox account.
Accountability is worth $8M a year?
In the next few years all of the NBA players combined (~420 players) are set to make more in salary than all the S&P 500 CEOs earn in salary combined.
Should top executives at $10 billion companies (7x the average value of an NBA team) receive compensation on par with professional athletes? How does that not make sense?
The US will spend $10 billion per year compensating several thousand athletes. How much should be spent compensating the people directly responsible for operating businesses that represent trillions of dollars in GDP and tens of millions of employees?
Mediocre middle relief baseball pitchers should make $8 million per year, but execs running billion dollar companies shouldn't? You can argue that baseball players are overpaid, but that's an absurd premise. It's directly representative of the value in the system - tens of trillions in wealth in the stock market, and vast profit generation - and the price of acquiring talent.
NBA stars make money by exposing themselves to downside. They have fan, they generate direct revenue and last but not the least they have their skin in the game. One injury and their playing career is over for good. What does these executives bring to table? Can 10 of them alone deliver the product and services to customer?
And when they fail ,they simply take large severance and fade away to a beach only to come back fully rejuvenated to fuck again.
The 420 or so players in the NBA can largely be considered to be the best 420 players in the world.
NBA teams also have a pretty high revenue to value ratio.
Points to you too for ignoring that in many cases the salary of a Fortune 500 CEO is, in many to most cases a much smaller fraction of their compensation packages. In many cases bonuses and other compensation is between 3 and 10 or more times the salary, so not exactly equitable, though it makes for a better sound bite.
How many of those $10B companies are actually really
worth that, not just an inflated result of funding
Yeah, huge responsibility there...
Then the shares of the early employees get diluted like crazy to give those sorts of very late-hires ridiculous compensation, because "they're 'executive'".
So the message is more about broken promises than it is about compensation per se.
He has run several multi-billion dollar units at Microsoft. Likely he had many other opportunities on the table.
Fact is it takes more than code to build something that lasts. You need to know code, understand people that write code, but there is a lot more to it than code. This guy was hired to multiply the efforts of hundreds of coders -- so all he had to do is improve each of them 5% to justify his salary.
Except... It's not quite that simple. Most people don't care. The vast majority of programmers simply do not care enough to band together and force employers to give you a higher stake.
I'm not even insinuating that a union would be a good idea. I'm saying, in a free market society, you can't be surprised to find out you just aren't worth making rich.
The whole of a business is already a collectively organized unit, by its nature. When each of us, each individual technician, goes into negotiations, we're already up against the entirety of the business. Banding together is literally the only way to balance that scale.
The Screen Actors Guild would be a good model for a tech union--they obviously reward top box office draws richly, but the low end of the scale is still well cared for.
Another route would be for founders to expand option pools from the typical 8-12%, so that their own holding didn't exceed that of every employee combined. But of course, why would any founder choose to do that? It's hard to become a billionaire if you let your employees have too much!
But it is not the case in traditional markets other countries where you have to put lot of time, effort, our own money and mental stress into creating even a moderately successful business.. On the other hand employees get relatively less strain and a stable income and an option to leave the company anytime and move to better higher paying jobs.
I mean, you're entitled to do whatever you'd like. But do you see the potential valuations being tossed around? "Drew" is worth tens to hundreds of millions.
I just have no idea why someone would find it not only worth it to take money out of their own pocket to further a corporation that has no need for the empathy we would normally afford to people (or small businesses, which "round down" to individual people or small groups), but would actually see value in sharing this thought process with everyone else. It's not like using a "deal" is unethical or illegal (like, say, piracy), the company in question (or a reseller taking the hit) offered it. Is this some kind of silicon valley flavor of virtue signaling?
If dropbox was a startup with 8 employees, especially one that didn't offer the near-commodity service (yes, I know UX etc matter here) that dropbox does, I would understand this. But that's so far from the case
That's why I like economics so much. A lot of irrational behavior come simply from the fact that humans are usually terrible to understand the underlying economic transactions taking place.
One of my favorite irrational behaviour is the one in which people value object they got more than the equivalent price in which they could buy//sell that object.
For example: You have an old bottle of wine in your cellar, and it is now valued at 500$. A lot of people would simply put, never buy a 500$ bottle.
But if that bottle was your possession, most of the people would keep it and eventually probably drink it, being completely irrational in regards with the 500$ valuation.
Art is also a good example. Art is globally unique, so what does it even mean for art to be worth $X? Seems like the only "value" of art is the price the next guy is willing to pay. The price is undefined until it's not.
On the other hand, if I have a fake Van Gogh, I would not be emotional upon liquidating it because it is fungible; some computer and printer somewhere can easily reproduce the piece if I ever need it again. In addition, the price is well-defined because fakes have a well-defined manufacturing cost associated with them. An authentic Van Gogh has an infinite manufacturing cost as the guy is dead.
some computer and printer somewhere can easily reproduce the piece if I ever need it again [...] well-defined manufacturing cost
Startups offering blockchain solutions to this landscape, of course, are emerging. But they face the same problem everyone does in that market: how can physical assets, and their movements, be indisputably registered to a blockchain?
I suppose this is true, very interesting. A piece (real or not or unknown) with history, can become (de)valued in its own right.
> how can physical assets, and their movements, be indisputably registered to a blockchain
For example, I think VeChain and Modum use physical ID chips, but I don't see how they solve this problem. It seems like a tall order to create an injection between physical assets and digital ones. I could see how this would be done if the physical assets were fungible and centrally sourced, which is only going to be the case with certain physical assets.
How would people register those assets to the blockchain? No one in the world should be able to register my laptop, because they don't have it. It would need to be derived from physical measurements, but this is a can of worms because the measurements can change; physical matter is not immutable in the way that digital matter is. Coupling the two seems like a tall order, or maybe I am small minded.
So even though it may be $500 to buy new, it's probably more like a $100 bottle if they sell it, so it's like getting an 80% off deal? Why not drink it?
Spread doesn't have to favor a buyer.
If the buyer is more eager to transact, usually he ends up paying higher than fair value. The opposite is usually true if the seller is more eager for the transaction.
If you have an item of unique value, you may aggressively sell it, as in your initial post to which I had replied. But if you just post a price -- take out a classified ad every week, for example -- then you can wait for an eager buyer to come along.
Even the middleman often crosses the spread. A market-maker might have to clear out of excess risk/inventory ASAP, for example, which requires him to initiate transactions.
You'll find in the twitter replies that most people don't agree with his anecdata.
I don’t know why you still can’t search video transcripts, otherwise that video would be easy to find. Any ideas?
The most important thing out of all, really, is funding through public market.
It's also an important liquidation event for employees and investors.
Buying a stock on the NYSE is doable with a bit of extra cash and the touch of a button in a trading app these days. Some would argue that even this is too high a barrier for the poor and marginalized, but it makes it possible for at least a portion of the professional class to participate.
In addition, in July 2017, FTSE Russell and Standard & Poor’s announced that they would cease to allow most newly public companies utilizing dual or multi-class capital structures to be included in their indices. Affected indices include the Russell 2000 and the S&P 500, S&P MidCap 400, and S&P SmallCap 600, which together make up the S&P Composite 1500. Under the announced policies, our multi-class capital structure would make us ineligible for inclusion in any of these indices, and as a result, mutual funds, exchange-traded funds, and other investment vehicles that attempt to passively track these indices will not be investing in our stock. These policies are very new and it is as of yet unclear what effect, if any, they will have on the valuations of publicly traded companies excluded from the indices, but it is possible that they may depress these valuations compared to those of other similar companies that are included.
I imagine that the class B shares are nontransferable, which means that this will cease to be an issue once the founders have fully cashed out.
Also if a significant number of firms are excluded, I wonder if new ETFs will pop up.
Dropbox Paper is also a delight to use, from a personal perspective. I’ve never used it on a team. I would be interested to hear whether teams of 50+ have successfully used it — it just doesn’t feel ready for the enterprise in the way that Google Drive does/is.
I’ve not read this S-1 (perhaps it clarifies this) but Dropbox seems a little confused about positioning B2C vs B2B. Does it have a packaging problem? Can it have it both ways? It feels like it’s trying to, but when I was a paying Pro user, I couldn’t get away from the upsell on the site for me to move to the business package. Annoying.
Good luck to them though — they have killer design, a killer viral product and a loyal user base.
Yeah wasn't Dropbox one of the first big things that was built on top of S3?
Amazing to re-engineer that.
ENG-21238: Contraction for "it is" easily confused with possessive form of "it"
Our platform depends on the quality of our users’ access to the internet. Certain features of our platform require significant bandwidth and fidelity to work effectively. Internet access is frequently provided by companies that have significant market power that could take actions that degrade, disrupt or increase the cost of user access to our platform, which would negatively impact our business.
I wonder if you could make an argument that public SAAS companies have a fiduciary duty to their shareholders to support net neutrality policy.
Yes, if you're a short sighted MBA that wants to encourage your own extortion
This is the problem of the tenant, the renter. The landlord can change the terms and eat into your profits. At some point it's not worth dealing with them, but it's not always easy to leave.
If you're Amazon (Dropbox), you have a strong position to negotiate better shipping (network) rates from FedEx and UPS (ISPs).
Dropbox (employees and trusted third parties) will always have access to your files.
Before you downvote.
This is not necessarily a bad thing. They can deliver more features and better performance as a result. Reliability is key, and it's certainly easier to understand what users need, and to develop, implement and debug new features, when you've got access to the files users are storing.
But eventually, end-to-end encryption will take hold. It took decades for HTTPS to become the defacto standard, but it did. Email is moving that direction (Proton Mail, Tutanota). Text messaging is moving that direction (Signal, WhatsApp?). And there's a number of Dropbox competitors that are growing fast because of better privacy and E2E encryption (SpiderOak, Tresorit, Sync.com, pCloud). NextCloud (open source self-hosted Dropbox alternative) also just launched end-to-end encryption.
These companies have been slowly solving the problems that Drew claimed were impossible when Edward Snowden dropped the bomb. Meanwhile Dropbox has been pouring dollars into marketing and a Microsoft Office / OneNote / Google Docs competitor (Paper).
Drew's response to end-to-end encryption:
Dropbox risk factors (many unsolvable):
I use Dropbox and feel the product is still the leader in terms of features, but I see the competition catching up, with better privacy (end-to-end encryption) built in.
No it doesn't.
I've never heard of Tutanota, but Proton Mail is hardly evidence of anything. In fact the attack vector for email is very different when compared with other channels, as for email I'm not afraid of my email provider as I'm afraid of hacking attempts. Yes, I value security over privacy for email. Therefore I would trust Gmail more than I would trust Proton Mail.
Proton Email is also non-standard and is obviously not E2E encrypted when it comes to communicating with non-Proton recipients. If I actually wanted encrypted email, I would use GPG. It sucks from a usability point of view, but it's standard and for email that matters.
> I use Dropbox and it's still the leader in terms of features, but I see the competition catching up, with better privacy (end-to-end encryption) built in.
Curious, which competition?
I tried everything that I could find, because Dropbox has a high price and their online search didn't work well even after I upgraded to Pro.
Btw, it might actually be better to do an encrypted drive with https://cryptomator.org on top of Dropbox or Google Drive. It's definitely more reliable ;-)
Or in other words, if the service provider does not get access to your files due to encryption, then there isn't much value they can add. You can't have a secure web interface for encrypted files, you can't have online search. So might as well do application-level encryption and all you need is cheap and reliable storage.
I clearly outlined many competitors similar to Dbox that offer end-to-end encryption: (SpiderOak, Tresorit, Sync.com, pCloud). NextCloud (open source self-hosted Dropbox alternative) also just launched end-to-end encryption.
>Therefore I would trust Gmail more than I would trust Proton Mail.
Google: don't expect privacy when sending to Gmail:
Google terms of service:
Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.
The technology just doesn't exist to give users an equivalent experience with equivalent features when using E2E. I wish this wasn't so but it is.
HTTPS is transport layer encryption that goes seamlessly over HTTP and doesn't change anything at all about what you can do online. With E2E giving users collaborative folders, shared links, online browsing, password reset, etc while still providing zero knowledge encryption is a huge technical challenge. If you're doing decryption locally in the browser you still have to trust the company not to just add some JS to siphon off you decryption key at any moment.
I really do want to live in a world where E2E is in more places, but with cloud file solutions there's just not a way to do it right now that gives people the features they want and the market share of these companies is showing that.
pCloud doesn't do 2-factor authentication yet, which is freaking important for your non-encrypted files at least. I asked them about it because I could not believe it and they said it's "on their roadmap". But ALAS my trust in them dropped to zero. The chances of implementing reliable encryption while not getting basic security straight are next to none.
Plus you cannot trust encryption that is not peer reviewed ;-)
I haven't tried NextCloud, but ownCloud is shit. It's really slow, could not handle the several hundreds of GBs I have stored and there have been situations of users losing their data. Plus I'm not inclined to host my own stuff, because that would get very expensive.
Actually you haven't mentioned the only real alternatives ...
(1) Resilio Sync (https://resilio.com) which I use, in combination with a cheap VPS with 2 TB of storage on it (time4vps.eu in case you're wondering, not affiliated)
(2) Syncthing (https://syncthing.net), the open source alternative, which is OK, but hard to configure and Resilio does stuff out of the box, like encrypted folders
And I'm using Resilio Sync in addition to Dropbox. Well, I've actually migrated to Google Drive (on GSuite) this month, due to Dropbox Support pissing me off, but that's another story.
But the interesting part, which should be clear after a single day of usage, is that all Dropbox alternatives, except for Resilio and Syncthing, fail at the most basic task that users want, which is to reliably synchronize your files. Even the big guys, like GDrive or OneDrive, have an incredibly broken sync by comparison.
Just the other day I noticed for example how Google Drive can start deleting files from your local hard drive, only God knows why, in order to re-download them. And before that I dropped OneDrive because their client was freezing on my Mac, not to mention a couple of months back they weren't doing the one month file versioning thing, which is retarded in the age of ransomware.
The fact that both of us are actively using at least one alternative, in addition to Dropbox, proves my point. That E2E encryption (alternatives that offer better privacy) could be a threat to Dropbox, if and when the alternatives become a viable total replacement.
E2E might be feature customers start demanding in the future, but it sure doesn't seem like that now.
(though I wonder how many folks are using the big players on top of other encryption solutions like truecrypt/veracrypt/safe, etc)
And sure, the big three don't seem to care too much about privacy (although Apple has recently been making some strides with regards to encryption).
The fact that there are many "not worth mentioning" competitors building Dropbox alternatives (or add-ons) with E2E encryption may signal that there actually is a demand.
It's only a matter of time before one of these companies gets it "right".
Our business could be damaged, and we could be subject to liability
if there is any unauthorized access to our data or our users’ content,
including through privacy and data security breaches.
Not putting your comment down, mind you. Most would probably find an infosec inclusion as a major risk factor "interesting" in that it just doesn't feel like infosec gets that kind of respect in the C-suite, but I'd like to think it's different in this case considering the offering.
It's a good value buy for me. Dropbox and Spotify whenever they go public. These two apps I've been a paying member since I discovered them.
Do you really need 1 TB in the cloud? How much of that do you actually use? Or is it like how people hoard stuff in their garage that they never use but think they will so are afraid to throw it away.
Given the volume of our users, we do not track the retention rates of our individual users.
As a result, we may be unable to address any retention issues with specific users in a timely manner,
which could harm our business.
Dropbox 2017: $1107M Revenue
Dropbox 2017 Paying Users: 11M
ARPU: $100 
Box.com (Q4-16 to Q3-17): $479M Revenue
Box.com (Q3-17) Paying Users: 9.7M - 10.2M 
ARPU: $47 - $49 
 "over 17% of our registered users [57M] were paying users"
 479/10.2 to 479/9.7
Though simply looking at per user per month pricing:
Dropbox for Business has $15, $25, and Enterprise
Dropbox Individual has Free, $10, and $20
Box.com has $5, $15, $25, and Enterprise
Digging deeper into Dropbox's finances is astounding too. They've added about $150m in additional revenue each year, while cutting their net losses by $100m each year.
It looks like a healthy business. Congrats to dropbox.
Ran into this on a 4-5 year old project with multiple contributors and even on their paid versions, there's no good way to consolidate folders that have multiple "owners."
Seems like there has to be a better way to handle this - Google Drive takes care of it much better.
I have a whole bunch of folders over the past 3-4 years that are "owned" by different people that worked for me. I tried to get them all organized under one subfolder and it's not allowed.
1. If you just want to personally organize shared folders you receive, you can always put them in folders in your account.
2. If you’re trying to create a nested shared structure, that’s what dropbox biz does. You make your employees team members. The ownership issue becomes less tricky since the biz content is all “owned” by the biz.
As a dropbox alum, I’m not up to speed on all the latest nuances. You should chat with sales to see how it could work for you, or just try a trial.
But as with Twitter i'm sceptical of the long-term prospects (and hence the need for an IPO vs a trade sale) of single-feature/protocol companies.
Nice liquidity event for current shareholders but why should the public invest here? The product is becoming more commoditized with time as well as being an ever more tightly integrated feature with hardware/OS.
Box seems to have a lock on the enterprise market which feels like the better long-term strategy than being a consumer/startup brand.
The stated growth strategy in the S-1 is rather meh. Post-IPO they might go further down the Evernote route and expand in all possible areas, diluting the core product/brand.
Yet box only makes about $48 per user per year, whereas Dropbox makes $111 per year. So either Dropbox has more enterprise than we think, or consumer is a lot more valuable than we think.
If you are an enterprise with tens or few hundred users, the monthly bill starts to be in a range where it actually makes sense for somebody to spend a few hours to see if you could cut it by xx%.
pbpaste |sort|uniq -c|sort -k1nr
They can be considered expenses that are reported on taxes, and also since there is risk of no or poor ROI knowing the R&D component of the budget helps adjust for risk in modeling future revenue and expenses.
Other than lawyers and economists, does anyone ACTUALLY prefer this raw filing?
EDIT: Adding my preferred link: https://www.cnbc.com/2018/02/23/dropbox-ipo-form-s-1-prospec...
* Reliance and risks of Zynga in the Facebook S-1
* Customer acquisition costs in the Blue Apron S-1
* Growth specifics and positioning of algorithms in the StitchFix S-1
* Infrastructure costs in the Snapchat S-1
Besides, an S-1 filing is not written in legalease, it's written in plain language. One of the target audiences is street investors so it's meant to be accessible. I'm looking forward to digging into this one.
* Our business could be damaged, and we could be subject to liability if there is any unauthorized access to our data or our users’ content, including through privacy and data security breaches.
They have made progress. They managed to get SoC II compliance for all of their offerings. They now offer HIPAA compliant hosting as well.
Not that long ago though (circa 2013) I remember a series of articles that made it clear that DropBox employees had access to customer data.
That spooked me enough to recommend folks pair it with https://www.sookasa.com/ if they were going to use it.
You have to trust the company providing the service, right? Of course in practice, accessing user data should be tightly controlled and require good business reasons and levels of approval.
Zero-knowledge alternatives like Spideroak exist, but this approach makes them sacrifice features. (and doesn't appear very popular based on market share)
(We solve the problem by letting our large customers run their own servers, with their own authentication via single sign on.)
The problem is that the user experience for client-side encryption is awful! Every shared folder will need its own key, and users would need to manage and share their keys outside of our system. That is not sustainable.
But then the major feature set breaks down. Want to access your files in a browser? Not with client-side encryption. Want to email someone a hyperlink to a file? Not with client side encryption.
The major lesson is that the world operates on trust. We can only stay in business if our customers trust us.
I do all of this with Boxcryptor. I might be misunderstanding you - do you mean decrypt it without first downloading it from the browser? Because yes, that’s not strictly possible.
But Boxcryptor implements a small wrapper around directories and generates a public/private key pair tied to email addresses. You can client-side encrypt a file with your - or anyone else’s - public key by moving the file into the directory. You can also change the file’s encryption to add or revoke access by multiple users.
If you wrap Boxcryptor around your local Google Drive, Dropbox, Box, etc. directory, it automatically client-side encrypts, then uploads new files. Then you can share a hyperlink to share encrypted files without exchanging keys with anyone. The usability is so great I’ve been able to use this with non-technical clients. You can even use your own key pairs.
Homomorphic encryption doesn't change that.
The only way to compare plaintext is to decrypt the whole thing. So either you must trust a centralized org (like dropbox today), or you must trust a single centralized key (that could be done with homomorphic encryption).
(Also the best homomorphic algorithms still make small programs take days to execute)
Each user generates a symmetric "user key", kU.
The plaintext of each file (or without loss of generality, block of data, etc.), pFile, is encrypted with a randomly generated symmetric key, kFile, producing the ciphertext cFile. pFile is also hashed with a cryptographically strong hash, producing hpFile. kFile is then encrypted with hFile, producing ckFile. The user encrypts pFile with kU, producing chpFile. Finally, the user takes the first N bits of hpFile (for N on the order of, say, 16 or 32), producing hpFileTrunc. The user then submits hpFileTrunc to the server.
The server is, semantically, just a list of 3-tuples: (cFile, ckFile, hpFileTrunc).
The server sees if it knows of the existence of records with the same hpFileTrunc value as the client's submission. If so, it returns them to the client.
The client then tries, for each record returned by the server, decrypting ckFile2 with the client's hFile value, potentially producing kFile. If this is successful, the client then decrypts cFile with kFile, producing pFile. Finally, it compares this pFile to the original. If it matches, a match has been found, and the client exits the loop. If not, (or if either of the two decryption steps failed), it continues to the next record the server returned. If there are no more records, the client instead submits the tuple (cFile, ckFile, hpFileTrunc) to the server, which stores it.
Finally (whether or not a match was found), the client stores chpFile locally, to be used when retrieving the file.
To retrieve the file, the user decrypts chpFile with kU, producing hpFile. They truncate hpFile, producing hpFileTrunc, and submit it to the server. They perform the same process described earlier to retrieve the matching pFile.
(Note: truncation may also be replaced by, or combined with, a second round of hashing.)
With this scheme, assuming secure primitives (authenticated encryption and hashing), I don't believe it's possible to learn any information about a file unless you already have its contents.
So the server can tell if you're accessing (storing or retrieving) a particular file if and only if the server knows what it's looking for.
TL;DR: you can totally construct a scheme that allows meaningful comparison of plaintexts!
But... this is probably a bad thing. Comparison of plaintexts is a vulnerability: the server being able to see who's storing a particular "bad" file has a real impact on privacy. And likely more subtle impacts, too...
> The server sees if it knows of the existence of records with the same hpFileTrunc value as the client's submission. If so, it returns them to the client.
And by doing this, provides a way for clients to verify if any user on the file storage server has this file. So if I wanted to know if your mozilla thunderbird has a mail I have the source to, I simply try to store this and get these duplicate records.
Most people would consider this extremely unacceptable.
> The client then tries, for each record returned by the server, decrypting ckFile2 with the client's hFile value, potentially producing kFile. If this is successful, the client then decrypts cFile with kFile, producing pFile. Finally, it compares this pFile to the original. If it matches, a match has been found, and the client exits the loop. If not, (or if either of the two decryption steps failed), it continues to the next record the server returned. If there are no more records, the client instead submits the tuple (cFile, ckFile, hpFileTrunc) to the server, which stores it.
Why would the client have the keys to files stored by other users ?
Unless you mean that you can only deduplicate within a single client, in which case that's of much more limited use (and I might add, your encryption scheme is way more complex than it needs to be).
Yes. This is the reason you don't want this property (being able to deduplicate encrypted files)!
But you can provide it, while still providing meaningful security against other attacks.
The client has the keys to files stored by other users because the keys are the hashes of the plaintext, and the client can hash its own plaintext when it has the file.
(Note a trivial modification to this scheme, solely client-side, allows for certain files to be totally secure, with the cost of them being exempt from deduplication)
Personally I find only people explicitly authorized have the key to be the whole point of security. And you're suggesting this as a solution to the problem that organizations providing file storage could see what files you're storing.
Under this scheme, it wouldn't just be that organization, but everybody who is a client, that could see what files you're storing (or at least verify if you're storing a particular file or not)
So I find your assessment:
> But you can provide it, while still providing meaningful security against other attacks.
Very dubious indeed, especially given the context of securing centralized file storage, where the whole point would be to deny others access.
I mean it's a true statement, because you don't specify what "other attacks" are.
I posit that given that this system leaks the plaintext of your files I find it strictly worse than just giving Dropbox or Microsoft access to my files.
You can do this today, with Dropbox or whatever else- anything that does deduplication, if it saves bandwidth by not asking for files it already has.
You can't tell who is storing a particular file- only if anybody is. Does this leak information and impact privacy? Yes! But it still provides other useful properties.
If you have a copy of a file, you can see if anybody else does- a boolean value. (And if the server is malicious, it can tell who does (if it logs).) If you don't have a copy of a file, you can learn absolutely nothing about it.
So, for example, if a user uploads a, uh, personal image to the service- with Dropbox, in theory (they likely have strong organizational and technical controls against this sort of thing, mind you) if the server is malicious they can view that image.
With this scheme, the server can't.
On the other hand, if you, say, save a file containing only your social security number- or a similar low-entropy value- the server can crack the hash and decrypt that file. That's the price you pay for being able to deduplicate.
(Perhaps one could only deduplicate large files- thus handling the case of movies, music, Ubuntu ISOs, large system files, etc. To implement selective deduplication- if you want a file to not be deduped, replace all uses of its hash with, instead, a unique random value to identify the file. Server requires no modification.)
So, when quoted out of context it sounds really extreme.
The way Stitch Fix talks about it in their S-1 makes it seem like the latter is the priority. I'm not yet convinced that the practical value driven by algorithms at Stitch Fix is up to par with how much they talk about it.
I was interested in growth to understand both their growth rate but also to get a feel if it was driven by increasing user acquisition costs like Groupon, Blue Apron, etc or if it was organic.
I never tried myself but it seems quite feasible to build a decent profile of someones taste in fashion from a bit of data.
Fast fashion gave us the logistics (no more 9mo from concept to store). But Zara and friends still supply only the major trends. We're still missing for someone to reliably market the "long tail".
I've thought about this as well. How would you personally try to build this profile for users, then market to them based on it?
That could give you an starting point. But I believe the main issue is that fashion products have, by definition, short shelf life, so you can't run the algos on SKU data. Then you can use deep learning on product images + user categorical data to try to predict preferences, maybe simple binary classification?
I guess using images as input should give better features than textual description.
You would have to tag the hell out of these photos, right? Disambiguating preferences is the challenge -- the user may have liked images #3 and #7, but why? Specific items, or the color palette, or the silhouette, or just the model? A post by Chicisimo on the front page addresses these hurdles .
I've also seen some of these image recognition apps in action -- they pick up on patterns and color very well, but struggled with silhouette.
That's part of what makes this industry hard.
(which even if you disregard everything else is a really good line to take if you're after recruiting good machine learning engineers!)
(Note: I'm biased and tweetstormed about Stitch Fix's most recent blog post earlier today. https://twitter.com/achompas/status/967085860763193345)
It seems similar to talking to people at Google in the early days. The thing that they cared about from an engineering point of view seemed weird and they language was alien. 3 years later the rest of the world hits the same problem and I remember the conversations and think "oh so this is what they were talking about".
The standouts to me were -
* They cut costs on an absolute and relative basis for the last two years. This is fantastic and I hope the trend continues.
* I don't understand how the $112 ARPU number foots with their pricing. They are telling a story that "teams" is driving growth but on the surface that's not reflected in the ARPU number. There's some sort of promotional discounting that's happening that isn't exposed here. I hope that they are aggressively managing their promo strategy internally because unchecked it can tank a whole company (see GAP).
* No idea where they expect new users to come from given they have 500M accounts. Presumably people have 2+ dropbox accounts (personal + work). I'm interested to know how many unique active users dropbox has.
I'd imagine there's quite a few with dozens, as they offer more space (up to a bit over 30 referrals) if you refer new users. I remember "referring" myself with a new email address whenever I'd need an extra 250 MB.
500M accounts, but only 11M paying users.
To be honest I'm not super familiar with the comps to know how good or bad their numbers are relative to others. But just from their own reporting they look like they are on track. That's not by accident. It's very likely that constructing this trend has been a major focus for the company in the last few years.
Facebook was at $1/user/year in their S-1, Twitter was < $1.
From the SNAP S-1:
"We rely on Google Cloud for the vast majority of our computing, storage, bandwidth, and other services. Any disruption of or interference with our use of the Google Cloud operation would negatively affect our operations and seriously harm our business."
"We have committed to spend $2 billion with Google Cloud over the next five years and have built our software and computer systems to use computing, storage capabilities, bandwidth, and other services provided by Google, some of which do not have an alternative in the market."
It usually goes POC->Cloud provider->Your own gear
Stack Overflow: http://highscalability.com/blog/2014/7/21/stackoverflow-upda...
The Internet Archive: https://www.theregister.co.uk/2017/11/16/head_like_a_memory_...
Gitlab tried, but didn't have the necessary in-house experience before they made the attempt: https://about.gitlab.com/2017/03/02/why-we-are-not-leaving-t...
Instagram was migrated from AWS onto Facebook's infrastructure: https://www.wired.com/2014/06/facebook-instagram/
WhatsApp was migrated from IBM to Facebook infrastructure: https://www.cnbc.com/2017/06/07/facebook-planning-to-move-wh...
Hacker News and Pinboard (acq. Delicious) run on a single server.
It's not hard, but you do need to know what you're doing and have resources to do it (most orgs rent colo space in someone else's datacenter, they don't build their own). There's a reason AWS margins are so high (which leaves a lot of cost savings to be had when your workload isn't highly variable). Any questions, email is in my profile. I spent ~16 years building data centers, hosting environments, infrastructure, etc.
But in any case, the examples given are B2C free to use products which are generally going to provide... not a ton of revenue per user.
Their paying users have increased, but the revenue per user has decreased (based on the S1...which I assume is because of enterprise deals).
This has been explicity stated by the saas business ‘gurus’
So even at 3$ per user that goes lower pretty quickly.
Plus they get alliance w/goog. Aws is a force but if i had a choice id have goog as a best friend over amazon.
Preferably id build my own data center and keep those assets.
If by modern, you mean 2015. Things definitely changed by 2017.
"In its disclosure, Snap has said that it is contractually obligated to “spend $2 billion with Google Cloud over the next five years and have built our software and computer systems to use computing, storage capabilities, bandwidth, and other services provided by Google.” Of the current losses at Snap, more than 80 percent of those funds go straight into Google’s pockets."
EDIT: @dfee How that revenue is recognized is usually based on when the services are delivered, but I am not an accountant.
When talking about deals that are the enterprise valuations of Fortune 500 companies, do you value the sale as if it were an acquisition? Or, some other way?
The Company’s cryptographic systems depend in part on the application of certain mathematical principles. The security afforded by the Company’s encryption products is based on the assumption that the “factoring” of the composite of large prime numbers is difficult. If an “easy factoring method” were developed, then the security of the Company’s encryption products would be reduced or eliminated. Even if no breakthroughs in factoring are discovered, factoring problems can theoretically be solved by a computer system significantly faster and more powerful than those currently available. If these improved techniques for attacking cryptographic systems are ever developed, the Company’s business or results of operations could be adversely impacted.
Investors. The prospectus filing is informative and you don't have to read it all to get good idea of the company.
The summary from CNBC omits all the details and you can't even trust it to have the numbers correctly because if they screw it up, it has no legal consequences for them.
i am not an economist or lawyer and prefer it
i don't have to worry about a writer/editor injecting personal opinions that i could care less about
In a mere 160 pages. Unless you know what to look for it most certainly does not get to the point rather quickly.
Feel free to link to "news" (read: opinion) posts about the filing.
I was really excited to see they cut their infra costs while supporting more revenue (bottom of page 71), that bodes very well for their future prospects.
Apparently they do, since it's at the top of HN. If they didn't, it wouldn't be at the top. Alternatively, my guess is that many HN people saw this document, upvoted it, and then went to Google for more context.
it contains the "source" facts with limited embellishment. there are all kinds of regulations that essentially result in SEC filings being fairly standardized, limited-BS documents. you dont have to worry about distilling commentary and opinion with fact, generally
for commentary and context, equity research reports are generally helpful as long as you're aware of the inherent bias. articles online can also be helpful, but generally the quality varies, and you have to spend commensurately more time fact checking
once you learn how to ctrl-f the right terms and understand the general skeleton of each type of report, it is actually pretty easy to find the relevant information