Hacker News new | comments | show | ask | jobs | submit login
Michael Krigsman: Recommends Enterprises "discontinue use of" Dropbox (zdnet.com)
13 points by d0ne 2216 days ago | hide | past | web | 13 comments | favorite

I wish I could make good money writing drivel like this. Here's his parting sentence, emphasized in the original to let you know that it contains Prodound Wisdom: "Therefore, continue using Dropbox for everyday file transfers where you value convenience over an absolute guarantee of privacy."

Let me stop to give the world's most sarcastic eye-roll. Where exactly should someone store their "stuff" (Dropbox's technical term) if what you want is Michael Krigsman's "absolute guarantee of privacy"?

I've you've paused, put you hand on your chin, and got lost pondering that conundrum, let me me help you out with an answer: There is no such place.

I have a lot of sympathy for these Dropbox guys. They're by no means perfect — those few hours of where their service was passwords-optional was pretty sad — but as someone just commented, they have their hearts in the right place. I attribute their PR troubles in part to the seemingly universal need for people to see idols toppled. I never had the Dropbox religion — a religion that some of my colleagues fell for, and hard — so I didn't suffer a mental breakdown when they revealed themselves to be merely human.

This is Hacker News. You're supposed to be here if you're a programmer or a technically-minded entrepreneur — or "starter," to use a term from 37signals that I am fond of — and that means that you should have an understanding and appreciation that products exist in the real world, where operational, legal, and business considerations complicate everything.

Upon reading about what Dropbox is dealing with here, the rational response for the Hacker News core audience is to do whatever irrational superstitious ritual you do to keep bad luck away. And also to hope that your products become successful enough to become the focus of the sort of scare mongering that this article perpetuates.

"if what you want is Michael Krigsman's 'absolute guarantee of privacy'...There is no such place"

That's exactly the guarantee that SpiderOak, Wuala, and Tarsnap make, all of whom encrypt data before storing it.

I only know Tarsnap, and it is a backup service, not quite useable for "file transfers" and sharing. There's a fundamental tradeoff between security and convenience, and Dropbox is on a sweeter spot than the high-security offerings.

The article isn't referring to your "stuff", but is clearly directed at enterprise IT stakeholders. While the majority of the HN crowd may not find the opinion presented as applicable to them, it is a useful warning to enterprises that hold sensitive data. Unfortunately, the people who make enterprise IT policy are the last to learn about services (and its pitfalls) like Dropbox. So while HN may not be the best audience, I think its a bit dramatic and off-the-mark to demean the article as drivel.

What enterprise (and by that I mean a business with IT staff that wear khakis, have a cell phone holster, and call the business an enterprise) is ever going to use Dropbox? The question answered itself even before the authentication, um, issue.

Dropbox is a disruptive product. It's a product that the little guys discovered could help them be tremendously productive with their collaborators. If anyone is using it in an enterprise setting, it's without company sanction and is being done people outside IT who were told how to use it by their teenaged children. In the eyes of IT people, Dropbox falls in the same category as the labyrinthine Excel worksheets and Access applications: infections to be stamped out.

The reality is the these enterprises would fall over and cease working if all these unsupported-by- and despised-by-IT things did not exist. IT opposes anything they cannot control. They will spin elaborate scenarios where using one of these things will result in the failure of the corporation. They will bikeshed to death anything that does not bear their imprimatur. Dropbox represents a loss of control.

An IT person will for example object that DropBox doesn't allow IT to control who has access to data. What happens when we lay that person off? What happens if that person shares files with unauthorized third parties? What happens when…

All of this scaremongering occurs despite the reality any employee can walk into the office with an SD card or five and walk out with every bit of sensitive data they have access to. I had to deal with issues like this when I consulted for pharmaceutical companies. They had a staunch policy against cameras but then pretended to not notice that everyone's cell phone had a camera. They didn't allow people to have access to writable media but there are iPods-as-harddrives, thumb drives, and CD cards that they studiously avoided thinking about.

You're right: the author is an idiot, and his audience is other idiots more concerned with having a self-serving and self-aggrandizing opinion than having any real perspective on reality.

The funny thing is that the terms in question are really common, and used by eg: gmail and google docs, which nobody seems to be complaining about in this context.

So I guess the lesson here is don't make your terms of service readable by normal people, because while they might understand the language the media will make sure they don't understand the content.

I'm feeling very ambiguous over the recent Dropbox fiascoes.

Call me naive, but I really do believe Drew, Arash and the rest of the Dropbox team really do have the best intentions.

On the other hand, they continuously keep tripping on their own shoelaces with horrible PR management and lackluster communication with their customers.

Dropbox should have expected that their newly published TOS would be scrutinized down to a microscopic level, making the latest shitstorm possible.

They probably did think that it would be scrutinized at the microscopic level, and that there wasn't anything controversial to find. The fact is that there isn't anything out of the ordinary here. I defy you to find a popular content sharing service that doesn't have some kind of license granting clause in its terms of service or eula.

The other content sharing services also din't publish a policy when they started saying that (in interpreted form) the data you transfered was encrypted and that there was no way they could decrypt or access your data.

So glad that Michael Krigsman of ZDNet has finally spoken on this issue. Enterprise software pundits are truly a gleaming beacon of wisdom and insight in this dark world of technology.

Was hoping someone would feel the same way as I do.

As mentioned in other comments their TOS are not all that different than many larger companies. The difference is that it is much easier to criticize organizations the size of Dropbox with less fear of repercussion than say an organization such as Google or Microsoft.

To publish this advice about Dropbox alone, without mentioning that the language is common to many online services, borders on malpractice. The author describes Dropbox's language as "particularly onerous" (emphasis added), which is just what it is not.

I encrypt anything important before I upload it to Dropbox, and I didn't have to read their terms of service to take that precaution. It's always good to be paranoid about your data, but it's idiotic to suggest that anyone discontinue use of Dropbox because they _might_ scan your files someday to provide you with targeted advertising.

The article is definitely fear mongering bullshit. IMO Dropbox is doing a great job. It's simply one the most useful FREE apps out there, and my only feedback for Dropbox is "thank you".

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact