Reminds me of an incident we had with Dropbox a decade ago. They deleted some niche accounting software (custom developed by us) from our Dropbox account, plus their own log files covering those deletions. Then played ignorant.
We learned the lesson, and never again trusted Dropbox, for anything.
(Best guess - a would-be client got pissed when software which they'd never paid for lacked a feature, and told Dropbox a story.)
EDIT: Only executables & related distribution files were on Dropbox, not any source code. We lost nothing...except our trust in Dropbox.
EDIT2: Yes, as several others have kinda pointed out, this incident was a collision between (a) naive human expectations (of high-skill, high-touch, highly-invested customer service for such situations) and (b) the actual business model of any huge / cheap or free / convenient cloud provider of X (plus just "internet reality"). Sadly, I don't see that either (a) or (b) has changed in the past decade.
> plus their own log files covering those deletions
This is the really unreasonable part. Some convoluted internal process that ends up accidentally flagging a file as suspicious and then deleting it is bad enough, but still partially understandable if you're very conservative with assigning blame. But deleting the log files? Either extreme technical incompetence or plain malice.
I agree with Hanlon, but the size for basic audit ability is pretty small. Fileid, action, date, actorID. Maybe a bit more nice to haves. If it’s expensive store it for a couple weeks before archiving to cold storage.
Here’s another Hanlon, it wasn’t Dropbox that deleted the files it was an authorized user, OP or coworker, accidentally who forgot or wouldn’t fess up
Sadly this story could have happened with any big cloud provider.
Ideally there would be more regulation around the ability of big tech companies to shutdown your digital life through a mindless algorithm, with close to zero recourse. Unfortunately I don’t see anything happening unless someone really powerful (say a member of Congress) gets bitten by this.
I don't think it is something that needs legislation.
But it definitely needs more publicity. And if there is something that will bring down "big tech", I think that's it.
"cloud providers" should be treated like something that can fail. We already don't trust hard drives, that's why we have RAID, we don't even trust RAID arrays, that's why we have backups, and we don't trust the place where backups are stored, that's why we have off-site backups. Dropbox (and Microsoft, Google, etc...) is also not to be trusted, just like your hard drive can crash or your servers can catch fire, Dropbox can delete your data. It is not the same mechanism (one is a chemical reaction, the other is a mindless algorithm), but the end result is the same: you lose your data.
But once you take that into account, the value proposition of big cloud providers takes a hit. Often, big companies justify the premium price they ask with reliability. I mean, no one expects companies like Microsoft to go bankrupt anytime soon, and they certainly know about backups and redundancy, but what's the point if all it takes for your data to disappear is an artificial brain fart. Suddenly, the server in your basement doesn't look so bad in comparison, and neither are the smaller companies that actually have people you can talk to.
The whole concept of ToS needs to be overhauled with vast amounts of practice that is currently considered acceptable thrown right in the fucking trash.
The idea that companies can change their ToS on a whim every day and push out walls of text that no one reads and everyone clicks through is insane. Why can't we modify the terms of agreement?
Let's start with that law, all ToS interfaces must include an interface for users to upload their own modifications and companies must have a human interpret them (not some shitty 'ai') and decide to accept them in a reasonable time frame, and if the company chooses to decline them they cannot ban the user from the service for this, the last ToS that they accepted must be the one that their interaction with the customer is conducted under. The entire process must be auditable by other by both sides and a neutral third party.
I'm sick of big companies hiding behind an opaque wall of bullshit, if this was a small town dispute between two individuals this would be transparently settled one way or another and that's exactly how it should be on the internet.
The laws haven't kept up with the times, and they haven't kept up with the creative ways people with money try to fuck over those without.
The solution to this in my mind is self-hosting. Yes, right now that's the exclusive domain of tech nerds, but in theory there's no reason that an open source project can't come along and make this relatively easy for non-techies to set up for themselves (in a similar way to how, say, Squarespace made website creation easy).
I think the real hurdle in adoption would be that most non-techies don't even register their dependence on big cloud providers as a problem yet. But I expect the day is coming. Similar to how Mastodon saw an influx of Twitter users when Musk announced he was intending to buy Twitter.
The main issue is you can accidentally nuke your own source directory and it's possible to do so in non-obvious ways. This has happened to me a few times (though thankfully had backups elsewhere).
+1...but don't expect "$VVVIP bitten by this..." to change anything. Big cloud providers doubtless have Secret VIP Customer Service departments, to avoid that problem.
in a number of ways yes, depending on the amount of 3rd party attention devoted to the files, in my neck of the woods a 1 terabyte drive is worth ~ 100$
A copy of your data that can be easily modified (whether through bugs, malice, or even just you mistakenly deleting a file and Dropbox happily deleting it everywhere for you) is not a backup. It’s definitely way better than nothing, but people relying on Dropbox as the only “backup” will be in for nasty surprises occasionally.
Files that are stored in iCloud Documents will also not be backed up by Time Machine. Huge mess if you ask me. I therefore don't use iCloud Cloud storage anymore. It's just too complicated to reason about.
This is an inevitable consequence from the push to make cloud companies responsible for the content they host. Analyzing all of it can only be automated; automation will deliver weird false positives.
This chilling effect is already going on. I'm writing a science-fiction thriller and took most of my notes off Google Drive out of fear that they would misconstrue them as political extremism. If AI is being used for content moderation then this only raises the likelihood that a false positive is identified, devoid of any context, and I lose my entire Google account to an uncontactable bureaucracy.
I made a Nextcloud to host my references and storywriting notes. Nextcloud is horribly buggy, difficult to maintain, and has very poor user experience compared to Google Drive - but at least I don't need to worry about my entire digital life being auto-terminated by an overzealous robot, with no reasonable appeal process beyond "knowing enough people to make a stink".
Humans can have just as overzealous a response as those robots. In my senior year of high school, I developed a bit of a fascination with historical serial killers and turned in an assignment for AP English exploring the mindset, and my teacher promptly turned it over to the school's counseling service, and I was forced to see a counselor, questioned about violent tendencies, given a 0 on the assignment, and a C in the class. This was the same semester as the Columbine shooting, so I guess schools were on edge about students who might want to kill other students, which I definitely did not want to do, but apparently writing about people who want to do that kind of thing can easily be misconstrued as autobiographical. I almost didn't graduate because of that. Heck, one of my friends was expelled for possessing a switchblade comb because things that looked like weapons were banned. There was no appeal process for these infractions, either.
Honestly, that seems like a feature of many administrative processes, even those administered by government. So far, in the process of trying to become licensed as adoptive parents, my wife and I have been dropped twice now by licensing agencies, without any explanation of why or recourse to appeal the decision. As far as I can tell, the only way to gain the right to appeal a decision is to actually be convicted of a crime.
If anyone doesn't want to deal with hosting Nextcloud, Cryptpad.fr is a free option and in my experience the only issue is it's a bit slow and doesn't work nearly as well on mobile devices as G Suite
always keep a copy outside of your home. my own writing is replicated on almost every device i have. it's the most valuable to me. more so even than photos which are just memories.
If you keep your files only on your devices and a home server, you are making yourself vulnerable to scenarios like the one discussed here very recently:
In a heavy fireproof box along with the birth certificate, and other important papers. If you want extra protection put that box in a larger safe. This really isn’t a difficult question to answer. If you are trusting a third party to store your things, when something happens to their service or they terminate your account randomly you have only yourself to blame.
I encountered a false positive where a pure text file made up of personal log entries was flagged by antivirus as malicious, and it started fighting me on trying to restore the file from a backup as well. Fortunately, I was eventually able to recover it, although I've forgotten how.
Probably my most memorable lesson in unexpected failure modes for complex, automated software.
Amazing that the Internet culture that vehemently opposed DRM and created things like bit torrent so quickly lined up behind algorithmic content moderation.
IMHO, the problem started when we all jumped on Gmail, knowing that there was no support, and if it broke, we got to keep both pieces. I watched my wife's account get taken over in real time a couple years ago. Ten years of personal and financial info, now in the hands of God-knows-who for God-knows-why. I simply deleted the account from her devices, and moved on. There was nothing I could do, and no one I could complain to about it. The WILD success of this model has led everyone else to do the same thing.
>> IMHO, the problem started when we all jumped on Gmail, knowing that there was no support
Back when Gmail was invite-only, most people used Hotmail or Yahoo Mail, which would offer a base level of (I think) about 50-100MB of storage at the time. If you wanted more storage; you'd have to pay for your email service - an idea I don't think anyone born past 2000 has even heard of.
Gmail came along, and suddenly offers us 1 GB of free storage, for free. This was around a quarter the size of some people's hard drives at this point.
Of course we didn't care if there was no support!
Are you kidding? I don't think Hotmail had support, either - (maybe I'm wrong?) - even if you paid for it; but here Google was offering a substantial value for anyone using any other existing mainstream email service, immediately.
They even had STMP and IMAP support, meaning you could use whatever client you preferred. Back in the day most people used computer-side email clients and had local backups of emails anyway - so if one went missing from Google's side it wouldn't be so bad.
There's a reason Gmail is still one of Google's strongest and unusually longest-lasting product of Google's. There's less reason now - but my God, when it was introduced it was an honest-to-God mindfuck as to how they were offering such a large amount of space and features for nothing.
> it was an honest-to-God mindfuck as to how they were offering such a large amount of space and features for nothing.
Of course, now we all understand that they were harvesting all the personal data this gave them access to, in order to monetize it, and sell access to it to anyone who would write them a check.
And then we found out that this information was so valuable, and in such a concentrated place, that the CIA placed fiber taps on Google’s data center drops.
Unsurprisingly, after funding the initial round of Google investment, the DoD would come back not much later to eavesdrop on the email and uploads delivered to gmail into that storage.
What i found is that darpa paid for research at a university and the students learned something from their project and then when they graduated they built something with their knowledge? It seems like the system of publicly funded research is working.
I don't think in-q-tel was one of the original VCs that funded google. Google acquired Keyhole some time after founding, and Keyhole was in-q-tel funded, so in-q-tel ended up getting google stock.
I think that internet (that opposed drm) and this one are very different. The anti drm movement was more of a popular movement and this one is a reaction by large corporations to new legal regulations (or threats of more regulations). It’s hard to even think of those as the same “culture”
fans of bittorrent and fans of services with auto content moderation share at least one common factor: they are free to use. Many people are not motivated much further than keeping their hard earned cash.
Have you ever tried to fight spam at scale? It’s trivial to block the 50% of obvious spam accounts, but we are at the stage of humanity where the activity of very dumb humans and the activity of very clever bots, EASILY overlap. A lot.
Bots will use proxies that use residential IPs, they will maintain session info (Cookies, User-Agents, etc) they will move the mouse and introduce jitter, their access patterns aren’t random but are engineered to work in the day night hours that match the geo-data of the IP they are using. They solve captchas, at the same rate that humans do (time, error rate)
Some human accounts look like bots. They sign up and upload a couple of files which immediately get high traffic. They use NordVPN so their public IP is shared by thousands of “known bots”, their access patterns are weird and unpredictable.
Yes, you can use machine learning to try and identify theses but then you end up with false positives and real people having problems like the poster above.
And on top of all that, bots are constantly subverting detection so whatever solution you have now won’t work next week.
No. It's not just to write the code. To fake a six-month legitimate use, the spammer also needs to run the code for six months, it takes lots of resource to do so.
To avoid detection, you can't just make API calls for six months. You have to run the official client on the machine for six months, and then the official client can collect more data on your usage pattern. Imagine the cost to run hundreds / thousands those accounts.
If you come up with an algorithm to reliably and enduringly distinguish a spam account with a legit account you will be a billionaire. It's the 20 foot wall, 21 foot ladder problem.
Well, European countries produce "studies" that say hate is effectively reduced and overblocking does not happen. Germany was leading here and the digital services act will copy the crap. No real relevant social networks in Europe and it only applies to platforms like Twitter and Facebook, but it is still silly legislation with negative effects.
Dropbox doesn't have any functioning contact points. I cancelled my yearly subscription a month ago the day after it renewed, they cancelled my premium benefits immediately but never send the $120 refund that the cancellation page said I'd get. Tried contacting them from their website contact page, nothing. Tried tweeting at their support account, nothing. I'm half tempted to try to get my bank to do a chargeback.
It's sad, I used to really like dropbox but now they just suck.
> I'm half tempted to try to get my bank to do a chargeback.
Do it. I guarantee Dropbox cares far more about their relationship with the credit card processors than it does about their relationship with you (who just terminated your relationship with them), so maybe if enough people do chargebacks to resolve their problems it will incentivize them to make their system work correctly.
And make sure to explain the story to the Bank/Credit Card company as accurately as possible. You paid X for Y amount of service but want to cancel after Y amount of service and instead Dropbox just cancelled you right away and won't refund you the difference.
At this point half of the internet doesn't seem to have functioning contact points.
I sometimes wonder if I could do chargebacks for almost everything I buy online, since some companies don't even bother to answer the credit card company or PayPal to dispute or authorise the chargeback.
I've gotten much quicker with chargebacks in this situation. Companies that go out of their way to insulate themselves from their customers leave you little other alternative.
Dropbox is acting no different than any other scammer here, and there's a limit to how much time I'm going to waste on being polite. Somehow it is always a "mistake", and somehow those "mistakes" always involve money flows in the same direction.
They technically have fine print that they don't ever give refunds for unused time - https://help.dropbox.com/accounts-billing/cancellations-refu.... When this happened to me I asked the support chat for confirmation in writing so I could file it with a chargeback, and they found a way to refund me without one.
HN search. I knew the terms. I remember upvoting that comment when it posted. I still don't use Dropbox. (sshfs backed on a zfs server (hosted by rsync.net))
This is a pretty popular post to link to when it comes to feedback for a new app you're building. Another fun one is the slashdot posts when the first ipod came out.
If he uses it for work, and clearly, most shared links he creates are of copyrighted media content, how would this work in practice? Does Google Drive/Dropbox have some flag for "creator" accounts?
I don't have an answer for your question but from experience I can say that anecdotally most well known creators have their own infrastructure or outsourced infrastructure and legal teams. Content will not be deleted unless there are repeated egregious violations and complete refusal to remediate violations of the contract that their legal team agreed to. By contact I do not mean some thing that someone clickity-clicked their way through. I mean a contract that went back and forth between legal teams and signed/recorded by a public notary. In such cases deletions would always be done by a human. I have no idea why the Rick and Morty creators did not have such an agreement in place with Dropbox to prevent this scenario or if Dropbox even supports this model.
As a funny side story, at least I think it is funny... I used to manage the backend servers for Atari. The "Internet Police" used bots to send take down notices for copyright violations and emailed us saying to take down Atari's software because it was a copyright violation. Atari was our customer. This should have been obvious as the FCrDNS had their domain name in the PTR records. I found it hilarious but also saw how that was a bit of foreshadowing as to how the internet would devolve.
Rick and Morty isn't the only thing Justin works on. Likely this was his personal account and not something used specifically for that show. There's no mention of the show in his tweet.
Assuming this is copyright related... probably not. The only way this could be done in practice would be for Justin Roiland/Williams Street/Rick & Morty LLC/Cartoon Network/Warner Bros. to legally indemnify Dropbox - as in, agree to pay all of Dropbox's legal fees and damages if they get sued for copyright infringement outside of their DMCA 512 safe harbor. This is entirely impractical for an individual to pull off, and Dropbox might not even have a copyright indemnity policy for corporate clients.
Also, if anyone actually has a bone to pick with Dropbox over shared links, this is probably a very bad idea, because it would just be opening WB's far larger pockets to whoever Justin is pirating content from. There is no actual legal provision for "creators" to get away with copyright infringement that we cannot.
And let me be perfectly clear: It is not legal to copy media over any kind of file share, even privately within an organization, unless you have a copyright license, which they clearly don't. Censorship[0] on-demand in exchange for liability limitation is the world that all these media companies chose to live in. They screamed their heads off about the harms of noncommercial piracy over the Internet while also, apparently, pirating enough content internally that Dropbox needed to shut off their account. If they want their account back, then either pay for a license to every video file on that share or publicly lobby Congress to legalize file sharing.
Or this could have nothing to do with copyright and some internal spam filter just shat the bed very badly. The original linked tweet didn't clarify anything and Justin might just not even have anything to clarify with. I really hate how modern tech companies are allowed to do summary executions of accounts like this with no explanation.
[0] I am willing to accept the "copyright infringement is not speech" argument, which SCOTUS also does, but DMCA 512 still allows censorship of novel speech because the counternotice procedure is laughably inadequate.
bet you a dollar that they were taken down because they were sharing links to content they had created for Rick and Morty etc and Dropbox’s dumb algo just didn’t know that they were the creators of that content.
Dropbox only hashes files that they've gotten DMCA takedowns for. So WB told Dropbox "do not allow people to share Rick & Morty", and then got angry because they couldn't share Rick & Morty internally. This isn't a false positive, the algorithm is working exactly as intended.
Yes, because you need to be able to counternotify; this is why I was a little suspicious of the "it's a copyright problem" explanation. However, if they had ignored prior notices and continued infringing, then Dropbox needs to shut off their account because they're a repeat infringer, and that process might just look the same as any other TOS violation ban.
If that's the case surely they could have told him that was the reason. Otherwise we're talking about software engineers deliberately writing code to waste other people's time and make the Dropbox product look worse to their customers or prospective customers.
> Otherwise we're talking about software engineers deliberately writing code to waste other people's time and make the Dropbox product look worse to their customers or prospective customers.
Seems true-to-form. This has been Dropbox's product strategy for the last 5 years.
I would be highly suprised if he doesn't have the right to distribute his work in a small scale non-commercially, especially as part of the process of creating that work.
You have made a huge and baseless assumption that there was any copyright infringement happening.
Surely he's the legal owner of much of it, unless you're trying to imply he doesn't do any creative work at all outside the scope of his current contracts.
Not really. It’s unacceptable for Dropbox to know/inspect what content you’re storing, scan it for anything without you actively requesting they do so, and certainly to delete it.
This behaviour and any terms of service that allow it should be illegal. The fact that it goes on constantly is a scandal.
I kind of get both sides. They shouldn’t scan personal files at all but then again Dropbox files are also shareable and is kind of like YouTube in that way. So if in this case a guy has copyrighted content, which they own the copyright for, and are sharing copies of copyrighted content, how can an algorithm know it’s not some random person. It’s much more likely not to be the copyright owner than to be it. What’s the worst part imo is that there’s no recourse, no appeal process, no one to talk to for the mistake - except it seems via twitter.
That depends on whether you share the content. In this case, there might be legal requirements for checking on the shared content, so dropbox can't avoid it.
But they might do something about how they handle this. Especially if it's an likely older account. Dropbox has many creators as customers. They should have more experience to handle this gracefully.
Why shouldn't they be able to know/inspect/scan the content that they are physically storing?
I'm genuinely curious the logic.
From my perspective, they're a company providing a service and can determine the terms upon which they'll provide it. You don't have to use them if you don't like it.
Right to privacy. Companies have never had carte blanche to create any terms they like. Many types of contractual agreement are illegal or unenforceable.
Your landlord can’t just turn up and start rifling through your stuff, and the owner of your rented disk space shouldn’t be allowed to do the digital equivalent.
I quite like the landlord analogy. Landlords need to give notice before any termination action. Even if reasons are not given for termination, the tenant is warned and given time to prepare.
Another analogy might be a long term storage locker. You, the customer, place your belongings in the locker, and return a month later to find it empty. All your stuff was destroyed by the storage facility, because they found pirated movies among your belongings!
That won't keep your landlord from rifling your stuff if they think your legal foo is weaker than theirs, nor from claiming that they had the right to do it.
That's part of the problem itself. In most cases there ARE no communications about why an account was terminated, and it's impossible to get any unless you have enough influence to cause a messy public incident on Twitter.
Yet another example of why we need a users bill of rights to give users some standardized legal recourse to discover the reasons for account bans and dispute them.
I like bringing up the Uniform Commercial Code [0] as a template for this kind of stuff. Where there’s a common goal and groups push for legislation in each state.
Sadly I’m not sure there’s a good advocacy group to push for this. Mozilla is funded by Google who definitely doesn’t want any user rights that conflict with their revenue. Maybe the EFF or FSF.
A state by state push would be one way to make this happen, but given that online companies and their users are often in different states, this does seem like the kind of interstate commerce that could be addressed federally.
I'm not hugely optimistic about this. It's possible that the pushback against tech will enable something like this to get passed, but I'm pretty sure that pushback is for purely for political points and not being done with any intent to actually change much.
I may be out of the loop, but my experience with it has been great. It's a (mostly?) open-source, self-hosted DropBox(ish) clone - with a great UI, web browser support as well as native MacOS, Windows, Android and iOS apps. (I figure there's probably some sort of Linux client as well? I'd have no idea.)
I'm shocked that Adult Swim isn't using something like this internally to work around this very issue. I'm sure they send copyrighted clips of shit to each other all the time for reference material. They've never run into this issue before? Even once?
Lesson learned - depend as little as possible on services you can extremely easy replicate on your own. When my free DropBox storage ran out years ago, I installed OwnCloud and have never even thought about cloud storage since. It 'just works'.
I use a similar thing called Seafile on "my own" VPS and love it, syncing to local ZFS NAS with autosnapshots and regular-ish offline and "offsite" backups (two big external drives, swapped whenever I visit family a few states over). Self-hosting FTW. I'm sure owncloud and nextcloud are easier and more complete these days so that'd probably be my choice if I were doing it from scratch. I also do self-hosted CalDAV (radicale) for contacts and calendar, and self-hosted email (dovecot/postfix/spamassassin).
"Secret" means that the supposed account violation wasn't specified in the message from Dropbox. Possibly an automated decision. And apparently it was without warning on the first offense? Definitely need more info. And extremely worrying for me as a customer that they will take down the whole account for a single toc violation.
Quite possible something hard illegal, like problematic porn or terrorism or such. I guess in case of some random hollywood-alarm being triggered, there would have been a DMCA-complain coming from that party.
Everybody should check and recheck they actually own their data, github accounts, digitalocean boxes, google accounts dropbox accounts, youtube accounts, the list goes on and on. It is obvious by now that it can happen to anyone for any reason (datacenter fire too) at anytime.
Every now and then there is a similar post on hackernews.
One thing that helps me think about which cloud services to use is the phrase "a stranger's house."
If I'm working on something important to me... how comfortable am I leaving it in a stranger's house? If I wouldn't be comfortable doing it, I always make a local backup. This saved my ass when I inexplicably lost access to an old Google Drive account. I lost a couple days of work, rather than a couple months. I still have no idea why that account was disabled.
I use and am happy with Dropbox. I was an early adopter of Google Drive (to try to save costs) and it never really worked right. There were lots of bugs with the syncing of data. My entire digital world is on Dropbox. I use (and pay for) Google Drive too, but I use it differently.
It works for me because, in theory, all my data is on every HD in my house (which is really just two). So, I don't lose anything if Dropbox deletes my account; I've got it all locally.
That theory doesn't work anymore, however, because I have 399 GB of data in Dropbox and I don't duplicate it all to every machine anymore because of the size and the data transfer required to keep that much locally and in the cloud.
I really do need to start thinking about this again so that I can get it all duplicated locally.
As far as I know, if you just have the files as "Keep local" or whatever, Dropbox will still delete them locally if it's removed from Dropbox. The only exception is if you're also using the backup feature to backup certain folders on your machine that's not in the Dropbox folder.
I use and am happy with them too—although if Dropbox deletes files from your account, or deletes your account outright, doesn’t that reach out and delete the data from all of the synced devices too, regardless of the number of devices that happen to be local to you?
Do you use a second line of local backups/versioning to protect against that possibility?
700 million people use them, and 17 million are on a paid plan. I still use Dropbox, because I don't trust that I'd be able to reach a helpful human at Google should anything happen to my Google account.
we may have different account types but they started wiping inactive accounts a while back. I never installed the client on my computer though, so that probably didn't help.
I had pictures of an abroad internship from winter 2014-15 that I was able to find last year as I was aggregating all my pictures.
But I just checked their filings, the 700M figure is indeed "registered" users, not "active" ones. Which makes a lot more sense. There are not a lot of services with 700M monthly active users out there.
I have free OneDrive through my university, and I pay $99/year and I have it through work. With multiple TB available.
Yet I still use Dropbox because it’s way more usable.
Running the OneDrive agent is a hobby and it spikes my machine a few times a day. Running Dropbox is something that just works and has worked for 10 years without me ever noticing the sync app (a good thing).
I avoid Google because I wouldn’t want my gmail to turn off because of an event like this.
How do you never notice the sync app? I stopped using Dropbox because I got sick of the client (on Windows) constantly blaring about new features and corporate sharing tools.
I muted that stuff years ago and have it run on startup. I get no notifications and if I put a file in that folder it syncs up. And files I add to dropbox sync down.
Granted I haven’t run the windows client in a long time so I’m talking about my MacOS experience. But OneDrive on MacOS does all sorts of shenanigans. The funniest is when it logs me out and forces a hard resync. As a user, I never want that.
The more files you have, the more OneDrive tends to chew as a baseline. If you exceed those limits it'll just sit and chew without actually updating anymore. I want to say something like 200K files is the limit.
If you're using it for work to sync build dependencies or your build tree or similar, it's easy to accidentally end up exceeding those limits and watch it eat CPU time totally ineffectually. Ask me how I know!
It's the only solution still that "just works" on all OSs and mobile devices. I spent a year trying to use alternatives like Syncthing and Resilio and they all have pain points, especially on mobile. Gave up and just paid for Dropbox. I would gladly self host if there was an option that worked well on mobile.
I've been using Nextcloud and before that Owncloud for years. I recently switched to the native mobile client from a generic web DAV client. It supports one way sync for things like photos which is very handy. My home NC has around 1/2TB in use so far.
I also look after another one for a company with several 1000 users' safety docs on it. Nearly all the clients are mobiles and tablets using the native client. This NC is more of a one way thing where one dept uploads pdfs and the drivers and co read them on their tablets. Office staff point a browser at it.
Onedrive can't handle a ton of files without just breaking.. at least not up until a few years ago at best.
We have ~1 million files in our dropbox that we use for business. Lots of files change each day. And everything just works. It uses some CPU, but honestly for what it's doing it's not too bad. At least dropbox can handle it, other type of file syncing apps just stop working.
So for small-medium business I'm not sure what the alternative is to dropbox if you are file-system heavy unless it's just for throwing some random files here and there.
I ditched them for OneDrive which comes with an Office365 subscription. OneDrive is buggy, has file naming issues (on MacOS at least), is a memory hog, and has a host of other issues. So I tried iCloud+ which comes with AppleOne subscription, and it lacks some of the sharing/directory collab features I wanted.
So yes, there are alternatives, many of which are free or included in other subscriptions, but they lack the focus of Dropbox, which Dropbox itself nearly lost when it tried to become something beyond file storage, versioning, and sharing.
I only use it for one of my lesser used domains and it is the worst email/app experience I have had in ages.
For some reason the outlook app went blank and had to resync. Missed a really important email. It gets like 100 MS update emails which have zero relevance to me and then it sends random emails I am not sure how to unsub from. It shows notifications for all those random emails and actual important ones get lost.
I got it for the 1TB storage space and teams(let me not even start on that). But now I am seriously considering moving that domain to gmail and zoom.
I use it on Mac with the built-in email client. On Linux, Evolution (via Evolution Data Server) supports Exchange too. I find their proprietary HTTP-based protocol much more reliable than IMAP and it's the only way to get push email on iOS using the stock client (it doesn't support IMAP IDLE and their proprietary equivalent is only open to GMail and Fastmail, no way to self-host and no other providers are supported).
Dropbox supports block-level file sync. I'm not sure if Google Drive or OneDrive support that yet? It makes a big difference when working on large files.
Dropbox is afaik the only cross platform one with support for extended file attributes like tags, comments and custom icons in macOS, which I use extensively.
I've been using Dropbox for at least a decade and have no intention to jump ship (though summary execution of accounts does give me pause). The reason why I do so is...
* It works on absolutely everything. I have one foot in every major tech ecosystem and that immediately excludes anything platform-specific like iCloud. I also used to daily-drive Linux, which has no official OneDrive client, and the Google Drive client is notoriously bad on that platform.
* Mobile photo upload was extremely convenient when I first discovered it and it still works very well. If I need to take a picture of something I can use my phone and then grab the file on my desktop or laptop.
* The option to store everything locally still exists and is the default. If I get banned from Dropbox I will still have my entire Dropbox folder contents as they were present on my desktop's massive hard drive array. Backing up Google Drive in this way can be done, but only if you aren't using anything like Docs or Sheets, which can't be stored locally without a manual file export. Dropbox even tried to replicate this with Paper and I never touched it for exactly this reason.
I still have it because of inertia. I don't even add stuff to it anymore, I just haven't bothered to go through it and make sure everything's copied somewhere else easily-accessible, yet.
I suspect that's the case for a lot of folks. I'm not sure it'd even make the top-5 of such services I'd consider, if I had none of them and were signing up for one today.
For their specific job, Dropbox is still the best. Which is really sad considering what they do. They are the only one delivering a sane client, working well on multiple platforms, without any quirks like filename-hiccups and such. Though, my requirement is also to work on linux, so I might be a bit special. Though, OneDrive seems to now be pretty good on Windows and mostly on pair with Dropbox featurewise.
But on the other side, it's easier to lose your account with google or microsoft, so this might be another reason people preferred dropbox, till now.
Dropbox has more enterprise features like data governance and DLP features like requiring MDM. Drive and one drive is fine for certain things but our legal and finance documents, we need certain features.
Hopefully this will stop HNers from linking everyone ye olde "this is why Dropbox is better than your nerdass solution" comment, and hopefully it vindicates everyone over the years who countered that argument by asking what happens when Dropbox deletes your account apropos of nothing...
I hope we're a long way away from VPS providers doing automated scanning for content rather than dealing with potential copyright infringement on a complaint basis.
Dropbox ghosted me a while back, I guess they don't need advice on matters like this, so I'll just show up in the comments.
Shouldn't the files remain on the hard drive even if Dropbox deleted their end?
I switched to Spider oak for a while, but more because I wanted encryption at rest, I didn't have an issue with them beyond not adding that feature.
I then moved to just backing up locally and alternating between two USB hard drives, one of which was stored in a safe deposit box at my credit union, because a one time fee for a hard drive or three encrypted using Veracrypt (then Truecrypt? Memory is fuzzy) plus a safe deposit box is simpler and cheaper.
I like to keep things offline, and it was interesting when a bank I talked to about opening one in my new city was... oddly obstructionist about that ask.
(Has anyone else told a bank you're an aspiring journalist, would like to purchase a small safe deposit box to hold your birth certificate, passport, and a backup of your files, then tried to have a will drawn up to designate someone who would receive the contents of the box in the event of your death, then had someone break into your apartment and very obviously look into your notebooks?
I still don't have a good answer for that fundemental problem that devices can be hacked, but physical security is hard.
Anyways, sorry to go on a tangent, but it doesn't surprise me that maybe Justin did something very bad, and they just want to end the relationship and not interact anymore, but I won't get specific in a public forum.
Dropbox itself was kind of buggy for me, sometimes it'd fail at whatever their implementation of rsync did, and start filling my hard drive with multiple copies of my Dropbox folder, at best filling it up -- I suspect their shit code is one reason I kept having to have Applecare to keep replacing my hard drive.
That or the assholes who kept blasting me with malware... I suspect it was the same set of people who were skimming credit cards from Mother Bear's and uploading them to the dark web, if any of the feds who cyberstalk me are bored this morning ;-)
I use ResilioSync (formerly Bittorrent Sync) for my personal Dropbox-like stuff. The iOS client is sparse but functional, and it has clients for pretty much every OS I need, including arm Debian... so I have my 'not-quite-Dropbox' home on a Raspberry Pi.
We also use it to cross-backup photo libraries with an avid photographer friend who lives across town.
This would essentially eliminate any possibility of violating any terms of service as far as I can tell?
I'm not too comfortable putting any files on dropbox without some sort of encryption
fwiw, I've found that cppcryptfs is one of the better implementations of that sort though most (if not all) use the same library which seems to choke on certain files once in a while
And I bet doing that would also avoid what happened here -- account suspension for some unknown reason, but likely content related. If your content is encrypted, they can't drop you over it.
Of course at that point you're not using all of dropbox's features, and some other rsync-style solution may well be cheaper.
Sounds like an opportunity for a new company that abstracts away the actual different cloud providers, provides redundancy, and provides a security abstraction layer that prevents cloud hosts from knowing what their segments of files are for.
And when that service is abused for piracy, CP, and other illegal files; it will start the ball rolling that inevitably drags it down legally to the level that DropBox is at.
All TOS violations on all platforms are always secret. They will never tell you what you did. We are all one secret violation away from digital homelessness. Being booted from Dropbox is probably one of the least bad boots you can get.
I had an account there. Didnt use it much. Then I had a friend share a few videos for me to check for quality and content. They were on paid and I wasn't. The simple act of "sharing from their account" put *my* account over storage quota. I couldn't do ANYTHING with my account, including downloading any of the videos.
Basically my only option was to pay them for more "storage", even though my friend paid. They're effectively infinitely double-dipping for what amounts to a link.
I would like for Dropbox to not know the contents of my dropbox.
Although in the olden days it was nice in that if they detected a matching hash of your file, it didn’t actually upload it, you just had it. So that was super handy. For pirating as well as for situations where I have the same file in multiple location. I legitimately have disk images in dropbox because cheap storage and having them immediately sync and be backed up was nice to save on bandwidth.
It can't. False positives are a trade-off against the administrative, legal and regulatory burdens of not having such a system on a UGC-hosting site at scale.
This is a reflection of a poor commenting system. I would prefer for every online commenting system, including HN's, to allow one to see the version history of a comment. As things stand right now, commenting systems are biased in favor of revisionists.
Yes, it is a community standard that exists to work around a UX issue. I would agree that an edit history and an indicator that edits have been made would probably be an improvement.
That said, in the past when HN seemed to be doing something weird, dang usually has a pretty great explanation for why, so there might be a good reason for this choice as well.
You responded less than 60 seconds after I wrote my comment, the substance of which is unchanged. Organizing thoughts into words is a process for me, it takes a moment.
Then do the organizing and rewrite befor you submit the comment or include your updated thoughts in a way that marks them as new and leaves the original content.
I often add an edit immediately after I post, but unless it is fixing a typo, I always mark the edits.
Thanks for the tip. Apparently delayed comments don't appear on the site instantly, but do appear in the API instantly. https://i.imgur.com/ytWyvc3.png
I believe this is a common issue with automated copyright detection systems. Companies don't seem to care much as the grief caused by a false positive is almost completely offloaded to the user.
Even with this and even with not updating their client for macOS anymore they are still better than Google Drive and One Drive.
OneDrive for example: you can't delete a file into the trash anymore. It gets just deleted, like a force delete. So if you are offline or OneDrive is not running or the file has not yet been uploaded to OneDrive, that file is GONE. MS response: use the online trash. It worked until they updated to the new 12.3 macOS sync system (icloud can delete to trash, so I fully blame this on MS). Also if one file does not sync for whatever reason ALL syncs are stopped until this conflict is resolved.
GoogleDrive. If in drive stream mode (which i think is the default) it is mounted as a volume, so it is not "there" when you login, so any files opened from there will not open until GoogleDrive is mounted. Also saving to this Volume mounted google drive with some apps will trash the file. MySQL Workbench trashed files very very often. You need to restore from the google drive backup in this case. If you switch to all files always local it is like Dropbox and works, unless you want to upload symlinks or something with characters that don't match googles like and then you have missing files. At least other files will sync. I also have no idea if they actually support macOS 12.3 file sync type fully ...
iCloud: Works ... except that what you see in the finder is not what you actually have in the Terminal because it is a mix of actual files and data folders from applications. Sharing is a pain between users. I also don't think it works well on non Apple systems.
If you want dropbox-like experience, NextCloud can mount external storage (WebDAV, SMB, SFTP, S3, or even another NextCloud instance). Just mount your NAS there and install NextCloud apps on your devices to access them. Some NAS even allow you to deploy NextCloud directly on that machine.
Exactly. The BOM cost of a NAS with 3 2TB needs to be under $100. Even if we could somehow have 2TB 2.5" HDD for $30 BOM, three of them would have been $90.
How did you arrive at that target price? I find the Synology units to be a steal for what they offer. Its very hard to undercut this with a DIY build, best you could do is plug a USB drive into the wifi router I guess.
This is unfortunately a legal issue and no company big enough to have good lawyers will ever want to tell a customer why they're being banned as it exposes them to too much legal risk.
If there's a solution to this, it's probably to give companies some sort of protection from legal action resulting from incorrect application of their TOS. That's far from ideal itself, but it would at least remove some of the downside to honesty from companies on this sort of issue.
I can't blame Dropbox (or any other company who does this) given the potential downsides they face.
It's concerning that Dropbox is scanning user data. I understand the benefits of doing that (CSAM/copyright). One of the selling points of Dropbox is offsite backup and if they can delete data at anytime then its obvious to me Dropbox is no good. I personally don't use Dropbox. But if I did I wonder if something like gocryptfs [1] can be integrated with the Dropbox folder.
The number of people who apparently "can't believe this" and suggesting Google in the twitter thread is beyond belief. I thought we had already learnt not to trust them
I wish governments imposed a support API on public cloud companies and forced them to triage requests 24/7, with the obligation to track them via open Grafana dashboards.
Why anyone would deliberately use a sync or backup provider that openly reads your data and pries into the very meat of what you store with them is beyond me. Even if it's an algorithm doing this instead of a human makes it no less disgustnig to tolerate. It's as flatly insulting that these companies think this okay and many users don't mind as having someone rifle through your personal diaries and documents in your house just because they come to do housekeeping.
Alternatives easily exist, and im not even talking about self hosting. There are plenty of zero knowledge sync and backup services and if you're really stuck on using Crapbox or Google Dreck, you can use any one of a number of encryption services for your data first, so that these bigcos can't snoop worth a shit and randomly punish you for what they find.
This whole long thread makes me sad. Not least because I kind of find myself agreeing that tone tags do take something away from the joke. Not to say the commenter is flawed somehow for not getting the context, I didn't either right away.
No need to talk down to my neurodiverse friends, they understand irony and sarcasm in written text just fine. The neurotypical ones sometimes miss it, though.
One is an objective statement of the world, the other is a subjective statement about you personally.
If these things mean the same to you, you're not parsing the English correctly, which points to a larger comprehension issue that further explains why you didn't get the original sarcasm.
>Of course I pointed and laughed at you, you were (and still are) acting very poorly towards others.
A non-confrontational mention that a tone marker would have helped, which you turned into an attack somehow (?), then you took pedantry to a new level (not uncommon on HN, but lol), and then after other insults on the OPs intelligence you say that they are acting poorly? What a laugh.
Communication is collaborative. If you can't accept the fact that sometimes someone might say "Hey, this would have helped me understand you better" without losing your mind over it, I feel sorry for anyone else you converse or collaborate with.
Shame on anyone who doesn't memorize comments from years ago. Or people with English as a 2nd+ language and may not glean the intricacies of written English that you think are so obvious.
That is not what he said, and again the misuse of quotations to make it seem like that's literally what he said is definitely not helping the situation.
It appears that you are now the one having trouble parsing English.
You know how in a book when fictional characters are talking how they use quotation marks to indicate that? In my comment, my fictional someone was talking, so I used quotes.
Perhaps you could stop telling me how to write my comments and stop telling me to change my writing behavior for your sake, just because you misunderstood?
I would argue that "failing" to interpret sarcasm in this context is generally the fault of the person employing sarcasm. With none of the other cues that are available IRL (tone of voice, body language, facial expression, etc.) there's very little to tell a reader what is meant to be taken literally, versus taken as sarcasm. So yeah, if a writer doesn't include /s or ⸮ or whatever, that's on them if their words are misunderstood.
What evidence is there that "everybody" else did "get it"? And what does that even have to do with what I just said? Choosing to communicate poorly is a bad decision, even if some people happen - by chance - to understand you correctly in spite of that bad decision.
I didn't understand the reference but I didn't have to quickly scan to other comments because the next comment mentioned that it was a reference.
I would also say that sometimes being exclusive can make a joke funnier to the in-group. Denoting your sarcasm can make humor less attractive, in the same way explaining a joke ruins it. Sometimes you want to be vague to see who catches the signals.
Some people, myself included, will react poorly when requested to perform additional work when additional work from the requester also could have been performed.
As someone who recently migrated off of Dropbox, you can get most of the features with open source systems like Syncthing and a self hosted server.
The main complication to implement is encryption at rest for the data (I use luks2 on a hd and the fs of a raspi controller) and secure remote access (wireguard works really well and is easy to manage).
I wireguard into my remote systems and have Syncthing configured only to local network (no relays etc). It works beautifully; not missing dropbox at all.
I am still working out a viable alternative for things like document scanning, but I have no regrets owning my data.
I can install drop box in under ten minutes. I don't have to manage security patches for all the binaries in the stack. My data is available in network edge locations close to me or the people I share it with. I can turn dollars into more storage very easily. I don't have to configure user permissions and groups in more than one place.
Also, what you described is not "sftp + cvs + vps" ;D
Syncthing makes Dropbox look downright barbarian. Especially if you combine Syncthing with Android and a NAS or home server. iOS is... not really capable of sync outside Apple ecosystem. And this is true even with Dropbox. Not an Android fanboy. Just stating the fact. I take a picture on my Android phone and I don't have to think about it. It's now on my home server, it's encrypted, it's automatically backed up, etc. I have an app that takes a backup of my phone and puts it in a single file. Literally I press a button and my entire phone is backed up via syncthing. I use KeePass. My passwords are in sync at all times, on every device. There is also KDE Connect, which I have yet to try out.
Even before Syncthing, Unison existed since 1995. Which was the true free software version of Dropbox. You never needed a bunch of hacks to get automatic sync working on Linux. Syncthing is a bit easier to configure, IMO.
Can you right-click a large file (in your day-to-day file manager), hit Copy Link, and email the link to someone so they can download it (without having to give them any further credentials)?
Dropbox has invested in infrastructure to do things like index and search the contents of your files.
VPS provider doesn't even necessarily have read access to your data, and because you aren't relying on them for search/index features, encryption is much less expensive from a functionality standpoint.
They typically don't spy on their customers as much as a service like dropbox does.
Before downvoting, ask yourself: When was the last time a VPS provider scanned the disk contents of their customers? And when was the last time they booted someone for using full disk encryption?
Meanwhile, dropbox proudly proclaims how they scan the contents of their users' files.
Edit: you substantially changed your comment after complaining about downvotes. That’s not cool. Note that you edited it.
VPS companies delete customer data for all kinds of reasons, just as arbitrarily as Dropbox. I’ve had VPSes at dozens and dozens of places over the years. I’ve seen them accidentally delete servers, purposefully disable stuff for what they claimed were hacked sites that weren’t actually hacked (so that’s scanning right there), I’ve seen them go out of business because the owner was 15 years old, I’ve seen them go out of business because they sold to Endurance or whoever, I’ve seen their data centers catch on fire — taking everyone’s data with it, I’ve seen them accidentally delete whole clusters.
And I excuse it in most of those cases because it is a VPS I pay a pittance for and don’t run production on, but the risk is always there. Trusting your data to Dropbox or OneDrive makes a lot more logical sense, especially if you aren’t knowingly violating any of their rules.
And yes, you can colocate. I’ve done that too. But I no longer have the energy to do that, especially if my box is in a data center I can’t physically access.
I backup about 5 different places because I’m always afraid of someone fucking me over. But for Dropbox to do this, is truly terrible. Especially for an unlisted rule.
Definitely not happening with my Synology NAS unless I rage quit and throw it out a window (and it backs up to Backblaze B2).
It is unfortunately more of a time commitment then paying for Dropbox (which I previously did, for years), but I won’t lose all my data because of them finding something to complain about with a hash of one of my files (or however they’re scanning content) and nuking my account. That’s simply not an option.
Syncthing + NextCloud + rsnapshot backups would have been my open-source alternative recommendation, but of course not everyone wants to take the time to learn that skillet, set that up, and maintain it.
You can get the whole package from Hetzner pre-configured, or just configure it yourself. I manage our team's nextcloud installation, and installing on bare-metal (sans containers) is a half day job at most.
Moreover Nextcloud supports WebDav which allows tools like Zotero to directly tap into that.
Would you say that the install and maintenance load for both systems (Dropbox vs packages containers) is the same?
Like, I'm confident my tech illiterate parents could get drop box running. Ease of use and UX are features.
I'm not saying the self hosted stack is bad, and in fact it's probably better in many ways. But it doesn't have the same feature set if you consider usability a feature, imo.
What does Syncthing add to the Nextcloud capabilities? (Honest question because I'm curious; I have a NextCloud & snapshot to encrypted S3 backup solution already.)
I admit I have not used NextCloud, but the hands-off automatic file-sync-between-devices that Syncthing provides has been transparent and seamless. It has required no babysitting after initial set up.
I have forgotten if NextCloud does this, because I don't use NextCloud at this time, nor have I.
Why a $5 VPS? Why not a $25 VPS in a reputable rackshack that has at
least triple off-site redundancy? You get what you pay for and the
choice isn't only between free and scuzzy, and cheap and scuzzy.
Many of the VPS providers have a backup option. My personal preference is to have a VM at a few different VPS providers and a cron job that uses lftp to do a rsync-like replication between VPS providers using SFTP. The advantage of lftp over rsync is that I can sync between accounts that are chroot sftp-only with nearly identical capabilities of rsync. The lftp client can also break up one file into multiple TCP streams.
In the event a provider terminates my account I could not care less. The files will be at multiple providers and HAProxy will automatically remove them when the content validation health checks fail.
It's a common failure mode for a kind of products (SaaS) YC frequently funds. While it probably happens rarely, its consequences can be devastating for those affected, and thus it's a problem that needs fixing -- yet no progress seems to happen in the industry.
Overall, it's similar in relevance to security breaches. Awareness needs to be raised. Thus I'd argue it's relevant.
I just posted one of my own, and I agree with your sentiment.
I would like to see a future where humans achieve symbiosis with machines. Our brains acting as a limbic system to a larger sovereign machine entity. Still “you”, but more.
For such a thing to work, many ideas need to change. Data ownership, sovereignty, and the core philosophy in regards to machine-human augmentation needs to be reworked in groundbreaking ways.
As it stands, with megacorporations having no respect for individual access to their data on services at the whims of the corps, human machine symbiosis is about the scariest thing imaginable right now.
OneDrive is just not as simple as DropBox. Dropbox you know what you get, an online file system that syncs to your computer. OneDrive always asks to backup local files when that’s not what I want it for and doesn’t have an intuitive interface that just works. It’s too integrated with other Microsoft products.
We learned the lesson, and never again trusted Dropbox, for anything.
(Best guess - a would-be client got pissed when software which they'd never paid for lacked a feature, and told Dropbox a story.)
EDIT: Only executables & related distribution files were on Dropbox, not any source code. We lost nothing...except our trust in Dropbox.
EDIT2: Yes, as several others have kinda pointed out, this incident was a collision between (a) naive human expectations (of high-skill, high-touch, highly-invested customer service for such situations) and (b) the actual business model of any huge / cheap or free / convenient cloud provider of X (plus just "internet reality"). Sadly, I don't see that either (a) or (b) has changed in the past decade.