Hacker News new | past | comments | ask | show | jobs | submit login

The author, like many other commenters in the past week or so, is wasting words by saying "this is scary - what if it happened to Dropbox and I lost access to all those files!"

Let's not forget Dropbox is just a replica of local storage. That's the whole model. It's more meaningful to discuss whether or not this could happen to S3. I don't see anyone legitimately worried about that, because it's quite obviously a very legitimate business with tens of thousands of legitimate customers (just like Dropbox). Articles like these portend to get you thinking about the broader implications of a takedown, but in truth they cloud clear thinking with what are essentially scare tactics.




Dropbox is just a replica of local storage.

It gets scary when the operators of the "replica" has the ability to delete files from your local storage as well. Amazon did this with Kindle & 1984, which caused a sizable controversy at the time. Next thing you know, somebody sends a DMCA notice to Dropbox, they delete your remote copy, and your local Dropbox folder is automatically updated to reflect the change. Whoa, no thanks.

Dropbox is also an apt comparison because part of the MegaUpload indictment has to do with their deduplication system. Dropbox is also very good at deduplication, which means that a single court order can cause all copies of an offending file to be remotely deleted from everyone's Dropbox folder.


The primary difference with your 1984 example is in that case the content originated at Amazon. In the Dropbox model you provided it to start.

If mozy was taken down do you think that it's possible they would wipe the drives of all users? I don't.

Amazon also quite clearly keeps hashes of all keys in S3, which Dropbox rides on. Would you expect the government to be able to issue hash based takedowns to amazon across all buckets?


Amazon also quite clearly keeps hashes of all keys in S3, which Dropbox rides on. Would you expect the government to be able to issue hash based takedowns to amazon across all buckets?

I was under the impression that Dropbox, while having the ability to decrypt your files, encrypts them before they hit S3. If so, a hash-based takedown sent to Amazon would at best be able to take down a single encrypted instance of a piece of data.


Except that Dropbox dedupe _everything_.

So I suspect what happens is that everybodies bittorrented dvd rip of Avatar on dropbox is deduped and stored once on S3, admittedly encrypted, but all with Dropboxes encryption key and all with the same hash pointing at the same single encrypted instance of the file.


I believe Dropbox uses a method analogous to block-level dedupe. That is, files are split up into smallish chunks and then the chunks are what get "deduplicated". A "file" basically consists of a list of pointers to chunks.

This makes things extra problematic because completely unrelated files might share chunks. Standard file formats may lead to duplicate headers. Or consider a political science textbook that contains a complete copy of the US Constitution, and a file that contains just the US Constitution. One is perfectly legal to distribute freely, the other may not be, but both might share some common blocks, and a federal judge with a shoot-first mentality might craft an order requiring the deletion of those common blocks.


When one of my coworkers deletes something in a shared folder, it dissapears from my local machine. This is fine because Dropbox lets you undelete it and revert to their latest copy, but they're sure as hell not going to do that if it was a takedown, whether that takedown was legitimate or not.

This would be vastly more damaging in the context of Dropbox, not less.


With all threat assessments I like to know (appox. to an order of magnitude) the likelihood of any downside. With the M.U. -> dropbox/s3 analogy, I have no guess for an estimate.

I'm honestly curious -- what is the likelihood that you estimate your files being deleted from dropbox? It was always very clear to me that M.U. was shady, and I feel probably deserving of shutdown. Given a 5 year timelines, what is the probability that you guess dropbox suffers a similar fate (total annihilation, server seizure, etc.)?


I don't think Dropbox will suffer anything as drastic as the MegaUpload shutdown. Unlike Dropbox, MegaUpload was shady to begin with, and with a lot more emphasis on public file sharing. But the possibility of individual files being taken down is pretty real. Dropbox probably does it all the time already, otherwise they'd be in trouble with DMCA.

Now, whether they will only delete your online copy, or whether they will let the deletion propagate to your local copy, is totally up to Dropbox. I don't agree with @hemancuso's claim that your local copy will be safe, because there's no guarantee whatsoever. A court order might even specially say that Dropbox should delete local copies too (if possible).


I'm not totally sure on how to square "a lot more emphasis on public file sharing" with the fact that I could never find even a search box on their website.


That's our criteria for takedowns? Whether it feels shady? I understand the law can't always be black and white, but that's a heck of a lot greyer than I'm comfortable with.


Unfortunately, that does seem to be one of the criteria that many governments use to justify takedowns. Selective enforcement at its best.


What are the odds the you think any of your files could have a DMCA takedown while on dropbox?

I am concerned about the abuses of power under these recent events. However, i still don't see a likely problem for legitimate use (with dropbox), outside of an outlier.

The rhetoric on both sides of the argument has me a bit concerned.


I don't store any files on my Dropbox account that even remotely resemble anything owned by media companies, so I suppose the risks are negligible for myself. Using something like EncFS on top of Dropbox wouldn't hurt, either.

Other people might not be as lucky. People in some countries could store and share files that are completely legal to distribute where they live, but still protected in the U.S. For example, copyright expires 50 years after death in Canada, compared to 70 years in the U.S. If an American company issues a blanket takedown notice and Dropbox obliges, Canucks may be adversely affected. Besides, humans make mistakes. What if somebody pastes the wrong hash into their takedown notice and Dropbox staff forgets to check it?

So even people who never violate any copyright might have philosophical objections to unilateral takedowns like this. It is important to avoid alarmism and hyperbole, but that doesn't mean that there's nothing to worry about.


Am I off base to draw a parallel between this and a right to privacy situation? The folks who say, "the only people who worry are the people who have something to hide"? (FTR, totally against that argument...)

Off topic, the spirit of the internet never ceases to amaze me. We're on ostensibly a business focused board, and you make a compelling argument defending the protection of potential competitors. (I.e., your customers/clients will receive a tangible benefit due to your awareness of these issues, and non-reliance on less capable competition.) Yet, you seem interested in the overall good, rather than looking to exploit your advantage commercially.


According to the Berne Convention, that's not how it works. Even if Canadian works only have life + 50 years of copyright, works created in the US are to be protected by copyright in all the countries that signed the convention for life + 70 years.

Quoting:

    In any case, the term shall be governed by the legislation of the
    country where protection is claimed


> Let's not forget Dropbox is just a replica of local storage. That's the whole model. It's more meaningful to discuss whether or not this could happen to S3.

Well, every Dropbox account has a `Public` folder with direct HTTP access.


Sure. But Dropbox could be taken down and you lose nothing




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: