Hacker News new | past | comments | ask | show | jobs | submit login
Dropbox DMCA takedown on personal folders (twitter.com/darrellwhitelaw)
119 points by ayi on March 30, 2014 | hide | past | favorite | 40 comments

Looks like the OP was asked a few times if the files were shared publicly or not. I think that's the key piece of information about this.

If it was copyrighted material that he shared/linked to publicly, then it makes sense. If, however, it was private files that he hadn't shared with anyone else, well, then this is a HUGE deal.

Yes, it looks like OP isn't presenting the whole story. The DMCA filing party would have to provide the URL (of the public/shared folder) containing the copyrighted material to dropbox for takedown. I don't think they can just request dropbox to scan private folders to check for copyrighted content.

They'd have to provide the URL of some public folder containing the copyrighted material, but that's probably sufficient to get every identical file taken down including ones in private folders.

Yes it is sufficient and doable but the question is will dropbox do it? How will they even identify whether I own or have the license to use the files I have in my private folder. If I just keep my purchased ebooks in a dropbox (private) folder and a public folder (belonging to someone else) containing some of the same ebooks are flagged, why should I be affected?

Even better what if the copyright holder is lazy and keeps copies of the ebooks a dropbox folder. I would not be shocked to find this happening. How would dropbox distinguish between the two?

If they don't want to meet the same fate as MegaUpload, Dropbox are certainly going to take down all copies.

In other words, you can't use Dropbox for any copyrighted content, even that which you own and are just storing there privately?

That doesn't even make sense... but then again, much of copyright law doesn't either.

MegaUpload's problem went far beyond the fact that they just didn't take down all copies of a file with a DMCA complaint against it.

The guy shared a link for the file, which is the reason it got flagged. There is nothing pointing to Dropbox taking down matching private copies.

Supposedly it was a private folder, but he'd shared a link to that folder with someone.


Dropbox help explicitly refers only to shared files/public links wrt copyright policy: https://www.dropbox.com/help/210/en

edit: on further reading of his tweets, it appears that he shared link to the file with another person. So while Dropbox might be overstepping a bit, imho it seems that their action was justified (assuming that the DMCA complaint was originally justified).

edit2: Dropbox response https://twitter.com/dropbox_support/statuses/450176566375366...

@dropbox_support claims content removed under DMCA only affects share-links.

@darrellwhitelaw replies that's what he meant, only sharing is disabled.

Good find, that clarifies a lot.

One possibility is that Dropbox deduplicate files (they almost certainly do), and somebody else had a public copy of the same file, and that was given a DMCA takedown, which now also applies to his copy since it's the same file even though it's private.

Dropbox definitely deduplicates. There used to be a cladstine app out there called "Dropship" or "Airship"; it would extract the hash of a file from your local Dropbox SQLite database; you would provide that to someone else, which the app would then insert into their database. Dropbox would immediately start syncing the file.

Dropbox asked the author to take down the app, and now Dropbox does additional consistency checks to prevent this use case.

EDIT: Dropship: http://en.wikipedia.org/wiki/Dropship_(software)

I don't understand the point of Drophsip; why not just share the file with the person and let them sync it the normal way?

The point AIUI (I'm not a Dropbox user) was to make Dropbox think you have a copy of the file already just by having its hash, allowing widespread sharing of the hash without implicating a specific origin by a direct sharing link. The files would sync into your private folder, avoiding DMCA takedowns (before they fixed it). I read about it on HN, so a search of HN's archives might give you more information or correct anything I got wrong.

I should hope it doesn't work that way, because under section 117 of the Copyright Act I'm allowed to keep an archival copy. [0]

[0] http://www.copyright.gov/help/faq/faq-digital.html

There is nothing in dropbox's message suggesting he cannot upload or access archival copies. It says they got a dmca notice so they disabled sharing on some of them.

This is either a bug on dropbox where the message shows to anyone having some flagged file(s), or he was sharing copyrighted content and conveniently emptied the folder before taking the screen capture to paint dropbox in a worse light.

Didn't stop youtube from preventing me from downloading a video I uploaded where the video content was entirely my own.

It's important to note: once you add a link it can happen at any time. Removing the link doesn't fix it (i.e. deleting & creating a new folder). The folder path/name is permanently flagged and thus unusable even for personal content.

I randomly ran into someone working for the movie association in Hong Kong and he told me that they regularly scan forums looking for links to copyrighted materials. From time to time they do find links to Dropbox and Google Drive, and they send takedown notices when that happens.

Even if this isn't as nefarious as the title suggests, it's still an excellent reason to drop dropbox. Have you tried owncloud? That's what I use and it's perfect for escaping stuff like this as well as dropbox's new criminal terms of service. Just in case there's anyone who doesn't know, dropbox recently changed its terms of service to circumvent consumer protection laws by requiring its users to forego common rights under the law, a common tactic traitors are using these days (Microsoft also did that on Xbox live for example). So please take the opportunity to learn about owncloud and ditch dropbox as soon as possible.

The text of the warning says:

"Certain files in this folder cannot be shared due to a takedown request with the DMCA"

I interpret that as he has some copyrighted files in his private folder which he is trying to make shared/public. Perhaps dropbox has previously gotten a takedown request for those files (when shared by some other user), and to comply with the request is preventing anyone else from sharing the files in the future.

That's not how DMCA works. That's how some of the bigger copyright organizations (RIAA for example) want it to work.

Besides, what might be copyright infringement to one user might be legitimate usage to another. For example, you might have an illegal copy of an ebook in your folder, but I have the same copy, but mine was paid for. Should I lose access to mine? OReilly books don't have DRM, so it's possible it could happen.

The way I understand this, he did not lose access to the file, he just was not able to share it with someone else. Synchronisation within the account should not count as sharing, so I guess what happens is just when a new share link is being created, Dropbox is checking the checksum against a list of blocked ones and prevents you from sharing it. Which, tbh., is fair enough.

> Besides, what might be copyright infringement to one user might be legitimate usage to another

While technically true, I think it is very rare that a file is DMCAd for one user while another is sharing it legitimately. Rare enough that a trip to customer service is warranted.

> For example, you might have an illegal copy of an ebook in your folder, but I have the same copy, but mine was paid for. Should I lose access to mine?

Note that the discussion here revolves around sharing, not having personal access. So while you should (and would with Dropboxs current system) retain your own access to the files, you shouldn't be able to share it, which seems reasonable to me.

Again, that's not the structure of the law. The DMCA requires that a takedown notice specify the specific content. Both the data itself and the usage have to be identified, there's no notion in the law of forbidding access to specific "files" by their data alone.

Yes, Dropbox is working pre-emptively on their own initiative here.

The message is quite cleverly constructed, as it doesn't actually say that there is a DMCA takedown request against the file (because there isn't). It just says that there has been a takedown request sometime, possibly(probably) against some other file/url.

I realize that, but the parent comment I was replying to was suggesting that the access would be removed from everyone that had the same file, sharing or not. At least that's how I read it. I could be wrong.

However, as stated, the DMCA isn't currently meant to take down the file and keep it down forever. It's meant to kill links one at at time.

Bigger organizations want it to take a file down and keep it down forever, which is what's being kicked around now as being a possible reinterpretation of the DMCA, which is crazy.

Here's a hacking opportunity - obfuscate files prior to Dropbox sync so they fail at their duplicate detection.

no need for obfuscation.

Respect Dropbox TOS and your files will not be deleted.

Share some copyrighted material and deal with the consequences.

By the way you can encrypt files before sending them to the cloud, but in order to share them with a third party you'd have to give your keys, which makes little sense.

You're right that that's what traitors say about sharing but that's not a real world solution for serious people. Perhaps you aren't aware of this but copyright holding monopolies have purchased laws in the US that criminalize perfectly normal behavior, like sharing copyrighted material over a computer network. My friend, remember that we can't allow these traitors to wreck our brains with propaganda and make us think that publishers deserve a payment every time someone even thinks about a song or movie.

There are plenty of valid fair use reasons for me to share copyrighted material.

Example, my wife and I are physically separated (let's say she is in Europe for a week) and she wants a copy of "Frozen" that I just ripped from the DVD I own. (It's a long plane ride home.)

Making a copy is fair use, and putting a copy on her computer is not illegal.

Dropbox is treading a fine line. If they fuck with my files, I will drop them fast.

Makes perfect sense to me if you don't trust your host not to report you. Keys are small enough to just send in a private chat rather than hosted alongside the encrypted file.

It sounds like this is starting down the path of "not trusting cloud servers in particular ways". At the end of that path lies Tahoe LAFS, which tries to do online file storage while avoiding trusting the servers at all.


(One of the properties of Tahoe is managing the keys to decrypt data completely outside of the servers, so that the servers never have any knowledge of what they're storing.)

> if you don't trust your host not to report you

Don't do illegal shit on Dropbox; problem solved.

Laws are numerous and vary from place to place. Such simplistic advice can never capture the nuances of every "right" decision everywhere.

It may be time to add a TrueCrypt volume to Dropbox...

how would you avoid having the entire volume file being uploaded/downloaded when you are just browsing it (access time changing) or changing just a small file ?

let's say you have a TC volume of 5GB that contains your personal notes in txt files. You edit one txt file and Dropbox will have to synchronize 5GB of data.

I prefer encrypting files one by one, e.g. using Cloudfogger.

IIRC, the delta between two slightly different copies of the same TC container is not the same size as the entire container. I'm actually not sure that TC is designed to be used this way, since it gives away information about what is being changed, when, and how much.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact