“By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services.”
“You agree that this license includes a right for Google to make such Content available to other companies, organizations or individuals with whom Google has relationships for the provision of syndicated services, and to use such Content in connection with the provision of those services.”
Hating on Dropbox seems to be the flavour of the week on the intarwebs it seems. Fascinating to see how easily geeks fall prey to basic thought manipulation by the media. Aren't we supposed to be smarter than the average bear?
I've recommended Dropbox to a number of personal friends throughout the past couple of years. When the first security incident (Dropbox employees being able to read files when they said they couldn't) came up a couple of months ago, one of my friends emailed me to ask what the deal was with this company. He doesn't know them from HN. He only knows them from me. In my circle, I'm the one responsible for Dropbox.
When the password incident came up a couple of weeks ago, I was on guard and emailed my friends proactively before they found out about it via news sites.
I don't bash on Dropbox because:
- they have a great product
- security is hard
- startups are hard
- they are a yc company
But I think it's fair to say that:
- they made mistakes
- they handled the initial mistakes poorly
- they are now working to address any issues, but...
- ...every subsequent action is therefore under more scrutiny
In summary, there is no thought manipulation by the media. There are a lot of lessons that can be learned from this, but being dismissive of it is the exact wrong thing.
I think people bash on them because they are so widely used, and they have messed up twice, both times very publicly. I love their service and continue to use it, but I am not impressed with their track record about security issues. Security is probably the biggest reason people will avoid offsite storage of their data.
They've made multiple mistakes, and handled the fallout of those mistakes badly. "Hating" is a term used by people who want to trivialise legitimate concerns.
You've mirrored my thoughts, and quite succinctly. However, I feel that it's not the media that is the seed of the manipulation but other geeks (through their blogs or comments on news.yc). Remember, the media lurks on sites like news.yc, picking up and amplifying trends for mass-market consumption. It's what makes News.YC so special, if not a little dangerous.
b/c they were advertising a "safe" way to store your files and they seem to suggest in that advertising that nobody but you can view the contents of your files stored on dropbox. however, that is not the case...hence the flak. is
also a universal TOS that pretty much says "we can do whatever the fuck we want." doesn't make false/misleading advertising legal. besides, the TOS you linked to is a universal one...any "Additional Terms" will override them and are usually more specific. for example, http://mail.google.com/mail/help/terms.html
"Other than the limited license set forth in Section 11, Google acknowledges and agrees that it obtains no right, title or interest from you (or your licensors) under these Terms in or to any Content that you submit, post, transmit or display on, or through, the Services, including any intellectual property rights which subsist in that Content (whether those rights happen to be registered or not, and wherever in the world those rights may exist)."
That clause is by definition perfectly useless, because of its preample: "other than set forth in Section 11". So it does nothing to limit the license granted in section 11. It's just eye candy.
Now, if you could define clearly for me what "in connection with" in section 11 means: use such Content in connection with the provision of those services
Does "in connection with" include the need to make money on that free service by selling that content to a third-party? Where does the connection start and stop?
A privacy revolution would be to use client-side encryption on this sort of services, not change the TOS -- especially since questions about ownership of the data would become pretty irrelevant.
Since day one I've stored an arsenal of Truecrypt archives in my Dropbox folder for anything that I really don't want anyone else to find out about. (Not that there is much of that.) Most of the rest of what I store there is ebooks, university lecture notes, my portfolio, and other stuff that I wouldn't worry about if Dropbox really dropped the ball. Seems reasonable to me to be a little more in charge of your own security instead of handing off responsibility to people you don't even know. Still, I agree that we should be holding Dropbox (and similar services) to a high standard, and they have indeed stumbled on this issue.
I need to keep my secret cookie recipe safe. When I take it down to the local bank, they offer to put it inside a locked box with only one key and then put the box in their vault.
If law enforcement shows up with a warrant, the bank is legally obligated to open the vault and hand over the locked box.
Now here comes the curve ball... IF the bank kept an extra key to the lockbox, they can be compelled by law enforcement to open the box. Otherwise, it is the law enforcement agencies responsibility to either get a locksmith to open the box, or force me to provide the key.
Dropbox is the bank that keeps an extra key, even though it creates legal liability. Furthermore, they lied to you about keeping the extra key when you first stored your cookie recipe.
It wasn't a sentence, it was a qualified clause: "To be clear, aside from the rare exceptions we identify in our Privacy Policy, no matter how the Services change, we won’t share your content with others, including law enforcement, for any purpose unless you direct us to."
I always wondered why do we need all this legal bullshit... and I never liked the order of the words in these sentences...
If google has a button, that I press and my content becomes available to the whole world... it is me pressing the button.
It should be the other way around... or at least say: you as a user have the option to make your content available, modify your content, distribute or bla, bla, bla using our services... and you give no license to the provider.
ps: still... I don't care about these terms much, as they really appear everywhere. Although, I'd feel much better if using an online service, in legal terms would be closer to buying a tool in the hardware store. :)
I haven't really been following the Dropbox fiasco(s), mostly because I've been so happy over the last year with SpiderOak (https://spideroak.com/). They go out of their way to put you in control of your data. They don't store any passwords whatsoever, encrypt everything, and have a strong zero-knowledge policy.
ex: http://www.google.com/accounts/TOS
“By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services.”
“You agree that this license includes a right for Google to make such Content available to other companies, organizations or individuals with whom Google has relationships for the provision of syndicated services, and to use such Content in connection with the provision of those services.”