While it's easy to jump to conclusions, it might be a good idea to have a think and maybe ask some questions first.
Dropbox provides a file sharing service, Boxopus uses this to provide torrent downloading services. Should Boxopus become popular, how will this impact Dropboxes cost base? Will people buy more dropbox space?
Are Dropbox possibly obliged to deactivate Boxopus due to onerous copyright rules? Is there anything in their underlying contractual arrangements with their suppliers for example that could result in the termination of dropbox's service, or are they just trying to cover their backsides?
I think this shows a good example of the increasingly common problem where startups tie themselves to a platform and suffer for it as well as benefit. They're looking for another storage provider, but who's to say this won't happen with a new provider too?
One question that you are not asking is whether this decision was affected in any way by the Megaupload case.
If I were Dropbox, I would see arbitrary action by the US authorities as one of my greatest risks, and would do whatever it takes to stay in the good graces of the MPAA, given the apparent influence that they have over US law enforcement.
It bothers me that companies are allowed to make discriminatory decisions like this, when providing public-facing services.
If your TOS states that Dropbox can't be used for files above a particular size, or can only be used by individuals and not corporations, or something like that, then fine.
But companies that discriminate based on the purpose of usage -- this seems fundamentally wrong. MasterCard blocking WikiLeaks payments, Dropbox blocking torrents, PayPal banning a VPN provider... Private companies have no business deciding what is "acceptable" in this manner. If it's illegal for them to provide services, then obviously they can't, but if it isn't, then they should continue to provide services.
Honestly, is this any different from a company ninety years ago denying service to non-whites because it "could be perceived as encouraging the races to intermarry?"
There's a reason we have anti-discrimination laws for races, gender, orientation and religion. Why don't we have them for "purpose of use of services"?
>Honestly, is this any different from a company ninety years ago denying service to non-whites because it "could be perceived as encouraging the races to intermarry?"
I think we can both agree that it's a hyperbolic statement. Moving beyond that, as a company, I should have every right to decide who can and cannot use my service. Just because I provide a public-facing API doesn't mean I have to allow you do to what you want with it. You're building off of my brand and my infrastructure. If I don't want Initech Inc. to be associated with file sharing, fire arms, or even the Irish, that's entirely within my rights. I'd be far more aghast if companies were forced to take any comers.
On this specific issue, scan the headlines:
"Pirate’s dream come true: Boxopus pushes torrents to your Dropbox account"
"Boxopus Is A Pirate Friend, Drops Torrents Directly Into Dropbox"
"New App Makes Pirating Movies A One-Click Process"
The articles also point out that Boxopus was quickly integrated with a number of torrent sites that host bootleg downloads.
The absolute last thing Dropbox wants to be associated with is piracy. The company is in much more danger of going out of business due to piracy issues than to any competitor.
> If I don't want Initech Inc. to be associated with file sharing, fire arms, or even the Irish, that's entirely within my rights. I'd be far more aghast if companies were forced to take any comers.
I'm rather aghast that any companies think this way. You might as well say that it is well within Google's right to shut down my Google Docs account because they don't want to be associated with the bad poetry I write using it.
One problem with this attitude is that it doesn't lead to a smoothly functioning economy. If I have to worry that any online service might chose to shut down my access for any arbitrary reason, then I am strongly disincentived from using online services. The strength of any economy is in no small part due to the ease and fluidity with which trusted transactions can take place. Remove the forces that allow us to trust the transactions, and the economy will falter.
The only reason that people are mostly willing to overlook this issue is because service providers exercise their putative right to deny service for arbitrary reasons rarely. But if you as a service provider exercise this putative right more liberally, then you are damaging the entire economic system (albeit only to some small degree for an isolated provider).
The only silver lining in all this free market rhetoric is that hopefully the free market will step in and put you out of business. Unfortunately, however, this often takes a lot longer than it should once network effects have engaged.
P.S. What's with this trend of downvoting people just because someone doesn't happen to agree with what someone else has to say. This is rather rude, if you ask me.
> I'm rather aghast that any companies think this way. You might as well say that it is well within Google's right to shut down my Google Docs account because they don't want to be associated with the bad poetry I write using it.
What he is saying is that he believes it is Google's right to do that and it is irrelevant to the fact it is stupid.
> One problem with this attitude is that it doesn't lead to a smoothly functioning economy.
Sure if people just put up with it but I don't think anyone is suggesting we just accept dropbox's position and pretend it never happened.
> What he is saying is that he believes it is Google's right to do that and it is irrelevant to the fact it is stupid.
And what I'm saying is that it is NOT within Google's right to do this. Among other reasons, it is not within Google's right to fsck up the economy that everyone depends on.
On the other other hand, I fully acknowledge that the best remedy is not always more government, since that doesn't always lead to the greatest utility either.
> it is not within Google's right to fsck up the economy that everyone depends on.
I shut down a non-technology brick and mortar store almost a year ago, partly because of dwindling sales due to the economy, and more importantly because I had a single customer that maintained over 60% of my revenue. That customer decided to move the business they were giving me in-house. Negotiations had been ongoing for over 4 years, both to (naively) prevent them from doing so (it wasn't a surprise that they did, they had been talking about it for years), and to suggest that we could merge businesses. Suffice to say, they hired someone else and I was forced to walk away.
I went through a period of "Fuck them", but I had known all along that if they walked away from me, I was screwed. Relying on a single 3rd party API is exactly the same thing. It's a contract with another business entity. If they decide to implement your additions into their core product (take for example today's Podcast app release form Apple), or if don't like your hair color, or they just don't like what you are doing, it's not "fuck them" it's "what's phase 2?". Grow up and move on. This is business. No one is entitled to consume another company's API, or else there would be no such thing as an API key.
> No one is entitled to consume another company's API, or else there would be no such thing as an API key.
That would depend on what you mean by "entitled" and by "consume". Lawsuits happen all the time because one entity believes that another entity backed out of a deal in bad faith.
> One problem with this attitude is that it doesn't lead to a smoothly functioning economy. If I have to worry that any online service might chose to shut down my access for any arbitrary reason, then I am strongly disincentived from using online services.
You're looking at only one side of the issue, and the smaller one at that. Let me flip it around for you:
One problem with the attitude that by providing an online service I'm obligated to maintain it for users I don't wish to is that it doesn't lead to a smoothly functioning economy. If I have to worry about supporting users when it's against my better interest, then I am strongly disincentivized from offering an online service.
> If I have to worry about supporting users when it's against my better interest, then I am strongly disincentivized from offering an online service.
The situation is different for individuals or small companies than it is for large companies. Large companies (that are not structured as mutuals, or somesuch) generally only have one interest: maximizing their profit. But they often tend to use a Prisoner's Dilemma's strategy against the world that might maximize their next quarterly return but does not act to make the economic pie bigger for everyone.
If I don't want Initech Inc. to be associated with file sharing, fire arms, or even the Irish, that's entirely within my rights
Regarding the Irish part, I don't think that is within your rights.
In the US Title II of the Civil Rights act Outlawed discrimination based on race, color, religion or national origin in hotels, motels, restaurants, theaters, and all other public accommodations engaged in interstate commerce;[1]
In other countries article 7 of the UN Declaration on Human Rights (All are equal before the law and are entitled without any discrimination to equal protection of the law. All are entitled to equal protection against any discrimination in violation of this Declaration and against any incitement to such discrimination.)[2] may outlaw that kind of discrimination (depending on your countries international treaty obligations and local laws)
Because it's a slippery slope from there to eliminating property rights entirely. If you require companies to declare all instances under which they will terminate service they'll just amend their ToS or add insanely broad clauses that let them disconnect anyone at any time.
This is the fundamental problem with SaaS and web APIs more generally (a SaaS application is just a web API for humans in some sense): you don't control it.
It isn't installed on your hard drive. If the vendor says "you can't use this any more" you can't give them the middle finger and keep using your copy while you find a good lawyer. You're done. That's it.
Does that mean I think everyone should stop using SaaS and APIs? Absolutely not. I would cry if I had to give up Google Docs, Gmail, etc. But I'm not under any illusions about who is in charge, and I make decisions accordingly.
I completely agree that companies shouldn't do this, but I don't think that most people on HackerNews do. A while back a co-worker of mine wrote a blog post about how a patent troll signed up for our service, and we decided to let them use it even though we really didn't want to. That seems like the same story with the opposite outcome.
Nearly all of the comments on HackerNews said that the decision showed a lack of conviction and that we should have denied service to the patent troll. I don't think that's appropriate for all the reasons you listed, but it would seem that we're in the minority.
Note: I agree with you that companies should not be allowed by their users to get away with this, I don't agree there should be a law prohibiting it.
Honestly, is this any different from a company ninety years ago denying service to non-whites because it "could be perceived as encouraging the races to intermarry?
Yes it different, in degree, effect and legal status.
Not only that, it is extremely offensive to compare a company stopping another company using their service to download files with an evil social institution closely related to the lynching of people affected by it.
A storeowner has the right to kick you out of his store any time he sees fit. It's his business. Don't like it? Go somewhere else or go build your own. www.dropbox.com and all their servers are Dropbox inc's "store". They can kick anyone out because it's their territory. It's as simple as that.
Not sure how this is in states but in europe they don't. It's illegal not to sell you stuff, if it's public, unless there are certain requirements met that are clearly stated in the law. Those are along the lines of "alcohol to drunk people" etc.
Please quote your sources, because it's exactly the reverse. I can prohibit anyone from entering my club or shoe store if I don't like their color of shirt. I just in most places and under most circumstances can't do it based on an exhaustively listed set of factors such as gender, skin color, ethnicity, etc.
Furthermore, saying 'in Europe' doesn't mean anything. You might mean 'in most European jurisdictions I know of', or 'under EU law', or 'under Council of Europe law', or whatever, but even then there are so many nuances that that statement alone doesn't say anything.
A case from the Swedish supreme court, deciding that a shop owner is not allowed to ban a repeat shoplifter from entering his store. [Swedish]: https://lagen.nu/dom/nja/1995s84
An answer from a Swedish "ask a lawyer" site, regarding whether it is allowed to deny entrance to a club. The answer is "only if that person is disturbing the public order, or if it is required to avoid a punishable offense from occurring". [Swedish]: http://lawline.se/answers/780
We're making mountains out of molehills. Don't build your shit on a platform you could reasonably expect to be taken away from you. Company management often sees piracy (and sex) as a plague that can erode customer and investor support in their business.
* * *
Once upon a time there were three little pigs. One pig built a house of straw while the second pig built his house with sticks. They built their houses very quickly and then sang and danced all day because they were lazy. The third little pig worked hard all day and built his house with bricks.
A big bad wolf saw the two little pigs while they danced and played and thought, “What juicy tender meals they will make!” He chased the two pigs and they ran and hid in their houses. The big bad wolf went to the first house and huffed and puffed and blew the house down in minutes. The frightened little pig ran to the second pig’s house that was made of sticks. The big bad wolf now came to this house and huffed and puffed and blew the house down in hardly any time. Now, the two little pigs were terrified and ran to the third pig’s house that was made of bricks.
The big bad wolf tried to huff and puff and blow the house down, but he could not. He kept trying for hours but the house was very strong and the little pigs were safe inside. He tried to enter through the chimney but the third little pig boiled a big pot of water and kept it below the chimney. The wolf fell into it and died.
The two little pigs now felt sorry for having been so lazy. They too built their houses with bricks and lived happily ever after.
You can't sue the Internet though. This line of argument begins with entitlement. Dropbox is a company with an ass to protect. Anyone using any service's API is never entitled to any guarantees regardless of whether they comply with their TOS or not. The purpose of an API is to simultaneously add value for users and widen use of the produc (both of those fall technically under the banner of "to help the company providing the API make boat loads of money).
The other part of people's defense of Boxupus is this whole idea that just because it could be used to violate copyright doesn't mean it will. Anyone who honestly, deep down, truly believes this and isn't just towing the Pirate Party Line needs to wake up. The majority of people downloading from torrents are downloading copyrighted material which is not legal, like it or not, the legalities of copyright law are irrelevant here. While I'm sure you can pop in and say "but I was using it for legit use case x, y, and z", most people were using it for downloading music and movies. Where's my proof? Fuck my proof. Where's your proof (I'm using the royal "your" here, not aimed at the op here) that it was being used so innocently? It really makes me upset that I just know someone will try to call me out for not having evidence on that one point despite the fact that we all know what was up just like we all knew what was up with MegaUpload. Demanding my evidence on that one point is the last defense of a person who's just grasping at straws, defending some pro-piracy ideology. But piracy isnt even the issue nor is it relevant!
Dropbox is a company here to make money. Just mentioning torrents puts people in a frenzy. So they're protecting themselves from liability by making sure their product is not associated in any way with torrents. It doesn't matter whether they have a legit purpose or not. It's a case of perception trumping all else and you have to remember that even beyond legal issues, Dropbox has a brand to protect. The perception of Dropbox is that of an exceptionally wholesome file storage/sharing service. Why would they even risk being seen as even the teensiest bit shady?
You are absolutely right! I own the copyright to almost every single file stored in my dropbox account, because I created them. Those that I didn't are happily stored but not distributed, entirely within the licences granted by the owners of the material.
The difference is that no one will stop you from creating and distributing your own code editor even if you advertise that it's meant for malicious or illegal development. But don't expect the same privilege when you base your app off of someone else's API which you get to use for free by the way. Everyone knows when you use an API you're a house guest, paying no rent and you can be asked to leave at any time.
The solution is simple. Build a 2 tier app? One innocuous app (SendToDropbox) that moves files into dropbox. Second app (TorrentIntoSendToDropbox) that saves torrents into the first app.
As so many people have pointed out over the last few years, building your product on top of someone else's product is a bad idea unless you have a legally-binding agreement in-place. And having an api key isn't a substitute for such an agreement.
If this principle had a name (ie "<someone's> law") then maybe people would pay more attention.
(And OT: I read "boxopus" as "box o' pus", which makes me think perhaps its a poor name)
im not sure why anyone would want to build an app on a platform that lets you log in to any users account without a password... maybe something low risk like hosting torrent downloads
It was an absurd pairing of two separate and dissimilar block-structured sync protocols and I am not at all surprised. This should've been disallowed on pure bandwidth efficiency grounds.
I'm sure the actual reason was "torrent user == pirate" and they just didn't want any juvenile connections, bad news in any language.
Everyone who read the original story saw this coming.
I feel like this is the wrong choice for Dropbox. Wouldn't they still be under DMCA safe harbour just as if I uploaded copyrighted material myself? Or is any type of downloader to your Dropbox against the terms of service as an 'Unwanted feature'? Sure they reserve the right to who uses their service, but if they are DMCA compliant are they just losing potential revenue?
I would guess[1] it's more about not painting a giant target on their back. Yes Dropbox can be used for pirated material, but they don't promote it and there are no features of Dropbox that enable it, however if this service exists and gets substantial traction people will start to associate Dropbox with piracy and when that happens Dropbox risk being targeted by groups like the MPAA.
Look at Megaupload, they were supposedly complying with the law.
I know you know this, but for the benefit of the thread:
Megaupload is commonly understood to have been "complying with the law" based on a misapprehension of what the law actually is.
The misapprehension is that "compliance" with US copyright law means "honoring takedown notices".
The reality of US copyright law is that there are two sides to compliance: first, takedown notices need to be honored, and second, the service can't operate with foreknowledge of infringing use.
You can execute takedown notices within milliseconds of their arrival, but if an opposing lawyer or prosecutor can demonstrate that you repeatedly (a) came into knowledge that your service was used for piracy and (b) took no action, you effectively forfeit the service provider "safe harbor".
It was discovered by prosecutors that Megaupload not only knew about infringing content on their own site (trading links among staff for particular films, for instance), but also ran a promotional/affiliate program that rewarded uploaders for pushing popular copyrighted material to the site.
I was actually going to work on a project that did something similar. Doing anything with large files while you're on a mobile device is difficult because of bandwidth, processing, and screen real estate.
If you could move or process large files though a third party without having to physically download the file to a temporary location, it would be awesome... but apparently Dropbox doesn't think so. I deemed my project DOA because I had a feeling that what happend to Boxopus would happen to me across multiple platforms that I wanted to integrate.
I believe utorrent has a remote feature that can be accessed from mobile. Point your torrents to dropbox on your desk/laptop and access on the go. Unless your only computer is your phone this would work just as well...
A lot of even fairly tech savvy people I know don't want to have to deal with torrent software and files and all that nonsense. This would have been perfect for them.
I'm living in a service hotel in China. This means no torrents. I can VPN into my University back in Yerp, but they block torrent traffic as well (duh). Luckily there's still zbigz.com which offers pretty much the same service.
Like VPN services, their remote computer is downloading for you but instead of forwarding the traffic to your computer directly it forwards it to Dropbox, and then Dropbox puts it in your computer.
Right, but it lets you/your personal connection avoid one leg:
instead of torrent -> local dropbox -> cloud dropbox,
you get only use your bandwidth for cloud dropbox -> local dropbox.
Given that many residential ISPs that meter data service don't differentiate between uploaded vs. downloaded data, that's a potentially valuable way to externalize the bandwidth requirements for your torrent (of undoubtedly legal/paid or public domain content, I'm sure)...
I'm genuinely curious, as I've never actually used it[1], but if someone waved a magic wand, and ALL illegal music, movies and books vanished from bittorrent networks, what would be left?
[1]blizzard uses it for WoW updates, but I don't think that really counts.
It's pretty appalling that people believe Dropbox has an obligation to bear all the burden so some "startup" can make a quick buck off of copyrighted material. Where are the thought leaders on this? Sitting around with eyepatches over their mouths?
I don't understand the need for this company in the first place, (Anonymity when pirating?)
If you wanted to store BitTorrent downloads in Dropbox, all you gotta do is tell your torrent client to use your local dropbox folder as a save location...
I think this is a sign of weakness from Dropbox; for example, big strong players like Google don't just erase all the links to ThePirateBay.se just because some big record label says so; they wait until they are actually forced to do so with a legal petition (e.g. DMCA)
Dropbox provides a file sharing service, Boxopus uses this to provide torrent downloading services. Should Boxopus become popular, how will this impact Dropboxes cost base? Will people buy more dropbox space?
Are Dropbox possibly obliged to deactivate Boxopus due to onerous copyright rules? Is there anything in their underlying contractual arrangements with their suppliers for example that could result in the termination of dropbox's service, or are they just trying to cover their backsides?
I think this shows a good example of the increasingly common problem where startups tie themselves to a platform and suffer for it as well as benefit. They're looking for another storage provider, but who's to say this won't happen with a new provider too?