Put it in the Cloud? Are You Nuts?

Note:
The situation in the following post has been resolved for now. Dropbox has taken everyone’s outrage seriously, and has fixed the problem. More information here. I am leaving this post and the follow-ups up because it contains a good deal of information on how to protect yourself and your intellectual property when working in the cloud.

As of Sat, July 2 2011, Dropbox has joined Facebook and who-knows-how-many-other ass-backward companies in declaring eminent domain on their user’s data. That’s right, boys and girls, if you’re using Dropbox for storing your manuscripts, photographs, creative works, etc., you should know that their revised TOS says that:

you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent we think it necessary for the Service.

In other words, they own your stuff.
Not that this would stand up for a minute in court–but do you want to be a test case?

That right there is bad enough–almost, but not quite as bad as Facebook claiming copyright to anything you post, link to, etc. (and using everything you post in their advertising), but Dropbox does one better. Lest you say “Haha! I’ve dodged a bullet! I only use dropbox to hold my ebook collection, or to sync my porn files and music between my home and office systems!” you better read on. Following on from the same place in the TOS:

You must ensure you have the rights you need to grant us that permission.

In other words, if you put something you legally bought for your personal, non-infringing use, you’ve just been made a felon, because Dropbox now requires you to grant them worldwide license (including derivatives!), by uploading a file you didn’t author (for a personal backup or so you can have access to it on a business trip, say) you’ve just granted rights to Dropbox that you don’t own. But by uploading it, you’re representing that you do have the right to grant those rights, therefore you’re committing fraud as well as several sorts of infringement.

I’m not a lawyer, but I can’t see how in the world this will hold up in court–but I’ll tell you one thing: I ain’t ever using this bloody service again. And I’ll go one further–with shit like this getting to be de rigeur among clueless tech companies and their equally stupid lawyers, there’s no way in hell I’m ever using a cloud-based archiving service that “reserves the right to change the TOS without notice” again.

As The Specials once said, you can’t fight corruption with card tricks–they use the law to commit crimes.

Folks at Dropbox should be ashamed–and they should probably be sued. You guys at the EFF, are you listening?

Full text of the grotesque new Dropbox TOS here.

Addendum:
For an explanation of why the wording of this license is pissing me off, read my Contracts post Everybody Knows Peggy Lee (or should) which explains what’s implied by license wording such as the above–regardless of whether it’s couched in language that says “We only want these rights so we can perform the service.”

Further Addendum:
Check out the comments below for more addenda–I’m posting updates as people feed them to me, and it’s easier to add a comment than to edit the post over and over.

Another further Addendum:
I’ve got a new post talking about the factors in selecting an off-site backup service, the basics of data security, and discussing some alternatives to dropbox. Find it here.

Yet Another Addendum:
There are more updates on the Dropbox situation at my new blog post here.

Final Addendum:
As mentioned at the beginning of this post, Dropbox has taken everyone’s outrage seriously, and has fixed the problem. More information here.

74 Responses to “Put it in the Cloud? Are You Nuts?”


  1. jdsawyer

    Another post that has a slightly different focus and some additional info: http://www.offmessage.com/2011/07/wtf-new-dropbox-terms-of-service/

    I suspect this’ll be one of those on which I keep a running link list in the comment section.

  2. jdsawyer

    Dropbox has another sentence in the TOS, which it looks like they might have added to try to stem some of the uproar. It reads:

    This license is solely to enable us to technically administer, display, and operate the Services.

    So, yeah. I don’t think that makes a difference–the rights they’re grabbing are way more extensive than is necessary to operate a service such as the one they operate. Unacceptable.

  3. jdsawyer

    Looks like they’ve softened the wording yet again, adding in clarifying comments about what they mean by derivative work. Too late to get me to change my verdict, but if you’re interested in this mess, do be sure to click on the link to the TOS to see what it says at the moment–at the time of this comment, it seems to be changing every half-hour or so, probably in response to people writing them to complain.

  4. Del

    Except that there’s an earlier line in the same TOS that says “you retain ownership of your stuff.”

    And there’s also the line jdsawyer quoted. And those things DO make a difference because they mean that DB can only do specific, limited things with your data.

    Also, only governments can assert eminent domain.

    Seriously, if you’re going to be freaked out about storing things in the cloud, freak out because of all the many other security issues inherent in virtualizing your data and putting it on a server not in your control (any server, not just DB). No TOS will offer you ironclad protection once your work is out in the ether.

  5. jdsawyer

    Del —

    “Eminent domain” is used by way of analogy ;-) The increasingly softening wording over the course of the morning is encouraging, both because it means that users are raising hell and because Dropbox is obviously listening.

    This is very similar to shit Facebook has pulled in recent years, though–stick a toe in with the most sweeping language possible, then pull back to something people can live with. It’s a snake’s tactic, and it does show what’s going on with many “free” cloud-based services–something that most users haven’t thought about:

    When it comes to a free, cloud-based service, the user is not the customer. The user (and their data) is the product.

    To this end, it’s in the interests of such providers to lay claim to as much as they can in the hopes that users won’t notice. Dropbox’s behavior this morning is following a well-established path that other companies of their sort have trod many times before.

    It is, of course, possible that they’re simply listening to very bad legal advice–but if they are listening to advice *that bad* then they’ve got other problems that make them potentially dangerous to deal with.

    For these, and for the very good reasons you point out, I generally don’t use use cloud-based services in the first place–particularly not free ones. When I have to, I’m very careful to limit my exposure (there’s a reason, for example, that the only picture I’ve posted on facebook is my headshot).

    All that said, “ironclad protection” is pretty much impossible even in an analog world–but there is a long, long distance between 1) the remote possibility that some stranger will steal or infringe upon your work and 2) having one’s service vendor turn around and grab the rights to your property.

    Stuff people need to be aware of.

    Thanks for stopping by, Del!
    -Dan

  6. Jonathan

    I’m not a lawyer, so this is just my wildly amateurish read of the clause, but I thought it’d be a good idea to have someone play devil’s advocate. It may turn out this is more than a mole hill, but I still think we might be making a mountain here.

    First, right before the offending clause is this: “You retain ownership to your stuff. You are also solely responsible for your conduct, the content of your files and folders, and your communications with others while using the Services.”

    The newly updated clause: “We sometimes need your permission to do what you ask us to do with your stuff (for example, hosting, making public, or sharing your files). By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service. This license is solely to enable us to technically administer, display, and operate the Services. You must ensure you have the rights you need to grant us that permission.”

    “worldwide”: As I read it, this just means you allow Dropbox to distribute your files to Australia, England, or China, if that’s where you wish to access them or where someone you want to share with is located.

    “non-exclusive”: Dropbox can share/store your files, but you can share/store your files with iCloud, Amazon, or Google.

    “royalty-free”: When someone access your files, either from a public folder or one you shared, you’re not going to expect a paycheck from Dropbox for that access.

    “sublicenseable rights”: I actually read this as relating to sharing. You’re giving Dropbox the right to tell users you’ve selected (or the public at large, if the file is in a Public folder) that they have the right to access the files you’ve chosen to share. I imagine they have to have this clause in order to cover themselves if someone you choose to share with changes a file in a way you don’t like. You shouldn’t share a file you don’t want messed with, and that’s what this clause covers.

    The things that a person might do with a file when you’ve shared it with them is “use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display” it. This is true of any shared file on any shared drive anywhere, but because the file is controlled by a third-part, for-profit entity, they need to make that explicit.

    “to the extent reasonably necessary for the Service”: This is also new to the clause, along with the sentence you’ve mentioned. This I read as the part where they’re saying they won’t use your stuff themselves. It is not reasonably necessary for Dropbox to sell works of art or use files in advertising, so such uses would violate this clause. I think it still could use some work, but that’s how I read it.

    “You must ensure you have the rights”: Again, this I read as related to sharing, not to how Dropbox will steal your stuff. I have (or at least I think I have) the right to use Dropbox to share a copyrighted file (an e-book, say) with myself across computers. I do not have the right to share that book with others or drop it into a Public folder, thus if I am caught doing so, I can be suspended for violating the TOS. The latest episode of The Way of the Game, or a PowerPoint presentation I created, those I can share or drop in a Public folder.

    I feel a bit bad for Dropbox. There are certain things we take for granted (and never even think about) as computer users that they have to spell out and make explicit. It’s not like there’s precedent to follow in this, or templates you can work from. Amazon, Apple, Google, anyone who deals with digital storage and creation has to come up with a way to get hold of the rights they need to not get sued by a customer who gets pissed and decides to take advantage of a legal loophole, protect themselves from groups like the RIAA or MPAA if a user violates those copyrights, and still leave with the customer the rights they expect and demand.

    Could this TOS be abused? Sure, but I think this update shows that Dropbox is at least trying to minimize the possibility of that. They’re in uncharted waters, and while I don’t fault anybody who wants to jump ship, I also think it’s a bad idea to set fire to the sails when you go.

  7. jdsawyer

    Del -

    I should add, re: the contradictory language in the TOS (which may or may not still be there)…

    Contradictory language in contracts and TOSs is often, though not always, deliberately obfuscatory and should raise at least a yellow flag. Even assuming the best motives on the part of Dropbox (and, on the principle of “Never attribute to evil genius what can be explained by rampant stupidity” I have no problem with that assumption), I’d rather steer clear and not be in the position where I have to decide I want to be a test case.

    Your mileage may vary :)
    -Dan

  8. jdsawyer

    Jonathan —

    To my amateur eye, that does seem a reasonable reading of the situation. The clause, though, really isn’t necessary in the first place (and the language is still all over the map in terms of what it means in light of entertainment caselaw vs. tech industry caselaw).

    Something like:
    “You warrant that you will not share material in violation of copyright law, and that we are authorized to store your files in accordance with the normal maintenance of our databases and share them with only those parties you direct us to share them with.”

    A clause along those lines (gussied up with caselaw-appropriate jargon), I’d have no problem with. The approach they’re taking, though, has HUGE problems. Not cool.

    Gonna be interesting watching it unfold — thanks much for chiming in!
    -Dan

  9. utestme

    I entirely agree with jdsawyer; I have the same feeling the Dropbox guys just looked at the wrong person when they wrote this shit. They’re shooting themselves in the leg.

  10. Misa Buckley

    To be honest, I lose a lot of confidence by their use of the word “stuff”.

    IDK, putting my work directly onto the internet never really appealed to me anyway. Vague TOU notwithstanding, there is always the risk of hackers, viruses, etc etc.

  11. jdsawyer

    Utestme has an excellent, brief, and far more elegant post on this than the rant I’ve provided above. I heartily recommend it — you can find it here:

    The post in question

    -Dan

  12. Hoopy Freud

    Of course, to my understanding, Dan, the phrase “In violation of copyright law” doesn’t discriminate between “copyrighted work” and “work that you are not licensed to distribute”…
    I wonder what this means for Creative Commons licensed work…

  13. jdsawyer

    Misa –

    It does smack mightily of trying too hard to be hip, doesn’t it?
    -Dan

  14. Michael G. Thomas

    Thanks for posting this, I will check it out.

  15. jdsawyer

    Hoopy –

    Depends on the CC license–the “no derivs” is clearly out. But is “shar alike?” Maybe. “Attribution” is probably okay. It all depends on the license (and on what the TOS winds up being after dropbox finishes backpedalling, etc.).

    On the other point, I think you’re mistaken. “In violation of copyright law” does discriminate between “copyrighted work” and “work that you are not licensed to distribute” since distributing work you’re not licensed to distribued *is* a violation of copyright law, while distributing a work you’ve authored and own the rights to, or a work you have a license to distribute, is not in violation of copyright law.

    -Dan

  16. Valalvax

    I actually happen to have been explained this in the past

    What they’re getting is a license to USE your stuff, you still own it, but does that matter?

    Breaking it down:

    you grant us (and those we work with to provide the Services) – Whoever is willing to pay for it

    worldwide – obvious enough here

    non-exclusive – basically means you can also create your own licenses for people to use your stuff

    royalty-free – you get the crap end of the stick, no money from their sells

    sublicenseable – we can sell your stuff

    rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent we think it necessary for the Service. – We can basically do whatever the heck we want

  17. Hoopy Freud

    What I meant was if someone were licensed to transfer and copy a copyrighted work, but did not own the rights to it. Therefore, the person they transferred it to would not be allowed to transfer or copy it.

  18. jdsawyer

    Hoopy –

    Gotcha–thx for the clarification.

    Valalvax–
    Well said!
    -Dan

  19. Dropbox just showed us why you can’t rely on the cloud | The Digital Reader

    [...] Library Abominations [...]

  20. Paul

    I believe the sublicense clause refers to the fact that Dropbox makes money off selling their service. Instead of just inviting your friends, you can pay for extra space. If they have a user that has paid for extra space, and you’re sharing your IP with that user, they are making money off of your IP by facilitating the sharing.

  21. Thelemic Waves

    Again with the overly paranoid ignorance. Of course they require the rights to republish your stuff – you might say something that local news channel wants to share in a story about DropBox, or someone might repost your stuff (link included, hopefully) in a Dig or Stumble or something SOCIAL. You fear mongering fools – figure it out, you’re sharing – so STFU or get offline.

  22. Put it in the Cloud? Are You Nuts? at Literary Abominations » Adventures of a Bookonaut - Reviews & Views on Speculative Fiction

    [...] Put it in the Cloud? Are You Nuts? at Literary Abominations. Print: Posted in News SHARE THIS Twitter Facebook Delicious StumbleUpon E-mail « Patty Jansen on Authors and Social Media No Comments Yet [...]

  23. Mike

    You can find similar TOS in other services such as Box.net:

    http://www.box.net/static/html/terms.html

    Notice however how they use the word “sole” rather than “extent reasonably necessary”, the former being much more precise and restrictive.

    They also fall into the trap you mention of taking a license on data you don’t have the right to sub-license, with the exact same wording.

    It appears that some law firm decided that it would avoid lawsuits such as “I uploaded my files to your server and you copied them to an offshore backup location run by some foreign company without my permission”, and wrote these TOS, which everyone else copied.

    Amazon S3 doesn’t ask for such license at all, but they have this clause in their TOS:

    “8.2 Your Submissions. Your Submissions will be governed by the terms of the Apache Software License, unless you specify one of our other supported licenses at the time you submit Your Submission.”

    Not sure what exactly this entails, as in that your content becomes open source, for example? Is it a hidden way to ask for a similar type of license as the other cloud storage providers?

    In the case of Apple’s iDisk/MobileMe, they also ask for a license for uploaded content, but they specifically state it is for content stored in publicly available areas, such as your “Public” folder.

    Nice article, thanks!

  24. jdsawyer

    Thelemic–

    I really don’t know where to begin to respond to the depth of the ignorance displayed in your comment. Dropbox bills itself as a private online filehosting service, not a publication medium. So no, they don’t require permission to publish or republish your “stuff.” The license to host your files is implicit in the fact that you upload to them–if this clause were truly necessary, then every web host in the world would need similar wording. Preposterous–and it would make the web grind to a halt through legal paralysis. Dropbox is not social media.

    As far as the local news channel, what does that have to do with anything? They have the legal right to report on what I’m saying–but if they want to publish my blog post or my article, they do have to seek my permission before doing so and (if I so demand) pay a license fee for using my intellectual property.

    If someone reposts my “stuff,” they are infringing, period. That’s the law, and I take it pretty seriously. However, if they post an extract (or a brief quotation) and a link back, they’re well within the established bounds of fair use (and I’m quite happy for it, as it drives traffic).

    “Adapting” and “preparing derivative works” and “sublicensing those rights” are all things with a specific meaning in copyright law–it includes all the rights that constitute the long tail from which writers, musicians, filmmakers, photographers, poets, and commentators make their living from. Words mean things, and where copyright law is concerned you ignore those meanings at your peril.

    This is not difficult to grasp–a simple, ten minute readover of the basics of copyright law is all you need to navigate successfully on the net. Dropbox obviously hasn’t done that. You obviously haven’t done that. The fact that you feel it necessary to insult me and do the net equivalent of shouting while displaying your rampant ignorance is both unfortunate and embarrassing.

    And please, do not take my word for it. Spend an afternoon reading through the The Copyright Handbook from NoLo press. It’s very accessible.

    -Dan

  25. jdsawyer

    Paul –

    Interesting thought–I would love to hear their line of reasoning on all this. However, if that were the case, then again, the language is no more necessary for them than it would be for any webhost. They no more need this rights grant than your landlord needs to have the right to come into your house and rearrange your furniture, or to sell it at auction without your consent (and without paying you).

    -Dan

  26. Dropbox TOS change is worrying, but so are everyone else’s TOS | Mike Puchol

    [...] “this stuff is hot” labels? Yeah, exactly. There are some great posts on this topic on J. Daniel Sawyer’s blog, and on UtestMe [...]

  27. jdsawyer

    Mike —

    Thanks for the heads up on the APL. I honestly don’t know how Amazon intends that it should apply, as it has several sections with different terms for contributors, users, etc. I think we need a lawyer to explain this one.
    -Dan

  28. jdsawyer

    I’ve posted an update on the situation here: http://jdsawyer.net/2011/07/03/update-on-the-dropbox-situation/

  29. clay harrison dot net » Blog Archive » Brain Farts July 2, 2011

    [...] Harrison RT @andydiggle: Man, I love(d) @Dropbox but it sounds like they just shat the bed: http://jdsawyer.net/2011… | @mercuryeric @ruckawriter 26 minutes [...]

  30. Wow. Holy Flaming Dropbox. http://jdsawyer.net/2011/07/02/put-it-in-the-cloud-are-you-nuts/ | PU Result 2011

    [...] Wow. Holy Flaming Dropbox. http://jdsawyer.net/2011/07/02/put-it-in-the-cloud-are-you-nuts/ This entry was posted in Uncategorized. Bookmark the permalink. ← Sorry My guys [...]

  31. jdsawyer

    Another great post on this, going into other areas I don’t touch on here:
    http://astroaficionado.net/2011/07/02/a-fall-from-grace

  32. Andrew

    Another reason to encrypt everything that goes out your computer, try to derivative a bunch of static.

  33. Stacy

    What bugs me about this is the sublicensing. Why should Dropbox have the right to sell or otherwise make money off of my stuff without paying me? I’ve deleted my account.

  34. Dropbox, cloud storage, and who owns your files? - Liliputing

    [...] weekend Dropbox went through a nearly identical problem. The company updated its ToS, some users started complaining, and Dropbox tried to [...]

  35. Cloud as a Bank - UtestMe

    [...] Dan Sawyer on Dropbox new TOS: “I’d rather steer clear and not be in the position where I have to decide I want to be a test case“. (in comments) [...]

  36. fidgetwidget

    It sounds to me like they are just trying to protect themselves, and using language that was given to them in order to do so.

    In some circles, the fact that the files are on their servers, makes that their property already. So unless they have legal rights to have those files, they are in potential legal trouble.

    All they are trying to do here is protect themselves from some stupid laws that are being passed in some parts of the world with regard to digital rights.
    I’m not the least bit worried about their wording, and the fact that they are changing it to make it clear why they are doing it only enforces how I saw this in the first place.

    Dropbox is just doing what they need to in order to be able to continue running their service, and I’m ok with that.

  37. Chris

    I don’t think it was ever quite as bad as you were making it out — the whole license grant was limited by the “to the extent we think it necessary for the service.” So, for example, if you put something in your dropbox, you have to give them the right to copy it, or dropbox won’t work. If it’s a picture that’s in your public box, they may need to create a derivative work when they create a thumbnail. If it’s a picture in your public box, they need the right to publicly display that picture, etc…

    The Terms of Service got it wrong by “burying the lead” — they started off with a really broad grant that they then limited. Problem is, though, that everybody reads the broad grant, has a heart attack, and never gets to the limiting section.

    I’ve got more commentary here: http://flf.lt/4

  38. Joel A. Glovier

    Interesting response – and not to sure it’s not appropriate. Although, I’m not too sure I feel the same way, either. For most part, I don’t have a big problem with the TOS as is, because quite honestly I don’t really think they are actually going to do anything despicable with the new terms, even if they legally could.

    I will certainly think twice now about what content I upload to Dropbox, to be clear.

    But the real gem hidden on this page is this comment:

    When it comes to a free, cloud-based service, the user is not the customer. The user (and their data) is the product.

    Kudos, and thank you for point it out. It really is a paradigm issue that we all should realize.

  39. Janine Frederick

    THIS is why I own my own FTP. My FTP space is legally mine to do with as I wish and the hosting company has no legal claim to anything I put on it, what-so-ever.

  40. Julie Benson-Grant

    TSOs scare the hell out of me. And now I (well the startup I’m involved with) have to actually write and post one on our site. I think it may take 100 times longer than building the site to write, review, update, legally review, re-write again – well you get the picture.

  41. Raptor007

    Thank you for the insightful article regarding the TOS that Dropbox “dropped” on us. Given the egregious nature of their new TOS, I deleted my account and stated why I was doing so and sited some of the examples you listed. Free service or not I am not willing to give up my personal items to be used period. If you don’t have a business model that supports your company financially then I am not about to support your company by allowing you to sell my digital media.

    Just imagine you are walking down the street and you see a billboard with your likeness used for (insert product or cause here) that you do NOT approve of. Your are now linked to that image and you can do nothing about it. I recall this happening in real like to 2 years ago where a young woman found her likeness promoting a wireless carrier (Australia I think) and she gave no permission. Well it was buried in the TOS somewhere on a site and voila her image was sold and did not require her consent, it was already given unbeknownst to her.

    Take control of your digital world before the corporations take it from you.

  42. Brandon

    Well, goddamnit. I rely on Dropbox for a lot of things, but now I may need to delete my account. Thank you for bringing this to my attention!

    (Also, just a quibble: “You can’t fight corruption with card tricks–they use the law to commit crimes” is actually a lyric from the song “Gangsters” by The Specials, off an album that came out in 1979. That’s funny they used it on The Sopranos!)

  43. Back Up Your Writing?

    [...] perform, or publicly display that stuff to the extent we think it necessary for the Service." Put it in the Cloud? Are You Nuts? at Literary Abominations Reply With Quote + Reply to Thread Quick Navigation Writing Questions [...]

  44. yep

    I agree with fidgetwidget.
    Imagine a situation without this TOS, where an artist puts up a file they own and shares it so that some business associates can access it. The artist does not cover their rights adequately and the business plans go bad, and their content is stolen by one of those said business associates. Because the artist hasn’t covered their rights properly, they have no recourse to recover losses from the bad business associates, however they consider trying to recover their losses instead from Dropbox, who hosted the files during the transaction. With this TOC, Dropbox is non-liable for the user’s losses, but without this TOC, Dropbox would be vulnerable to a potentially huge pay out. Dropbox can clearly not run their business with that risk, hence the TOC.
    There are many other possible scenarios of liability that Dropbox would be vulnerable to without these TOC. (e.g. illegal file sharing). Thus Dropbox simply runs a line of needing to keep customers, but protect themselves from the risks associated with the service they provide. Hence the TOC terms are very important both for customer impressions and limitation of liability in case of problems.
    There might also be some element of Dropbox wanting to protect and reserve rights to create further value from non-paying customers by analysing users files to create data aggregation/mining products for some other business customers. Whether or not Dropbox is doing that might be hard to learn, other than through business channels or looking at financial reports, however it seems they reserve the right to do so if they wish. But anyone with a Gmail account or many other services (or anyone browsing websites, buying products or doing many things on the web at all) does this to some extent already.
    p.s. I am not a lawyer, this is just my layman opinion.

  45. Dropbox, Twitpic et toutes ces plateformes qui veulent croquer vos contenus… | :: S.I.Lex ::

    [...] une tentative illégitime d’appropriation des contenus (ici ou là). Aux Etats-Unis, certains usagers en colère s’estiment même trahis et comparent la politique de Dropbox à celle de Facebook, [...]

  46. MLE

    Gosh this is quite a worry!!! I use Dropbox to fileshare original music files with other music producers, does this mean that Dropbox could claim the right of ownership to any files i upload to share with selected colleagues?

  47. Dracoverdi

    It is interesting that groklaw was able to operate for years without grabbing people’s copyrights. It was assumed from the start that the copyrights on blog should be assigned to the author as they are by law and that site was intended to function as a collaboration. Frankly, I’m skeptical of people who first say that intend to take all your stuff and then later claim they were just kidding. Sounds like GLaDOS to me, so don’t count on that cake.

  48. Michael Blackshore

    You can easaly solve this by encryption.
    Use Truecrypt.
    http://www.truecrypt.org/
    It can create a Aes 256bit encrypted container. Sync it with dropbox.
    They can’t read the file since it needs more than the computers on this planet to encrypt it. They can’t force you to open it if you have forgotten the password. =)

  49. Dropbox, data ownership, who cares? « Pierrick on Piwigo

    [...] their new TOS”. Actually, it seems that “a few people” care. See also blog posts Put it in the Cloud? Are You Nuts?, Oh Dropbox, We Loved You Once…, I’ve deleted my Dropbox account or the  less [...]

  50. J

    Tempest in a teacup guys, you have signed this ToS on every file sharing site you’ve ever used. This is standard stuff for any web-based media company including your web host (find the ToS for the servers where jdsawyer.net is hosted, I suspect you’ll find a very similarly worded ToS).

  51. More Dropbox Silliness | Irreal

    [...] bad enough when the kids over at Slashdot hyperventilate over a faux issue like this but others who might be expected to take a more measured view are also upset. Even Michael Krigsman over at [...]

  52. Guy Anthony De Marco

    ” They can’t force you to open it if you have forgotten the password. =)”

    Unless you’re in the UK, then they can force you to remember…or else.

    I do agree with you that you should always encrypt cloud storage files. You never know when Lulzsec (or its progeny) may take a shine to cracking Dropbox just for the lulz.

  53. Evil Genius Chronicles Podcast for July 4, 2011 – “Good Times Dad Times” - Evil Genius Chronicles | Evil Genius Chronicles

    [...] J. Daniel Sawyer attacks the Dropbox TOS [...]

  54. Noah
  55. igniz

    The full tos isn’t as bad as you make out and an e-mail was sent out notifying of the changes. It is a big change but an understandable one.

  56. You Are Not the Customer–You Are the Product at Literary Abominations

    [...] gripe session about Dropbox’s new TOS and my presentation (wherein I all but came out and shouted that [...]

  57. jdsawyer

    Dracoverdi –

    You nailed it in one. Sourceforge and other such sites also don’t claim copyright (or sublicensing or derivative rights) to the data people upload–it would be disastrous if they did. The folks (including the very polite and articulate fellow over at Lawclanger who are claiming that these terms are necessary are simply wrong on both the facts and on the implications of rights grabs such as this (though in most cases I think they are probably right that the intent is self-protective rather than piratical).

    -Dan

  58. jdsawyer

    J –

    Actually, my web host does none of those things in its TOS, and never has. Not even Microsoft’s Skydrive (which is a file sharing service, rather than a web host) does this, and Microsoft has a well-earned reputation for an attitude of “it’s better to pay a settlement than a license fee” where other people’s intellectual property is concerned.

    I’m sorry, but you’re just wrong on the facts.

    -Dan

  59. jdsawyer

    Yep–

    Your reasoning is very plausible, and I wouldn’t be surprised if Dropbox’s lawyers were following a similar chain of reasoning–but that’s just not the way it goes down with cyberlaw or copyright law. There have been worries of stuff like this for well over a decade now, true, but the precedents that would create the nightmare scenario you describe simply haven’t emerged (and, if they did, they would effectively bring a lot of internet commerce and data management and database service operations to a screeching halt).

    Thanks very much, though, for the thoughtful post–it puts the case for the defense (so to speak) far better than I”ve done myself, and I do appreciate it.
    -Dan

  60. jdsawyer

    MLE–

    They couldn’t exactly claim ownership, but under the un-revised TOS (they’ve revised it a lot since I wrote this post, and I’m not current) they could claim the right to resell it. I doubt such an action would stand up in court, but there would have to be a test case, which is a huge pain in the ass and very expensive–so, yes, it’s a big worry. Check out my new post for some suggestions on alternatives and for ideas on how to evaluate whether a service will serve you well in the long term or whether it might screw you over.

    Thanks for stopping by!
    -Dan

  61. jdsawyer

    Brandon –

    That’s a line from a song? Cool! I’ll have to look that song up, it’s an excellent line.
    -Dan

  62. Perry

    Okay, first, I don’t like the new TOC, but before everyone goes off the deep end, please make sure you read the TOC for other providers, including Microsoft sky drive. They all say the same thing. You own the stuff you put up, and they get the sublicences.

    Is there another alternative?

  63. Tab Clearance « Genreville

    [...] J. Daniel Sawyer [...]

  64. Whiskey Tango Foxtrot

    I hear that these people are going to claim an indie group’s unfinished game, what are these people hoping to achieve with that?

  65. jdsawyer

    Heya WTF–

    That’s a pretty hefty allegation–got a link to document it?
    -Dan

  66. jdsawyer

    Perry–

    There are some good alternatives–check out my post from this morning for a quick go-over.

    -Dan

  67. odin1eye

    I received the email notifying everyone to check out the new terms of service. The thing that has struck me, that I really haven’t seen mentioned anywhere yet, is that their wording seemed to smack of “this is really where we’ve really stood all along, we’re now just trying to make it clearer for you.”

    That is truly scary.

  68. How Does Dropbox's Terms of Service Compare to Those of Other Companies? at Ectimes

    [...] the revised ToS doesn't address a problem author J. Daniel Sawyer pointed out. The ToS says "You must ensure you have the rights you need to grant us that permission." Sawyer, [...]

  69. links for 2011-07-06 « The NRB

    [...] Put it in the Cloud? Are You Nuts? at Literary Abominations [...]

  70. La Web de Programación

    Noticias 09-Julio-2011…

    Ya se puede descargar el JDK 7 Está Facebook atrapado en MySQL ? Hablando por experiencia, dudo que estén…

  71. Google Pulls a Dropbox at Literary Abominations

    [...] to go through this all again. For those interested in my extended thoughts on the matter, read this post on the Dropbox mess, this post on how the economics of free online services actually work, and this [...]

  72. Just Stuff « Writing the World

    [...] “cloud”-type applications. Here’s a link to the article my friend referenced: http://jdsawyer.net/2011/07/02/put-it-in-the-cloud-are-you-nuts/ According to my friend, Dropbox recently changed their Terms of Service (TOS) to say users were [...]

  73. writing on wall

    Isn’t it just possible that 1) They only want this licensing right in order to make money from the totality of users and it has nothing to do with “needing” it to operate? 2) I had a cyber law class back in about 2007, and I seem to remember that servers were never held liable for the content on their websites in terms of abuse or infringement, so what do the companies really have to worry about, might they just be using that as an excuse to gain rights? It is really offensive that they could, for example, make a recording of your music and sell it, with no royalities, when there are royalties built in to the copyright law. 3) By what standard do they decide what they “think is necessary?” No limits!

  74. jdsawyer

    1) I think this is entirely probable–the customer, and their data, is the product (though I think it’s more likely that the part of the data they’re interested in is the type and quantity of data people transmit, so they can then find ways to monetize the traffic by selling advertising, targeted service enhancements, etc. The metrics and databases are where the money is–selling access to datamining companies is a popular business model right now.

    2) I have a similar understanding of cyberlaw stemming from RIAA related lawsuits and obscenity prosecutions early in the era.

    3) That is the problem, isn’t it? And they’re now saying “trust us.” In situations like this, I can’t help but remember what Lazarus Long said:
    Money is truthful. When a man speaks of honor, make him pay cash.