Dropbox and Your Copyright

.
Which is why I mentioned SpiderOak and Wuala, both of which use client side encryption. The key is stored on your local machine so in theory at least, if required, either service can hand over an encrypted file and that’s all.

As I said there’s nothing whatever stopping anyone using DropBox from doing their own encryption prior to uploading the files. If the stuff is really important it’s what you should be doing anyway, since once it leaves your hard drive you have little to no control over what happens, whatever the PR fluff might say and, however well intentioned the service provider. Drowning the ToS in sub-clauses to cover this or that eventuality, won’t change that.

I did not say it was your misconception but nevertheless a common one. The sentence I singled out, taken in isolation, is often misused to offload the responsibility for creating a service that stores unencrypted information in the cloud to US legislation which is wrong, at least in its current state.

Dropbox and others are very reluctant to say why they chose to go that way. It remains their decision, of course, but the reliance on and further propagation of the myth that the decision was not theirs is odd.

FYI… the Dropbox folks have posted a clarification:

http://blog.dropbox.com/?p=867

Bruce

Dropbox has been excellent, the only FREE such service that really is useful I know of. Such hysteria is just useless. I had actually asked them directly before going hysteric all over the internet, that clarified things for me, I am so happy they are there.

Thanks for posting the link Bdillahu, I only hope they will continue. One should actually thank them.

Life Hacker looks at five major online synch services at:

lifehacker.com/5818908/dropbox-v … ht-for-you

They detail the advantages and disadvantages of each. Those concerned about security might want to take a look at SpiderOak.

Those needing more free space than the 2 GB that Dropbox offers, might want to look into Live Mesh and SugarSync. Each offers 5 GB.

SpiderOak is OK. I used it for a while when the Great Firewall of China decided Dropbox was a threat to national security or something and blocked it. It does have advantages:

  1. Security: if you’re concerned about that, since the encryption keys are on your own computer, not on the server;
  2. Organisation: you can designate any folders wherever they are on your hard disk to be synced with SpiderOak, not one main folder.

It has disadvantages:

  1. You have to do much more work in maintaining what’s on the server:
    (a) it keeps historical backups but doesn’t delete them, so if you’re using it with something like Scrivener, each time Scrivener does an automatic backup, SpiderOak does so, but doesn’t limit the number of them, so your space is rapidly eaten up and you have to purge it yourself;
    (b) Files and folders deleted are also moved into an online trash which isn’t emptied, so you have to purge them yourself, and you have to do so from the computer where the file originated, you can’t do it from your other computer(s);
  2. It has to run as an app with the window open all the time it is connected: my solution to the clutter was to put it in another space of its own, where I could access it if I wanted to, but where it was out of the way at all other times;
  3. It is a port from Linux: it has a Linux interface with no attempt to make it Mac-like, though it is a personal matter whether that constitutes a real problem. It does require much more specific setting up than Dropbox for sharing files between computers.
  4. (The one that made me stop using it) problems with the latest release: they released an update which was required, but it caused slow-downs while typing in Scrivener … at least the slow-downs stopped when I no longer had SpiderOak running.

I don’t know if this last point has been addressed as I haven’t been using it. I still have my account and intend to sort out my space and use it like a fall-back storage system; I also have a .me account and a Dropbox account, once more accessible in China, and space on Box.net. I need to decide how to use them all to best advantage, but I’ll wait until Lion is out, .me has transmogrified into iCloud, and I am on holiday and have more time to think about such things. One of the problems, though, is that to delete a fairly substantial amount of files on SpiderOak, I will have to reboot my MBP from the bootable back-up of its previous system installation, as the permissions on the files are linked to that incarnation of the MBP!

All that said, basically, I thought SpiderOak was good, reliable, synced tolerably quickly … perhaps more quickly than DropBox, and I would be continuing to use it currently were it not for the slow-down it seemed to cause in Scrivener.

Mark

The Dropbox situation is frustrating. I don’t believe they’d want to rip off people’s work. But the general principle of having valuable confidential material on servers where others can read them worries me. At the moment I’m using Sugarsync in place of Dropbox. The free account gives you 5gb and frankly it seems superior to me - you can sync folders between different machines for example. But it is still unencrypted on their server which makes me uneasy.

I tried both Spideroak and Wuala too since both store encrypted data. Spideroak, as noted elsewhere here, is an ugly pain to manage. Wuala has the most astonishing T&Cs which state ‘The user agrees, that by making data public, the user grants LaCie a free, worldwide, non-commerical right of use of such data as well as the right of commercial use for marketing purposes in connection with Wuala. [Without agreement to the contrary, a copyright notice is to be applied and the modification of data is prohibited.]’

It also states elsewhere that all data on the Wuala servers is encrypted and can’t be read by Wuala. So quite what this means I’ve not a clue. But it puts me off - you bet it does.

Also in order to work you have to install a 64 bit Macfuse patch and the whole thing is just about as ugly and unintuitive as Spideroak. But I suspect I do need that encryption frankly. I just don’t feel comfortable knowing that confidential work in progress is sitting on the web somewhere readable to others.

Just a further thought, though I haven’t tried it out at all …

I downloaded and installed (I think for a very modest price) from the MAS an app called “Concealer”, which I understand allows you to encrypt particular folders you choose on your Mac. Just wondering if one couldn’t use this to encrypt the Dropbox (or SugarSync) folder. Would that then be encrypted on the server? Would one be able to open the encrypted data on another machine?

Since it’s come from the MAS, I have it on the MBA and the MBP, but I have had no time to play with it since installing it … something else which’ll have to wait a couple of weeks till I’m on holiday.

Anyone else tried Concealer at all?

Mark

I can’t be bothered faffing round with local encryption frankly. Have moved to Wuala which is a little weird but works. 10gb for €19 for one year. All the data is encrypted before sending. They can’t even read it.

while hysteria is going strong, just realize that noone, really noone, really wants your texts (other than if it was Harry Potter etc.). they are groundbreaking for sure, but the world has other things to care about. if dropbox would manage to publish mine I would be happy. But, actually, that is not their scope, believe it or not. But, yeah, hysteria is better than nothing to worry about. get a life.

That’s a rather rude way to put it. Plus, if your primary way of earning a living is by writing words that you want to have a constant backup of… then it’s not paranoia; it’s justifiable caution.

Some of us have commissioned work too. Imagine how a publisher would react if your private project for them got leaked. I don’t imagine Dropbox would do that. But a few weeks ago all the security on DB was down for something like four hours. During that time anyone could have got into txt exports of my current, commercially-commissioned project, and snatched copies.

Unlikely? Maybe. Worth the risk? Definitely not. Wuala is just fine for me.

God, just cannot believe this. last hint from me: * Dropbox * is * NOT * a publishing company *. Dream on they will steal and publish your stuff… or cool down, use Dropbox or don’t, but do not discredit this excellent service others just can dream of.

DropBox is an excellent service, and I’m sure it’s run by nice people completely uninterested in what we may use it for. But those terms of service – lately amended? – certainly clarified – were a PR shocker if nothing else. You have to wonder how the company could have let them out into the bright light of day, and they certainly fuel the suspicion not that DB would itself exploit users’ work but that the company was trying to ensure it would be legally protected if others – a disaffected employee, perhaps, or hackers - did so. Perhaps not an unreasonable thing to do, from the company’s point of view, if one ignored the PR. I know media lawyers who’d insist on such protection. But from a user’s point of view with the products of one’s sweat metaphorically in the clouds it seems to me entirely reasonable to prepare for the worst even while hoping for the best. After all, until a few months ago nobody, not even a cynical old hack like me, believed that one of the biggest media organisations in the world might casually be hacking phones by the thousand…

For me this isn’t about Dropbox. It’s about whether I want confidential information available in easily readable form on any kind of cloud service. Systems go wrong (as they did with DB very recently). They also get hacked. I’m no longer prepared to take that risk. I will only use cloud services if they allow me to store confidential information in an encrypted state that only I can unlock.

Thinking about it I can’t quite believe I allowed it in the first place. But the ease of DB and its newness were very tempting. But if others feel differently that’s their prerogative. It’s a personal choice.

just my personal opinion

this whole “depending” on Dropbox to sync was an ill advised strategy to start with.

Creative work handed over to one of the worst data miners in history. Ridiculous.

Lets hope LL down the road will offer a straight sync via cable without the need of any cloud services. Because the IOS app is really nice otherwise.

cheerio

Given that you’ve already expressed your views in detail in another thread, is there a reason why you’re posting this again? In a thread that’s been quiescent for five years?

(For those who haven’t been following the other thread, it’s here: https://forum.literatureandlatte.com/t/syncing-between-mac-ios/33818/56.)

Katherine

To quote from the DropBox service:

There’s no evidence of data-mining by DropBox. In my years of internet experience, I’ve never heard a valid accusation of such. Google, Facebook, MS? Yes, and they do so admittedly & unashamedly; but not so with DB. If there is any substantiated evidence to the contrary, I’d love to see it. As for DB internal access to user files stored on DB, that’s a LEGAL requirement by the United States government. Anyone with a bone to pick in that area (which I do) should yell, scream, and curse at their elected representatives in that funny farm we call the US Congress to change US snooping laws to respect citizen privacy. Don’t hold your breath, however. Asphyxiation will outpace any move by US lawmakers (who, incidentally, fail to enforce the few laws & regulations concerning NSA, CIA, DIA, DHS & FBI intrusions into citizen online communications.)

So don’t scream at DB or L&L for the failings of our own government. It’s no secret that US privacy protections are virtually non-existent; consider the responses of the EU community decrying the abuse of privacy rights by the US. But also, see how other nations are following (or leading) the stampede to monitor their citizens. Check out the UK/GCHQ mess, or the “Five Eyes” consortium. All that makes the DB compliance with possible FISA court-ordered security letters look quite innocuous.

Or wear a tinfoil hat. They’re back in fashion thanks to the current election season.

It’s been a couple of years now, but I was just wondering if there was an update on this question?

I know that my work is copyrighted as soon as I create it. And that it’s ok to show a text to an editor or agent before I publish it because there’s no incentive for them to steal. (I’m getting my info from this post). I’m assuming that the same would apply to Dropbox, but it would be nice to know if everyone’s thinking on this has changed since this topic was first posted.

Putting your work on Dropbox has zero implications for your rights as author. Under their Terms of Service, you do not give them permission to “publish” anything by merely placing it on their server.

The one exception would be if you publish the work using Dropbox as the venue, for example by distributing a link to a public Dropbox folder. But that would be an action explicitly authorized by you.

(As a practical matter, I also suspect that access to encryption keys by Dropbox employees is very tightly controlled, and that using those keys to go randomly snooping through user files is a firing offense.)

Katherine