Time To Drop The Box? Dropbox Modifies TOS
It seems that the popular file syncing and hosting service Dropbox cannot break the negative news pattern of the last weeks. The company announced a change to their policies on Friday which they received lots of flak for. The original news post on the Dropbox company blog has been updated twice to clarify the issue. The first version basically said that a Dropbox user grants Dropbox "worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff.
Many Dropbox users have expressed concern over the policy change on the Dropbox website and on other Internet sites. Neowin, never shy to put a finder into a wound, even claimed that Dropbox could legally sell all files of their users to third parties.
The policy was updated again yesterday, it now reads:
We sometimes need your permission to do what you ask us to do with your stuff (for example, hosting, making public, or sharing your files). By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service.This license is solely to enable us to technically administer, display, and operate the Services. You must ensure you have the rights you need to grant us that permission.
The bold part as been added by Dropbox to clarify the policy.
Another aspect that has not been mentioned by sites like Neowin is the fact that the wording is more or less an industry standard. When you look at Google's terms of service you read under 11.1 for instance:
You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This license is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.
11.2 You agree that this license includes a right for Google to make such Content available to other companies, organizations or individuals with whom Google has relationships for the provision of syndicated services, and to use such Content in connection with the provision of those services.
Facebook's Terms of Service state:
You own all of the content and information you post on Facebook, and you can control how it is shared through your privacy and application settings. In addition:
For content that is covered by intellectual property rights, like photos and videos ("IP content"), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook ("IP License"). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.
I'm no lawyer and cannot really say if those rights are necessary or if they could be cut down and simplified further. Users who are openly against the terms of service can either encrypt their files before they are uploaded and synced, or leave the service.
What's your take on the new terms of service?Advertisement
Dropbox tried to put terms of service in plain words and suffered for that. Terms of service are never there for the users, they are legal CYA for the company.
But the users don’t give a damn what legalese company needs, they only want as much service as possible (preferably for free of course) without thinking about nuances.
I’m unmoved by that. Don’t see any reason for disturbance.
to the extent reasonably necessary for the Service.This license is solely to enable us to technically administer, display, and operate the Services
What access to any files do they need to operate their service? NONE. This phrase could also include using your files to expand their services in any darn direction they so choose.
This is, not unsurprisingly, not the first file storage or sharing service that has done this. Frankly this is the risk with dealing with internet services that are not provided by companies whose dollars don’t come solely from providing a single service.
Another reason the “cloud” or aka mainframe remote storage is problematic.
Even if they change their terms of service, can you really trust a company that tries this? I don’t.
I am not disturb by this as I use Dropbox only for backup my school work.
No problems for me – I don’t use DropBox. They’ve always seemed to me to be a very large sledgehammer to crack a fairly small nut. Plenty of storage around without recourse to the DropBox bloat and intrusion.
I’m continuing to use them. However, for my really important stuff, I’m using Boxcryptor to add a 2nd layer of encryption that Dropbox can’t read. =)
This happens when lawyers take over businesses and courts are the new marketplace. In particualr the US is in these terms a bad place for business, because it is actually more overregulated then some communist countries,
Not worried at all, they are covering there butts by making sure they can manipulate your files in order to provide the services you signed up for.
I believe what they wrote was clear and fair and they are doing their best to be honest, open and ensure that they can continue to operate in the customer’s best interest.
Will not stop using dropbox but will not add important stuff from now on…
Switch to Spideroak
the company has no access to any of your files due to the
encryption that they maintain. Employees of the company
canâ€™t even see the names of your files because they store
your data inside of encrypted containers.
SpiderOak’s encryption is comprehensive — even with
physical access to the storage servers, SpiderOak staff
cannot know even the names of your files and folders. On
the server side, all that SpiderOak staff can see, are
sequentially numbered containers of encrypted data.
Well, if I understand Spideroak correctly, then:
– they provide the client and the servers
– the client is talking to the servers with a encrypted protocol.
How can I be sure, that the private encryption keys are really not transferred to their servers?