Dropbox asks file sharing add-on to drop dead

When a new file-sharing add-on to Dropbox was released, it asked the author to take down his code; removed a copy from its own servers after claiming to have issued itself a DMCA notice; then leapt majestically into an internet comment thread to denounce piracy.
Pitched as a 'successor to torrents,' Dropship is a python script that makes it easier for Dropbox users to share files, allowing for anonymous, encrypted downloads through the cloud storage service. Created by Wladimir van der Laan, it was briefly available via the author's site, until being removed at Dropbox's request. The add-on contravenes Dropbox's terms of service, which users agree to when they sign up. Mirrors of the original script began appearing as soon as news spread of the removal, with hosters adding download links to a thread at Hacker News. One such mirror was hosted by Dan DeFelippi ... in his own Dropbox. Soon thereafter, he was emailed by Dropbox to inform him that it had sent itself a DMCA notification of DeFelippi's copyright infringement.
Dear Dropbox User: We have received a notification under the Digital Millennium Copyright Act ("DMCA") from Dropbox that the following material is claimed to be infringing. /Public/laanwj-dropship-464e1c4.tar.gz (the Dropship archive) Accordingly, pursuant to Section 512(c)(1)(C) of DMCA, we have removed or disabled access to the material that is claimed to be infringing or to be the subject of infringing activity. As a result of this notice, public sharing on your account has been disabled for a period of 3 days.
It later apologized, said that it had not actually sent itself the DMCA takedown, and that the email sent to DeFelippi was accidentally generated when his public sharing privileges were suspended. DeFelippi added, however, that Dropbox CTO and cofounder Arash Ferdowsi asked him to delete his comments at Hacker News. The comments included the text of Dropbox's demented DMCA email. "Dropbox's censorship was nearly successful," DiFillipo wrote. "In the aftermath Dropship all but disappeared from the internet. All public repositories and archives I could find were taken down. The takedown requests instilled fear in Dropbox users who didn't wish to lose their account." In a
comment published at Hacker News, a poster identifying themselves as Dropbox cofounder Drew Houston claimed that the action was necessary because torrent-style use encouraged illegal file sharing, and that they would "take great pains to keep it off of dropbox." The aim, he wrote, was to prevent people turning it into "the next rapidshare." "There were no legal threats or any other shenanigans to the author or people hosting -- we just want to spend all our time building a great product and not on cat-and-mouse games with people who try to turn dropbox into an illegal file sharing service," he wrote. Dropbox's latest PR snarl follows last week's one, when it was criticized for claims that gave users the mistaken impression their files were securely encrypted by the service. Download Dropship [Driver Dan's Github] (Mirror)



  1. Why is this a big deal? Someone created software that violates DropBox’s TOS (using it for wide spread file sharing). DropBox does what it can to eliminate the software. What did Dropbox do wrong?

    1. @txhoudini “Why is this a big deal? Someone created software that violates DropBox’s TOS (using it for wide spread file sharing).”

      If you use Dropship with your account, DropBox is within their rights to suspend or cancel your account. What they are not entitled to do, is attempt to DMCA the code off the internet because it violates their TOS or they just don’t like it. The DMCA is for cases of copyright infringement where you own or have the right to enforce the copyright being infringed.

    2. What did Dropbox do wrong? Their mistake is not so much malice, but stupidity. Once it’s out there, you can’t get rid of software, and something like this only draws more attention to it.

      It would have been smarter if they’d focused on fixing their system so Dropship won’t work.

  2. Can you really blame Dropbox for this?

    I mean, they are running a business that is not about anonymous file sharing. It is clearly outside their TOS. They have a legitimate concern about getting sued by the entertainment cartels.

    One could say, “they should stand up and fight!” – but anonymous sharing isn’t their business model.

    You could say, “they are crippling their service, because once it is technically feasible to allow something, that something should be a given.” Yeah – and my car can do 165, but that it is my god-given right to drive that fast on public roads.

  3. Dropbox is an excellent service with software that works really well for me on PC, Mac and even has a little app that works on Android. It’s a bit too expensive for me to store all my photos on it but is great for keeping docs synced between my different machines.

    If Dropbox allowed Dropship to work then they (Dropbox) would be used the same way as Rapidshare. They would be sued out of existence just before they declared bankruptcy due to bandwidth costs.

    Just because Dropbox offers a free 2GB account to customers doesn’t mean that people should abuse that free account to pirate material.

    Anyone complaining about Dropbox not being willing to indiscriminately foot the bill for other peoples file sharing is not living in the real world.

  4. Not only is it against the reasonable TOS that people have to agree to to use Dropbox’s free service, but in all likelihood the increased load on their servers because of this type of sharing would make it so that Dropbox could no longer afford to provide free services or perhaps services at all.

  5. Other than asking DiFillipo to take down comments at Hacker News, which isn’t necessarily wrong, but is a bit disagreeable, I don’t fault DropBox. They offer a service, that service has terms, and they don’t want to get caught up in a mess about filesharing (though I guess they now have).

    People need to remember the difference between censorship and being told no.

    I’ve used DropBox for a long time, and will continue to use it (though I do use TrueCrypt to pre-encrypt the sensitive stuff, which is a very small percentage of my DropBox files) even before the recent deal with file access came to light).

  6. Dropbox didn’t do anything wrong. It did something dumb: it said it sent itself a DMCA notice. This didn’t really happen, so it’s just funny, but it would have been a ingenious abuse of the DMCA had it actually used this device to get stuff removed from its own site.

    Also, Dropbox asking people to take stuff down from their own personal websites or from Hacker News (as opposed to removing stuff from Dropbox itself) is asking for trouble when there’s no actual infringement, libel, etc, no matter how polite you are about it.

    1. Dropbox asking people to take stuff down from their own personal websites or from Hacker News (as opposed to removing stuff from Dropbox itself) is asking for trouble when there’s no actual infringement, libel, etc, no matter how polite you are about it.

      Really? Why? I think it’s entirely appropriate for Dropbox to politely request that people voluntarily not distribute code which, when used as designed, violates the DropBox TOS and potentially creates quality of service issues for the company.

      In fact, that should be the first thing that they do, before they start throwing lawyers at people.

      1. The article reports (sixth paragraph) that DB asked people to remove comments about Dropbox’s actions, not just the python script. That is a different kettle of fish.

  7. I have to say I’m with txhoudini on this one. What is it with the consistent Dropbox bashing going on on BoingBoing? Seems out of character and overly aggressive to me.

    So they got the copy slightly wrong on their security blurb (http://boingboing.net/2011/04/21/dropboxs-new-securit.html) and it needed correcting. It’s hardly the same as evidence of active and deliberate wrong doing which is how BB seemed to be reporting it.

    And this one, could you be poisoning the well any more? If you have voluntarily signed up for a truly useful and flexible tool which you are paying nothing at all for is it not reasonable that they set some limits on the TOS?

    In the previous article you take them to task for being an incompetent, perhaps even sinister start up and now you are expecting them to take on the DMCA, ACTA et al single handedly and without funding. I appreciate BB uses different bloggers but the tone of both is suggestive of an overall editorial bias against DropBox.

    Use it for what it is. If you want more than that set it up yourself. Most hosting services offer a secure drive space as part of their package. I neither have shares in or any other relationship with DropBox other than as a user. As a user I am deeply grateful for many of its superb features such as iterative document back up which has saved my ass more than once and straight forward collaborative working tools.

  8. I’ve only ever praised dropbox before this post. I’ve posted at least twice about how much I like it!

  9. @AudioTherapist:
    “So they got the copy slightly wrong on their security blurb (http://boingboing.net/2011/04/21/dropboxs-new-securit.html) and it needed correcting.”

    Security BLURB? People used DB to share private data between stations, because DB stated that they can’t decrypt your data and all of the sudden it turns out THEY CAN and possibly every nosepicking intern in DB’s data center can browse your private photos (if they lie about the decryption, how do we now if they don’t lie about access control?). This is not a case of “slightly wrong” and “needs correction” but of a massive break of trust. Complete failure. For most people I know, DB is out of business.

    1. Making a mistake is not the same as lying, pretty far from it. If you require an extremely secure service for hosting confidential data perhaps you are expecting a little much from something that costs you nothing.

      Rob. I appreciate you’ve made some positive comments in the past, and I’m not a DB apologist but it certainly seemed as though both pieces lacked a certain balance to their narrative.

      dculberson. I believe selection bias is the more accurate term, or possibly availability bias. Either way the facts if we are in possession of any at this stage don’t appear to show any evidence of active intent to deceive. Cack-handed mistakes yes, intent no. You get what you haven’t paid for…

  10. Yea please enough with the DropBox hate. It’s a great service. They made a few dumb moves lately but … so what? If you think it was a malicious move (as opposed to a dumb move), then it’s news. If it’s just a dumb move (like oops ok we could have done that better) move, then forgive and forget.

  11. Are you serious?

    I’m sure people use DB for sensitive data, but frankly you are living in a bubble if you think that any data hosting service is going to be that secure.

    If you don’t own or have physical access to the drive/system where your data is going to be stored then the service has every ability to see what your data is.

    If I owned a company like DB I’m not sure I’d want to go down the road of NOT being able to see your files. Oh peddling kiddy porn, I don’t want to be caught up in an FBI sting that lands my company in hot water. (Not even sure that’s legally possible, but I still wouldn’t want to go there.)

    Like everyone else says, if you want your files secure encrypt them somehow. Someone could see your data, but at least they couldn’t actually see what it was.

  12. Rob, the code that auto-generates those emails when public access to a file is removed (if I’m reading that correctly no file was deleted, only public access to said file was revoked) is apparently a bit inflexible and always assumes that a DMCA takedown notice was the reason. It has apparently never happened that a violation of the ToS was the reason.

    The error is thus understandable and should be forgiven. I’m not ready to get worked up by it unless it happens again.

  13. @txhoudini “Why is this a big deal? Someone created software that violates DropBox’s TOS (using it for wide spread file sharing).”

    What particularly bothers me is people keep pointing out “Dropship is open source!” as if that gives it some kind of free pass to be immoral. I was pleasantly surprised to see Boing Boing’s article _not_ trot out that point, because everyone else’s seems to. So, kudos Boing Boing, for recognising that being open source is irrelevant to the discussion at hand. This particular article is really good about focusing on the actual issue; Dropbox responded to the issue, in the heat of the moment, by throwing every response they could think of directly at the source. To be fair, I would have done the same thing. If you’re running a file hosting service, you do NOT want this sort of thing to catch on.

    (Disclaimer: I live an breathe open source software. The open source communities I know thrive on ethics, responsibility and copyright law).

    And yes, web services suck at PR and DMCA takedowns are horribly broken. Who knew?

  14. We all know what greenwashing is.

    Dropbox, et. al, are guilty of “open-washing”. They posture and front as if they are part of the brave new world of new Internet / new media / open access / open source economies and in fact they are not.

    The simple fact is, Dropbox places itself in an adversarial relationship to its customers. You MUST use dropbox in a manner that doesn’t use up too much bandwidth and circulates content that promotes their business model. If not, you’ll get the boot, or you’ll be throttled down to nothing.

    Take a look at your provider – “cloud” or not – and see if you are paying on a per byte basis for the resources you use. If you are, your interests are aligned – you both have a vested interest in using as much as possible. If not, expect to be thwarted at every turn.

Comments are closed.