Dropbox reads your files...kinda

Naughty Dropbox

Well, here's an interesting little tidbit for those that use Dropbox to store or share files.

We have all seen documents getting leaked out of large organisations to the public, and invariably said company usually get's the documents removed for legal reasons from wherever they are being hosted. In fact, after the supposed presentation about the XBOX 720 leaking, we saw it being removed from Scridb.com at the request of Covington & Burling LLP which is a firm known to have dealings with Microsoft.

None of that is surprising, but today Windows Phone Centrals Daniel Rubino sent me a certain document via Dropbox so that I could take a look at it. However, trying to download the file just returns the image you can see above. This was not a link shared publically, but yet, it was removed seemingly automatically.

That begs the question, do storage companies analyze your files' content as you upload them? They no doubt have a clause in their terms that allows them to do just that, but it is another thing actually seeing it used.

Moral of the story? Don't use commercial cloud storage to share secret files.



There are 18 comments. Sign in to comment

Shane says:

Exactly why I do my own cloud using Synology's DiskStation. 

ade333 says:

Synology is really a fantastic solution that hasn't gotten enough credit yet. I can only imagine what they will do once the money starts rolling in.

vedichymn says:

Of course they do.  This is why Dropbox is still up and Megaupload is not.

ZX9 says:

Exactly why this isn't truly news. If they DIDN'T read your files, it would be news.

tuckernick says:

I doubt it. They probably just hash the file after upload and compare it against a list a known 'forbidden' hashes. That'd be the cheapest way to do copyright violation detection and takedown. It might've taken a while if they have some background job that does the scrubbing.
Test it by changing some of the contents of the file and uploading again with a different file name.

Targus says:

Every hash could collide, and it must collide given billions of files are uploaded. If they don't employ human inspection on each hash collision, the false positive rate will be too high to bear.

CJ Thunder says:

What about emailing an attachment? What about using SkyDrive upload instead of attaching?

Big Supes says:

Oops... my only use for Dropbox is to stash all of my porn. :D

B4PJS says:

You got one of your tags wrong for the post, it is DMCA not DCMA :-)

Nataku4ca says:

have u guys tried skydrive to see if the same thin arises?

Read what it says. Digital Millennium Copyright Act by Microsoft. SkyDrive = Microsoft. Probably safe to assume SkyDrive cannot be trusted either imo.

chall3ng3r says:

I'd just add these type of files in a rar/zip with password. Or I can create encrypted container inside Dropbox, and update stuff inside it.

// chall3ng3r//

ade333 says:

Thats great but not the real point... The issue is how far can they go with this. Could they create "indecent" rules and start blocking your content because of too many swears. Dropbox and others can filter as they please, so if every provider out there developed a similar code of conduct, our freedom of speech could be compromised simply because we chose it, and there's no one left to provide unrestricted access/storage/resources.

Targus says:

Does DMCA or other copyright protection policy only apply to shared folder? If they also apply to private back up folder, I think it goes too far.
I even think it went already too far to inspect non-public/limited access/small private party file sharings.

It works the same with SkyDrive.

Solidstate89 says:

You mean you used Dropbox and not Skydrive? :-O

FacilisDK says:

For shame... ;)

venetasoft says:

Dropbox is now dead for me, as Google, privacy comes first.