Dropbox Attempts To Kill Open Source Project

Meskarune writes "Dropbox is trying to kill the Dropship project, a useful program that allows users to import files into their accounts using hashes and bypassing the need to make files public. Dropbox sent out fake DMCA requests to all parties involved, and is banning and censoring the program."

"Useful"

[AdmiralXyz]

Useful though it may be, it's very clearly against Dropbox's Terms of Service. That doesn't give them the right to issue takedown notices to other sites on copyright grounds, but let's separate, "evil for issuing fake takedown notices" (which they are), from "evil for wanting to prevent this kind of activity" (which is perfectly reasonable).

They're not running a filesharing service, that's not their business model, and they don't want to end up like Rapidshare or any of the N other filesharing services in legal hot water. I love Dropbox, and I would hate to see one of it's most useful features- public collaboration folders- shut down because some asshats can't obey the TOS and just use torrents instead. Dropbox should be trying to find a technical solution to block something like this, but if that's not possible, what can they do?

Meh

[Haedrian]

I'm with dropbox on this one. The idea of converting dropbox into some sort of filesharing/torrent service, for passing potentially illegal files around is not good.

I can see why Dropbox doesn't want to be linked to such a thing, when the big media people come a knocking, who do you think is going to end up getting sued?

And just because its open source doesn't make it right, or wrong, or change anything.

Re:Is that fraud?

[Hatta]

It appears the DMCA notice was automatically sent to me when the file was banned from public sharing. There was no real DMCA takedown issued. It was an edge case bug in their file removal system.

There are no edge cases in the DMCA. Either it was a valid DMCA request or it was perjury.

Re:Is that fraud?

[Hijacked Public]

I don't want the admins at Dropbox going through my files.

Don't put them on Dropbox's servers.

Re:Don't understand

[pmontra]

Basically that means that the secrecy of that hash is the only thing that protects our files on Dropbox. They probably encrypt the files but if anybody has the right hashes s/he can decrypt them. The hash is the key and invites and sharing are not even checked.

Re:Is that fraud?

[_0xd0ad]

There was never a DMCA takedown notice.

The DMCA takedown notice is what a copyright holder sends to a content host.

The e-mail from the content host to the user saying "we deleted your file because ______" is not a DMCA takedown notice, regardless of what the reason they give.

Content hosts are supposed to notify users whose content has been removed due to DMCA takedown notices so that the users have the opportunity to file counter-notices under the DMCA, but that correspondence is not itself a DMCA takedown notice.

FTFA, both sides seem guilty. I'm confused.

[bl8n8r]

Dropship that allows users to exploit Dropboxâ(TM)s file hashing scheme to copy files into their account without actually having them."

I can see why they would be a bit ruffled over this. Seems like this could be in the same realm as an SQL injection attempt. It's just using JSON instead.

"First of all, attempting to protect a proprietary protocol is going to get them nowhere. "

Ok, that's a problem. The reason the protocol is proprietary is because the company has put a lot of time, money and effort into developing their product. They want to recoup some of the development costs through the implementation of their protocol.

The DMCA thing well ...that's what the DMCA is. It's basically a catch-all b1tchstick that can be bent into whatever shape the law wants to blame whoever for whatever. The way dropbox handled things *is* pretty crappy IMO, but if you're going to be a dick and crack peoples websites.... expect to get dick'd back.

Re:where's the firehose

[Jonner]

According to some, 90% of all email is spam [cnet.com]. Does that make SMTP an illegitimate protocol? Often, the easiest way to find copyright infringing works is using Google. Does that make the search engine illegitimate? Porn drove early VCR development [indiana.edu]. Is VHS an illegitimate technology?

FUCKING SLASHDOT EDITORS STOP POSTING SENSATIONALI

[xtracto]

FUCKING SLASHDOT EDITORS STOP POSTING SENSATIONALIST BULLSHIT.

There, I said it. There are in fact news worthy for slashdot readers within all this mess:

1. That Dropbox uses a transfer mechanism which is pretty much "security through obscurity".

2. (Most important) that you can potentially get any file by only having their hashes. I think this is a huge security problem waiting to be exploited. What prevents someone to "brute force" a JSON file to download scan and download any available files? I am sure with a bit more of thinking, that would be interesting.

Too bad it was nobody else than Mr. Malda who posted this... it really shows that he is more interested in posting sensationalist crap, instead of real and interesting NEWS FOR NERDS and STUFF THAT MATTERS.

Quick someone, make a slashdot clone (I'll try again hackernews).