Monday, July 4, 2011

Dropbox Update

As a user of Dropbox, I received an update in my e-mail (and you probably did, too) attempting to clarify the recent uproar over their Terms of Service (TOS).  I think they've done a pretty good job of stating their terms in more clear language, and further, of explaining why they need the rights they are claiming through your agreement to use the service.  That said, I still stand by my earlier positions in that they DO have access to your data, and you DO need to evaluate what you choose to store on your Dropbox, and whether the risk of abuse of your data is low enough to feel safe storing it with Dropbox.

Here's a bit of the statement Dropbox released on their blog:
Some of you have written us with very understandable concerns about the legal-sounding parts. In particular, our new TOS talks about the licenses we need to run Dropbox. We want to be 100% clear that you own what you put in your Dropbox. We don’t own your stuff. And the license you give us is really limited. It only allows us to provide the service to you. Nothing else.
We think it’s really important that you understand the license. It’s about the permissions you give us to run the service, things like creating public links when you ask us to, allowing you to collaborate with colleagues in shared folders, generating web previews or thumbnails of your files, encrypting files, creating backups… the basic things that make Dropbox safe and easy to use. Services like Google Docs and others do the same thing when they get these permissions (see, for example, section 11.1 of Google’s TOS).
We wish we didn’t have to use legal terms at all, but copyright law is complicated and if we don’t get these permissions in writing, we might be putting ourselves in a tough spot down the road. Not to bore you with the details, but please take a look at the license term in the TOS. We think it’s fair and strikes the right balance: “This license is solely to enable us to technically administer, display, and operate the Services.”

They have gone to great lengths to state clearly that under normal circumstances they will not access your data, and that data they collect is to better operate the service.  I'm not a lawyer, I don't know how well that would stand up in court if it were part of a lawsuit, but it does look pretty reassuring when reading it as a layman.  They have not clarified how they deal with potential abuse of your data by individual Dropbox employees.  One would assume they have provision in their terms of employment to deal with that, but the likelihood of abuse is highest from disgruntled (ex-)employees who are likely not concerned with remaining employed by Dropbox, and once your data is exposed, there's no stuffing the genie back into the bottle.

So, Dropbox (and really, all cloud computing services) remain a security risk that you need to evaluate for yourself.  A lot of family history data is probably just fine on Dropbox, especially if it's also posted to online trees such as or as well.  Just be careful of data you wish to remain private.

And I'm still not a fan of the Cloud...

This an all other articles on this blog are © copyright 2011 by Daniel G. Dillman