How Dropbox Knows When You're Sharing Copyrighted Stuff
Internet users have gotten used to the risk of having files and content they share through various online services be subject to takedown requests based on the Digital Millennium Copyright Act (DMCA) and/or content-matching algorithms. But users have also gotten used to using services like Dropbox as their own private, cloud-based file storage and sharing systems, facilitating direct person-to-person file transfer without having to worry about such issues. This weekend, though, a small corner of the Internet exploded with concern that Dropbox was going too far, actually scanning users' private and directly peer-shared files for potential copyright issues.
What's actually going on is a little more complicated than that, but shows that sharing a file on Dropbox isn't always the same as sharing that file directly from your hard drive over something like e-mail or instant messenger.
When you upload a file to Dropbox, two things happen to it: a hash is generated, and then the file gets encrypted to keep any unauthorized user (be it a hacker or a Dropbox employee) who somehow stumbles it sitting on Dropbox's servers from easily being able to open it up.
(Note on encryption: Dropbox handles the encryption keys, so they could look at your files if they were legally required to. Their system has checks in place, both physical and technical, to keep employees from poking about your stuff on a whim.)
After a DMCA complaint is verified by Dropbox's legal team, Dropbox adds that file's hash to a big blacklist of hashes known to be those corresponding to files they can't legally allow to be shared. When you share a link to a file, it checks that file's hash against the blacklist.
If the file you're sharing is the exact same file that a copyright holder complained about, it's blocked from being shared with others. If it's something else — a new file, or even a modified version of the same file — a hash-based anti-infringement system shouldn't have any idea what it's looking at.
In other words: at least based on what they've stated publicly, Dropbox isn't actively scanning through your crap on a hunt for copyrighted materials. There's no human (or even a robot) listening to your MP3s to try and find hot leaked Fergie tracks, or reading through your Harry Potter fanfic collection. They've just got a big list of files that they can't let be shared, and they identify these files in a way that is deliberately blind to what any non-blacklisted files actually are.
Now, none of this is to say the hash-based system is without its security concerns. If required to by the government, for example, Dropbox theoretically could identify any user who had a certain file stored on their account. But the same would hold true for pretty much any cloud-based storage system where the user isn't handling all of the encryption themselves.
Senior Member
Posts: 22408
Joined: 2008-07-14
Yes, but DMCA is in affect for US based users on either end. If the "sender" is in the EU and the "receiver" is in the US, DMCA is still valid. Same going the other way. It's much easier for DropBox to just comply worldwide than to worry about what country every user is in. EU has their own copyright laws anyway.
Dropbox also has 2 physical locations in the US and thus has to comply with US law or risk those offices getting ransacked by the FBI.....and we all know how much the FBI likes to perform "search and seizure" operations.
Senior Member
Posts: 1066
Joined: 2011-12-04
Another excellent reason for not using my DropBox allocation on the Note 3.
Senior Member
Posts: 2458
Joined: 2008-02-29
Easily defeatable if you were bothered about it.
Its what all file hosting sites have been doing for a long time.
Senior Member
Posts: 241
Joined: 2005-10-08
The cloud is so 2000's, if we want a true free internet the future e decentralization, and not put every on one server controlled by no one knows who. There's a torrent based program that does the same as dropbox, can't recall the name.
Senior Member
Posts: 6344
Joined: 2010-10-17
Isn't DMCA US only law, thereby having no legal effect whatsoever in the EU?