Dropbox, cloud storage, and who owns your files?

Dropbox

Dropbox is a popular cloud-based service that allows users to store files online where they can be accessed from multiple devices or even shared with friends or colleagues. It’s insanely useful if you’re looking for a way to transfer files between computers, access important documents from your PC on your phone, or share items with your contacts. But this weekend the company issued an update to its Terms of Service which has created a bit of an uproar and raised the question of who really owns your data once you upload it to the cloud.

First of all, what do we mean by “cloud?” In this case, we basically mean someone else’s servers. Once upon a time, the word “internet” encompassed a wide range of technologies for connecting computers together, including FTP, telnet, gopher, IRC, Usenet, and eventually the Web. Technically it still does, but most people think the Web is synonymous with “internet,” and so the word “cloud” has arisen to describe the concept of running apps or storing data online — because these new cloud-based services such as Dropbox aren’t just web sites or “web apps.” Maybe people are starting to understand again that the “internet” and the “web” aren’t the same thing.

Anyway, the cloud is still a sort of murky concept — because services like Dropbox feel for users like an extension of your desktop computer. For instance you can upload all of your music to Google Music or Amazon Cloud Drive and access them anywhere — but it still sort of feels like you’re just accessing data from your computer. And Dropbox does something similar for all sorts of files.

But the truth of the matter is that your data is all sitting on someone else’s servers. And that’s where things start to get complicated, because the only thing really determining who owns those files at that point is the Terms of Service that you agree to when you sign up for the service… and a lot of people never actually read the ToS.

Technically, a company can assert complete control over all the data you’ve uploaded in the ToS. Most companies that care about keeping their customers don’t do this… because few people would willingly upload their files if they knew it meant giving up any claim to copyright or privacy.

But sometimes it can look like a company is asserting its right to control and distribute your files in a way it sees fit. Photo-sharing service TwitPic discovered this recently when updating its terms to make it clear that the the company could re-distribute your pictures.

Many users cried foul, asserting that this meant TwitPic could sell your pictures or take other actions without users’ consent. But TwitPic clarified that it had simply wanted to make it clear in the ToS that users were granting the company the right to show pictures on the web and share them with third-party services such as TweetDeck or other Twitter clients.

Dropbox also offers tools that let other services, such as security app 1Password to integrate with the online storage service. The developers of 1Psasword have dissected the new Terms to show what they really mean — in a nutshell, that you’re granting Dropbox the right to put files you own online.

Honestly, this is the sort of thing you want to see in a company’s Terms of Service, because it makes it clear just what kind of licenses you are granting them.

This weekend Dropbox went through a nearly identical problem. The company updated its ToS, some users started complaining, and Dropbox tried to clarify.

In the grand scheme of things, it doesn’t seem like Dropbox or TwitPic were trying to take advantage of users or sell or share their data without first obtaining consent. Instead they tried to update their legal documents so that they more clearly reflected exactly what the services were already offering.

The problem is that many people aren’t used to reading that kind of clear explanation. If you look at the Terms for all sorts of online services you’ll find similar language explaining that you’re granting non-exclusive, royalty-free rights to distribute your photos, words, or other data.

But that doesn’t mean the whole outcry is much ado about nothing. It’s good to be reminded every now and again that even if a cloud service isn’t directly asserting ownership of the files you upload — you are giving up a certain level of control over those files when you decide to share them. That’s true whether you’re posting on a public site such as Flickr or a more private service such as Dropbox where your files can only be seen by the people you share them with.

If you want to make absolutely certain that nobody will ever sell your content, turn it over to the feds when subpoenaed, or otherwise breach your privacy, the best thing to do is probably to horde all of your data on a local hard drive. But you lose the benefits of a cloud-based service such as the ability to easily share files, publish them for the world to see, or protect your important data which might be lost if your local hard drive happens to fail.

  • Anonymous

    I think the TOS used by DropBox is very much NOT clear. If it was so clear, then there wouldn’t be such confusion and uproar.
    .
    In your conclusion you seem to think that the only options available are ‘hording’ your files on an isolated hard drive, or turning them over to a third party company like Google or Dropbox in order to easily share them and back them up. Really? How about backing them up to your own server, NAS, or web server. And sharing them with FTP. How about your own cloud music service (I use a wonderful service called Subsonic, and it’s not the only one.).One’s own private cloud can gain you the benefits of the cloud without turning your data over in any way to a third party, which, if you can avoid that, I think a lot of people would think would be a much better thing. I think a lot more needs to be done to publicize the methods and services available that allow people to do this, and to help develop these services. 
    .
    3rd party cloud services are convenient, but you are handing your files over to a bunch of total strangers. That’s quite a tradeoff.

    • Brad Linder

      I suppose it depends what you mean by private cloud service. 

      Backing them up to a local NAS really *is* just hording them on a local hard drive. If your house burns down, the files on your HDD and on your network-attached hard drive will both go up in flames. If you actually have an off-site server that you have total control over, that’s one thing. But if you pay for hosting, you’re still giving *some* level of control to your hosting company. They can shut you down at any point if you violate their ToS, respond to legal complaints against files stored on the server, etc…

  • Someone

    I believe that it was tested in court that you can ascribe anything you want in a ToS.  Just like in a contract however, that doesn’t mean very much.  If you can’t show a meeting of minds, a service claiming that you’ve assigned them copyright (for instance) and that they can then sell the book you stored on their site, because you clicked yes on a ToS won’t hold water in court.  They could certainly sell the information ABOUT that file though, and your habits, which is plenty for most marketers.

  • Anonymous

    Of course, these are all true, but off site backups, multiple backups, multiple servers, encrypted folders on a 3rd party server that they have no key for – these are all tried and true strategies. 
    .
    I’m not saying that having your own cloud is easy or well developed at this point. I’m saying that it needs to be addressed because for many people and companies storing all your data with a 3rd party whose TOS you have no means to negotiate is simply not going to fly. I just think it’s a big market – if you can offer software or services that give people more complete control and security over their data, along with the convenience of the cloud. Plus, that would be some incentive for companies like DropBox to actually make their TOS clear to people who aren’t lawyers.

    • Brad Linder

      Fair enough. I wanted to prompt exactly this type of discussion with this post. 

  • Anonymous

    I use Box.net. I know nothing about its TOC. By default it doesn’t sync with your computer, but I think you can add that feature, maybe for free.

    I mainly use Box.net  to store ebook and document files, and do not share them to the public, so I don’t figure I give them any reason to be all that interested in my account. 

      

  • Anonymous

    The uproar has brought updates from Dropbox to the link in Brad’s original article.  Update #2 for July 2 says, in part, “We want to be 100% clear that you own what you put in your Dropbox. We
    don’t own your stuff. And the license you give us is really limited. It
    only allows us to provide the service to you. Nothing else.”

    So either you believe Dropbox, and trust the service, or you don’t believe them, and find some other way to share information that you have more control over, such as your own NAS.

  • Anonymous

    OK, wow this makes a whole lot of sense dude. Wow.

    http://www.anon-web-toolz.tk

  • Pingback: Dropbox owns your stuff! | TechMASH

  • Anonymous

    Good little article.
    Given the recent comments by Microsoft it would have been good to also touch on the idea of locality.
    I’m referring to MS admitting that data stored with it in Europe comes under the direction and control of the US fed laws and regulations.  Namely, the patriot act.
    The same could well be true for US citizens using foreign based web services.
    It’s important for people to realize as we move to the cloud that it really is world-wide, even if we are talking the broader ‘internet’ and not just the ‘web’.
    So you have to be careful.
    Your mileage may vary all the way to another jurisdiction – where the laws governing who has what rights to your data are perhaps not the ones you expected when you signed on in your den that morning.

  • Pingback: Dropbox 's nye T & Cs Skubber brugere i panik over Privatliv og Ejerskab [Sikkerhed] | PCTV

  • Pingback: Dropbox, data ownership, who cares? « Pierrick on Piwigo

  • fjpoblam

    This has ALWAYS been in the Google Terms of Service for ALL its services (Gmail, Docs, Picasa, Blogger, etc.): “By submitting, posting or displaying the content you
    give Google a perpetual, irrevocable, worldwide, royalty-free, and
    non-exclusive license to reproduce, adapt, modify, translate, publish,
    publicly perform, publicly display and distribute any Content which you
    submit, post or display on or through, the Services.”I doubt it is any different for any other online service (Twitter, Facebook, etc.)TOS are not negotiable, I’m sure. I’d be willing to bet most folks simply “click through” them.

  • Mari Miniatt

    I moved my files to SpiderOak. I want to sync between my desktop and netbook and have a backup. Dropbox claim that is a standard TOS is false. Both SpiderOak and ZumoDrive make it clear who owns the files, what they do with the files, and how much security they use.
    And neither of them state that you are granting the rights to them.

  • Someone

    I think you probably meant, “cried foul.”

    • Brad Linder

      Nope, I meant they were getting weepy around chickens… wait, no you’re right. I meant foul.

      Thanks!

  • Pingback: Dropbox’s New T&Cs Pushes Users Into Panic Over Privacy | Gizmodo Australia

  • http://twitter.com/TopCloudStorage Cloud Storage

    I would recommend one of the services found at http://www.top10cloudstorage.com. 

  • Non ThruUser

    Depending on whether you
    want to use DropBox for consumer or businesses purposes, it may or may not be
    right for you. For businesses in many regulated industries, DropBox is not
    compliant. Their website clearly states this:

    https://www.dropbox.com/help/238

    Dropbox Enterprise File
    Transfer from Thru is the secure solution for businesses and enterprises. Their
    solutions have been working for large businesses for ten years without a single
    security breach.

    http://www.thruinc.com/solutions/dropbox-enterprise-file-transfer/

    http://www.thruinc.com/products-services/secure-file-transfer/

  • me

    Well, just go and learn about the amazing world of opensource and run your own server with a fast connection and do whatever you want with it, without caring about anyone’s TOS

  • Maars
  • proud to be an infidel

    the cia and nsa own it all….for the hnic…

  • tvmania

    No thinkers here just followers. Been in IT for years and have used Microsoft Terminal servers and now Hyper-V with Windows 8 Guests. Access all programs , files, data etc. from Any device, Anytime Anywhere without the cloud crap. Total security and easy deployment. Access from Andoid, Ipad, MAC, PC. Never need to install software locally and or store data. Caveat you must have Internet access (Really who dosent?)