×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

250 comments

Is that fraud? (4, Interesting)

Sprouticus (1503545) | more than 2 years ago | (#35943946)

Wouldn't an attempt to intentionally mislead someone with regard to DMCA be regarded as fraud?

Re:Is that fraud? (5, Informative)

drosboro (1046516) | more than 2 years ago | (#35944018)

Well, intentionality would seem to be missing. As I quoted in a comment below, the update at the bottom of the article now reads as follows:

Update: I want clear up a few things. As far as I’m aware all of the Dropship repositories and archives that were taken down was done so voluntarily. Dropbox never made threats, legal or otherwise. It appears the DMCA notice was automatically sent to me when the file was banned from public sharing. There was no real DMCA takedown issued. It was an edge case bug in their file removal system.

Re:Is that fraud? (2, Interesting)

mcmonkey (96054) | more than 2 years ago | (#35944296)

None of which makes me feel any better.

The statement that no threats, legal or otherwise, were made is false. Even if the threats were made accidentally, threats were made. Saying an automated email was kicked off inadvertently does not mean the email was never sent.

Then there's the issue of the mistakenly activated automated email. Why do they have a process that automatically sends out DCMA notices?

Then there's the action of removing the files at issue. I'm not sure how I feel about the selective action on files. If I'm breaking the ToS, why not freeze my account? On the one hand, I can appreciate the effort to not freeze accounts, but at the same time, I don't want the admins at Dropbox going through my files.

Re:Is that fraud? (5, Insightful)

Hijacked Public (999535) | more than 2 years ago | (#35944456)

I don't want the admins at Dropbox going through my files.

Don't put them on Dropbox's servers.

Re:Is that fraud? (0)

Anonymous Coward | more than 2 years ago | (#35944548)

Maybe that's why people are building replacements for Dropbox?

Re:Is that fraud? (2, Insightful)

Hatta (162192) | more than 2 years ago | (#35944414)

It appears the DMCA notice was automatically sent to me when the file was banned from public sharing. There was no real DMCA takedown issued. It was an edge case bug in their file removal system.

There are no edge cases in the DMCA. Either it was a valid DMCA request or it was perjury.

Re:Is that fraud? (4, Insightful)

_0xd0ad (1974778) | more than 2 years ago | (#35944584)

There was never a DMCA takedown notice.

The DMCA takedown notice is what a copyright holder sends to a content host.

The e-mail from the content host to the user saying "we deleted your file because ______" is not a DMCA takedown notice, regardless of what the reason they give.

Content hosts are supposed to notify users whose content has been removed due to DMCA takedown notices so that the users have the opportunity to file counter-notices under the DMCA, but that correspondence is not itself a DMCA takedown notice.

Re:Is that fraud? (5, Interesting)

LordLimecat (1103839) | more than 2 years ago | (#35944654)

It was not a DMCA "request". It was a notification that they were removing the file in order to comply with DMCA Section 512 C-1-c, which indicates "No liability if ... upon obtaining knowledge or awareness, OSP expeditiously removes Work" [benedict.com]

In other words, they believed the material to infringe on DMCA, and as the file host, they have the right and duty to remove such a file when they believe it to be infringing. See, Dropbox isnt just the potentially "injured party", they are also the service provider-- and that is the capacity they were issuing the notice in. (NB- IANAL)

Re:Is that fraud? (4, Informative)

DrgnDancer (137700) | more than 2 years ago | (#35944068)

Except if you read the article, only one "fake" DCMA notice was sent out, and it appears to have been a legitimate accident. While the author of the article is not exactly happy with Dropbox's response to this matter he is not nearly as down on it as the summary suggests, and Dropbox's behavior was no near as flagrant as the summary suggests. This is not "nothing", but it's not anywhere near the level of "awful" suggested in the summary. Whole situation is somewhere between "tempest in teapot" and "very mildly concerning".

Re:Is that fraud? (2, Informative)

Anonymous Coward | more than 2 years ago | (#35944326)

Except if you read the article, only one "fake" DCMA notice was sent out

It wasn't even a DMCA notice. It was an erroneous letter from provider to customer informing customer that the provider received a DMCA notice, when the provider had not (the provider was exercising their privilege of removing the file).

Re:Is that fraud? (2, Funny)

Anonymous Coward | more than 2 years ago | (#35944330)

So this really should read,

    "Blogging Blogger Libels DropBox"

Correct?

Re:Is that fraud? (2)

DarwinSurvivor (1752106) | more than 2 years ago | (#35944658)

Libel must be:
  1. Written: check
  2. Damaging to the reputation of the defendant: check
  3. False: check
  4. Reasonably known to be false at the time of publishing: FAIL

The further correction makes it even MORE not libel.

Wow (-1)

Anonymous Coward | more than 2 years ago | (#35943948)

What a bunch of niggers. Dropping support is one thing. Fake DMCA letters for fucking OPEN SOURCE software... that's more African than ebola, yo.

Re:Wow (-1)

Anonymous Coward | more than 2 years ago | (#35944642)

go back to africa

i mean 4chan

i mean encyclopedia dramatica

Fake DMCA request (1)

partyguerrilla (1597357) | more than 2 years ago | (#35943956)

Exactly how illegal is this? My guess is "very."

Re:Fake DMCA request (5, Informative)

_0xd0ad (1974778) | more than 2 years ago | (#35944318)

Sending a fake DMCA takedown is illegal, yes, but an e-mail that says "we deleted your file due to DMCA takedown notice we received" isn't a DMCA takedown notice. And apparently that e-mail just went out automatically any time they banned a file from someone's account. Apparently it never occurred to whoever designed their system that a file might be removed for anything other than copyright violation... or maybe the admin just didn't select the correct reason when he banned it.

Re:Fake DMCA request (0)

Anonymous Coward | more than 2 years ago | (#35944448)

Depends. You do live in a plutocracy; how rich are the people involved?

Re:Fake DMCA request (1)

JockTroll (996521) | more than 2 years ago | (#35944704)

I live in a laminocracy, where blades disembowel the rich and the poor with equal efficiency. Aye: all piles of steamy, bloody intestines are equal.

Re:Fake DMCA request (1)

Anonymous Psychopath (18031) | more than 2 years ago | (#35944482)

Exactly how illegal is this? My guess is "very."

How about "not at all". There's nothing "fake" about it. A DMCA takedown notice isn't sent by any government agency. It is simply a claim from a content owner to someone else, usually a content host, claiming that copyrighted content is being illegally published.

"fake" things can't be "sent out" (0)

MichaelKristopeit420 (2018880) | more than 2 years ago | (#35943960)

slashdot = stagnated with the ignorant hypocrisy of marketeers

Re:"fake" things can't be "sent out" (-1)

Anonymous Coward | more than 2 years ago | (#35944364)

slashdot = stagnated with the ignorant hypocrisy of marketeers

fuck you nigger

Fake DMCA = illegal, right? (1)

ehrichweiss (706417) | more than 2 years ago | (#35943962)

Or is that merely filing a takedown on false pretenses?

Re:Fake DMCA = illegal, right? (2)

denis-The-menace (471988) | more than 2 years ago | (#35944552)

According to an anonymous comment on the blog:

The perjury provision (17 U.S.C. 512(c)(3)(A)(vi)) applies to persons who submit formal complaints to service providers. It does not apply to informational messages that service providers may send to their users. So even if DropBox had intentionally lied about receiving a DMCA takedown notice (which it didnâ(TM)t; see Arashâ(TM)s comment noting that the DMCA message was mistakenly autogenerated in response to banning the file), it would still not implicate the DMCA perjury provision.

IOW: If you can get ISPs to be your puppets to send "kind" emails to their users, nobody is at fault regardless of the damages done by the emails.

DMCA: Best draconian law you can buy!

asdf (-1, Troll)

Anonymous Coward | more than 2 years ago | (#35943970)

It's their service and they can control their users however they wish. If that includes some open source project, then so be it. Find something else.

You little neck-bearded fucks have this extraordinary sense of self-entitlement. Many places of business won't let you in without a shirt or shoes on. They can refuse business to you. Likewise Dropbox can refuse service to you if you're using their service in a way they don't like.

Get over it and especially get over yourselves.

So... (-1)

Anonymous Coward | more than 2 years ago | (#35943982)

You do get what you pay for??

They weren't "fake" (1)

CarsonChittom (2025388) | more than 2 years ago | (#35943984)

They might have been incorrectly sent out, but they weren't "fake."

Re:They weren't "fake" (1)

Anonymous Coward | more than 2 years ago | (#35944094)

Indeed, and it appears that the notice was not intentional. From the FA,

Update: I want clear up a few things. As far as I’m aware all of the Dropship repositories and archives that were taken down was done so voluntarily. Dropbox never made threats, legal or otherwise. It appears the DMCA notice was automatically sent to me when the file was banned from public sharing. There was no real DMCA takedown issued. It was an edge case bug in their file removal system.

Maybe a BIT sensationalistic... (5, Informative)

drosboro (1046516) | more than 2 years ago | (#35944000)

Okay, according to the update at the bottom of the link (I know, I RTFA, weird, eh?),

Update: I want clear up a few things. As far as I’m aware all of the Dropship repositories and archives that were taken down was done so voluntarily. Dropbox never made threats, legal or otherwise. It appears the DMCA notice was automatically sent to me when the file was banned from public sharing. There was no real DMCA takedown issued. It was an edge case bug in their file removal system.

Apparently, Dropbox is asking nicely, but when they flagged the file it triggered an accidental DMCA notice, for which they seem to be apologizing.

Re:Maybe a BIT sensationalistic... (4, Interesting)

xMrFishx (1956084) | more than 2 years ago | (#35944048)

Why is there even a default DMCA notice in the system in the first place? Surely these things should be manually handled, rather than essentially "spammed" out. This is the sort of realm of Auto-Lawsuits where everyone got a letter through their mail box. This sort of thing should not be automatic in any sense of the word.

Re:Maybe a BIT sensationalistic... (1)

Anonymous Coward | more than 2 years ago | (#35944128)

Why not? We spam car drivers with automated speeding and red light tickets.

Re:Maybe a BIT sensationalistic... (4, Interesting)

0100010001010011 (652467) | more than 2 years ago | (#35944130)

VIA post at slashdot.org

Re: Copyright Claim

The Slashdot Hosting Company:

I am the copyright owner of the post being infringed at:

http://news.slashdot.org/comments.pl?sid=2105778&cid=35944048 [slashdot.org]

Copies of the post being infringed are included to assist with their removal from the infringing Web sites.

This letter is official notification under the provisions of Section 512(c) of the Digital Millennium Copyright Act (“DMCA”) to effect removal of the above-reported infringements. I request that you immediately issue a cancellation message as specified in RFC 1036 for the specified postings and prevent the infringer, who is identified by its Web address, from posting the infringing photographs to your servers in the future. Please be advised that law requires you, as a service provider, to “expeditiously remove or disable access to” the infringing photographs upon receiving this notice. Noncompliance may result in a loss of immunity for liability under the DMCA.

I have a good faith belief that use of the material in the manner complained of here is not authorized by me, the copyright holder, or the law. The information provided here is accurate to the best of my knowledge. I swear under penalty of perjury that I am the copyright holder.

Please send me at the address noted below a prompt response indicating the actions you have taken to resolve this matter.

Sincerely,

0100010001010011

Re:Maybe a BIT sensationalistic... (5, Funny)

0100010001010011 (652467) | more than 2 years ago | (#35944206)

Oh shit. Sorry about that. I don't know what the system was thinking.

Re:Maybe a BIT sensationalistic... (0)

Anonymous Coward | more than 2 years ago | (#35944504)

That's okay. I'm sure xMrFishx can still get Righthaven to sue you on his behalf.

Re:Maybe a BIT sensationalistic... (1)

ChrisMounce (1096567) | more than 2 years ago | (#35944560)

0100010001010011 = DS? I don't get it (DropShip?), but it doesn't seem like coincidence (multiple of 8 bits, both uppercase ASCII chars).

Re:Maybe a BIT sensationalistic... (2)

drosboro (1046516) | more than 2 years ago | (#35944150)

Presumably because the requirements of the DMCA legislation in the US is so onerous on services like Dropbox that an automated system is the only reasonable way to go. I'm not sure, being a Canadian (and waiting with great anticipation for our new government to slap our own version of the DMCA down on us)...

Seems to me that if I were the coder in question, I might be tempted to say "okay, the only reason we're ever going to block anything from public sharing is because someone filed a DMCA complaint... so let's just fire off the automatic notification when we block the file. There, three lines of code and a template email, and I can go grab a coffee". Yes, it's a shortcut, but it's also not completely out-of-the-realm-of-reasonability.

Re:Maybe a BIT sensationalistic... (1)

CarsonChittom (2025388) | more than 2 years ago | (#35944298)

Seems to me that if I were the coder in question, I might be tempted to say "okay, the only reason we're ever going to block anything from public sharing is because someone filed a DMCA complaint... so let's just fire off the automatic notification when we block the file. There, three lines of code and a template email, and I can go grab a coffee". Yes, it's a shortcut, but it's also not completely out-of-the-realm-of-reasonability.

I wouldn't be surprised if you were right. If so, unless they're already gone, the coder in question should probably be fired for failing to run that by the lawyers first.

Re:Maybe a BIT sensationalistic... (1)

Zeikzeil (1099785) | more than 2 years ago | (#35944712)

I wouldn't be surprised if you were right. If so, unless they're already gone, the coder in question should probably be fired for failing to run that by the lawyers first.

What makes you think that didn't happen?

Re:Maybe a BIT sensationalistic... (1)

SomePgmr (2021234) | more than 2 years ago | (#35944200)

Given the rate at which Dropbox must handle takedowns on a "host whatever you want on the innerwebs, easily" service... I'm not at all surprised that their ban button sends takedown notices automatically. Until now, they've likely only had to ban files for precisely that scenario, with minor exceptions.

Or from a programmers point of view: If 99.9% of the time B follows A, automate B. Handle the .1% manually as edge cases.

Re:Maybe a BIT sensationalistic... (1)

xMrFishx (1956084) | more than 2 years ago | (#35944324)

Whilst I see your point, I'd figure the system should have multiple messages depending on severity/reason rather than one $law that may or may not apply message, especially with implications of said law.

Re:Maybe a BIT sensationalistic... (1)

_0xd0ad (1974778) | more than 2 years ago | (#35944358)

Maybe it did and the admin forgot to tick the non-default reason. Who knows... all that really matters is that it does appear to have been an honest mistake.

Re:Maybe a BIT sensationalistic... (1)

starwed (735423) | more than 2 years ago | (#35944564)

For some reason this topic has built up an epic level of FUD.

Their system was designed to be used in response to DMCA notices. Dropbox would get a takedown notice, they'd flag the file to be removed, and an e-mail would be sent to the uploader of the file informing them of the DMCA notice.

In this case, a dropbox guy used the tool without realising that the last step was automated. There was never any DMCA notice generated, just a DMCA notice notice.

What is "legal" (1)

Anonymous Coward | more than 2 years ago | (#35944004)

"Legal" is about filing the right paperwork.

Are they fake though? (1)

O('_')O_Bush (1162487) | more than 2 years ago | (#35944042)

I mean, from the FA, it talks about how Dropship is exploiting the Dropbox hashing algorithm, which might be copyrighted along with the rest of Dropbox (I don't know). If it was, then I could see why there would be grounds for copyright infringement, unless the OSS project could demonstrate that it arrived at that dropbox hashing algorithm through blackbox testing.

Re:Are they fake though? (2)

Jonner (189691) | more than 2 years ago | (#35944164)

I mean, from the FA, it talks about how Dropship is exploiting the Dropbox hashing algorithm, which might be copyrighted along with the rest of Dropbox (I don't know). If it was, then I could see why there would be grounds for copyright infringement, unless the OSS project could demonstrate that it arrived at that dropbox hashing algorithm through blackbox testing.

Thankfully, copyright does not apply to algorithms and the US has a legal system based on the idea that people are innocent until proven guilty.

Re:Are they fake though? (1)

gstoddart (321705) | more than 2 years ago | (#35944334)

Thankfully, copyright does not apply to algorithms

And, the DMCA has an explicit exception for interoperability and such, which I think this would be covered under.

the US has a legal system based on the idea that people are innocent until proven guilty.

Unless one is suspected of copyright infringement, kiddie porn or terrorism, then it's straight on to the presumption of guilt and you needing to prove you didn't do it.

Sadly, it seems like those three can pretty much bypass any court oversight.

Re:Are they fake though? (1)

Jonner (189691) | more than 2 years ago | (#35944520)

Thankfully, copyright does not apply to algorithms

And, the DMCA has an explicit exception for interoperability and such, which I think this would be covered under.

I think you're confused. Perhaps you're thinking of the anti-circumvention clause [wikipedia.org] which clearly doesn't apply in this case. Dropbox is not claiming copyright infringement and seems to have admitted that the DMCA takedown notice was a mistake. They are claiming that using Dropship violates their terms of service, which it probably does. However, the DMCA has nothing to say about that since it is not at all related to copyright.

Even if the DMCA's anti-circumvention clause applied, it still doesn't change the fact that you cannot copyright an algorithm. Unfortunately, you can patent one.

the US has a legal system based on the idea that people are innocent until proven guilty.

Unless one is suspected of copyright infringement, kiddie porn or terrorism, then it's straight on to the presumption of guilt and you needing to prove you didn't do it.

Sadly, it seems like those three can pretty much bypass any court oversight.

What you're describing certainly happens, but is a gross violation of the principles of the legal system. The post I responded to seemed to be implying that it was reasonable to assume that a work infringed on a copyright until it was proven non-infringing.

"Useful" (4, Insightful)

AdmiralXyz (1378985) | more than 2 years ago | (#35944050)

Useful though it may be, it's very clearly against Dropbox's Terms of Service. That doesn't give them the right to issue takedown notices to other sites on copyright grounds, but let's separate, "evil for issuing fake takedown notices" (which they are), from "evil for wanting to prevent this kind of activity" (which is perfectly reasonable).

They're not running a filesharing service, that's not their business model, and they don't want to end up like Rapidshare or any of the N other filesharing services in legal hot water. I love Dropbox, and I would hate to see one of it's most useful features- public collaboration folders- shut down because some asshats can't obey the TOS and just use torrents instead. Dropbox should be trying to find a technical solution to block something like this, but if that's not possible, what can they do?

Re:"Useful" (1)

_Sprocket_ (42527) | more than 2 years ago | (#35944454)

That doesn't give them the right to issue takedown notices to other sites on copyright grounds...

I don't believe that's what happened.

Re:"Useful" (0)

Anonymous Coward | more than 2 years ago | (#35944522)

They're not running a filesharing service, that's not their business model, and they don't want to end up like Rapidshare or any of the N other filesharing services in legal hot water. I love Dropbox, and I would hate to see one of it's most useful features- public collaboration folders- shut down because some asshats can't obey the TOS and just use torrents instead. Dropbox should be trying to find a technical solution to block something like this, but if that's not possible, what can they do?

A technical solution isn't the right way to go about this. What we need is a legal solution; fix the law which invented a problem that wasn't there and then consider murdering the fuckwit who made it up in the first place.

possible mistake (1)

cencithomas (721581) | more than 2 years ago | (#35944062)

From TFA:

Update: I want clear up a few things. As far as I’m aware all of the Dropship repositories and archives that were taken down was done so voluntarily. Dropbox never made threats, legal or otherwise. It appears the DMCA notice was automatically sent to me when the file was banned from public sharing. There was no real DMCA takedown issued. It was an edge case bug in their file removal system.

So, still stupid, but at least there's the possibility that it wasn't malice.

where's the firehose (4, Informative)

penguinchris (1020961) | more than 2 years ago | (#35944108)

Vote this article down - it's misleading flamebait in the extreme. In particular, it fails to mention that the software was designed to facilitate anonymous filesharing, which would most certainly be used for copyright infringement and illegal purposes. And, the whole thing goes against Dropbox's TOS, even if it isn't used for dubious file sharing purposes.

Re:where's the firehose (4, Informative)

Gaygirlie (1657131) | more than 2 years ago | (#35944210)

Vote this article down - it's misleading flamebait in the extreme. In particular, it fails to mention that the software was designed to facilitate anonymous filesharing, which would most certainly be used for copyright infringement and illegal purposes. And, the whole thing goes against Dropbox's TOS, even if it isn't used for dubious file sharing purposes.

Agreed. The TOS is pretty darn clear on this and as such there is no reason to complain, they are fully in their rights to do this.

Re:where's the firehose (0)

Anonymous Coward | more than 2 years ago | (#35944528)

Vote this article down - it's misleading flamebait in the extreme. In particular, it fails to mention that the software was designed to facilitate anonymous filesharing, which would most certainly be used for copyright infringement and illegal purposes. And, the whole thing goes against Dropbox's TOS, even if it isn't used for dubious file sharing purposes.

Agreed. The TOS is pretty darn clear on this and as such there is no reason to complain, they are fully in their rights to do this.

Not particularly - there is a section on 'reverse engineering', but frankly from my (limited) understanding of this, it qualifies as such only in the sense that figuring out the URL scheme for a website qualifies as reverse engineering. Going by that my understanding Salesforce object ID's qualifies me as a hacker.

Having an IQ and noticing a pattern is not a TOS violation.

Pug (anon due to mod points in play - and btw we need a +1 "Wrong, but worth arguing about" option - {G}.

Re:where's the firehose (2)

h4rr4r (612664) | more than 2 years ago | (#35944220)

Or maybe people just want to share files privately. Not everyone wants to make their files public to share them.

Everything these days is "Oh noes, teh illegal stuffs", get fucking over it. Baseball bats have lots of illegal uses, no one fights the sales of those.

The TOS violation is the only thing that matters here. It is also why I never used dropbox and never will. I will keep my own files on my own server thank you.

Re:where's the firehose (1)

Jonner (189691) | more than 2 years ago | (#35944264)

Vote this article down - it's misleading flamebait in the extreme. In particular, it fails to mention that the software was designed to facilitate anonymous filesharing, which would most certainly be used for copyright infringement and illegal purposes.

Yeah, anonymous file sharing has no legitimate [linuxtracker.org] purposes [tuxdistro.com] whatsoever [libreoffice.org] .

Re:where's the firehose (1)

MichaelKristopeit419 (2018878) | more than 2 years ago | (#35944376)

Vote this article down - it's misleading flamebait in the extreme.

what site do you think this is? there is no voting... there is only the ignorant hypocrisy of marketeers as published by rob malda.

slashdot = stagnated

Re:where's the firehose (1)

mini me (132455) | more than 2 years ago | (#35944468)

which would most certainly be used for copyright infringement and illegal purposes.

So much for innocent until proven guilty.

Not "fake" DMCA requests (1)

g051051 (71145) | more than 2 years ago | (#35944118)

If you read the article, the claim is that the DMCA request was a mistake, not "fake". Big difference there!

Re:Not "fake" DMCA requests (1)

Rob the Bold (788862) | more than 2 years ago | (#35944214)

If you read the article, the claim is that the DMCA request was a mistake, not "fake". Big difference there!

Fair enough. But with a weapon as powerful as the DMCA, extra caution is warranted when using it. "I didn't know the gun was loaded . . ." isn't something you want to have to say.

Re:Not "fake" DMCA requests (1)

_0xd0ad (1974778) | more than 2 years ago | (#35944268)

The DMCA was never invoked, because there was never an actual DMCA takedown notice, just a form e-mail that stated that his file had been deleted because of a DMCA takedown notice. There wasn't a DMCA takedown notice and his file wasn't deleted because of one - it was deleted for an entirely different reason - but apparently that same form e-mail was set to go out to anyone whose file was deleted by an admin for any reason at all.

A DMCA takedown notice is what a copyright holder would send to DropBox, not what DropBox would send to its user after deleting the file from their servers.

Re:Not "fake" DMCA requests (1)

Martin Blank (154261) | more than 2 years ago | (#35944362)

It wasn't deleted in any case. Access to it was blocked, and the CTO reversed the block after conversing with the post's author. The CTO requested that he remove it, but did not demand that he do so.

Re:Not "fake" DMCA requests (1)

_0xd0ad (1974778) | more than 2 years ago | (#35944394)

True - not that it makes a whole lot of difference, though. "Lazy" delete is pretty common, so at what point do you want to say it was deleted? When they set the "deleted" bool on the database record for the file that's good enough to call it deleted from the user's point of view. Chances are they could get it back even if it really was deleted if they went down to undelete it at the filesystem level or if they did any sort of regular backups.

Re:Not "fake" DMCA requests (1)

h4rr4r (612664) | more than 2 years ago | (#35944278)

So they perjured themselves by accident?

Seems like courts would frown on that sort of thing.

Re:Not "fake" DMCA requests (1)

_0xd0ad (1974778) | more than 2 years ago | (#35944350)

They didn't issue a DMCA takedown notice (which would have been perjury). They claimed that they had received one, which is either simply lying or an honest mistake.

Re:Not "fake" DMCA requests (1)

Anonymous Psychopath (18031) | more than 2 years ago | (#35944550)

They didn't issue a DMCA takedown notice (which would have been perjury). They claimed that they had received one, which is either simply lying or an honest mistake.

Perjury is lying under oath during a judicial proceeding. This would not have been perjury.

Re:Not "fake" DMCA requests (1)

_0xd0ad (1974778) | more than 2 years ago | (#35944648)

Sending a DMCA takedown notice which asserts that you are the owner of content which you don't actually own is, in fact, perjury.

Mirror, mirror... (1)

VGPowerlord (621254) | more than 2 years ago | (#35944138)

Gotta love how the guy is still hosting Dropship, just not on Dropbox itself.

Don't be surprised if his Dropbox account gets yanked for real this time, and some sort of lawsuit follows.

Meh (4, Insightful)

Haedrian (1676506) | more than 2 years ago | (#35944140)

I'm with dropbox on this one. The idea of converting dropbox into some sort of filesharing/torrent service, for passing potentially illegal files around is not good.

I can see why Dropbox doesn't want to be linked to such a thing, when the big media people come a knocking, who do you think is going to end up getting sued?

And just because its open source doesn't make it right, or wrong, or change anything.

Re:Meh (1)

VGPowerlord (621254) | more than 2 years ago | (#35944240)

I can see why Dropbox doesn't want to be linked to such a thing, when the big media people come a knocking, who do you think is going to end up getting sued?

The end user, as Dropbox will duck behind the DMCA.

Re:Meh (0)

Jonner (189691) | more than 2 years ago | (#35944332)

Enforcing terms of service is one thing, but making bogus accusations and trying to get the software censored outside of Dropbox is another. This is a lot like the deCSS situation, in which copyright holders tried to censor the software rather than prosecute actual copyright infringement.

Encryption? (1)

PunchMonkey (261983) | more than 2 years ago | (#35944158)

Dropbox states that all files on their servers are encrypted. I had assumed this meant the key was encrypted with your own password, but this exploit suggests that the files either are not encrypted, or encrypted with a freely accessible key.

From: https://www.dropbox.com/help/27 [dropbox.com]
"All files stored on Dropbox servers are encrypted (AES-256)"

Re:Encryption? (4, Informative)

h4rr4r (612664) | more than 2 years ago | (#35944242)

If they used real encryption they would have to host files over and over again. Encryption breaks file deduping. No way is dropbox going to do something like that, there is no advantage in it for them.

Re:Encryption? (1)

pmontra (738736) | more than 2 years ago | (#35944488)

I agree that they don't encrypt data in any safe way. They're exposing the weakness of their security algorithms. This is the third /. post about different problems with Dropbox in a month. Here are the first one [slashdot.org] and the second one [slashdot.org] . Definitely not a server one should upload anything to before having encrypted it.

Re:Encryption? (1)

wastedlife (1319259) | more than 2 years ago | (#35944366)

The files are encrypted, but Dropbox holds the key. This is how you can access the files through the website and share folders directly with other Dropbox users. It means that your files are susceptible to intrusion, so encrypt anything secret yourself before sending to Dropbox. Truecrypt volumes do work in Dropbox because it uses a block cipher(only changed blocks are synced, not the whole volume), but you do need to disable the option to not update modification timestamp in order for syncing to work. KeePass 2.x encrypted databases also work well, unfortunately KeePassX does not support writing to KeePass 2.x databases as of now.

On topic, the headline and summary are blowing this way out of proportion. Dropship fakes the hashing algorithm to make Dropbox think you have a file that you don't. Dropbox already supports both public links for files and folders, and can also privately share folders between accounts. I don't know of any legitimate purpose for Dropship that isn't covered by built-in features.

Re:Encryption? (1)

Anonymous Coward | more than 2 years ago | (#35944576)

As I understand it, file uploads are a two step process:
1. The client generates a fingerprint for the file and sends this to the server
2a. If the server already has a file with that fingerprint, it just tells the client, "Thank you, I've got it," links the file to the user's account, and pretends that it was uploaded.
2b. If the file is new, it is uploaded, encrypted, and stored.

Dropship is essentially an alternative client that fakes the fingerprint to trigger scenario 2a, without ever having had the file locally.

The actual file contents are still encrypted. But, as recent kerfuffles have pointed out, this encryption uses a key owned by Dropbox - not a private key that you can manage/secure yourself.

Personally, I think this is a reasonable measure of security for the service.
* You get a very clean client and fairly robust feature set that would be much more difficult or impossible with perfect security.
* Your data is protected against casual wandering eyes or someone hacking into the underlying S3 storage (or whatever they're using now).
* You're still open to a deliberate effort by a Dropbox insider with sufficient privileges, government subpoena (or angry letter), and uncommon stupidity / freak accidents.

For the kinds of files I share with Dropbox, this is perfect. Anything else, I either keep to myself or (as Dropbox recommends) stick inside a TrueCrypt volume before giving away.

Don't understand (1)

Compaqt (1758360) | more than 2 years ago | (#35944238)

>import files into their accounts using hashes and bypassing the need to make files public.

???

It bypasses the need to make files public?

So, when you use Dropbox, you have to make files public? Isn't DropBox a way to share email attachments without attaching it to an email?

Why would you want to make it public?

Re:Don't understand (2)

VGPowerlord (621254) | more than 2 years ago | (#35944320)

>import files into their accounts using hashes and bypassing the need to make files public.

???

It bypasses the need to make files public?

So, when you use Dropbox, you have to make files public? Isn't DropBox a way to share email attachments without attaching it to an email?

Why would you want to make it public?

My understanding is that you normally have to invite people one by one to see your non-public files.

However, it's apparently possible for people to just have the hash and add it to their own dropbox account using Dropship to gain access to it.

Re:Don't understand (2)

VGPowerlord (621254) | more than 2 years ago | (#35944404)

To put it in DMCA terms (since this is eventually where it will end up), Dropship

is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title

-- U.S. Code, Title 17, Chapter 12, Section 1201 [cornell.edu] (a)(2)(A)

...although I am not a lawyer.

Re:Don't understand (3, Insightful)

pmontra (738736) | more than 2 years ago | (#35944580)

Basically that means that the secrecy of that hash is the only thing that protects our files on Dropbox. They probably encrypt the files but if anybody has the right hashes s/he can decrypt them. The hash is the key and invites and sharing are not even checked.

DMCA or not (0)

AftanGustur (7715) | more than 2 years ago | (#35944292)

It doesn't matter if they sent a DMCA or not, they clearly want a open source program off the internet.

Activate Streisant effect in 5, 4, 3, 2 ...

Re:DMCA or not (0)

Anonymous Coward | more than 2 years ago | (#35944458)

Steisant effect?
is that when someone has a name similar to a famous person
and gets "Steisand'ed" by accident?

Re:DMCA or not (2)

ScentCone (795499) | more than 2 years ago | (#35944606)

they clearly want a open source program off the internet

No. What they clearly want is to not have their reputation and business model tarnished by having their system turned into a big content piracy farm by people who are violating their very reasonable TOS.

Seems an odd response by DropBox (1)

sfranklin (95470) | more than 2 years ago | (#35944354)

If I were running DropBox, I wouldn't go after the guys who exploited a weakness in the way my filesharing worked...I'd fix it. Seems very odd that DropBox would worry about DropShip at all. Now I don't know anything about how this stuff works and so it may not be a simple change, but if you're going to be a company that wants to provide secure filesharing, then you've got to make the change anyway, DropShip or no DropShip. So, update your code to close the loophole so it doesn't work any more. Problem solved, not only for DropShip but also for any other person looking at the same thing.

Re:Seems an odd response by DropBox (1)

PessimysticRaven (1864010) | more than 2 years ago | (#35944542)

If I were running DropBox, I wouldn't go after the guys who exploited a weakness in the way my filesharing worked...I'd fix it. Seems very odd that DropBox would worry about DropShip at all.

This is most likely the cynic in me speaking, but, I'm betting it might have something to do with the same issues most companies have with 'exploits' that are plays-on-words of the company/service name. Some dolt might mistake the two as a service from the same company. And while a company SHOULD praise the people that find exploits, no company likes the feeling that someone outside their payroll found an issue within their systems. Also, the folks who pay for a higher storage amount might suddenly go into tizzy about 'privacy,' get scared, and leave. Effectively losing revenue for Dropbox. I agree entirely with your question, though, especially with the bit I've quoted.

Not a "DMCA Takedown," really (0)

Anonymous Coward | more than 2 years ago | (#35944428)

Just to clarify, the email under discussion was not really a DMCA Takedown Notice, as we generally think of it. Those are notices sent by content owners to a service provider, demanding that certain content be removed. Those carry the legal restrictions and penalties for false filings. *This* was the notice sent by the service provider to the customer saying, "Oh, by the way, we had to take down XYZ because someone claims you can't do that." Which is completely different.

Now, the guys at Dropbox did contact others who were publishing Dropship. These were, by all accounts, very cordial messages, along the lines of, "We hope you understand that this isn't good for us. Could you please help us out?"

So what is the best drop-in file uploader? (1)

Marrow (195242) | more than 2 years ago | (#35944490)

If someone wants to turn a apache webserver into a "ftp site" using the http protocol, what is the best drop-in solution. One that does not involve programming. I found one that has progress bar and stuff, but I am sure there are others out there.
What is the state of the art?

Last Straw (2)

Sensiblemonkey (1539543) | more than 2 years ago | (#35944558)

Slashdot has become increasingly misleading and sensationalist in recent years. So much so that I'm moving Slashdot's RSS feed to bottom of my pile; to be seen only in moments of extreme boredom. I have far better things to do with my time that wade through the constant stream of FUD that this site is generating these days.

Censoring? (2)

ScentCone (795499) | more than 2 years ago | (#35944572)

This isn't censoring. This isn't the government. That word is going to stop meaning something if people can't use it in some sort of rational context. Never mind that Dropbox is just trying to prevent their system from being turned into a big anonymous piracy farm - a very real concern, and one that they have every reason (and latitude within their TOS) to fight. But ... "censoring?" Why not just call them fascists, while we're at it? Idiots. This article it inaccurate, alarmist trolling.

FTFA, both sides seem guilty. I'm confused. (1, Insightful)

bl8n8r (649187) | more than 2 years ago | (#35944620)

Dropship that allows users to exploit Dropboxâ(TM)s file hashing scheme to copy files into their account without actually having them."

I can see why they would be a bit ruffled over this. Seems like this could be in the same realm as an SQL injection attempt. It's just using JSON instead.

"First of all, attempting to protect a proprietary protocol is going to get them nowhere. "

Ok, that's a problem. The reason the protocol is proprietary is because the company has put a lot of time, money and effort into developing their product. They want to recoup some of the development costs through the implementation of their protocol.

The DMCA thing well ...that's what the DMCA is. It's basically a catch-all b1tchstick that can be bent into whatever shape the law wants to blame whoever for whatever. The way dropbox handled things *is* pretty crappy IMO, but if you're going to be a dick and crack peoples websites.... expect to get dick'd back.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...