Monday, July 4, 2011

Are there holes in Dropbox?


The Information Age
Ours is the Information Age. Pieces of information - data - are the currency of the times. Data are created, supplied, demanded, stored, distributed, lost, destroyed, aggregated, replicated... and there are human beings involved every step of the way, because information is a product of the human experience.

There are all kinds of pieces of information to which people need access in more than one location. Today's technology allows for one person to make sense of using any number of devices in the normal course of their personal and professional lives - desktops, laptops, PDAs and mobile devices...privately owned machines, publicly-shared machines, corporately managed machines...

I use and have recommended the use of Dropbox over the last six months. Recently, Dropbox released a new Terms of Service attempting to present its terms in non-legalese language, and it has created a furor over understanding - and misunderstanding - the implications of some of its terms.

For me, it's much ado about nothing. Yes, many more technically-adept people recommend dropping Dropbox asap:

It's also informative to read the comments/conversations following the articles as well.

But, there are also those out there saying "don't listen to the us" as they speak words of calm.

  • Agile bits affirms that, after testing many alternatives for their professional purposes, Dropbox is still their choice, as it does a few things no one else does as well, if at all.
The Cloud
"The cloud" is a two-edged sword from jump. But it does provide a solution to the two-edged sword of trying to ensure the safety of your data on a single machine. Unless you are an uber-techy, you might not be inclined to do what is required to maintain your own data safety. "Backing up" is not as simple as it sounds, and all kinds of software solutions are out there to try to make it easier...but there is no dominant standard, which itself is telling - the concept is not sexy and does not enjoy mindshare, usually until after something bad happens, and at that time it's likely too late.

"The cloud" can provide some ubiquity and redundancy to your data, so if something happens to a copy of it here, you can access a copy of it there and keep on writing/working/reading/whatever. But, then there's the privacy issue. And the monetary matters. And the legal landscape...

What is the issue?
Basically, the language reveals implications that don't sit well for many, especially those who are creative (artists, writers, and others for whom protecting their copyright is an important matter). Personally, I understand and thus interpret the language as a simple function of what's required for Dropbox to offer its service.

For example, the time it takes for me to access a file on Dropbox remains relatively the same - the ability to deliver a request to open or download a file requires server strength that inherently requires redundancy - which means, they had to save the file to many different locations (in case one server site burns down). The company has promised a user experience - how they deliver is their problem, and these terms help them deliver.

Consider also a matter of copyright. I write a manuscript and save it to Dropbox. If they copy the file, should I be able to charge them for it? If every writer charged Dropbox for making a copy in order to provide the service, Dropbox would become insolvent. In order to provide the service, Dropbox says "look, if you want to save your creative material on our service and we copy it in order to ensure its availability to you, don't charge us, okay?" Seems reasonable to me.

"Oh, but then they can sell my work and not remunerate me." Yeah, sure, it suggests this is a possibility. But honestly, do you believe Dropbox is a front for some clandestine organization who is looking to steal your next novel so they can make money on it? Some actually entertain this possibility, hence the defections.

Then there's the issue of my saving a copy of some material I did not create and, therefore, cannot grant copy rights. So, for example, if I save music I have bought to Dropbox so I can listen from any location/device, I still cannot grant Dropbox the right to copy the music, but I now have been advised that Dropbox may, in the course of doing what it does, make a copy of the music that could be accessed by someone else and, in that event, Dropbox is not responsible because it's only managing files that I provided and granted permission for them to do what they need to do. So now, I'd be guilty of copyright infringement.

However, if I extrapolate this out, it seems planet would sue itself out of existence - it's just such an impractical eventuality, it makes no sense. The easier it is for people to use and enjoy digital music, the more they'll buy. Killing the golden goose by making people afraid to save, share and access their digital collections is not in the best interest of the copyright holder in the first place. Is ABC Band going to subpoena Dropbox to divulge who all are sharing their music files and then sue each of their loyal fans individually? Well then, where are their concert ticket sales coming from on their next tour when all their fans are broke after having been sued?

Of course, I'm not a lawyer, and maybe I'm totally out to lunch on this point. And if this scenario applies to you, you may have to reconsider whether Dropbox meets your needs. My only question here is, whatever online alternatives are out there that can deliver a similar user experience as Dropbox, are they not in the same boat with whatever methodologies they use that enable that similar experience? [edit: Ed Bott summarized the language from various cloud services, and they all retain the right to copy for purposes of providing the service. Microsoft's language goes on to say "if you don't want others to have those rights, don' t use the service to share your content."]

Why am I sticking with Dropbox?
It is still the most simple, elegant and reliable system for non-professional, personal use, and the majority of my use is personal. You don't have to be a techie to make it work, and once it's running it's quite seamless and unobtrusive. It also has plenty of techie chops - its API tools are respected, and it supports native file structures better than most direct competitors.

And, of course, I don't save ALL my files on Dropbox, especially those with information I wish to remain private. That's not much different than having a wallet with me on the move for certain pieces of information, and a fireproof safe at home for others. Managing our information in this age is an increasingly complicated patchwork of methods, tools, hardware and software. Dropbox is but one piece of a larger puzzle.

Are there alternatives?
Sure, there are. In every flavour, size and shape you can think of. By all means, go ahead and test alternatives, if you have the time and knowledge to understand the strengths and functionality of each. If you search you'll find plenty of lists of alternatives with summaries of what make each worth considering. It will take time - if you have the time, great.

For professional applications, there are security steps that work well with Dropbox. And there are more professional alternatives out there. In the professional space, even if you are a small office, you should have a professional techie advise, implement and support the solution that meets your professional needs.

Bottom line
Dropbox isn't for everyone, and alternate solutions that are perfect "right out of the box" are rare and will require techie chops. Dropbox's new TOS have implications that can be interpreted to be an uncomfortable compromise of valued protections...or they can be interpreted as facilitating the offering of the service.
As long as there is some choice, we're in fairly good shape.

[edit: here's an article with plenty of technical heft in the article and following comments that discuss Dropbox's design that creates security concerns].