Dropbox reads your files...kinda

Well, here's an interesting little tidbit for those that use Dropbox to store or share files.

We have all seen documents getting leaked out of large organisations to the public, and invariably said company usually get's the documents removed for legal reasons from wherever they are being hosted. In fact, after the supposed presentation about the XBOX 720 leaking (opens in new tab), we saw it being removed from Scridb.com at the request of Covington & Burling LLP which is a firm known to have dealings with Microsoft.

None of that is surprising, but today Windows Phone Centrals Daniel Rubino sent me a certain document via Dropbox so that I could take a look at it. However, trying to download the file just returns the image you can see above. This was not a link shared publically, but yet, it was removed seemingly automatically.

That begs the question, do storage companies analyze your files' content as you upload them? They no doubt have a clause in their terms that allows them to do just that, but it is another thing actually seeing it used.

Moral of the story? Don't use commercial cloud storage to share secret files.

18 Comments
  • Exactly why I do my own cloud using Synology's DiskStation. 
  • Synology is really a fantastic solution that hasn't gotten enough credit yet. I can only imagine what they will do once the money starts rolling in.
  • Of course they do.  This is why Dropbox is still up and Megaupload is not.
  • Exactly why this isn't truly news. If they DIDN'T read your files, it would be news.
  • I doubt it. They probably just hash the file after upload and compare it against a list a known 'forbidden' hashes. That'd be the cheapest way to do copyright violation detection and takedown. It might've taken a while if they have some background job that does the scrubbing.
     
    Test it by changing some of the contents of the file and uploading again with a different file name.
  • Every hash could collide, and it must collide given billions of files are uploaded. If they don't employ human inspection on each hash collision, the false positive rate will be too high to bear.
  • What about emailing an attachment? What about using SkyDrive upload instead of attaching?
  • Oops... my only use for Dropbox is to stash all of my porn. :D
  • You got one of your tags wrong for the post, it is DMCA not DCMA :-)
  • have u guys tried skydrive to see if the same thin arises?
  • Read what it says. Digital Millennium Copyright Act by Microsoft. SkyDrive = Microsoft. Probably safe to assume SkyDrive cannot be trusted either imo.
  • I'd just add these type of files in a rar/zip with password. Or I can create encrypted container inside Dropbox, and update stuff inside it. // chall3ng3r//
  • Thats great but not the real point... The issue is how far can they go with this. Could they create "indecent" rules and start blocking your content because of too many swears. Dropbox and others can filter as they please, so if every provider out there developed a similar code of conduct, our freedom of speech could be compromised simply because we chose it, and there's no one left to provide unrestricted access/storage/resources.
  • Does DMCA or other copyright protection policy only apply to shared folder? If they also apply to private back up folder, I think it goes too far.
    I even think it went already too far to inspect non-public/limited access/small private party file sharings.
  • It works the same with SkyDrive.
  • You mean you used Dropbox and not Skydrive? :-O
  • For shame... ;)
  • Dropbox is now dead for me, as Google, privacy comes first.