Can You Store Illegally Downloaded Files In Dropbox
Late last dark, a tweet was spread far and wide showing that a DMCA notice had blocked a file from being shared on a Dropbox user'south account.
As of this afternoon, it's seen just shy of 3 thousand retweets.
What was going on? Was Dropbox of a sudden doing something sketchy? Were they of a sudden lurking around their users' folders, excavation for copyrighted fabric hiding among personal files?
Nope. The organisation is neither new, nor sketchy. It's been in identify for years, and it'due south about as unsketchy every bit an anti-copyright infringement arrangement can get. Information technology allows Dropbox to block pre-selected files from being shared from person-to-person (thus keeping Dropbox from getting raided past the Feds), without their anti-infringement system having any thought what nigh of your files actually are.
Earlier we swoop in, a few things to clear up:
- Some interpreted the original tweet to mean that a file only sitting in that location in a user's individual dropbox had been DMCA'd and blocked. This wasn't the instance. Only when a file is shared from user-to-user (or with the Net at big) does the DMCA cheque organisation come into play. In this case, a share link was generated to be sent over IM.
- Some thought the original file was deleted from the user'due south Dropbox — that'southward not the example, either. Dropbox just blocks the file from being shared.
- The original author of the tweet has followed up to clarify that he doesn't think Dropbox is doing annihilation evil here, and that he just found it interesting — he didn't intend for it to spread the manner it has.
If you know what "file hashing against a blacklist" means, feel free to skip the rest of this post. Dropbox checks the hash of a shared file against a banned list, and blocks the share if in that location's a match.
If those words audio similar voodoo to you, read on.
How It Works:
In information science, there's an incredibly common concept chosen "hashing".
It'southward used only about everywhere — from allowing web services to check your password without having to actually shop your original countersign, to confirming that a file wasn't somehow changed as information technology traveled from user to user.
A hash function, in this case, is just an algorithm which spits out a unique identifier based on what you lot feed into it.
Hashes are usually just strings of characters. The hash for File A might be "4f2900f2fdfaf", while the hash for File B might exist "dba7b12a19fe9". Dropbox's hashes are probably waaaay longer than that (to allow for a college number of unique hashes), merely yous go the thought.
With a properly implemented hash function, running the aforementioned verbal file through the algorithm twice volition render the aforementioned identifier both times — but changing a file even slightly completely changes the hash. Then changing File A by even a few $.25 should change its hash to something entirely dissimilar, like "e3c277c771c8e".
(This image is a modified version of a public domain image shared through Wikimedia Eatables)
This identifier can be used to tell you if a file is exactly the aforementioned as another file — but information technology'due south a ane style street. The hash couldn't tell you what that original file is, without you already knowing or having a copy of the file to compare it to.
It might help to recollect of a hash like a fingerprint. Everyone's fingerprint is unique, but it tin't be used to identify a person unless you already have a record of that person's fingerprint to compare it to. Likewise, a hash-based DMCA compliance system tin't tell what a file is, unless it's exactly the same as a file that has received a takedown request.
When you lot upload a file to Dropbox, two things happen to information technology: a hash is generated, then the file gets encrypted to proceed any unauthorized user (be it a hacker or a Dropbox employee) who somehow stumbles it sitting on Dropbox's servers from hands being able to open information technology up.
(Annotation on encryption: Dropbox handles the encryption keys, then they could wait at your files if they were legally required to. Their system has checks in place, both physical and technical, to go on employees from poking about your stuff on a whim.)
After a DMCA complaint is verified by Dropbox's legal squad, Dropbox adds that file'south hash to a large blacklist of hashes known to be those corresponding to files they can't legally permit to be shared. When you lot share a link to a file, it checks that file's hash against the blacklist.
If the file you're sharing is the exact same file that a copyright holder complained about, it's blocked from beingness shared with others. If it's something else — a new file, or even a modified version of the aforementioned file — a hash-based anti-infringement system shouldn't take whatever idea what it'southward looking at.
In other words: at to the lowest degree based on what they've stated publicly, Dropbox isn't actively scanning through your crap on a hunt for copyrighted materials. There'south no human being (or fifty-fifty a robot) listening to your MP3s to try and find hot leaked Fergie tracks, or reading through your Harry Potter fanfic collection. They've just got a big list of files that they can't allow be shared, and they identify these files in a way that is deliberately blind to what any not-blacklisted files actually are.
Now, none of this is to say the hash-based system is without its security concerns. If required to past the government, for case, Dropbox theoretically could place whatever user who had a certain file stored on their business relationship. Just the same would hold truthful for pretty much any cloud-based storage organisation where the user isn't treatment all of the encryption themselves.
For the record, here's Dropbox'southward official annotate on the tweet:
There have been some questions around how we handle copyright notices. We sometimes receive DMCA notices to remove links on copyright grounds. When we receive these, nosotros process them according to the law and disable the identified link. We accept an automatic organisation that and so prevents other users from sharing the identical material using another Dropbox link. This is done by comparison file hashes. We don't look at the files in your individual folders and are committed to keeping your stuff rubber."
DOWNLOAD HERE
Posted by: letourneauthessell.blogspot.com