Jul 022011

The infosec world was a buzz (or a tweeting) this morning with news that the popular file service dropbox has changed their legalese. The key paragraph that is now getting attention is as follows:

We sometimes need your permission to do what you ask us to do with your stuff (for example, hosting, making public, or sharing your files). By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service. This license is solely to enable us to technically administer, display, and operate the Services. You must ensure you have the rights you need to grant us that permission.

Many professionals have now deleted their accounts.  We will see how the general public reacts to this change in terms of service.  Personally, I never used the service and certainly never will on those terms.

For those of you who need to store data “in the cloud” (in other words, on the Internet), there are some alternatives out there.  Here is a google+ post: https://plus.google.com/u/0/115846783938665223975/posts/LnxqCCTtjVV.  And here is an older article before this issue: http://techpp.com/2010/07/05/dropbox-alternatives-sync-files-online/.

Keep in mind, this is occurring shortly after dropbox had a serious authentication issue which essentially removed any passwords from all accounts for four hours.  There was evidence that that was exploited while the vulnerability existed.