On Saturday, Darrell Whitelaw tweeted about a message he'd received from Dropbox. It said that the service was blocking him from sharing a copyright-protected file because of a Digital Millennium Copyright Act warning.
The notice has been retweeted more than 3,500 times, as Twitter denizens began to worry that this meant Dropbox was snooping in Whitelaw's account—and their accounts. But from the moment he composed his tweet, long before Dropbox had even issued a statement, Whitelaw knew what was actually going on, and that the company hadn't been looking through his files at all.
@maxfenton yeah, not vilifying at all. does cause some concern going forward, but minimal for the moment. the hash system is what it is...--darrell whitelaw (@darrellwhitelaw) March 30, 2014
Dropbox checks the fingerprints, or hashes, of every file uploaded to the company's servers against a list of “blacklisted” hashes that are known to have received DMCA warnings in the past. If you upload a file that is exactly the same (aka has identical contents and therefore the same hash) as a file that was shared at another time on Dropbox and received a DMCA warning, the service will automatically stop you from sharing it.
Dropbox doesn't need to know the contents of the file, or to look at anything else you host on the service, for its software to recognize that the file is being shared improperly per copyright law. In a statement to TechCrunch, Dropbox said:
There have been some questions around how we handle copyright notices. We sometimes receive DMCA notices to remove links on copyright grounds. When we receive these, we process them according to the law and disable the identified link. We have an automated system that then prevents other users from sharing the identical material using another Dropbox link. This is done by comparing file hashes. We don't look at the files in your private folders and are committed to keeping your stuff safe.
The takeaway here is that Dropbox isn't the right place to be sharing anything pirated. And as Whitelaw said in a tweet, “No shared box will ever be ‘private.’ ” It's almost impossible to find a service that stores your data but doesn't have a way to look at it with either human eyes or algorithms.