Future Tense

Dropbox Isn’t Snooping, but It Knows When You Try to Share Copyrighted Files

Sharing is caring, but if you share something that’s on Dropbox’s list of files protected by copyright, the company will stop you.

Illustration from Dropbox.

On Saturday, Darrell Whitelaw tweeted about a message he’d received from Dropbox. It said that the service was blocking him from sharing a copyright-protected file because of a Digital Millennium Copyright Act warning.

The notice has been retweeted more than 3,500 times, as Twitter denizens began to worry that this meant Dropbox was snooping in Whitelaw’s account—and their accounts. But from the moment he composed his tweet, long before Dropbox had even issued a statement, Whitelaw knew what was actually going on, and that the company hadn’t been looking through his files at all.

Dropbox checks the fingerprints, or hashes, of every file uploaded to the company’s servers against a list of “blacklisted” hashes that are known to have received DMCA warnings in the past. If you upload a file that is exactly the same (aka has identical contents and therefore the same hash) as a file that was shared at another time on Dropbox and received a DMCA warning, the service will automatically stop you from sharing it.

Dropbox doesn’t need to know the contents of the file, or to look at anything else you host on the service, for its software to recognize that the file is being shared improperly per copyright law. In a statement to TechCrunch, Dropbox said:

There have been some questions around how we handle copyright notices. We sometimes receive DMCA notices to remove links on copyright grounds. When we receive these, we process them according to the law and disable the identified link. We have an automated system that then prevents other users from sharing the identical material using another Dropbox link. This is done by comparing file hashes. We don’t look at the files in your private folders and are committed to keeping your stuff safe.

The takeaway here is that Dropbox isn’t the right place to be sharing anything pirated. And as Whitelaw said in a tweet, “No shared box will ever be ‘private.’ ” It’s almost impossible to find a service that stores your data but doesn’t have a way to look at it with either human eyes or algorithms.