Just three months ago Dropbox was the darling of the tech world. Now they're putting out fires every other day. Just goes to show you how tightly you have to control your image — and how quickly things can slide out of control.
You die a hero or you live long enough to see yourself become the villain.
Facebook, Google, Microsoft...all were everybody's favorite scrappy insurgents at one point.
Once perception shifts the other way, it's hard to turn things around because everyone starts assuming the worst. This incident is a perfect example: the old ToS were standard boilerplate that appears in a bunch of other places, and had most other companies done it, it would have been seen as a non-issue. However, since Dropbox has been receiving other negative press lately (some centering around real issues, some centering around similarly trivial nonsense), that changes how every new story about them is perceived.
Also...
Windows 7, .NET, Visual Studio, Office 2007 (Ribbon overhaul), WP7 (though a way to come yet, but tends to get good reviews, particularly for the UI).
Just because they are not your personal preference doesn't mean that they aren't good products.
VS2010. Mainly the fact that the user interface is painfully slow[1] (either that or I'm unreasonably fast which is rediculous as Vim can keep up with me) and it just dies about 5 times a day on a good day. It might be the solution size though - it's got about 0.5 million lines of C# in it. Still it should work.
[1] On a quad core Xeon with 12Gb RAM, SAS disks and ATI FirePro card.
That size of codebase is definitely an issue :) Last time I had 500k of C#+C++ (5 years ago roughly), I split the solution into around 20 solutions, and used binary dependencies (with CruiseControl.Net on top of that [1]).
I remember reading similar advices in other places as well (and for other languages/platforms, too).
That looks painful. I'd rather like to move it to an SOA and split it into logical feature partitions and use service composition and windows workflow to integrate it all. Typically, I don't think anyone wants to pay for that though.
I should have made it clearer that I wasn't trying to disprove your greater point, only clarify that one division of Microsoft does make good, very popular stuff.
Their products were "bad" (overpriced and mostly technically inferior.)
I'm not even sure their intentions were very good except in the very early days. Hard to imagine Google charging $900 for a $90 memory stick like Sun did.
"Microsoft hasn't had good products or good intentions in a very long time."
No good products? Maybe we define "good" differently, but saying that MS hasn't had any good products for a very long time is just not true. Maybe this proves how dangerous the press and the bad reputation really is.
>No one believes Steve Job's cares more about money than making good stuff.
Really? He gets blasted for being evil almost daily. Personally, I think he doesn't even care about money (since he's thrown away huge sums of money by just not exercising stock options), but a very loud minority (?) disagree.
>Google has the best products and undeniably great intentions.
Disagree on both counts.
>No one believes Larry Page wants anything more than to improve the world.
Couldn't disagree more. I believe Page wants people to think that's all he wants but I don't buy it.
>and their intentions have always been kind of borderline acceptable.
You're being overly kind here, but I agree with the sentiment.
1. Everyone even the most loyal apple fanboy now believes that there is some evil in there. Even pg wrote an essay about it. http://www.paulgraham.com/apple.html
2. Google got lot of bad press after the deal for internet deal with sprint and since then have lot of trust in its users.
3. I think microsoft's evilness is perhaps more influenced due to mediocre products than anything else. Its no more evil than modern apple.
All these people and companies have massive multi-million dollar PR departments shaping their public images and attacking their competitors', it is impossible to know the real motivations for any of them. Microsoft Google and Apple are among the largest companies in the world, there is no reason to trust any of them more than you would trust, say, Walmart or Exxon.
Dropbox is my absolute favorite YC company by far. This appears to be their biggest weakness to date.
They've done a piss poor job of having a public voice. They don't respond to things quickly and when they do they're somewhat defensive and dismissive.
The truth is most of the noise actually is bullshit. They know that. The problem is public perception isn't fair. You can't ignore false hysteria and expect it to go away. People will form opinions based on headlines alone.
They need to humanize the company. Make sure everyone knows Dropbox is run by good people who have good intentions. More Google, less Microsoft.
They still have a ton of momentum, but it's all based on word of mouth. If they lose the warm fuzzy feeling people have about them they will suffer badly in the long term.
Actually, I think outside of tech tech world Google might have a worse image then Microsoft does.
The controversy about Microsoft is long forgotten by most people. Google on the other hand can come over as quite creepy to non-techies: They offer something for free, which is always creepy, they harvest all this information about you and they come of as quite emotionless.
I think Google might have a little bit of the same problem with the general public, as Dropbox does now in the tech-world. Even though Google is working on it, with their recent ad campaigns.
You really think people outside of the tech world are think offering something for free is creepy (they seem 100% fine with major TV networks)/know Google is harvesting info/even think of websites as being emotional? All three of those seem to be exclusively tech nerd complaints.
Actually, I think they shouldn't be either and just be Dropbox. That is why I have stuck with them through all of this. They're like the Mom & Pop store that doesn't exist in so many towns these days. Yes, they have done a terrible job with their "voice" of late, but I'm sticking with them because I know there isn't some huge corporation behind it and they are trying hard to put out a great service.
That's somewhat of a sensationalist comment. What they're doing is actually very positive and different. TOS are generally viewed as complex legal verbiage that shouldn't be touched with a 10m pole. Many startups avoid dealing with the issue by adopting existing TOS without questioning the harsh and extreme language used. To me, it appears that the Dropbox team is setting an important precedent by questioning, through user feedback, the need for unfriendly terms that have become the norm. To that I say: Good job, Dropbox!
It's very tempting to read HN and TechCrunch and think that the complaints you see there are representative of the overall population. They're not. I'd bet at least 90% of Dropbox users don't know either exist. They didn't know there was a change of terms, they don't even know Dropbox has a blog.
I don't think anything has slid out of control for Dropbox. They're simply making an incremental improvement to their Terms for the 10% of users who do care, the same way they would any small feature.
If you're running a service like Dropbox, you need to be paying equal time to security and legal issues. It's the nature of their business. I'm impressed by how they handled this TOS issue, but I'm also disappointed that they didn't see it coming a mile away.
They're handling it considerably better than Digg. They've been phenomenally responsive on the issues, and you can actually see them learning from each of these iterations.
The language change here is fantastic - it's easy to understand and isn't overly broad.
I'm not sure how they plan to stick to this part "we won’t share your content with others, including law enforcement, for any purpose unless you direct us to".
If Dropbox gets a sub-poena to hand over some user's content, can they really ask the user first whether they can share it with law enforcement? I was involved with some of this stuff back at MSFT and it isn't something you had a great deal of leeway with.
In that case, what does the text in my comment mean? If law enforcement is asking you for content, they'll always have some legal paperwork to back it up. Those rare exceptions are pretty much the rule when it comes to dealing with LE.
Not even remotely "always". These days, law enforcement will frequently talk to a service provider before they have a warrant, and the service provider will often cooperate without seeing a warrant.
However, the exceptions in Dropbox's ToS and Privacy Policy allow them to do the same under a broad set of circumstances, not just when required to by a warrant/subpoena.
At the cost of some user-friendliness they can rework their key management to make it impossible for anyone to decrypt your files unless they have your private key (which you would put in place on each of your computers).
I'd love to know more about this, if you have the time to point me to some place to learn/read/listen. I'm an amateur backend developer(yay node), and I'm trying to figure out how to make it so that even I'm not able to read the contents of a users uploaded file/generated content without a key. Can I use the password as this key? How would I go about this?
It depends on how user-friendly you want to be. A balanced solution would be to use their password to encrypt a really long key, with which you encrypt their data by using symmetric encryption. This way you can add new computers as long as you know the password, and you only have to re-encrypt the key when the user changes their password.
A more secure, but much more cumbersome solution would be to do the same but with private keys on each computer. However, to add a new computer you'd have to have the user transfer their private key from one computer to the other without ever reaching you, so that other computer could decrypt the filesystem encryption key and re-encrypt it adding the new public key.
I can help you with this having just done it for my own startup. Send me an email and I'll shoot you over our independent security report which explains all.
Are you going to sue them if they do it anyway? I don't think the case would take you very far, esp. since law enforcement only needs to tell you to direct DB to release the records.
What's yours stays yours... except for when we stuff up the login system and let anyone login to your account?
Yes I know it was a mistake, but now that you've sorted out the licensing terms, lets move onto the issue of showing people you have improved your security model. Many people put pretty important stuff in their Dropbox, prove them that it will be secure. You need to come out with a blog post outlining all the new security incentives you are doing to win peoples trust back in that regard. Perhaps look at offering two factor authentication like Gmail (I believe they open sourced that), or at least when you setup a new PC to sync you need email confirmation like Steam. Maybe give people the option of having 'extra secure' dropbox folders that require you to give an extra password to access.
How is one supposed to know the hash without also having had access to the file in some way and at some point in time?
If someone else knows the hash of your super secret document they must have had access to your super secret document or you must have given them the hash.
From their blogpost/terms of service
We may need your permission to do things you ask us to do with your stuff, for example, hosting your files, or sharing them at your direction.
I assume they mean discretion instead of direction. A bit sloppy, especially regarding all the fuzz the new terms gave.
