The Internet launched into a minor panic over the weekend when a Saturday night tweet from a San Francisco-based designer seemed to reveal that Dropbox, a cloud-based file hosting service, monitored private accounts for files that violated the Digital Millennium Copyright Act.
Darrell Whitelaw shared an image of a Dropbox folder with a notice that read, “certain files in this folder can’t be shared due to a takedown request in accordance with the DMCA.” The tweet has since been shared more than 3,500 times.
— darrell whitelaw (@darrellwhitelaw) March 30, 2014
Many Dropbox users responded to Whitelaw’s tweet that they were going to look for an alternative service, but Dropbox’s practice isn’t anything new. Dropbox has being doing this for a long time.
The way Dropbox checks for pirated content is also completely legal and doesn’t even really violate a person’s privacy. Dropbox’s system is able to detect infringing content without reading what the files are.
As TechCrunch explained, Dropbox relies on a unique identifier assigned to each file known as a “hash.” Any small change in a file results in a different hash, so although a hash cannot tell what the original file is, it can be used to locate duplicates.
Each file uploaded to Dropbox is given a hash. If a file is identified as violating DMCA, Dropbox adds the file’s hash to a blacklist. If anyone tries to share this file, the hashes will match and Dropbox will block the file.
Dropbox doesn’t even delete the original file or block the private box; it simply blocks the file from being shared from user to user.
Every file uploaded to Dropbox is encrypted, so the hash system allows Dropbox to identify violating files without having to inspect the file content.
Dropbox does hold the encryption keys, so it could inspect the content if it were legally required to. But for usual DMCA notices, Dropbox doesn’t need to look through private folders.