Feeds

Dropbox erects sueball shield with new T&C and privacy legalese

Drops mention of AWS, forbids class actions and makes arbitration compulsory for all

Secure remote control for conventional and virtual desktops

Grumpy with Dropbox? Forget sueing the company, which is trying to keep you from your lawyers with its new Terms of Service document effective as of March 24th, 2014.

Dropbox has been progressively notifying its customers of its new rules over recent days. Your correspondent received an email yesterday, but legal blog Lawyerist received it a few days ago and has noted that the company is trying to head off legal action in interesting ways.

Firstly, Dropbox now insists “We want to address your concerns without needing a formal legal case. Before filing a claim against Dropbox, you agree to try to resolve the dispute informally by contacting dispute-notice@dropbox.com. We'll try to resolve the dispute informally by contacting you via email. If a dispute is not resolved within 15 days of submission, you or Dropbox may bring a formal proceeding.”

In other words don't even think of throwing a sueball until you tell us what you're thinking so we can do everything in our power to cut you off at the pass.

If you send such an email, Dropbox has made arbitration a compulsory next step, unless you opt out by completing this form before April 24th. If you stay opted in, The American Arbitration Association's processes will be used, and “The arbitration will be held in the United States county where you live or work, San Francisco (CA), or any other location we agree to.”

Let's hope you can make it to Reykjavik in case Dropbox decides that's a nice place for arbitration.

If your complaint against Dropbox is shared with others, forget banding together thanks to this clause:

No Class Actions. You may only resolve disputes with us on an individual basis, and may not bring a claim as a plaintiff or a class member in a class, consolidated, or representative action. Class arbitrations, class actions, private attorney general actions, and consolidation with other arbitrations aren't allowed.”

Your correspondent takes that to mean that if Dropbox deletes every one of its users folders named “Family photos” you'll have to go mano e mano rather than find a nice lawyer willing to virtualise you into a single, larger, lawsuit.

The service has also posted an updated privacy policy that differs markedly in wording from its April 2013 predecessor but on our reading does not suggest the company plans to collect more personal data. Indeed, the new policy outlines a plan to honour Do Not Track requests. “If our systems receive a DNT:1 signal from your browser, we’ll stop using pixels to promote our services on third-party sites accessed via that browser,” according to the company's Cookie-handling advice.

There are a couple of interesting-looking additions to the policy. Here's one:

“If you are not a Dropbox for Business user but interact with a Dropbox for Business user (by, for example, joining a shared folder or accessing stuff shared by that user), members of that organization may be able to view the name, email address and IP address that were associated with your account at the time of that interaction.”

That may give you pause before you download something from a Dropbox for Business account.

There's also an interesting nugget for those who may use Dropbox for personal and work purposes, to wit:

“If you are a Dropbox for Business user, your administrator may have the ability to access and control your Dropbox for Business account. Please refer to your employer's internal policies if you have questions about this.”

One interesting omission in the new privacy policy is Amazon Web Services (AWS). The current privacy policy says “As of the date this policy went into effect, we use Amazon’s S3 storage service to store some of your information (for example, your Files)”. The new privacy policy makes no mention of AWS.

There are still plenty of mentions of service providers in the new policy, and the term “our servers” is used often in both versions. Dropbox's spokesagency assures us that it is still storing your stuff in AWS' S3 bit buckets. Clearly the company's recent $US250m cash injection isn't enough to build data centres that could rival AWS' for reliability or capacity. ®

Internet Security Threat Report 2014

More from The Register

next story
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
NASA launches new climate model at SC14
75 days of supercomputing later ...
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
DEATH by COMMENTS: WordPress XSS vuln is BIGGEST for YEARS
Trio of XSS turns attackers into admins
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?