Last week we could read about a security breach at Dropbox file passwords where a bug made passwords optional for a few hours. This break in security led to an outcry in the user community and with reason. What if you had your personal and very private information stored at Dropbox and now suddenly it was open to anybody. Dropbox said that less than 1% of users logged in during this time, but if the company has 25 million users, even one percent is a considerable number specifically if the breach caused users an issue.
A few days later Dropbox was yet again in the news and now by changing the Terms and Conditions of use and the new terms gives Dropbox the authority to use your information by having following statement in their terms
We sometimes need your permission to do what you ask us to do with your stuff (for example, hosting, making public, or sharing your files). By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service. This license is solely to enable us to technically administer, display, and operate the Services. You must ensure you have the rights you need to grant us that permission.
The question that I have is now whether Dropbox can sell my content to be used by search engine vendors to index and to do targeted marketing. The timing of this topic is pretty interesting as I was reading last night a book by Eli Pariser called The Filter Bubble: What the Internet Is Hiding from You. The book really opened my eyes concerning personalization of search results based on YOU and your profile. If you assume that the search results are the same for you and I want you to think again…. as you and I will have different search results even if we use the same search terms.
The Dropboxes of the world have a valuation based on the future expectations and according to Cnet News, the company has now more than 25 million users that are using the service for free. According to TechCrunch, the rumored valuation of the company today is as high as $1.5 or 2 billion. But this valuation is based on that people trust the service like TechCrunch concludes in their blog entry.
My question has always been that can we expect anything if we get things for free? If the only idea for your business is to take venture capital to drive the business on huge loss and then capitalize on valuation expectation like many other companies have, then I do get it. But if you build a software business with the idea of being around for a while and having a sustainable and profitable business, I can’t see a free model to work. I am sure that even Dropbox is considering to use the content in the “free accounts” to drive ad revenue as indexing the content will enable targeted marketing for the end user using the “free service”.
Michael Krigsman from ZDnet concludes that Dropbox is unlikely to read your “Stuff” but he suggest to discontinue the use of the product for applications where privacy and confidentially are mission critical. I believe this has nothing to do with the bug or security breach, but more how the terms and conditions are laid out for users. You need to be your own judge when you use the service and whether you feel it is OK to give Dropbox the authority to your data as the terms suggest. Dropbox has responded to the outcry of the change in terms and conditions in their blog so you can all judge based on the response how you want to see the change in conditions.