Three Reasons You Shouldn’t Drop Dropbox

Dropbox is a service that we all know and love. This amazing product has made a huge splash in the app industry and has gone far beyond a simple backup service and become a way for us to all share files and keep data synced between devices.

Recently, the Dropbox team updated their terms of service and in doing do caught the attention of several tech blogs and users. Rumors began circulating wide and far that the company had stepped over the line as far as file usage rights. We were sick of rumors and went straight to the source and asked some people at Dropbox what was going on. We gave them an opportunity to give us three reasons we should still trust them with our data. Below we’ll share with you what they said.

What Happened?

I’ll start this story off where I came in and screwed things up. Over this past weekend I was preparing for the holiday and trying not to work too much, but I figured I’d poke around the web and fire off a few interesting tweets for good measure. I noticed that lots of people were complaining about Dropbox supposedly overstepping their boundaries with the usage rights of the files that people choose to backup. I found an article quoting the new Dropbox Terms of Service and sent out a brief tweet about Dropbox “owning” your content with a link to the article. Here’s the quote that the article had pulled from the new Dropbox TOS:

By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent we think it necessary for the Service.

Looking back, my tweet was out of line. I hadn’t really investigated and to be honest I didn’t intend to. I linked people to a hot story and let them figure things out for themselves. I wasn’t intentionally reporting, just sharing a link. Then I began receiving responses from angry customers claiming that they were going to drop the service. I realized immediately how poor my choice of words had been, but Twitter doesn’t really have an undo now does it?

At this point, I had put myself into this mess so it was time to do some due diligence. I began researching and I found that several customers were venting their frustration. I began ensuring our Twitter followers that it was likely a big misunderstanding and that Dropbox was and is a solid and trustworthy company. Meanwhile, I contacted Dropbox for comment and they gladly helped me out and answered any questions that I had.

The Real Quote

The quote above definitely sounds a little suspicious. In fact, it sounds a little like Dropbox is going to start stealing my content and using it however they see fit for personal gain!

However, before you get excited about this, you should understand that these words were taken slightly out of context. Here’s the expanded quote straight from the Dropbox TOS with a bit more explanation as to what’s going on.

We sometimes need your permission to do what you ask us to do with your stuff (for example, hosting, making public, or sharing your files). By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service. This license is solely to enable us to technically administer, display, and operate the Services. You must ensure you have the rights you need to grant us that permission.

Is This Permission Necessary?

With a little bit of context, this suddenly becomes a lot less ominous now doesn’t it? Let’s point out two key areas to focus on, neither of which were in the quote presented by the aforementioned tech blog.

  • “We sometimes need your permission to do what you ask us to do with your stuff (for example, hosting, making public, or sharing your files).”
  • “This license is solely to enable us to technically administer, display, and operate the Services.”

Here we get some clarity as to why we must grant Dropbox “sublicenseable rights” rights to our files. When we use the services, we’re asking them to host, backup, make copies and share our files with other people. Now, in order to do all of these things, they need some pretty far reaching permissions.

The terms clearly state that this permission is “solely” for the purpose of operating the service and they limit their use to what is “reasonably necessary” for the service. Granted, that term is a little vague, but if you’re really afraid that Dropbox will take your photos and sell them to Coca-Cola for an ad, you’ll definitely be covered here.

Is This Still Going Too Far?

If you find yourself wondering if Dropbox is still going to far, here’s a quote from a recent Dropbox blog post that was written in response to user feedback on this very issue.

“We want to be 100% clear that you own what you put in your Dropbox. We don’t own your stuff. And the license you give us is really limited. It only allows us to provide the service to you. Nothing else.”

There it is plain as day. Dropbox doesn’t own your content and any permission that you give them for it limits them to providing you with the services that you signed up to receive in the first place.

Is This Common?

One thing that helps provide context on this matter is whether or not Dropbox is branching out on their own with such policies or if this in fact standard operating procedure for this type of service.

To answer, this, let’s take a look at Google’s Terms of Service, which are applied to Google Docs and other content that you post to your account.

By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This license is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.

Sound familiar? It should because it’s almost exactly the language used by Dropbox. In fact, if you look around, you will find that just about every service where you post content has a similar agreement that you of signed when you joined up.

Three Reasons You Shouldn’t Drop Dropbox

“Just in case you’re still not convinced that Dropbox isn’t an evil corporation out to steal your Microsoft Word Documents, I asked Dropbox spokesperson Julie Supan point blank to give us three reasons why we should trust Dropbox with our data. The responses that I received were stellar.”

1) A Promise of Security and Trust

“Dropbox is a business based on trust. The trust our millions of users place in us is the most important asset we have. We have no intention of jeopardizing that trust, and will stay focused on providing a secure way for people to store and access their data. That is the promise we make to our community, which is reflected in a practical sense in our Terms of Service, Privacy Policy and Security Overview.”

2) A Dedication to Transparency

“We believe we have a responsibility to help our users understand clearly the steps we take on security and privacy. This is why we recently revised our Terms of Service, Privacy Policy and Security Overview to make all of our policies clearer and more transparent. We have tried to make those changes clear on our blog and through direct e-mails to every user.”

3) A Commitment to Acting on Feedback

User feedback is important to us; it helps us build a better service. That is why we’re working hard to remove the “legalese” in our policies. We have always welcomed feedback from the Dropbox community. When we heard feedback regarding our recent changes, we worked quickly to address any misperceptions about our intent, which is reflected in our blog posts.


To sum up, this entire situation was a media storm gone bad. The truth is, there is literally nothing suspicious, malign or out of the ordinary in the Dropbox Terms of Service. Dropping Dropbox because you refuse to grant them the necessary rights would mean that you should also cease all ties to Google and just about any other online service where you post images, text or data of any kind.

I am not on the Dropbox payroll. This is not a sponsored post. I’m a user, just like you, who was initially concerned about the recent hype but has now been fully convinced that Dropbox is in fact a superb company. I won’t be removing a single file from my Dropbox account because I have just as much or more faith in their dedication to security and privacy that I did two weeks ago.

Feel free to leave a comment with your thoughts. Do you trust Dropbox with your data? How about Google and other services with nearly identical TOS agreements?


Add Yours
  • Thanks for the clarification. It never occurred to me to end my use of Dropbox — they are the easiest and most reliable cloud storage on the internet.

  • 1) A Promise of Security and Trust
    Which they also did before all the security issues but fails to delivers.

    2) A Dedication to Transparency
    Which never bothered emailing me about password leaks.

    3) A Commitment to Acting on Feedback
    Which never responding to my email asking why I’ve not receive email regarding password leaks.

    So, no. It’s not about TOS changes, it’s about how they handling the problem that pissed me off. I’ve closed my two years paid Dropbox account and couldn’t be happier.

    • Have to agree with Ken.

      “Dropbox is a business based on trust.” – Which they abuse

      “direct e-mails to every user.” – only about the ‘good’, rather explanations regarding the numerous cock-ups that have been made recently. All of that was hidden as much as possible.

      • agreed.

    • Agree with Ken ! They do have obligations towards their customers more than towards anyone else. And the customers should leave when these obligations are not met.

  • Great post.

    I have been extremely happy with Dropbox over the years I’ve used it and will continue to be. By far the best thing about it is that it “just works”.

  • I’ve moved away from dropbox in favor of the also cross-platform Spideroak. It does scheduled backups (which is what I primarily use it for) AND syncing. And there’s no lame ass terms of service agreement! (There is a terms of service agreement, of course, it’s just not lame.)

    • SpiderOak has far better ToS and far better overall security (by using some real encryption). Good choice.

  • Policy or not, I will never upload anything remotely important. I like dropbox, they are great and I have no problem with anything.

    If you are that scared for your data, encrypt them fore uploading! it doesn’t even take a second after setting it up (I use TrueCrypt) even if they go all evil and steal all my data, I would like to see them breaking through all 3, 256bits keys with all the 3 cypher algorithm I used.

    • Yes Scyl. It’s great to see other proponents of TrueCrypt. I’m a consultant and I store all my project related files on Dropbox’s S3 storage. I wouldn’t even think of storing my “ish” w/o scrambling the bits first.


  • In my opinion, it’s not about their ToS changes. It’‚ about constantly laying to their customers that makes me angry. I tried to contact them quite a few times about their false statements about encryption and privacy. And I received plain denials and they told me I would make things up. A few weeks later they admitted all and changed their ToS. DropBox and Trust? No way…

    • Wholly agree with your reason; it’s the same reason I ended my use of Dropbox (both free (for over 2 years; and as a paid customer since February) for my entire family. They can’t be trusted. Also, the deduplication component is a problem, as changes potentially made to the same file could be attributed to you, though not made by yourself. This potential changes the way you have to look at legal liability of such deduplication files. That is what put it over the top. I had encrypted things on Dropbox and all; but the deduplication concern and Dropbox’s lack of a response (beyond the generic one) on the concern sort of said “you got us”. So I ended my use.

  • Very enlightening! I cannot tell you in words how appreciative I am of this article. I truly thought I fully understood Dropbox terms but I was wrong. I’m convinced now that Dropbox really is reliable and secure although I’ve already decided to put iDisc to use for the time being since it provides me all of the features, admittedly not much, that fits my needs. Thank you again!

  • Boring article. They can do what they want with the stuff you upload on their servers, can’t you read ???
    Just use another file sharing website and put your files in a password protected folder. That’s the solution.

    • I disagree, this was a well though-out article. Dropbox is asking for those “permissions” to do what you ask them to do, such as sharing a folder. Sharing a folder with someone means Dropbox is taking those files and putting them in someone else’s computer. I think it’s just to cover against any lawsuits.

  • Reason Four: We understand that once you commit your data into our care it is (practically) forever. That is why we give an undertaking to never sell our business to any other entity (like Apple, Google or Microsoft) who may not have the same duty of care to your interests as we do. ;-)

  • In regards to “Is this Common”
    This has been circling google+

  • I agree with Ken, why would you trust Dropbox, if they didn’t even bother to email a security breach…

    Oh and another thing, there’s a recent security breach here:

    quoting from the site:
    Security researcher Christopher Soghoian posted details about a shocking lapse in Dropbox security that completely disabled the authentication system for an unknown period of time. For several hours, anyone could log into any Dropbox account using any password.

    In a blog post, Dropbox CTO Arash Ferdowsi confirmed that the problem occurred and blamed it on “a code update … that introduced a bug affecting our authentication mechanism.”

    here’s the link on the blogpost of Dropbox CTO

    I bet a lot of you guys don’t know this, this was recent!

  • Dropbox aren’t an inherently evil company. That isn’t the main problem however – nor a reason why you shouldn’t trust them. Their main problem is that their approach to security is so dire – a few weeks ago for example, for about 4 hours anybody was able to log in to ANY account WITHOUT ANY PASSWORD.

    The way to fix this is for dropbox to treat itself as insecure (which it obviously is) and implement client side encryption of your data – so even they can’t read the data you send to them. They appear to have zero intention of actually doing this however, so it’s only a matter of time until the next breach.

    There are a number of companies that do this, however –

  • Dropbox can simply add an additional sentence or two based on your article if they are sincere. You don’t have an explanation of why that wasn’t done.

  • Hi to all, how is all, I think every one is getting more from this web site,
    and your views are fastidious in support of new visitors.

  • One thing I’ve noticed is that often there are plenty of myths regarding the financial institutions intentions whenever talking about property foreclosure. One delusion in particular is always that the bank wants your house. The financial institution wants your hard earned money, not your own home. They want the amount of money they loaned you having interest. Steering clear of the bank will draw a foreclosed summary. Thanks for your publication.