380 comments

[ 3.4 ms ] story [ 295 ms ] thread
(comment deleted)
There are 0 details here. Does anyone know what the secret TOS violation is supposed to be?
I think Justin is making the statement that he has no idea what rule he violated
"Secret" means that the supposed account violation wasn't specified in the message from Dropbox. Possibly an automated decision. And apparently it was without warning on the first offense? Definitely need more info. And extremely worrying for me as a customer that they will take down the whole account for a single toc violation.
This is just drama for drama's sake at this point. There is absolutely nothing to see here.
Are people still using dropbox? I thought other integrated service such as google drive and onedrive would have drove dropbox to the grave
Been using them steadily for over a decade. Their core service is still great, at least for personal use.
700 million people use them, and 17 million are on a paid plan. I still use Dropbox, because I don't trust that I'd be able to reach a helpful human at Google should anything happen to my Google account.
700M, is that active users? Or does my old account I haven't touched in forever counts?
we may have different account types but they started wiping inactive accounts a while back. I never installed the client on my computer though, so that probably didn't help.
I had pictures of an abroad internship from winter 2014-15 that I was able to find last year as I was aggregating all my pictures.

But I just checked their filings, the 700M figure is indeed "registered" users, not "active" ones. Which makes a lot more sense. There are not a lot of services with 700M monthly active users out there.

Storing data for almost 10% of the human population. That's impressive.
How many duplicates tho? Accounts are only tied to emails AFAIK, how can they tell I'd be the same user behind 2 accounts?

Granted, it's kind of splitting hair considering it's still gonna be in the 9 figures, which is impressive regardless of where it is in that range.

Yours and all the ones that robots created for encrypted movie and music sharing.
Does this event shake your confidence in Dropbox's helpful humans?
Not yet, as it's just a tweet with no details about what happened after he contacted said humans, if he has.
Dropbox is afaik the only cross platform one with support for extended file attributes like tags, comments and custom icons in macOS, which I use extensively.
Google Drive is also cross platform, but in Linux it's not a one click solution.
You missed the qualifier though "with support for extended file attributes". Google Drive does not support extended file attributes.
I have free OneDrive through my university, and I pay $99/year and I have it through work. With multiple TB available.

Yet I still use Dropbox because it’s way more usable.

Running the OneDrive agent is a hobby and it spikes my machine a few times a day. Running Dropbox is something that just works and has worked for 10 years without me ever noticing the sync app (a good thing).

I avoid Google because I wouldn’t want my gmail to turn off because of an event like this.

Never had any CPU spikes from OneDrive. How much are you storing on it?
It’s hard to tell, but I think 195GB in the cloud and 44GB on my typical workstation.

I run on MacOS and my cpu has spiked twice today already. When I hear the fans, it’s usually OneDrive.

I don’t mind the cpu as I have lots but it might take 30 seconds to sync a new word document before I can share it, so that’s annoying.

With Dropbox it’s almost instantaneous and the file just syncs up.

I’m not sure what OneDrive is doing, but it’s harder to use. I don’t want to slow down and wait for OneDrive to sync before I work with others.

The more files you have, the more OneDrive tends to chew as a baseline. If you exceed those limits it'll just sit and chew without actually updating anymore. I want to say something like 200K files is the limit.

If you're using it for work to sync build dependencies or your build tree or similar, it's easy to accidentally end up exceeding those limits and watch it eat CPU time totally ineffectually. Ask me how I know!

How do you never notice the sync app? I stopped using Dropbox because I got sick of the client (on Windows) constantly blaring about new features and corporate sharing tools.
I muted that stuff years ago and have it run on startup. I get no notifications and if I put a file in that folder it syncs up. And files I add to dropbox sync down.

Granted I haven’t run the windows client in a long time so I’m talking about my MacOS experience. But OneDrive on MacOS does all sorts of shenanigans. The funniest is when it logs me out and forces a hard resync. As a user, I never want that.

I ditched them for OneDrive which comes with an Office365 subscription. OneDrive is buggy, has file naming issues (on MacOS at least), is a memory hog, and has a host of other issues. So I tried iCloud+ which comes with AppleOne subscription, and it lacks some of the sharing/directory collab features I wanted.

So yes, there are alternatives, many of which are free or included in other subscriptions, but they lack the focus of Dropbox, which Dropbox itself nearly lost when it tried to become something beyond file storage, versioning, and sharing.

How do you use Office365 specifically email?

I only use it for one of my lesser used domains and it is the worst email/app experience I have had in ages.

For some reason the outlook app went blank and had to resync. Missed a really important email. It gets like 100 MS update emails which have zero relevance to me and then it sends random emails I am not sure how to unsub from. It shows notifications for all those random emails and actual important ones get lost.

I got it for the 1TB storage space and teams(let me not even start on that). But now I am seriously considering moving that domain to gmail and zoom.

I use it on Mac with the built-in email client. On Linux, Evolution (via Evolution Data Server) supports Exchange too. I find their proprietary HTTP-based protocol much more reliable than IMAP and it's the only way to get push email on iOS using the stock client (it doesn't support IMAP IDLE and their proprietary equivalent is only open to GMail and Fastmail, no way to self-host and no other providers are supported).
It's the only solution still that "just works" on all OSs and mobile devices. I spent a year trying to use alternatives like Syncthing and Resilio and they all have pain points, especially on mobile. Gave up and just paid for Dropbox. I would gladly self host if there was an option that worked well on mobile.
I've been using Nextcloud and before that Owncloud for years. I recently switched to the native mobile client from a generic web DAV client. It supports one way sync for things like photos which is very handy. My home NC has around 1/2TB in use so far.

I also look after another one for a company with several 1000 users' safety docs on it. Nearly all the clients are mobiles and tablets using the native client. This NC is more of a one way thing where one dept uploads pdfs and the drivers and co read them on their tablets. Office staff point a browser at it.

+1 to Nextcloud. It works really well and you own the data completely.

Office document editing experience isn’t the best on mobile but I don’t use that feature anyway. Markdown editing works well.

Dropbox supports block-level file sync. I'm not sure if Google Drive or OneDrive support that yet? It makes a big difference when working on large files.
Syncthing is a great FOSS alternative
It's the only cloud service that works on all platforms and not trying to promote their own file formats
I think Mega also works on all platforms, but yes, amongst the major competitors (OneDrive and Google Drive), Dropbox is clearly the best.
I use and am happy with Dropbox. I was an early adopter of Google Drive (to try to save costs) and it never really worked right. There were lots of bugs with the syncing of data. My entire digital world is on Dropbox. I use (and pay for) Google Drive too, but I use it differently.

It works for me because, in theory, all my data is on every HD in my house (which is really just two). So, I don't lose anything if Dropbox deletes my account; I've got it all locally.

That theory doesn't work anymore, however, because I have 399 GB of data in Dropbox and I don't duplicate it all to every machine anymore because of the size and the data transfer required to keep that much locally and in the cloud.

I really do need to start thinking about this again so that I can get it all duplicated locally.

I use and am happy with them too—although if Dropbox deletes files from your account, or deletes your account outright, doesn’t that reach out and delete the data from all of the synced devices too, regardless of the number of devices that happen to be local to you?

Do you use a second line of local backups/versioning to protect against that possibility?

As far as I know, if you just have the files as "Keep local" or whatever, Dropbox will still delete them locally if it's removed from Dropbox. The only exception is if you're also using the backup feature to backup certain folders on your machine that's not in the Dropbox folder.
Onedrive can't handle a ton of files without just breaking.. at least not up until a few years ago at best.

We have ~1 million files in our dropbox that we use for business. Lots of files change each day. And everything just works. It uses some CPU, but honestly for what it's doing it's not too bad. At least dropbox can handle it, other type of file syncing apps just stop working.

So for small-medium business I'm not sure what the alternative is to dropbox if you are file-system heavy unless it's just for throwing some random files here and there.

I still have it because of inertia. I don't even add stuff to it anymore, I just haven't bothered to go through it and make sure everything's copied somewhere else easily-accessible, yet.

I suspect that's the case for a lot of folks. I'm not sure it'd even make the top-5 of such services I'd consider, if I had none of them and were signing up for one today.

I've been using Dropbox for at least a decade and have no intention to jump ship (though summary execution of accounts does give me pause). The reason why I do so is...

* It works on absolutely everything. I have one foot in every major tech ecosystem and that immediately excludes anything platform-specific like iCloud. I also used to daily-drive Linux, which has no official OneDrive client, and the Google Drive client is notoriously bad on that platform.

* Mobile photo upload was extremely convenient when I first discovered it and it still works very well. If I need to take a picture of something I can use my phone and then grab the file on my desktop or laptop.

* The option to store everything locally still exists and is the default. If I get banned from Dropbox I will still have my entire Dropbox folder contents as they were present on my desktop's massive hard drive array. Backing up Google Drive in this way can be done, but only if you aren't using anything like Docs or Sheets, which can't be stored locally without a manual file export. Dropbox even tried to replicate this with Paper and I never touched it for exactly this reason.

For their specific job, Dropbox is still the best. Which is really sad considering what they do. They are the only one delivering a sane client, working well on multiple platforms, without any quirks like filename-hiccups and such. Though, my requirement is also to work on linux, so I might be a bit special. Though, OneDrive seems to now be pretty good on Windows and mostly on pair with Dropbox featurewise.

But on the other side, it's easier to lose your account with google or microsoft, so this might be another reason people preferred dropbox, till now.

Paid user here. The service is ok. They have a good Linux client too, which Google doesn’t.
This wouldn't happen with SFTP, CVS and a $5 VPS.
Assuming the $5 VPS provider has proper backup and recovery procedures in place.
For $5 they definitely should.

Also assuming the sun doesn’t end in a sudden heat death event.

Also assuming that my fingers aren’t removed in a thresher accident.

And assuming the provider has electricity.

Etc etc etc, it’s important to vet that services I pay for have SLAs and are competent.

>Also assuming that my fingers aren’t removed in a thresher accident.

This wouldn't happen with a $5 pitchfork and a stone threshing floor

you left out the meteor-data-center-strike problem. Most $5 VPS don't do realtime snapshotting to an out-of-region data center with live failover.
Many of the VPS providers have a backup option. My personal preference is to have a VM at a few different VPS providers and a cron job that uses lftp to do a rsync-like replication between VPS providers using SFTP. The advantage of lftp over rsync is that I can sync between accounts that are chroot sftp-only with nearly identical capabilities of rsync. The lftp client can also break up one file into multiple TCP streams.

In the event a provider terminates my account I could not care less. The files will be at multiple providers and HAProxy will automatically remove them when the content validation health checks fail.

What you've described is not at all an equivalent for Dropbox. There are many, many features that your stack doesn't support.
(comment deleted)
How valuable are those features after Dropbox deletes all of your data and deactivates your account?
Why can't your VPS provider do the same thing?
They typically don't spy on their customers as much as a service like dropbox does.

Before downvoting, ask yourself: When was the last time a VPS provider scanned the disk contents of their customers? And when was the last time they booted someone for using full disk encryption?

Meanwhile, dropbox proudly proclaims how they scan the contents of their users' files.

Edit: you substantially changed your comment after complaining about downvotes. That’s not cool. Note that you edited it.

VPS companies delete customer data for all kinds of reasons, just as arbitrarily as Dropbox. I’ve had VPSes at dozens and dozens of places over the years. I’ve seen them accidentally delete servers, purposefully disable stuff for what they claimed were hacked sites that weren’t actually hacked (so that’s scanning right there), I’ve seen them go out of business because the owner was 15 years old, I’ve seen them go out of business because they sold to Endurance or whoever, I’ve seen their data centers catch on fire — taking everyone’s data with it, I’ve seen them accidentally delete whole clusters.

And I excuse it in most of those cases because it is a VPS I pay a pittance for and don’t run production on, but the risk is always there. Trusting your data to Dropbox or OneDrive makes a lot more logical sense, especially if you aren’t knowingly violating any of their rules.

And yes, you can colocate. I’ve done that too. But I no longer have the energy to do that, especially if my box is in a data center I can’t physically access.

I backup about 5 different places because I’m always afraid of someone fucking me over. But for Dropbox to do this, is truly terrible. Especially for an unlisted rule.

Dropbox has invested in infrastructure to do things like index and search the contents of your files.

VPS provider doesn't even necessarily have read access to your data, and because you aren't relying on them for search/index features, encryption is much less expensive from a functionality standpoint.

Those features are worthless if you’re entire digital storage can evaporate without any recourse.
Which definitely won't happen with a cheap VPS provider. /s
Definitely not happening with my Synology NAS unless I rage quit and throw it out a window (and it backs up to Backblaze B2).

It is unfortunately more of a time commitment then paying for Dropbox (which I previously did, for years), but I won’t lose all my data because of them finding something to complain about with a hash of one of my files (or however they’re scanning content) and nuking my account. That’s simply not an option.

I think OP is being sarcastic, referring to a comment on the original Show HN for Dropbox.
That’s how I took it as well.
Sorry, "would be super useful" be "would have helped me".

Maybe those have different meanings to you? They mean more or less the same to me?

One is an objective statement of the world, the other is a subjective statement about you personally.

If these things mean the same to you, you're not parsing the English correctly, which points to a larger comprehension issue that further explains why you didn't get the original sarcasm.

>Of course I pointed and laughed at you, you were (and still are) acting very poorly towards others.

A non-confrontational mention that a tone marker would have helped, which you turned into an attack somehow (?), then you took pedantry to a new level (not uncommon on HN, but lol), and then after other insults on the OPs intelligence you say that they are acting poorly? What a laugh.

Communication is collaborative. If you can't accept the fact that sometimes someone might say "Hey, this would have helped me understand you better" without losing your mind over it, I feel sorry for anyone else you converse or collaborate with.

Shame on anyone who doesn't memorize comments from years ago. Or people with English as a 2nd+ language and may not glean the intricacies of written English that you think are so obvious.

That is not what he said, and again the misuse of quotations to make it seem like that's literally what he said is definitely not helping the situation.
It appears that you are now the one having trouble parsing English.

You know how in a book when fictional characters are talking how they use quotation marks to indicate that? In my comment, my fictional someone was talking, so I used quotes.

Perhaps you could stop telling me how to write my comments and stop telling me to change my writing behavior for your sake, just because you misunderstood?

I would argue that "failing" to interpret sarcasm in this context is generally the fault of the person employing sarcasm. With none of the other cues that are available IRL (tone of voice, body language, facial expression, etc.) there's very little to tell a reader what is meant to be taken literally, versus taken as sarcasm. So yeah, if a writer doesn't include /s or ⸮ or whatever, that's on them if their words are misunderstood.
Because they have context that I don't? Because they quickly scan down to other comments and see the people explaining the joke?

And not everyone else "got the joke". I'd assume many folks didn't get it, but didn't post.

I didn't understand the reference but I didn't have to quickly scan to other comments because the next comment mentioned that it was a reference.

I would also say that sometimes being exclusive can make a joke funnier to the in-group. Denoting your sarcasm can make humor less attractive, in the same way explaining a joke ruins it. Sometimes you want to be vague to see who catches the signals.

Some people, myself included, will react poorly when requested to perform additional work when additional work from the requester also could have been performed.

What evidence is there that "everybody" else did "get it"? And what does that even have to do with what I just said? Choosing to communicate poorly is a bad decision, even if some people happen - by chance - to understand you correctly in spite of that bad decision.
(comment deleted)
Tone tags ruin a perfectly good joke
No need to talk down to my neurodiverse friends, they understand irony and sarcasm in written text just fine. The neurotypical ones sometimes miss it, though.
This whole long thread makes me sad. Not least because I kind of find myself agreeing that tone tags do take something away from the joke. Not to say the commenter is flawed somehow for not getting the context, I didn't either right away.

I dunno, communication is hard I guess :(

Like "getting deleted for circumstances you cannot control?". This is so much of an anti-feature that SFTP suddenly looks like an attractive option.
Seriously, SFTP + Syncthing + Filebrowser completely replaces Dropbox for me.

Name one feature thats not present in this stack.

Regular marketing emails.
I can install drop box in under ten minutes. I don't have to manage security patches for all the binaries in the stack. My data is available in network edge locations close to me or the people I share it with. I can turn dollars into more storage very easily. I don't have to configure user permissions and groups in more than one place.

Also, what you described is not "sftp + cvs + vps" ;D

Can you right-click a large file (in your day-to-day file manager), hit Copy Link, and email the link to someone so they can download it (without having to give them any further credentials)?
Yeah why not. Thats why I mentioned filebrowser.
Syncthing makes Dropbox look downright barbarian. Especially if you combine Syncthing with Android and a NAS or home server. iOS is... not really capable of sync outside Apple ecosystem. And this is true even with Dropbox. Not an Android fanboy. Just stating the fact. I take a picture on my Android phone and I don't have to think about it. It's now on my home server, it's encrypted, it's automatically backed up, etc. I have an app that takes a backup of my phone and puts it in a single file. Literally I press a button and my entire phone is backed up via syncthing. I use KeePass. My passwords are in sync at all times, on every device. There is also KDE Connect, which I have yet to try out.

Even before Syncthing, Unison existed since 1995. Which was the true free software version of Dropbox. You never needed a bunch of hacks to get automatic sync working on Linux. Syncthing is a bit easier to configure, IMO.

Such as?

Syncthing + NextCloud + rsnapshot backups would have been my open-source alternative recommendation, but of course not everyone wants to take the time to learn that skillet, set that up, and maintain it.

Are those features of sftp? It cvs? Or the vps provider?

Or are you saying, "well, with a completely different stack I can get closer to feature parity"?

You can get the whole package from Hetzner pre-configured, or just configure it yourself. I manage our team's nextcloud installation, and installing on bare-metal (sans containers) is a half day job at most.

Moreover Nextcloud supports WebDav which allows tools like Zotero to directly tap into that.

Would you say that the install and maintenance load for both systems (Dropbox vs packages containers) is the same?

Like, I'm confident my tech illiterate parents could get drop box running. Ease of use and UX are features.

I'm not saying the self hosted stack is bad, and in fact it's probably better in many ways. But it doesn't have the same feature set if you consider usability a feature, imo.

Yes. Nextcloud has its own upgrade tool. This is what happens:

1. You get a mail from your installation about the new version. Also desktop and mobile apps notify you.

2. You go to your "Settings -> Overview" click a button, enter your password. Upgrade starts.

3. Wait some.

4. "Disable maintenance mode and continue upgrade" button appears. Click it.

5. You're greeted with a "Start upgrade" button. Click it.

6. Wait some.

7. Page refreshes and you continue where you left.

No terminal, no commands, nothing.

I sometimes do it in the middle of the day. Nobody ever said, "Hey, uh, Nextcloud down?" yet.

Installation of the client is equally easy. You just need a URL addition to the username and password. The sync client is very competent too.

Our installation is facing outside and people are sharing public links and all. Not every member of the team is a sysadmin either.

What does Syncthing add to the Nextcloud capabilities? (Honest question because I'm curious; I have a NextCloud & snapshot to encrypted S3 backup solution already.)
I admit I have not used NextCloud, but the hands-off automatic file-sync-between-devices that Syncthing provides has been transparent and seamless. It has required no babysitting after initial set up.

I have forgotten if NextCloud does this, because I don't use NextCloud at this time, nor have I.

As someone who recently migrated off of Dropbox, you can get most of the features with open source systems like Syncthing and a self hosted server.

The main complication to implement is encryption at rest for the data (I use luks2 on a hd and the fs of a raspi controller) and secure remote access (wireguard works really well and is easy to manage).

I wireguard into my remote systems and have Syncthing configured only to local network (no relays etc). It works beautifully; not missing dropbox at all.

I am still working out a viable alternative for things like document scanning, but I have no regrets owning my data.

Ok, then docker compose some Nextcloud on it, that’ll be some 20 lines? Add some more for Treafik for the let’s encrypt certs.
Asking a non technical person to run and maintain docker containers is absurd.
OP suggested SFTP, CVS and a $5 VPS.

I'm suggesting a 30 line yaml file and the occasional `docker-compose pull && docker-compose up -d`.

(comment deleted)
Why a $5 VPS? Why not a $25 VPS in a reputable rackshack that has at least triple off-site redundancy? You get what you pay for and the choice isn't only between free and scuzzy, and cheap and scuzzy.
People click the upvote button at a sufficient velocity.
I'm hitting it with _extreme_ velocity and it still seems to only register as a single upvote =(
Seems like your velocity is sufficient.
When I hit the upvote button with extreme velocity, Hacker News tells me

> Sorry, we're not able to serve your requests this quickly.

(comment deleted)
(comment deleted)
Account lockouts thread are commonly upvoted, atleast partially to raise the profile high enough to force the company to do something.

I upvote them because I think they expose an important issue that we need to address.

I just posted one of my own, and I agree with your sentiment.

I would like to see a future where humans achieve symbiosis with machines. Our brains acting as a limbic system to a larger sovereign machine entity. Still “you”, but more.

For such a thing to work, many ideas need to change. Data ownership, sovereignty, and the core philosophy in regards to machine-human augmentation needs to be reworked in groundbreaking ways.

As it stands, with megacorporations having no respect for individual access to their data on services at the whims of the corps, human machine symbiosis is about the scariest thing imaginable right now.

I think you're shadowbanned.
Shadowbanned here? Why do you think that?
It's a common failure mode for a kind of products (SaaS) YC frequently funds. While it probably happens rarely, its consequences can be devastating for those affected, and thus it's a problem that needs fixing -- yet no progress seems to happen in the industry.

Overall, it's similar in relevance to security breaches. Awareness needs to be raised. Thus I'd argue it's relevant.

(comment deleted)
One thing that helps me think about which cloud services to use is the phrase "a stranger's house."

If I'm working on something important to me... how comfortable am I leaving it in a stranger's house? If I wouldn't be comfortable doing it, I always make a local backup. This saved my ass when I inexplicably lost access to an old Google Drive account. I lost a couple days of work, rather than a couple months. I still have no idea why that account was disabled.

Would this be some automated system that looks for copyrighted works?
Could easily see this being the fault of his employer for using automated content ID takedowns.
How can an automated system know the identity of users and what rights and licensing agreements they hold?
It can't. False positives are a trade-off against the administrative, legal and regulatory burdens of not having such a system on a UGC-hosting site at scale.
It seems like it does need to. Banning people for content they legally posses seems pretty questionable.

Edit: You completely rewrote you comment after I responded, that is considered bad form on HN.

You responded less than 60 seconds after I wrote my comment, the substance of which is unchanged. Organizing thoughts into words is a process for me, it takes a moment.
Then do the organizing and rewrite befor you submit the comment or include your updated thoughts in a way that marks them as new and leaves the original content.

I often add an edit immediately after I post, but unless it is fixing a typo, I always mark the edits.

(comment deleted)
There's a "delay" option in your settings, it's in minutes

I give myself 6 minutes to fluff around (or get bored of and delete) comments before they appear live for that same reason

Thanks for the tip. Apparently delayed comments don't appear on the site instantly, but do appear in the API instantly. https://i.imgur.com/ytWyvc3.png
huh, I wonder if their API bit (sends to firebase by the looks?) is missing an if e: and maybe a thing to rerun due deferred comments I guess

I'll ping hn@ just in case

This is a reflection of a poor commenting system. I would prefer for every online commenting system, including HN's, to allow one to see the version history of a comment. As things stand right now, commenting systems are biased in favor of revisionists.
Yes, it is a community standard that exists to work around a UX issue. I would agree that an edit history and an indicator that edits have been made would probably be an improvement.

That said, in the past when HN seemed to be doing something weird, dang usually has a pretty great explanation for why, so there might be a good reason for this choice as well.

I believe this is a common issue with automated copyright detection systems. Companies don't seem to care much as the grief caused by a false positive is almost completely offloaded to the user.
I would like for Dropbox to not know the contents of my dropbox.

Although in the olden days it was nice in that if they detected a matching hash of your file, it didn’t actually upload it, you just had it. So that was super handy. For pirating as well as for situations where I have the same file in multiple location. I legitimately have disk images in dropbox because cheap storage and having them immediately sync and be backed up was nice to save on bandwidth.

Yet another example of why we need a users bill of rights to give users some standardized legal recourse to discover the reasons for account bans and dispute them.
I like bringing up the Uniform Commercial Code [0] as a template for this kind of stuff. Where there’s a common goal and groups push for legislation in each state.

Sadly I’m not sure there’s a good advocacy group to push for this. Mozilla is funded by Google who definitely doesn’t want any user rights that conflict with their revenue. Maybe the EFF or FSF.

[0] https://en.wikipedia.org/wiki/Uniform_Commercial_Code

A state by state push would be one way to make this happen, but given that online companies and their users are often in different states, this does seem like the kind of interstate commerce that could be addressed federally.

I'm not hugely optimistic about this. It's possible that the pushback against tech will enable something like this to get passed, but I'm pretty sure that pushback is for purely for political points and not being done with any intent to actually change much.

That’s the beauty of UCC, it’s in every state. The idea is to get uniform laws in every state for the precise reasons you say.
If he uses it for work, and clearly, most shared links he creates are of copyrighted media content, how would this work in practice? Does Google Drive/Dropbox have some flag for "creator" accounts?
I don't have an answer for your question but from experience I can say that anecdotally most well known creators have their own infrastructure or outsourced infrastructure and legal teams. Content will not be deleted unless there are repeated egregious violations and complete refusal to remediate violations of the contract that their legal team agreed to. By contact I do not mean some thing that someone clickity-clicked their way through. I mean a contract that went back and forth between legal teams and signed/recorded by a public notary. In such cases deletions would always be done by a human. I have no idea why the Rick and Morty creators did not have such an agreement in place with Dropbox to prevent this scenario or if Dropbox even supports this model.

As a funny side story, at least I think it is funny... I used to manage the backend servers for Atari. The "Internet Police" used bots to send take down notices for copyright violations and emailed us saying to take down Atari's software because it was a copyright violation. Atari was our customer. This should have been obvious as the FCrDNS had their domain name in the PTR records. I found it hilarious but also saw how that was a bit of foreshadowing as to how the internet would devolve.

Rick and Morty isn't the only thing Justin works on. Likely this was his personal account and not something used specifically for that show. There's no mention of the show in his tweet.
Obviously they said so in TOS, but it's pretty rare to get terminated due to copyrighted material alone.

At least not until you mass-share (maybe the case here?) them.

Copyright is automatic, most things that most people create are copyrighted media content.

The problem is that we've ended up with a situation where copyright is automatically:

1. Assumed to be owned by media-corporations

2. Assumed to be wilfully violated by users

3. Assumed to be that deletion is the correct resolution

4. Assumed the USA to be the jurisdiction of the copyright holder and user

All of these assumptions should be challenged. This isn't a technical challenge, it's a legal one.

Special treatment for VIPs isn't the answer.

Assuming this is copyright related... probably not. The only way this could be done in practice would be for Justin Roiland/Williams Street/Rick & Morty LLC/Cartoon Network/Warner Bros. to legally indemnify Dropbox - as in, agree to pay all of Dropbox's legal fees and damages if they get sued for copyright infringement outside of their DMCA 512 safe harbor. This is entirely impractical for an individual to pull off, and Dropbox might not even have a copyright indemnity policy for corporate clients.

Also, if anyone actually has a bone to pick with Dropbox over shared links, this is probably a very bad idea, because it would just be opening WB's far larger pockets to whoever Justin is pirating content from. There is no actual legal provision for "creators" to get away with copyright infringement that we cannot.

And let me be perfectly clear: It is not legal to copy media over any kind of file share, even privately within an organization, unless you have a copyright license, which they clearly don't. Censorship[0] on-demand in exchange for liability limitation is the world that all these media companies chose to live in. They screamed their heads off about the harms of noncommercial piracy over the Internet while also, apparently, pirating enough content internally that Dropbox needed to shut off their account. If they want their account back, then either pay for a license to every video file on that share or publicly lobby Congress to legalize file sharing.

Or this could have nothing to do with copyright and some internal spam filter just shat the bed very badly. The original linked tweet didn't clarify anything and Justin might just not even have anything to clarify with. I really hate how modern tech companies are allowed to do summary executions of accounts like this with no explanation.

[0] I am willing to accept the "copyright infringement is not speech" argument, which SCOTUS also does, but DMCA 512 still allows censorship of novel speech because the counternotice procedure is laughably inadequate.

bet you a dollar that they were taken down because they were sharing links to content they had created for Rick and Morty etc and Dropbox’s dumb algo just didn’t know that they were the creators of that content.
If that's the case surely they could have told him that was the reason. Otherwise we're talking about software engineers deliberately writing code to waste other people's time and make the Dropbox product look worse to their customers or prospective customers.
> Otherwise we're talking about software engineers deliberately writing code to waste other people's time and make the Dropbox product look worse to their customers or prospective customers.

Seems true-to-form. This has been Dropbox's product strategy for the last 5 years.

Dropbox only hashes files that they've gotten DMCA takedowns for. So WB told Dropbox "do not allow people to share Rick & Morty", and then got angry because they couldn't share Rick & Morty internally. This isn't a false positive, the algorithm is working exactly as intended.
except they should have notified their customer of the dmca violations on their account, if they did not .. that would run afoul of the dmca, right?
Yes, because you need to be able to counternotify; this is why I was a little suspicious of the "it's a copyright problem" explanation. However, if they had ignored prior notices and continued infringing, then Dropbox needs to shut off their account because they're a repeat infringer, and that process might just look the same as any other TOS violation ban.
> whoever Justin is pirating content from

Wow, you've made a huge assumption here.

He's not the legal owner of the content he creates.
Surely he's the legal owner of much of it, unless you're trying to imply he doesn't do any creative work at all outside the scope of his current contracts.
Owning a majority of a work does not give you the right to share the other parties' work.
I would be highly suprised if he doesn't have the right to distribute his work in a small scale non-commercially, especially as part of the process of creating that work.

You have made a huge and baseless assumption that there was any copyright infringement happening.

Hopefully this will stop HNers from linking everyone ye olde "this is why Dropbox is better than your nerdass solution" comment, and hopefully it vindicates everyone over the years who countered that argument by asking what happens when Dropbox deletes your account apropos of nothing...
Unless your "nerdass solution" involves hosting your own server, then you don't have any additional protection.
What sort of nerdass doesn't host their own server?
How about a VPS? Are providers capable of scanning your VM's memory?
I hope we're a long way away from VPS providers doing automated scanning for content rather than dealing with potential copyright infringement on a complaint basis.
HN loathes Dropbox. Most people recommend self-hosted competitors.
This is an inevitable consequence from the push to make cloud companies responsible for the content they host. Analyzing all of it can only be automated; automation will deliver weird false positives.
I encountered a false positive where a pure text file made up of personal log entries was flagged by antivirus as malicious, and it started fighting me on trying to restore the file from a backup as well. Fortunately, I was eventually able to recover it, although I've forgotten how.

Probably my most memorable lesson in unexpected failure modes for complex, automated software.

Amazing that the Internet culture that vehemently opposed DRM and created things like bit torrent so quickly lined up behind algorithmic content moderation.
fans of bittorrent and fans of services with auto content moderation share at least one common factor: they are free to use. Many people are not motivated much further than keeping their hard earned cash.
I think that internet (that opposed drm) and this one are very different. The anti drm movement was more of a popular movement and this one is a reaction by large corporations to new legal regulations (or threats of more regulations). It’s hard to even think of those as the same “culture”
Yes, those two sets of people are one and the same.
IMHO, the problem started when we all jumped on Gmail, knowing that there was no support, and if it broke, we got to keep both pieces. I watched my wife's account get taken over in real time a couple years ago. Ten years of personal and financial info, now in the hands of God-knows-who for God-knows-why. I simply deleted the account from her devices, and moved on. There was nothing I could do, and no one I could complain to about it. The WILD success of this model has led everyone else to do the same thing.
>> IMHO, the problem started when we all jumped on Gmail, knowing that there was no support

Back when Gmail was invite-only, most people used Hotmail or Yahoo Mail, which would offer a base level of (I think) about 50-100MB of storage at the time. If you wanted more storage; you'd have to pay for your email service - an idea I don't think anyone born past 2000 has even heard of.

Gmail came along, and suddenly offers us 1 GB of free storage, for free. This was around a quarter the size of some people's hard drives at this point.

Of course we didn't care if there was no support!

Are you kidding? I don't think Hotmail had support, either - (maybe I'm wrong?) - even if you paid for it; but here Google was offering a substantial value for anyone using any other existing mainstream email service, immediately.

They even had STMP and IMAP support, meaning you could use whatever client you preferred. Back in the day most people used computer-side email clients and had local backups of emails anyway - so if one went missing from Google's side it wouldn't be so bad.

There's a reason Gmail is still one of Google's strongest and unusually longest-lasting product of Google's. There's less reason now - but my God, when it was introduced it was an honest-to-God mindfuck as to how they were offering such a large amount of space and features for nothing.

IIRC, Hotmail provided 2 MB when Gmail was released. The 1 GB amount was so large by contrast that people thought it was a joke.
I mean, it was also released on April Fools' Day.
That’s if you knew someone who would invite you!
Other competing services gave you 2-5MB, which was so low that the standard thing to do was to delete email after you read it.

The selling feature of Gmail was "Now you can keep all your mail and have a permanent searchable history of all your electronic communication".

Unsurprisingly, after funding the initial round of Google investment, the DoD would come back not much later to eavesdrop on the email and uploads delivered to gmail into that storage.
What i found is that darpa paid for research at a university and the students learned something from their project and then when they graduated they built something with their knowledge? It seems like the system of publicly funded research is working.
Not DARPA, In-Q-Tel which is a non-profit venture capital group guided by CIA. They directly funded Google, after it was spun out from Stanford.

"In-Q-Tel scouts the global market for commercially focused technologies with the potential to contribute to national security." - Source: iqt.org

I don't think in-q-tel was one of the original VCs that funded google. Google acquired Keyhole some time after founding, and Keyhole was in-q-tel funded, so in-q-tel ended up getting google stock.
> it was an honest-to-God mindfuck as to how they were offering such a large amount of space and features for nothing.

Of course, now we all understand that they were harvesting all the personal data this gave them access to, in order to monetize it, and sell access to it to anyone who would write them a check.

And then we found out that this information was so valuable, and in such a concentrated place, that the CIA placed fiber taps on Google’s data center drops.

The Internet culture fighting DRM and sharing of information is decidedly not the same group of people wishing for algorithmic content moderation
It’s a forced legislation in most places. Flagging is understandable, automatic removal with no way to recover is an awful practice.
Anything held on anyone else's computer is a candidate for scanning or pilfering. That's why I am a fan of encrypted backups.
But do they have to delete the flagged account directly?

Also, can't they distinguish a spam account from a legit account based on the account history? I can't see why this is a difficult problem to solve.

Actual LOL

Have you ever tried to fight spam at scale? It’s trivial to block the 50% of obvious spam accounts, but we are at the stage of humanity where the activity of very dumb humans and the activity of very clever bots, EASILY overlap. A lot.

Bots will use proxies that use residential IPs, they will maintain session info (Cookies, User-Agents, etc) they will move the mouse and introduce jitter, their access patterns aren’t random but are engineered to work in the day night hours that match the geo-data of the IP they are using. They solve captchas, at the same rate that humans do (time, error rate)

Some human accounts look like bots. They sign up and upload a couple of files which immediately get high traffic. They use NordVPN so their public IP is shared by thousands of “known bots”, their access patterns are weird and unpredictable.

Yes, you can use machine learning to try and identify theses but then you end up with false positives and real people having problems like the poster above.

And on top of all that, bots are constantly subverting detection so whatever solution you have now won’t work next week.

How many spammers invest months / years to upload and modify content to fake legitimate user accounts?
If spammers thought it'd make their spam look legit, all of them would do it!
All it takes is one to write the code.
No. It's not just to write the code. To fake a six-month legitimate use, the spammer also needs to run the code for six months, it takes lots of resource to do so.

To avoid detection, you can't just make API calls for six months. You have to run the official client on the machine for six months, and then the official client can collect more data on your usage pattern. Imagine the cost to run hundreds / thousands those accounts.

Or just steal someone's account. Instagram bots do it a lot.
Of course, in these cases the company shouldn’t delete the stolen accounts either. They should lock the account , not delete.
If you come up with an algorithm to reliably and enduringly distinguish a spam account with a legit account you will be a billionaire. It's the 20 foot wall, 21 foot ladder problem.
(comment deleted)
This chilling effect is already going on. I'm writing a science-fiction thriller and took most of my notes off Google Drive out of fear that they would misconstrue them as political extremism. If AI is being used for content moderation then this only raises the likelihood that a false positive is identified, devoid of any context, and I lose my entire Google account to an uncontactable bureaucracy.

I made a Nextcloud to host my references and storywriting notes. Nextcloud is horribly buggy, difficult to maintain, and has very poor user experience compared to Google Drive - but at least I don't need to worry about my entire digital life being auto-terminated by an overzealous robot, with no reasonable appeal process beyond "knowing enough people to make a stink".

So why do you need all your writing notes to be on the cloud? Using multiple devices for work? An editor's request/requirement?
always keep a copy outside of your home. my own writing is replicated on almost every device i have. it's the most valuable to me. more so even than photos which are just memories.
Still zero reason to have on the cloud. You can sync the files between your devices, or even better set up your own home server for close to $0.

Why do people always forget the 'cloud' is just someone else's computer.

Nothing important should ever exist solely on the 'cloud'.

I wouldn't even trust a backup copy sent to email, yet I see that constantly as well.

If you keep your files only on your devices and a home server, you are making yourself vulnerable to scenarios like the one discussed here very recently:

https://news.ycombinator.com/item?id=31652650 ("I've locked myself out of my digital life")

I would recommend none of the above, I was giving OP a better way of having their stuff online.

The article you referenced was getting locked out of accounts. We are speaking of having documents backed up, not google accounts.

The best way period would be to periodically backup to an external HD or even SD cards.

People need to get over this cloud bullshit years ago.

All of these problems have been solved since the advent of the internet, these are all self-imposed problems.

The best way period would be to periodically backup to an external HD or even SD cards.

and where do you store those?

you really want multiple backups, and an encrypted cloud storage is one of them.

I have no trust in the longevity of data on SD cards. What's the expected lifetime of the data on these, and has it been studied/verified?
In a heavy fireproof box along with the birth certificate, and other important papers. If you want extra protection put that box in a larger safe. This really isn’t a difficult question to answer. If you are trusting a third party to store your things, when something happens to their service or they terminate your account randomly you have only yourself to blame.
Humans can have just as overzealous a response as those robots. In my senior year of high school, I developed a bit of a fascination with historical serial killers and turned in an assignment for AP English exploring the mindset, and my teacher promptly turned it over to the school's counseling service, and I was forced to see a counselor, questioned about violent tendencies, given a 0 on the assignment, and a C in the class. This was the same semester as the Columbine shooting, so I guess schools were on edge about students who might want to kill other students, which I definitely did not want to do, but apparently writing about people who want to do that kind of thing can easily be misconstrued as autobiographical. I almost didn't graduate because of that. Heck, one of my friends was expelled for possessing a switchblade comb because things that looked like weapons were banned. There was no appeal process for these infractions, either.

Honestly, that seems like a feature of many administrative processes, even those administered by government. So far, in the process of trying to become licensed as adoptive parents, my wife and I have been dropped twice now by licensing agencies, without any explanation of why or recourse to appeal the decision. As far as I can tell, the only way to gain the right to appeal a decision is to actually be convicted of a crime.

If anyone doesn't want to deal with hosting Nextcloud, Cryptpad.fr is a free option and in my experience the only issue is it's a bit slow and doesn't work nearly as well on mobile devices as G Suite
EncFS is great to encrypt data in DropBox-like services.
This software had security vulnerabilities. There have been since many apps for design.
Well, European countries produce "studies" that say hate is effectively reduced and overblocking does not happen. Germany was leading here and the digital services act will copy the crap. No real relevant social networks in Europe and it only applies to platforms like Twitter and Facebook, but it is still silly legislation with negative effects.
(comment deleted)
All TOS violations on all platforms are always secret. They will never tell you what you did. We are all one secret violation away from digital homelessness. Being booted from Dropbox is probably one of the least bad boots you can get.
Isn't it pointless to discuss this without knowing more about the communications that happened?
hey, this is the internet, a headline is enough to get your pitchforks out and battle your favorite strawman.
Not really. It’s unacceptable for Dropbox to know/inspect what content you’re storing, scan it for anything without you actively requesting they do so, and certainly to delete it.

This behaviour and any terms of service that allow it should be illegal. The fact that it goes on constantly is a scandal.

I kind of get both sides. They shouldn’t scan personal files at all but then again Dropbox files are also shareable and is kind of like YouTube in that way. So if in this case a guy has copyrighted content, which they own the copyright for, and are sharing copies of copyrighted content, how can an algorithm know it’s not some random person. It’s much more likely not to be the copyright owner than to be it. What’s the worst part imo is that there’s no recourse, no appeal process, no one to talk to for the mistake - except it seems via twitter.
at worst they should scan files that are shared then.
Why shouldn't they be able to know/inspect/scan the content that they are physically storing?

I'm genuinely curious the logic.

From my perspective, they're a company providing a service and can determine the terms upon which they'll provide it. You don't have to use them if you don't like it.

Right to privacy. Companies have never had carte blanche to create any terms they like. Many types of contractual agreement are illegal or unenforceable.

Your landlord can’t just turn up and start rifling through your stuff, and the owner of your rented disk space shouldn’t be allowed to do the digital equivalent.

I quite like the landlord analogy. Landlords need to give notice before any termination action. Even if reasons are not given for termination, the tenant is warned and given time to prepare.

Another analogy might be a long term storage locker. You, the customer, place your belongings in the locker, and return a month later to find it empty. All your stuff was destroyed by the storage facility, because they found pirated movies among your belongings!

That won't keep your landlord from rifling your stuff if they think your legal foo is weaker than theirs, nor from claiming that they had the right to do it.
That depends on whether you share the content. In this case, there might be legal requirements for checking on the shared content, so dropbox can't avoid it.

But they might do something about how they handle this. Especially if it's an likely older account. Dropbox has many creators as customers. They should have more experience to handle this gracefully.

How do you know that this had anything to do with inspection or scanning?
There are clearly situations where it's deemed acceptable. Dropbox cooperates with law enforcement to remove illegal images of minors, for instance.
That's part of the problem itself. In most cases there ARE no communications about why an account was terminated, and it's impossible to get any unless you have enough influence to cause a messy public incident on Twitter.
I doubt you can communicate to their customer service bots.
And now the tweet has been deleted, without any updates (to my knowledge). Would be nice to find out what exactly happened.
I assume they still have a local copy of it and can backup using an external drive. Because I am a Rick and Morty fan and I don't want any delays.
Reminds me of Apple laptops with too tiny SSDs which moved stuff automatically to iCloud...
Someday, if only we could get a basic NAS that fits three 2TB HDD and retail for $199.
can't tell if serious or not - you can get a 2-bay Synology for less than that
Yes diskless.

Then you’ll need to buy disks

Exactly. The BOM cost of a NAS with 3 2TB needs to be under $100. Even if we could somehow have 2TB 2.5" HDD for $30 BOM, three of them would have been $90.
How did you arrive at that target price? I find the Synology units to be a steal for what they offer. Its very hard to undercut this with a DIY build, best you could do is plug a USB drive into the wifi router I guess.
I use ResilioSync (formerly Bittorrent Sync) for my personal Dropbox-like stuff. The iOS client is sparse but functional, and it has clients for pretty much every OS I need, including arm Debian... so I have my 'not-quite-Dropbox' home on a Raspberry Pi.

We also use it to cross-backup photo libraries with an avid photographer friend who lives across town.

It works very, very well.

I use Syncthing, which is similar to ResilioSync. Syncthing doesn't have as many features as ResilioSync, but its completely free and open source.
How’s Syncthing’s iOS situation these days? Does the app work well?
I wish governments imposed a support API on public cloud companies and forced them to triage requests 24/7, with the obligation to track them via open Grafana dashboards.
Government usually demands that platforms delete more, not less. The influence of politics is completely unidirectional
hmmm...

I largely use https://github.com/bailey27/cppcryptfs with dropbox?

This would essentially eliminate any possibility of violating any terms of service as far as I can tell?

I'm not too comfortable putting any files on dropbox without some sort of encryption

fwiw, I've found that cppcryptfs is one of the better implementations of that sort though most (if not all) use the same library which seems to choke on certain files once in a while

And I bet doing that would also avoid what happened here -- account suspension for some unknown reason, but likely content related. If your content is encrypted, they can't drop you over it.

Of course at that point you're not using all of dropbox's features, and some other rsync-style solution may well be cheaper.

Reminds me of an incident we had with Dropbox a decade ago. They deleted some niche accounting software (custom developed by us) from our Dropbox account, plus their own log files covering those deletions. Then played ignorant.

We learned the lesson, and never again trusted Dropbox, for anything.

(Best guess - a would-be client got pissed when software which they'd never paid for lacked a feature, and told Dropbox a story.)

EDIT: Only executables & related distribution files were on Dropbox, not any source code. We lost nothing...except our trust in Dropbox.

EDIT2: Yes, as several others have kinda pointed out, this incident was a collision between (a) naive human expectations (of high-skill, high-touch, highly-invested customer service for such situations) and (b) the actual business model of any huge / cheap or free / convenient cloud provider of X (plus just "internet reality"). Sadly, I don't see that either (a) or (b) has changed in the past decade.

Surely a Dropbox upload wasn‘t the only version you had. Couldn‘t you restore easily?
You'd be amazed that folks even today misunderstand it to be a 'backup' instead of a sync service.
It is a backup. Any copy of your data is a backup. It just shouldn't be the only backup (obviously, like any backup.)
A copy of your data that can be easily modified (whether through bugs, malice, or even just you mistakenly deleting a file and Dropbox happily deleting it everywhere for you) is not a backup. It’s definitely way better than nothing, but people relying on Dropbox as the only “backup” will be in for nasty surprises occasionally.
Any backup which is the lone backup isn’t a backup at all.
All backups are vulnerable to deletion, loss, or corruption. That’s why you have many. Dropbox is no different.
Dropbox calls it a backup service:

https://www.dropbox.com/backup

The backup you can't trust!

This should be their slogan.

> The backup you can't trust!

In isolation that’s all backups.

To be fair, they didn't say it was the only copy they had.
Sadly this story could have happened with any big cloud provider.

Ideally there would be more regulation around the ability of big tech companies to shutdown your digital life through a mindless algorithm, with close to zero recourse. Unfortunately I don’t see anything happening unless someone really powerful (say a member of Congress) gets bitten by this.

The solution to this in my mind is self-hosting. Yes, right now that's the exclusive domain of tech nerds, but in theory there's no reason that an open source project can't come along and make this relatively easy for non-techies to set up for themselves (in a similar way to how, say, Squarespace made website creation easy).

I think the real hurdle in adoption would be that most non-techies don't even register their dependence on big cloud providers as a problem yet. But I expect the day is coming. Similar to how Mastodon saw an influx of Twitter users when Musk announced he was intending to buy Twitter.

SyncThing is actually really good. The main issue is integrations. A lot of mobile apps work with Dropbox but not with decent FOSS alternatives.
Syncthing also has untrusted hosts support now: you can sync your files to a host you don't trust, and it keeps them encrypted on the destination.
Very cool. Looks like it's currently marked beta/testing.
The main issue is you can accidentally nuke your own source directory and it's possible to do so in non-obvious ways. This has happened to me a few times (though thankfully had backups elsewhere).
I don't think it is something that needs legislation.

But it definitely needs more publicity. And if there is something that will bring down "big tech", I think that's it.

"cloud providers" should be treated like something that can fail. We already don't trust hard drives, that's why we have RAID, we don't even trust RAID arrays, that's why we have backups, and we don't trust the place where backups are stored, that's why we have off-site backups. Dropbox (and Microsoft, Google, etc...) is also not to be trusted, just like your hard drive can crash or your servers can catch fire, Dropbox can delete your data. It is not the same mechanism (one is a chemical reaction, the other is a mindless algorithm), but the end result is the same: you lose your data.

But once you take that into account, the value proposition of big cloud providers takes a hit. Often, big companies justify the premium price they ask with reliability. I mean, no one expects companies like Microsoft to go bankrupt anytime soon, and they certainly know about backups and redundancy, but what's the point if all it takes for your data to disappear is an artificial brain fart. Suddenly, the server in your basement doesn't look so bad in comparison, and neither are the smaller companies that actually have people you can talk to.

>> "cloud providers" should be treated like something that can fail. We already don't trust hard drives, that's why we have RAID

"Can fail" is certainly true, just like a hard drive can fail.

But we'd all be rightfully upset if someone at Western Digital decided to some to our home and proactively delete files from our HDD.

> I don't think it is something that needs legislation

Why not?

Something like this definitely needs legislation.

The whole concept of ToS needs to be overhauled with vast amounts of practice that is currently considered acceptable thrown right in the fucking trash.

The idea that companies can change their ToS on a whim every day and push out walls of text that no one reads and everyone clicks through is insane. Why can't we modify the terms of agreement?

Let's start with that law, all ToS interfaces must include an interface for users to upload their own modifications and companies must have a human interpret them (not some shitty 'ai') and decide to accept them in a reasonable time frame, and if the company chooses to decline them they cannot ban the user from the service for this, the last ToS that they accepted must be the one that their interaction with the customer is conducted under. The entire process must be auditable by other by both sides and a neutral third party.

I'm sick of big companies hiding behind an opaque wall of bullshit, if this was a small town dispute between two individuals this would be transparently settled one way or another and that's exactly how it should be on the internet.

The laws haven't kept up with the times, and they haven't kept up with the creative ways people with money try to fuck over those without.

There is no need to read them. Every single terms of service ever written can be summarized as follows:

> you have no rights

> you promise not to try and exercise any right you think you have

> you will not do anything the company doesn't like

> the company can do anything it wants whether you like it or not

> the company is not responsible for anything ever

> the company makes absolutely no guarantees about anything

> If you ever get it in your silly little head that you do have rights, you agree to binding arbitration with the firm we pay
More simply “to the extent permitted by law, you agree that you waive all your rights and we waive all of our responsibilities.”
+1...but don't expect "$VVVIP bitten by this..." to change anything. Big cloud providers doubtless have Secret VIP Customer Service departments, to avoid that problem.
I've got 776 gigs of pirated TV in my Dropbox. Am I in danger?
in a number of ways yes, depending on the amount of 3rd party attention devoted to the files, in my neck of the woods a 1 terabyte drive is worth ~ 100$
That's very expensive. Where do you live?
somewhat north...
It's cheaper than 1 year of dropbox.
(comment deleted)
As per the other commenter's edit, this didn't affect source code.
> plus their own log files covering those deletions

This is the really unreasonable part. Some convoluted internal process that ends up accidentally flagging a file as suspicious and then deleting it is bad enough, but still partially understandable if you're very conservative with assigning blame. But deleting the log files? Either extreme technical incompetence or plain malice.

Our assumption: Log files of everything still existed, but were flagged "Hide & Never Admit To, per $SecretReason".
Hanlon's razor:

At dropbox's scale, guaranteed logfile durability is expensive, and retaining them indefinitely even more so.

They either got auto-deleted or they were never there in the first place.

I agree with Hanlon, but the size for basic audit ability is pretty small. Fileid, action, date, actorID. Maybe a bit more nice to haves. If it’s expensive store it for a couple weeks before archiving to cold storage.

Here’s another Hanlon, it wasn’t Dropbox that deleted the files it was an authorized user, OP or coworker, accidentally who forgot or wouldn’t fess up

Aren't the files still on the computers that Dropbox synced to?

Deleting files from Dropbox's servers, that's fine, deleting files from my computer that I uploaded to Dropbox, that's bad.

> Aren't the files still on the computers that Dropbox synced to?

Not if “smart sync” is enabled on the folder.

https://help.dropbox.com/installs-integrations/sync-uploads/...

OneDrive recently switched to cloud stored and you have to jump through hoops to make it so you have a local copy of everything.
ArDrive could be a viable alternative, because it stores data permanently.
$4500 USD for 1 TB

Expensive

But it's a one time fee and not a subscription.
Sounds like an opportunity for a new company that abstracts away the actual different cloud providers, provides redundancy, and provides a security abstraction layer that prevents cloud hosts from knowing what their segments of files are for.
Then it will be that company which deletes your files because you broke their ToS :)
And when that service is abused for piracy, CP, and other illegal files; it will start the ball rolling that inevitably drags it down legally to the level that DropBox is at.
The storage providers should just charge 3USD per year from a card. I guess that prevents like 99.99% of spam and CP problems.