I work at Dropbox and came up with this page. Thanks for throwing confounding variables in this soft launch experiment, Hacker News.
A few points that might interest yall:
1. We won't publish to facebook or twitter without your explicit permission.
2. We ask for information about your facebook profile because it will make Dropbox better. It's mainly about learning about our users without annoying surveys. We won't mandate facebook connect on signup so this is likely going to be the main path in the near term for people to facebook connect. Facebook auth also makes it really easy to post to facebook when you want to; the user experience is better.
3. Yes, runjake is right. Please do subscribe if you love Dropbox. I work here, so I set my capacity to 5TB and symlink everything important on my system (Desktop, Documents, etc) to Dropbox. The experience of coming to a home computer and having the stuff I was working on just appear is nothing less than magical. This is enabled by having more than a few gigs of storage.
4. If you want terabytes of storage, come work here. It is the best tech company in the valley: http://www.dropbox.com/jobs
I'm a passionate amateur photographer, and after a bad crash where I lost years of work I became really neurotic about my multi-site recovery plan. Today I have Drobos and Time Capsules spread around my house and office, plus Dropbox and even a few rsync cron jobs all keeping me calm.
Today, my Aperture library is 109GB, because I work with archival scans from medium format film.
TL;DR: 100GB is a very small limit. How can I pay you more?
But do you really want to pull down 109GB on every laptop you install Dropbox on? Or would you manage that via multiple Dropbox accounts? From what I can tell, Dropbox hasn't yet tried out the "backup solutions" space, but I'm also hoping they will, as most of my machines are constantly running out of disk space.
One of the best (and yet seemingly little-known) tricks that Dropbox uses is that it will sync over a local LAN before attempting to download from S3.
Between the tight OS integration and the hash table lookups (it checks to see if that MP3 is already in their storage cloud, leading to regular "instant upload" scenarios) I believe that Dropbox is the best new software tool of the decade.
I'm not talking about upload/download, I'm talking about 109 gigs of movies on my 120/160GB SSD drive on both my home/work laptops, respectively. Or is everyone else walking around with multi-TB spinning drives in their laptops?
Tell everyone there to keep up the great work! I don't know how I survived before symlinking my entire life to my Dropbox account; it was just a mess of rewritable CDs, USB drives, and rsync commands.
Thanks for the heads-up that you won't publish anything to FB/Twitter without explicit permission as that's exactly what I came to the comments to find out. I doubt that more than a tiny fraction of your users read hackernews though, so it'd be nice if you added a tiny "why are we asking you to link up" and/or "what will happen if I link up" blurbs explaining that you're not going to instantly make us tweet how awesome Dropbox is (which I would do anyway, but I absolutely hate services that auto-post after connecting).
Edit: This would really only be useful for powerusers unless you gave it a nice front-end interface, but would you consider possibly creating something similar to a .gitignore config for your Dropbox? I constantly get random junk files based on OS and editor that end up in my Dropbox folders that I'd love for the central service to just ignore when syncing (like Thumbs, DS_Store, vim swp, random editors throwing backups ending in ~, etc).
The explanation pages are on their way. I would like to see an extra message "won't post anything" under the facebook connect step's button. I bet a test would show at least a 20% increase in conversion on that step.
Here's a question: I'm very inclined to pay for Dropbox, but I don't actually need 50 GB - I use 1% of that now. On the other hand, I would absolutely pay the same amount for 10 GB for 5 years. It would give me the warm fuzzy feeling of giving back and I would feel safer with the service. Have you ever discussed this model? Any plans to implement it?
Yeah, the best suggestion I would have to dropbox would be to charge more sooner. I would absolutely pay for the service, just through referrals, the student thing and extra space offers like this I'm never going to get to the point where I actually need extra space.
I'm sure many people that use dropbox like me to backup code, whole websites and writing/ uni work would feel the same way.
What info do you get from Facebook? It's not that I don't trust you, I already trust you guys with all my files, but I'm interested. I also don't get why I'd want to post to Facebook from within Dropbox, got any cool use cases I'm missing?
5TB sounds good, but how long does that take to sync? I've got about 20GB in mine now I think and syncing it to a new computer seems like it would take several days (I get the "grab a snickers" message). I usually start of a new machine my rsyncing stuff over so not the end of the world, but it would be useful to download stuff at a speed resembling what my, not that great, connection can handle.
Dropbox rules by the way, it's changed how I use my computers :)
Dropbox syncs over a LAN if available and the long sync time is only for initialization. When I get a new computer, I'll just make sure to have the old computer there. This is part of the process of getting a new one already, but people need to move stuff over manually sometimes.
As far as what you can do today with facebook, if you download the beta builds from the forums you can get access to a new sharing model. You can publish links of files to facebook & twitter. This page will change a lot when we launch this properly, but you can see what i mean:
https://www.dropbox.com/s/owdlzphfhiw2ao4/koalabox.PNG
Facebook and twitter are great for sharing, so it makes sense for Dropbox to leverage them when people want to share files. Photos is a good example application where sharing often means pushing to a social network.
The features page of your website says this about security:
>All transmission of file data and metadata occurs over an encrypted channel (SSL).
>All files stored on Dropbox servers are encrypted (AES-256).
And yet I hear people here saying that Dropbox is "missing encryption." What's the real story? Are there more technical details on your encryption posted somewhere on your site?
I'd really like to know, as I actually have a good deal of semi-sensitive information stored in my account right now--a decision I made based on the wording I copied in above and on my trust in the Dropbox folks so far.
When people say Dropbox is missing encryption, they mean encrypting files before they are uploaded so not even Dropbox could look at the files - end to end, so to speak.
They do not mean that Dropbox is insecure. Dropbox is secure.
The problem with end to end is that it makes sharing or public files unfeasible, and those are important parts of Dropbox.
Have you considered making encryption available on a per-folder basis? The encryption would be done on the client side so it wouldn't incur any additional computational expense for your servers, but would still provide the peace of mind that many look for with TrueCrypt containers. This could be even be done in a way to allow the user to choose his implementation.
I do this currently, but I wish there was a more elegant solution.
As far as I can tell from my own usage, the only portion that is uploaded is the changed portion. I have a 1GB container currently synced and when I change files in that container, I can assure you that it doesn't upload 1GB of information. It appears to only transfer the delta.
One of the properties of a good hash algorithm is that a small change in the input makes a big change in the output, and one of the properties of a good encryption algorithm is that the output looks random.
I don't know how the two are supposed to combine, but the prediction is that for a truecrypt disk image, any change in the contents produces a very different disk image all over - so transferring "the delta" is still a much larger amount than you'd expect.
Although, if this were the case it would also have to rewrite the disk image a lot and that might be quite bad for just local use.
I think that the biggest concern is that Dropbox has access to your files. The files might be encrypted from the point of view of the physical location, but they are still accessible to Dropbox employees, feds, or anyone that manages to breach their servers. The most common solution to this is to use TrueCrypt containers for any particularly sensitive files.
The error message given for a message that's too long is somewhat ambiguous. It states, "Message are limited to 140 characters"-but doesn't say that "I love Dropbox because " is included in that. It should say, "Messages are limited to 117 characters" and include a character count--on editing a message, the count doesn't work.
Why does Dropbox expect casual users to understand concepts like symlinks in order to sync their desktops (or any existing folder outside of the dropbox directory for that matter)?
Are their plans to make this more intuitive, given this is how you yourself find dropbox most useful?
We don't expect casual users to understand. If there is anything like this built into the basic product, it wont involve anything more than maybe asking if a user wants a feature. Everything should just work.
Congratulations on all the successes. You guys are doing something way cool. One question - when did you know Dropbox was a winner? And if the answer is "right away," then when did you really know Dropbox was a winner?
I wasn't at Dropbox particularly early, so that is more of a question for someone like Drew Houston. The first time I used the product, I knew it was awesome. The first time I talked to Drew about the big ideas, I knew it was going to be much bigger than what most people might think.
The Cloud™ is one of those mega trends, and Dropbox is right in the middle of it.
Always having access to up to date versions of your files from anywhere independent of the hardware you are using seems like a pretty big deal to me, especially since Dropbox works so effortlessly. Is that not enough?
Regarding your "voting" system so users can "decide what we work on next", why is it that there are things with tens of thousands of votes from a year ago not "being worked on" (or declined), yet "use application indicator in Ubuntu" with three hundred votes is being worked on?
What's the point of a voting system if you don't address the most voted items first?
Free storage for following dropbox on twitter has 16 votes.
Why doesn't that Android client have the option to keep files sync'd? The whole point of Dropbox IMHO is to have your data when you need it, not maybe-if-I've-got-signal-and-I-can-wait-till-it's-transferred. At the moment The Android dropbox client is just a glorified SFTP client
Did you guys ever fix the bugs that were there during the initial launch of this page, when you tweeted, or more accurately did you check that the accounts that did this while it was initially broken a few weeks ago got credited?
Why does your application request access to the photos and videos I've uploaded to Facebook? I'm fine with you having access to my Twitter information, but this seems unnecessary.
It wouldn't be a matter of corporate masters but of basic prudence. We've seen competitors straight copy other user acquisition channels and there are some important details on this page that might not be obvious. Luckily such lack of imagination shows in other ways.
Also, it isn't clear at all from this post that the page isn't done. There are important but missing steps, for example. Also, there is no link currently from the normal web experience to /free.
Such a write-up would be useful if only for us though. Writing codifies coherent thinking.
It isn't a problem at all. I just wanted to stress that we made it public with a lot more to do. That matters in the context of some kind of write up about our experience.
Very true. I only wish they had some smaller price steps; I can't commit to $10/mo. I'd love to give them money if I could buy, say, 25GB for $5 or 10 for $2.50
I totally agree. I'm sure that it would screw with their pricing, but I really just dont need 50GB, and can get by with the 3GB that I have now. Sure I'd like a little more (and frankly, would happily pay $5/mo for what I have now), but I just dont have enough stuff that I'd like to sync to fill up that $10/mo bucket. They did used to have some smaller plans, so they must have got rid of them for a good reason.
Be sure to check out the "selective sync" folder functionality in their betas (which are pretty stable). Selective sync allows you to specify what folders you do and don't want synced on a machine by machine basis.
This allows you to use your Dropbox for personal and work, and only sync your work stuff to work machines and vice versa.
There's some great file versioning stuff in there as well.
I trust Dropbox immensely. I clicked all of those buttons without really reading the specifics.
1. I trust that they're not doing anything scummy or underhanded. My life's on Dropbox, and they're not going to do anything to reduce that level of trust.
2. If I ended up accidentally Tweeting that I love Dropbox, that wouldn't be the worst thing in the world.
This said, the messaging was very clear, and everything behaved as expected. Great work as usual, guys.
I noticed early Monday that lots of my friends were sharing their love for Dropbox on Twitter. Initially, I figured it was just impromptu declarations of love for the service. It wasn't until later that I discovered this page.
Closed source binary blob needed for client. Meaning it doesn't work on PPC/MIPS/ARM computers. (Not important to most, but it's a valid technical reason why not.)
Its a chicken and egg problem, really. Besides, I would appreciate the ability to wrangle my own dropbox client. From their api, it seems that each app which hooks into their API must have a secret key, so I wonder if an open-source client can be distributed minus the key.
I love Dropbox from a usability point of view, but unfortunately the missing encryption is the main reason why it's not an option for me right now. I'd like to also be able to backup sensitive data, but I don't trust the Dropbox employees with access to my data.
Instead, I'm currently using Wuala which encrypts the data diretly on the client. An alternative to Wuala seems to be SpiderOak, which also features client side encryption (but I didn't try this one yet).
I just store a TrueCrypt container on my Dropbox. It's a little clunky if you need to dismount/mount it a lot, but if your system is on 24/7 then it isn't really noticeable.
The brilliant thing about all of the free space that Dropbox "gives away" is that most people who get it (90%? more?) don't actually use it.
I'm up to 4.9GB of free space, but I'm only using 7.6%, so I'm well under 2GB. And I would venture to guess that I'musing more space than the average free user.
So their cost isn't even the pretty-low cost of (cost to store 128MB * the number of people who do the task). It's the tiny cost of (cost to store 128MB * the number of people who do the task * percentage of those people that actually use the space).
Is it really shared between accounts? So for example if I knew someone with Dropbox had a file that could have one of several contents and I wanted to know which of those contents they had I could try uploading the different versions and see which one uploaded faster?
A little far fetched maybe, but I'm sure there's a way to exploit something somewhere using that....
There are even other ways how you might be able to exploit this. I don't exactly know how Dropbox verifies if your file is already on the server. But if they only check a hash of the file it might be sufficient to know the hash of any file stored on Dropbox to gain access to the full file.
Of course, this is just a speculation and there might be more security precautions in place. Such as, e.g., sending the client various challenges about the hashes of particular byte ranges.
In addition, also the copyright implications of this are interesting. Consider that you've shared a directory with your friends and that you upload some copyrighted movie (that is already on their servers and not really uploaded). Are you then the one liable for the damages (if sued), or is the original (first) uploader of the file liable?
You can test this with relatively large files. If a 100mb file finishes syncing to Dropbox within seconds over a slow DSL, you can be pretty sure that someone has already uploaded a copy there before you do.
Yes. I threw a 20MB e-book PDF into my Dropbox and it was instantly marked as uploaded. The only exploit would be that you could determine if a specific file was uploaded, not how many people had copies of the file or who those people were.
The only reason my situation is the same as yours is because the plans are a tad too pricey for me. If I could indeed afford over 20-30GB of space, I would include all my family photos and music to be uploaded to Dropbox as well. The latter could perhaps be rectified by a (hopefully upcoming) cloud music service (with a decent music catalogue), but the photos are really a problem.
so you're happy to share your personal files with dropbox, but not your twitter account? Odd priorities. Not saying they're wrong priorities, but just not what I'd expect.
It's a lot harder to automate abuse of a random person's semistructured data without metadata than it is to automate abuse of a random person's twitter account. Sure, it's also more lucrative, but I wouldn't worry about it for a couple more years.
You're right. But I don't see how that's relevant. My point was that people have a choice "I trust dropbox not to abuse my personal files" and they draw the line at their twitter account?!? This I find odd. I don't see how your comment makes it less odd.
I have several fake Twitter and Facebook accounts I keep around for exactly this reason. I certainly wouldn't connect my real accounts without knowing exactly what they plan (not) to do with my identity.
Edit: "I love Dropbox because it gives me free space even when I connect fake twitter and facebook accounts. :)"
We won't publish anything to twitter or facebook related to private files. This is about telling your friends about dropbox, answering an implicit survey with your fb/twt data, and improving the user experience in a bunch of ways.
I'm sorry, your settings for facebook are WAY over the top!
Common, you want to be able to access my data anytime?
What are you guys planning to do? Explain why you are asking for this. A lot of people did, I'm sure, but this is way fishy for me. I do trust dropbox (and I'm a paid user, so you have my credit card) but it is a request for access for something you do not use.
We figured there wasn't much reason to restrict what we ask for. I'd like to verify that with data and run a test.
Everything we asked for has a hypothetical future purpose or a present value as an implicit user survey. We could, for example, make the photos upload experience to facebook much better. That requires posting photos and also reading photos to understand how much our users might care about the feature.
We could just ask for that access later, but this is easier. Users are getting something in exchange, so for most I'd bet it is a fair trade: capacity boost for data.
Ah, sorry—that’s my fault. I didn’t check if you could access the page when not logged in.
Basically they offer a number of options to get some extra free space for their service. Giving them some feedback, linking your Twitter and/or Facebook accounts, and posting about why you “love Dropbox” on your Twitter / Facebook account once authorised.
I thought this was a clever way of incentivising people to authorise Dropbox to access their Facebook and Twitter accounts.
I don’t suppose I would normally have posted to my Facebook wall about Dropbox, nor my Twitter account, but now I have.
Presumably the cost to Dropbox is quite minimal (768MB extra free space in total). It’s made me think about ways in which we could offer similar incentives at $dayjob.
Comparing these two pages is really interesting in the different prompts to post and the different results. We'll integrate the two pages more deeply soon.
Not sure the exact mechanics behind it, but it's pretty awesome to see the growl notification of my space being increased almost immediately after clicking the authorization buttons on this page. Just fits right in with Dropbox being an incredible service.
I just received an email from someone I barely knew, to use Dropbox. He had no business sending me this email, and by sending it on his behalf you put yourself and him in this situation where both of you engage in sending SPAM.
I stopped short of clicking the "report spam" button, but it cost you some amount of goodwill, so you lose either way. I will be a lot less likely now to genuinely recommend your app to my friends.
Going to be another person to chime in to say Dropbox is awesome. I use it for passing podcast recordings back and forth with my cohost (while we're editing), as well as hosting and backing up arbitrary photos, HTML, and presentations. I still have plenty of free space (thanks to awesome stuff like this, and the 2x referrals for students), but when I hit my cap I'll have no qualms about paying.
If anything, Dropbox isn't thinking big enough. They really need to start thinking about how to provide a ubiquitous, multi-platform, private, cloud filesystem. Stop encouraging people to "back up" their files, and start using encouraging people to store the primary copy of all their files on Dropbox.
On Windows, Dropbox shows up as "My Documents/My Dropbox". When really "My Documents" should be the dropbox.
Having the option to set your "My Documents" folder to be your DropBox folder (without resorting to symlinks or toher trickery) might be a cool option to have, but IMHO defaulting to sharing your "My Documents" folder would be highly intrusive and rather evil. Very un-dropbox like.
One of the things I love about Dropbox is that they've always seemed to be very straight forward and above board. They feel trustable.
Can someone who knows more about Facebook apps and their API than I do tell me what a company would want with permission to "Access my data any time" and "Access my photos and videos"?
Specifically regarding "Access my data any time" -- Facebook normally issues applications short-lived "access tokens" when someone uses Facebook Connect. The idea that that application can then access the data that you give it permission to during your session with that application.
The "Access my data any time" permission gives the application a long-lasting (nearly indefinite) "access token" that the application can store and user to interact with your Facebook account at a later time.
Maybe it was just me, but I totally didn't "get it" at first that these were sort of steps that build on each other and should be done in order.
So it seemed really strange to me that I had to connect my twitter account before I could follow @dropbox, and the error message you get when you click on the follow one before the auth one is not very descriptive.
Maybe it would be better if you could change the message before tweeting/posting to FB. I wrote something to DB that I didn't want to tweet. So I didn't do the last 2 steps, which were presumably the most important ones. I realize that not being able to change the message, is to try and ensure that the tweet is really about loving Dropbox.
The feature I need most. From the IPhone app, I would like to be able to select a file and email the file to myself or someone else - not the link to the file.
Dropbox is blocked at work but sometimes I really need to get an important file from there.
I'm a paying susbcriber. Keep up the good work!
Seems to me that Dropbox will have a pretty good asset here a la rapleaf. If they get enough people to voluntarily give them their twitter and facebook IDs, Dropbox will have a very accurate lookup service of email|facebook|twitter -- that's something a lot of companies are after these days.
This let me get rid of that dangling 256MB that had been lingering since I opened the account and got the first free 256MB. That has been bothering my OCD. Now I have an even 12GB.
I love dropbox but giving it complete access to my facebook besides all my files is pretty much handing my "social life" and my "work life" to a single company.
A few points that might interest yall:
1. We won't publish to facebook or twitter without your explicit permission.
2. We ask for information about your facebook profile because it will make Dropbox better. It's mainly about learning about our users without annoying surveys. We won't mandate facebook connect on signup so this is likely going to be the main path in the near term for people to facebook connect. Facebook auth also makes it really easy to post to facebook when you want to; the user experience is better.
3. Yes, runjake is right. Please do subscribe if you love Dropbox. I work here, so I set my capacity to 5TB and symlink everything important on my system (Desktop, Documents, etc) to Dropbox. The experience of coming to a home computer and having the stuff I was working on just appear is nothing less than magical. This is enabled by having more than a few gigs of storage.
4. If you want terabytes of storage, come work here. It is the best tech company in the valley: http://www.dropbox.com/jobs
Ask me anything.