First of all, in Dropbox's defense, I probably did not give you guys enough time to respond before going public with this (also, living in Israel I sometimes forget that Sunday is a weekend for most people in the world). I apologize for that. I am not a journalist/blogger, and I was driven more by my emotions than by "journalistic ethics" (?) when submitting to HN.
Second, according to your support email (updated the original post with it) it looks like my particular case is going to be resolved. However, it does not seem to resolve the malicious use case I hinted at (and which people on HN did not seem to want to discuss that much): Give someone a terabyte as a gift, and then delete their account. In fact, from the support email it seems like it's even worse: The support staff will need the team admin to approve the account re-enabling. In the malicious case, the admin would not approve.
[EDIT: Recalled a third point I wanted to make.]
Third, regarding what you said "it's not possible for us to differentiate between Team data and personal stuff in the same account". I simply don't understand why this is true. Maybe the general case is not like mine, but my Dropbox folder just has a bunch of subfolders, exactly one of which belongs to the "team". Is it possible that certain folders have mixed personal-and-team content? How does that even work?
If you saw my account (I don't know if you can... but your code can) it would be blatantly obvious which folders (all but one) are personal.
When migrating an account into a team, the account and all the data in the account becomes managed by the Teams admin (shared or otherwise). Letting an existing account to join a team lets us smoothly support the situation where a user has created a Dropbox account separately and needs to move that account into the team.
For most cases though, users should create a new account for the team. The Dropbox for Teams sign up process guides users towards creating a new account when joining a team for this reason.
From your reply, it sounds much worse than I thought. I had no idea my team admin could see all my data until now!
If joining a team account changed after your October changes, then maybe it's okay now. But I included in my post the email I got for joining the team, and it makes no mention of the fact that the team admin now owns my data. One would think this email should be less bland and more cautioning.
First of all, in Dropbox's defense, I probably did not give you guys enough time to respond before going public with this (also, living in Israel I sometimes forget that Sunday is a weekend for most people in the world). I apologize for that. I am not a journalist/blogger, and I was driven more by my emotions than by "journalistic ethics" (?) when submitting to HN.
Second, according to your support email (updated the original post with it) it looks like my particular case is going to be resolved. However, it does not seem to resolve the malicious use case I hinted at (and which people on HN did not seem to want to discuss that much): Give someone a terabyte as a gift, and then delete their account. In fact, from the support email it seems like it's even worse: The support staff will need the team admin to approve the account re-enabling. In the malicious case, the admin would not approve.
[EDIT: Recalled a third point I wanted to make.] Third, regarding what you said "it's not possible for us to differentiate between Team data and personal stuff in the same account". I simply don't understand why this is true. Maybe the general case is not like mine, but my Dropbox folder just has a bunch of subfolders, exactly one of which belongs to the "team". Is it possible that certain folders have mixed personal-and-team content? How does that even work? If you saw my account (I don't know if you can... but your code can) it would be blatantly obvious which folders (all but one) are personal.