Dropbox is morally corrupt and support for them by HN users is disappointing.
I wrote to Dropbox and said I wanted to cancel my account and get a pro-rated refund because of their hiring of Condoleezza Rice. Her involvement in the Iraq war and the mass surveillance of Americans is deplorable.
A few days after my request my account was converted to the free version, with the limitations of the free version. I could no longer sync any files. When I saw this I assumed I was going to get the refund.
Days passed. I asked about the refund. The support email included disturbingly fawning about Ms. Rice and how amazing she was, and insisted that the Dropbox ToS made it flat-out impossible for them to issue any refunds. My account was changed back to allow the 100 GB of storage and Dropbox acted like it never botched my request.
It almost funny that they would not even respect differing opinion on their hiring of Ms. Rice and graciously offer a refund to those offended by such a move. Hiding behind their own ToS just shows how deaf they are to the matter. They basically don't give a fuck, and they don't have to because they have enough people who are more concerned with convenience than principles as amply shown on HN.
There are very good alternatives to Dropbox. Both SpiderOak and ownCloud work great on Windows, OSX, and Linux. You can get managed ownCloud hosting if you don't want to set up your own: https://owner.io.
It's puzzling that anyone would trust them with their data given their behavior.
Why are you entitled to a refund? You disagree with their hiring policies? You already paid the $99 for 1 year of service. You already bought it. It's done. Your option is to cancel at renewal or not.
That's my take, anyway. I also asked for a refund when Google announced their far cheaper plans for GDrive, and this just a month after I renewed. They told me the same thing -- a policy of no partial refunds. So I asked them to ensure I would not be auto rebilled, and that was that. Why exactly are they morally corrupt for this?
That's not what OP said. The conversion to a free account and then back is not related to the refusal to refund his money. They temporarily took away paid features, but only because they botched his cancellation/refund request. When he pointed out their confusion, they corrected it. He didn't get a refund because they have a no refund policy.
It was neglect for sure, but I think it stemmed from poor communication and not malice. He requested that they cancel his premium service and refund him for the remaining duration. They cancelled the premium service, but neglected to tell him that he wouldn't get a refund. Also, this was during a time when a lot of people were trying to cancel, so I'm sure the customer service team was overloaded with this type of request.
You already bought it. It's done. Your option is to cancel at renewal or not.
This is technically true.
In the bigger picture we should judge people and companies by what they choose to do, not by what they have to do.
Had Drobox even replied that they understood my complaint but decided that it did not warrant their making an exception to their ToS I might be less disgusted. At least it would show some sort of backbone. Instead they pretend their hands are tied. That's dishonest.
> It almost funny that they would not even respect differing opinion on their hiring of Ms. Rice and graciously offer a refund to those offended by such a move.
I'm not surprised at all that a company doesn't want to refund you because of a political disagreement you have with them.
I'm not surprised at all that a company doesn't want to refund you because of a political disagreement you have with them.
What's important here is how they handled this. A company can issue a refund anytime it likes, the ToS notwithstanding. Those are rules they made up.
Telling me that it is impossible to issue a refund is just lying. It's not impossible; it's very doable.
If they (or any company) deliberately choose not to issue a refund they should state it like that, in plain language, not pretend that they have no choice in the matter.
Likewise with botching my account downgrade; only after I pointed out there error did they restore the quota but then acted like it never happened.
It isn't simply the lack of a refund, it's the bogus way they did it. Actions like this reveal the character of a company.
>What's important here is how they handled this. A company can issue a refund anytime it likes, the ToS notwithstanding. Those are rules they made up.
The customer service representative you spoke to did not make those rules up. Unless you were speaking to the CEO of Dropbox personally, then yes, there is nothing that person could do. There may not even be a function of their support system that allows refunds. How do you know how simple it is for a CSR to offer you a refund?
So you don't approve of Condoleezza Rice backing the invasion of Iraq in 2003. Okay, I agree with you that the invasion of Iraq was the wrong thing to do.
I don't approve of you attacking Dropbox, and Ms. Rice in her capacity as a Dropbox employee, for actions that have nothing to do with the company.
Would you like it if I wrote to your employer demanding you be fired because of your actions here? No? You would say, wouldn't you, that your posts on HN have nothing to do with your employer and regardless of what I think of your posts, it would be a dick move on my part to drag your employer into it?
How well do you know "Ms. Rice"? Personally? Professionally? Politically? Psychologically?
Ms. Rice, and her associates, were responsible for committing acts of open war on another country and in so doing violated - criminally - much international as well as national law. Charges at the ICC mean something. Such individuals, no matter what, should not be allowed more access to the masses until they have answered for their crimes.
The fact that this is of no consequence to someone who 'publically defends Ms. Rice' may not surprise me. She must answer to crimes against humanity, sir! This is why she should not be associated with the Western worlds growing fascination for documenting itself ..
If only there were a cloud storage provider that took a strong, substantive stand against government surveillance and supported true security and privacy for their users.
As long as we're dreaming, wouldn't it be great if you could use this make-believe product with standard unix tools on the command line, and access over SSH ?
I suppose a fanciful firm like this would offer a deep "HN readers" discount to anyone that asked.
rsync.net aren't really competing with DropBox so I don't see the relevance.
DropBox has multi-platform support on all major mobile and desktop platforms. They also have a GUI application that will "just work" for syncing your files off site.
rsync.net is really UNIX only since the offering doesn't work particularly well when not combined with popular Linux/UNIX tools (e.g. rsync). On Windows you're left using FTP and doing the sync-ing yourself somehow and there is no mobile presence at all.
The software is 1/2 of DropBox's (and Google Drive's) value. rsync.net is certainly inexpensive but not really competing for the same business or customers.
With Macs there are predominantly two "types" of users. Those who use a Mac because they want a UNIX machine that works well as a desktop/has a widely supported GUI, and then there are those who use Macs because they find them easier than Windows (due to the better consistency and less clutter).
I think rsync on OS X will widely appeal to this first group, but not appeal at all to the second group. As far as those people are concerned if it isn't in the store then it doesn't exist, and if it doesn't have a GUI it definitely doesn't exist.
As to Android you guys don't, as far as I know, offer an app? Maybe my information is out-of-date on that one.
I completely respect that you guys want to appeal to a certain demographic and there is something to be said for that. I was just pointing out above that rsync.net is niche and isn't "really" competing 1:1 with DropBox, Google Drive, or to a lesser extent One Drive.
Your prices remain quite impressive and I'm sure you do what you do very well.
I canceled my pro account when Dropbox first hired Rice, and I haven't looked back. It took far too long to get my data out, but it was well worth the effort.
'In the summer of 2014, Sam Altman became president of Y Combinator. Y Combinator also announced a Board of Overseers: Brian Chesky, cofounder of AirBnB, Adora Cheung, cofounder of HomeJoy, Patrick Collison, cofounder of Stripe, Drew Houston, founder of DropBox, Jessica Livingston, David Rusenko, Emmett Shear, and Sam Altman, cofounder of Loopt.'
Y Combinator, and by extension HN, is in cahoots with the people at Dropbox.
Was this thread then manually flagged as "noflame"? It seems that the general sentiments on HN lean toward the "very critical" spectrum whenever dropbox is brought up, which seems like it would set off the flamewar filter constantly.
No, we haven't moderated it. The only thing affecting its rank are upvotes and flags, which are in the usual tug-of-war that we see with controversial threads.
Ditch Condi Rice and apologize for allowing her in, and I'll consider using Dropbox again.
As it stands, there are an abundance of other companies doing the same thing as Dropbox which do not associate with known war criminals. This makes them more desirable business partners.
I switched to Copy since the Condoleeza Rice situation and I have had no problems whatsoever. I have the app running on a macbook pro, an imac and two android mobile devices. It's also about half the price that Dropbox charges. I recommend it.
Honest question, how good is their client? The Google Drive client on OSX appears to be bit shit and I am considering moving everything away to a new system.
Honest answer: it seems to be a bit slower than Dropbox, but it's still pretty good. I haven't had any issues yet (no lost files). They also offer the same auto-upload of your photos from your smartphone, which I am running on an Android device, and that works wonderfully as well. I'm a very satisfied customer.
Ah, I did not check the updated dropbox pricing. At the time, I was getting 250GB for $9.99/mo, and Dropbox was offering me 100GB for the same price iirc.
It is disappointing that Dropbox still does not offer any options for secure storage. Personally, you might be fine with unencrypted stories but at least for companies in Europe, having (all) your data with an American cloud provider without local encryption on your side is simply not a legal option …
Dropbox is a great service, however, it would be even greater if I could use Dropbox for all my data and not only selected data where I do not consider local encryption necessary.
(I know about add-on software like Boxcryptor but all options I have tested so far were not user-friendly enough … Dropbox competitors with encryption like Spideroak and Wuala work good enough but are in no way as user-friendly and convenient as Dropbox.)
> Dropbox competitors with encryption like Spideroak and Wuala
Unless one doesn't really cares about security and wants encryption for the sake of having encryption, there's no way their implementations could be considered sufficient.
Without audit you're just taking their word for it — which is exactly as when you take Dropbox's word that they won't peek at your data (unencrypted or possibly encrypted but one can't verify that). And to audit those one needs to spend a lot of time reverse engineering their applications, and then auto-update mechanism could render those efforts void at any moment. I've spent about a weekend debugging and looking at decompiled SpiderOak code and while I hadn't found anything suspicious (although I'm not a crypto or security expert) the only judgement I was certain with was "this behemoth's too complex to study in detail, not worth the time to continue the research"
The point is, the data could be encrypted, but it's pointless to just have the encryption — to assume some security one must be certain about many aspects of how it's done — when, how and where encryption keys are generated, when, where and how data's processed, what are exact crypto algorithms used and how they are composed together and so on. And, obviously, a possibility to verify the description completely matches the actual implementation.
So, I think, security should be really done by a separate software module that could be completely reviewed by anyone (from tech-savvy end-users to security researchers) and can't be remotely auto-updated without explicit user consent.
I don't know about SpiderOak but I totally trust Tarsnap.
But agreed we have to trust the software companies/devs when using crypto.
Not many people really trust Dropbox anymore to build client-side encryption themselves. But you could use a different program for encryption with dropbox as simple storage. That being said, you still have to trust the Dropbox binaries installed on your system as well. Security paranoia can go deep.
IIRC, Dropbox has HTTP-based API that allows basic file operations, like uploading, downloading and listing files. So, proprietary client isn't really required.
Well, if someone would code a Dropbox-based TAHOE-LAFS backend, I'd seriously consider really using Dropbox. (My phone came with 1-year "free" 50GB offer, so I'm using it for some completely non-private files, like my cat's photos I've publicly shared.)
It is not sufficient but it might be enough to fulfill compliance requirements. Yep, that is only cover your ass security but it is still better than no encryption at all … the glass is half full vs. the glass is half empty although we should of course aim for the full glass.
There's an opinion that it's actually harmful, as it creates a false sense of security when there's none (when a powerful malicious party can possibly force vendor to make the software silently auto-update and disclose your encryption keys — that really means "none").
Agreed. This was the first thing I checked. Still no client side encryption! Truly unfathomable in light of current world events, competitive offerings and the feasibility of the required technical implementation.
All I want is to encryptedly back up some directories on my home server, but nothing* really does that. I use SpiderOak at the moment, but it's not OSS.
We currently allow 1.1 PB in a single "namespace" (zpool).
There are non-obvious ways to make a petabyte-sized zpool non-scary ... but even with those employed we still utilize raidz3 and have contingencies for rollbacks.
edit: for obvious reasons, that 1.1 PB number will grow by 50% in the very near future...
It's easy enough to jam enough disks into a rack with these 90disk 4u super micro jbods. The thing that always scared me (ESP with rsync) is how do you get performant metadata for a few billion files? Or even tens of millions.
And raidz3 resilver must be horrible at those densities!
Again. Just curious. Email at jmancuso@expandrive if you feel like chatting. I know we offer a similar product, but we are about to leave zfs for the above concerns. Wouldn't mind sending some business your way.
No OSS linux client, but we do have a closed source one. CrashPlan Does work headless[1], but note that that setup out of the scope for our support team.
I can't say one way or another if the client is OSS, but I do know you can run it headless, I've done it before.
IIRC, you need to tweak a non-headless client to direct it to the headless instance (some config file to point to the server vs localhost) and everything works from there.
It's weird because it doesn't really say anywhere, but prices should include VAT, although unless they're selling as an EU-based or VAT-registered company, it's not mandatory.
Since this seems more B2C than B2B, I'm assuming the £79/year I see includes VAT, so that's £65.83 without 20% VAT, which is $109.17 at today's rates. I would not consider this too unfairly deviant of the US pricing considering the volatility of exchange rates.
Many American cloud providers, software vendors etc. charged their USD prices in EUR to European customers, even to European customers outside the Euro zone. An American VPN and sometimes some further fiddling with your browsers usually allows to purchase in USD …
For my commercial purchases, i.e., purchases as a company, I have to pay the local VAT anyway upon import including digital services like Dropbox.
If you bought it personally (i.e. a B2C sale) you should be fine, but as a warning for any (update: UK based, at least) VAT-registered traders or businesses, you will need to reverse charge the VAT which mostly defeats the point.
Maybe VAT law is different in your country but that is not true in the UK where reverse charging of VAT is required on services where the supplier is "outside the UK" (including outside the EU). Indeed, HMRC's guidance on this includes an example of a US-based Web hosting company providing hosting to a UK business: http://www.hmrc.gov.uk/manuals/vatpossmanual/vatposs14300.ht...
HMRC do note that "the UK applies the reverse charge provisions more widely than elsewhere in the EU", however, and for this I get the joy of having to reverse charge about 50 invoices a quarter for US services (all our hosting, SaaS bills, etc) ;-) For example, if a host in the US bills us $100, we then have to reverse charge $20 converted into GBP at approved rates, then claim the equivalent back.. so the net position is zero but it has to be accounted for (holds head in hands and rocks back and forth).
^ to peter
[edited] Aha, just checked with my accountant and that is indeed the case, it is a net zero operation. Still doesn't matter for the $ / € story though.
Dropbox having good Linux support is a big reason I use them personally and professionally (both paid).
But geez do they mess other things up. For example you can only share top level folders. We have to share with various outside parties and that limitation leads to a very cluttered file structure.
The solution for multiple accounts is beyond annoying. The correct way of doing it how google does it - you provide however many sets of credentials and can then easily select the current set to use/view. Dropbox do this idiotic thing where you tie your personal one into a business one, then logging into the latter also logs you into the former and everything works as though it is one account, with enforced folder names. I'm sure there is some weak justification about how this prevents issues with free accounts, but making paying users have a horrible time isn't the way to achieve that.
While they all have desirable attributes, especially for individual usage, they are harder to cooperate with others. (By that I mean try to get friends and relatives to use them with you, when those folk aren't tech savvy and certainly don't have their own storage.)
The biggest benefit of Dropbox is the mobile app client support. On iOS, you see Dropbox and iCloud support, but rarely anything else.
When other sync services like Box and friends get more integration, I’ll gladly switch away since I would love some sort of encryption, which Dropbox, and Evernote damn you, appear unable or unwilling to implement.
No, Dropbox does NOT encrypt your data on the client site.
Alternatives would be Spideroak and Wuala or addon software like Boxcryptor. They work but not as flawlessly and user-friendly as Dropbox usually does …
Please be cautious: EncFS was not designed to resist an attacker having ongoing access to the volume, as they would in this scenario!
In particular, an attacker having access to the ciphertext at two or more different times violates EncFS's security assumptions; undetected malicious modification of files is also feasible in this scenario.
Many encrypted filesystems do not include such a property in their design criteria - for example, XTS mode as-is is not suitable for use in this scenario either, so please also try to avoid putting TrueCrypt (et al) on Dropbox!
For a broad general example of what a system would look like which tries to address this use case more naturally and effectively (although, caveat: I have not reviewed it in great detail myself), please see Tahoe-LAFS.
I've been using Dropbox with EncFS, and I feel foolish about not thinking of the fact that Dropbox has ongoing access to the encrypted files.
Would you recommend something other than Dropbox + EncFS as the best compromise for a file-sync solution that has reasonable security, a non-buggy client, supports block-level sync, is reasonably priced and "just works"? BitTorrent Sync + EncFS?
Damn! What's the vulnerability? Do they reuse IVs or something? No wonder I got stuck when designing my own encrypted filesystem, I didn't have this assumption. On the plus side, mine was safer. I'll have to revisit it.
Dropbox does not claim to encrypt your data on the client side. They only claim encryption on their servers but that is not helpful in terms of encryption of your data …
In CrashPlan, you can at least set your own private key if you like. You still need to trust the provider/vendor, however, the software is at least built to do local encryption. Dropbox does not work that way.
No one (almost) needs 1TB... the way they can afford it is they expect most people to use at most a few hundred GB, but with the peace of mind that they could store more
Personal photos and videos I don't want to lose, which are of course backed up to actual backup systems, but I also want access to wherever I am. That's what I need 1TB for.
Indeed, Dropbox can respond to google drive in two ways: (1) drop the price of the existing plan to match google drive or (2) increase the storage to compete on the $/GB/mo rate. Option 2 is much better for them because they can keep all their existing $9.99/mo customers on the same recurring plan even though the vast majority don't need the extra storage anyway.
I wish OS vendors weren't asleep at the wheel. This sort of service needs to be integrated into the OS. I'm sick of having an OS that doesn't include next-generation features like seamless p2p filesharing. I guess its time to make one ..
These are just backup services between Microsft/Apple/Ubuntu, Inc., and the users.
What I want is true p2p. Like, nobody in between necessary, because the OS has everything onboard to make it happen. That sort of 'asleep at the wheel'..
The point is that seamless peer-to-peer hasn't happened, at the OS level. If Dropbox' NS servers go splooey, there goes your backup.
However if me and every family member want to share our own private files, internally across the vast Internet, without any 3rd-party interaction - i.e. really peer-to-peer, only the open-source/3rd-party-app route works, feasibly, at the moment.
Which is what I mean when I say that I think that OS designers are asleep at the wheel; or, perhaps, brain-dead. An OS which does point to point encryption across untrusted networks, successfully, and which wraps up the whole thing in a workable GUI provided by the OS vendor .. its just not there yet. I suppose soon, though.
I think it is only available if you were already signed up for it. I just chose to continue with the packrat add-on for my pro account. It seems like the alternative they are now offering is only extended version history. (which would save changes for a year)
So I have the $20/month a plan, and my reward appears to be that I pay twice as much and still have 200GB...? Do I have to cancel and re-subscribe? Anyone from Dropbox out there..???
I didn't downvote, but it wasn't a productive comment -- it was just snarky and condescending.
I don't think this is front-page worthy of HN, sure, but anytime someone at Google/Dropbox/Apple does so much as pass gas, people around here get excited.
Helping Dropbox grow is arguably the single greatest achievement of YC to date. I think in that light it makes sense that news about Dropbox gets on the front page of news.ycombinator.com.
I don't really care about it, but your comment was worthless and deserved to be downvoted. If you don't care about a story, ignore it. If you think it's wildly inappropriate, flag it. If you feel compelled to share your disdain with others, I recommend Twitter for that.
Was privacy ever a feature? Will it ever become a Dropbox feature or is it impossible due to either today's political climate or Dropbox's internal views on the matter?
I do care about dropbox, it's the only cloud system that works well on linux systems . It used to be overpriced but now the pricing is good.
Also Google Drive is terrible on Windows if like me you have a lot of files. One drive is limited to 2GB of file size.
Owncloud is great, and avoids the moral complexities of contributing to a board that includes at least one endorser of torture and warrantless surveillance.
… if you have the knowledge, money and time to manage your Owncloud server in a secure way. Since such configuration includes a more advanced firewall, most users will not have the necessary skills I am afraid …
Focused on Owncloud only, the latest version is indeed great! :)
I have tried Owncloud, but I don't want to host a service myself (I do have the knowledge to do so).
But on average it would cost me more than paying a service. I"m trying to minimize my monthly costs, it's hard to beat 8.25$ for a good server for Owncloud.
And yes, I will wear my downvotes with pride. We can't always separate our tools from the organizations which produce them, and we should be careful what behaviours we wish to reward, and thereby encourage.
I've got something I like better than Dropbox. It's called rdiff.
It does one thing only: deduplication.
All the other stuff needed for remote, incremental backups, e.g., moving files back and forth over a network, can be done with other open source tools. I think I have a pretty good command of moving files around with open source software... I do not need a third party to help me via an obfuscated blob of Python and who knows what else.
I like having control over my backups versus trusting it all to some closed-source, third party, "all-in-one" application.
In my mind having control and transparency will always be more powerful than handing over my data deduplication and backup to a third party, such as "Dropbox".
But I imagine there are few others who would agree. Forgive me for not loving Dropbox. Maybe some day I will see the light.
If you don't mind hosting yourself, Seafile is also open source and has really nice Mac/Windows/Linux/Android/iOS client apps. It also does delta syncs, which I don't believe ownCloud supports yet:
What's with the lack of delta syncs in all these systems? As far as I know, neither Google Drive nor OneDrive do it. Now you're saying ownCloud doesn't do it either. I didn't even think to look at it for oneCloud because obviously they'd support it.
I consider it to be an essential feature, to the point that I won't bother with something that doesn't support it. I guess I'm unusual in that respect.
I suspected I would get downvoted for not loving Dropbox. And I was right. Interesting.
FYI
rdiff is the reference implementation or first example of a utility written with librsync, which is the library that Dropbox used to build their "business".
I wrote to Dropbox and said I wanted to cancel my account and get a pro-rated refund because of their hiring of Condoleezza Rice. Her involvement in the Iraq war and the mass surveillance of Americans is deplorable.
A few days after my request my account was converted to the free version, with the limitations of the free version. I could no longer sync any files. When I saw this I assumed I was going to get the refund.
Days passed. I asked about the refund. The support email included disturbingly fawning about Ms. Rice and how amazing she was, and insisted that the Dropbox ToS made it flat-out impossible for them to issue any refunds. My account was changed back to allow the 100 GB of storage and Dropbox acted like it never botched my request.
It almost funny that they would not even respect differing opinion on their hiring of Ms. Rice and graciously offer a refund to those offended by such a move. Hiding behind their own ToS just shows how deaf they are to the matter. They basically don't give a fuck, and they don't have to because they have enough people who are more concerned with convenience than principles as amply shown on HN.
There are very good alternatives to Dropbox. Both SpiderOak and ownCloud work great on Windows, OSX, and Linux. You can get managed ownCloud hosting if you don't want to set up your own: https://owner.io.
It's puzzling that anyone would trust them with their data given their behavior.