Dropbox uses file hashes to comply with DMCA requests. So what?
April 2, 2014 | 2:50 am
Surprise! Dropbox has anti-piracy measures in place. You’ve probably seen the stories by now. When you right-click that file on your drive and ask for a public link that you can share so your friend can download it, Dropbox runs a hash on the file—it basically takes the file’s fingerprint by assigning a specific character to particular bits. If it finds that hash matches a list of hashes that have been declared verboten by DMCA request, it tells you that you can’t share it. (Likewise, it hashes files so that it can save space by only storing one copy of any particular same file.)
This doesn’t mean Dropbox is keeping track of what you put in your folders, or snooping on your files. Judging by news stories about it, quite the opposite. And even if the file matches a particular hash, Dropbox doesn’t delete it, or cancel your account.
(At least, assuming you’re not posting the link to it out in the open, where web spiders can find it, as apparently happened to these people sharing their calibre2opds e-book libraries. Many publishers and other content-owners run web spiders that look for public links to unauthorized copies of their content so they can send DMCA notices to shut them down. It doesn’t matter to them what the hash is; it matters whether it’s their content. It’s one thing for Dropbox to prevent you from creating a link to something automatically. After all, you have the right to make personal use of your own media, including uploading it to the cloud so you can download it again somewhere else yourself. But you don’t have the right to violate copyright in public.)
And let’s be honest here. As many lawsuits as there have been over services that allow user-uploaded public content (just look at YouTube and Viacom, who only lately buried the hatchet), it would be dumb to expect a service like Dropbox not to have those measures in place. As such measures go, Dropbox’s is both reasonable and generally unobtrusive. It’s not making value judgments about why you have the file on your drive or punishing you for trying to share it, and if you want to download the file elsewhere for your own personal use you can still log into the Dropbox website and download it that way. It’s just blocking you from sharing it to the public at large.
And if you do still want to share it, all you need to do is alter the file in some way such that it no longer matches the hash. And that’s easy to do. Add a few seconds of silence to the end of a song or video. Re-encode it to another format or bitrate. Compress it. Encrypt it and zip it up with a separate text file containing the password. Any e-book you modify with Calibre will automatically have a different fingerprint from its commercial version, even if it’s something as trivial as changing the cover or adding new metadata.
And, of course, there are other services you can try, like Synology, if you’re really worried about your privacy. But generally those services either won’t let you share files publicly, or will have anti-piracy measures of their own in place.
The best advice is, of course, if you’re going to use Dropbox to share copyrighted material, such as holding your Calibre library handy for download to your e-reader from wherever you are, or even sharing it with friends, don’t do something stupid like posting the link to it in a public place where web spiders can find it—and make sure anyone you share it with can be trusted not to do that, either. (Which is what I’ve been doing with my own personal e-book library for years, and haven’t had my account canceled yet.) You can’t use Dropbox to host warez files in public any more than you can host warez on any web host in a country that respects international copyright law, and you shouldn’t even be trying. (That’s why the Pirate Bay has had to move so many times.)