dropbox_thumb.pngArs Technica has a feature article about a 19-year-old child-porn collector  who was detected and turned in by Dropbox and then stopped by a brave man at a chess club meeting as he approached with knives to try to stab some kids. It’s an interesting, dramatic story, and it intersects with TeleRead’s coverage area in an unexpected way—the detective who had been assigned to arrest the 19-year-old happens to be a self-published author (and you can buy his books on Amazon). Just goes to show you that self-publishing authors come from all walks of life and all different day jobs.

But the more interesting thing to me has to do with Dropbox and child porn. A remarkable number of child-porn collectors treat Dropbox as a “safe” storage spot for files they don’t want to have on their own computers—but are entirely unaware that Dropbox itself would have a few things to say about that.

Although the company is mum on exactly how it does it, Dropbox seems to have some kind of photo identification technology that can pick out child porn images when users upload them, and it regularly passes that information on to law-enforcement agencies. Although Dropbox transmissions are “encrypted,” the encryption is only good against outsiders—meanwhile, Dropbox itself can run upload filters to pick out child porn images and videos.

The article goes into a good deal of detail about how the Internet and digital media have been responsible for a resurgence in child porn, as it suddenly became possible to mass-distribute it in ways that analog media never permitted. Funny to think that it should have that fact in common with e-books. Though, of course, e-books are considerably more innocuous—even the ones that are shared illegally.

Something else it has in common with e-books is the use of Dropbox itself. For some time, Calibre users have used Dropbox to host their Calibre2OPDS libraries, which builds a web content management system around individual users’ Calibre libraries. Some users have found that they can’t generate public sharing URLs for certain files, and some have even had their accounts deactivated for copyright violations. Does that mean Dropbox is scanning for copyrighted material just as they are for child porn? After all, the technology exists.

The good news is, Dropbox is almost certainly not proactively scanning for copyright violations. For one thing, child porn is a lot easier to recognize than a copyright violation. Furthermore, lives are actively harmed by child pornography, whereas any harm that comes from copyright violation is significantly less drastic. When you upload a copyrighted file, Dropbox doesn’t know whether you have rights to distribute it or not; it only knows if it’s gotten a DMCA notice from a copyright holder telling them something is in violation.

Calibre2OPDS does offer options for obfuscating your Calibre library filenames to prevent snoopers from happening onto them. That being said, I’m not sure how strictly necessary they are—I’ve never used them, but I’ve never had my Dropbox account threatened for copyright violation, either. I just don’t share my library URL publicly, and make sure anyone I do share it with knows to do the same.

I certainly have no personal objection to Dropbox looking for child porn and other evidence of actual crimes, especially if it can do so automatically without actual people involved unless there’s some question about if a particular file is or not. At the same time, though, I could see how people might have a philosophical problem with the idea of content they upload being inspected by any system for any reason. If that’s the case, though, they certainly have the choice to use some other cloud storage service—or even to rent their own private co-located server they can use to upload and store stuff themselves.

Certainly, they shouldn’t assume that they can upload actively criminal content and assume it will stay private. When you put something on a commercial service, you’re putting it in the hands of someone who may choose to inspect it or do other things with it you wouldn’t necessarily appreciate. You shouldn’t do as so many child-porn collectors do and assume that just because it’s located on some distant servers somewhere, it’s “safe,” whether what you’re uploading is criminal in nature or not. If it is criminal, well, just remember what mystery novels and movies have been telling you for decades: if you leave evidence where other people can find it, they probably will.


  1. Glad to know that my decision to avoid using Dropbox because of its tracking policies is further vindicated by its snooping policies — not that I think child pornographers shouldn’t be exposed and hung by the fingernails over shark-infested waters. But I don’t like that I have to agree to let Dropbox track my web activities if I want to use it. And every time a client sends me files via Dropbox, before I can download them, I have to agree to let Dropbox place a tracking cookie on my computer. On my list of sleazy companies, Dropbox is in the top 10 for its refusal to honor my desire not to be tracked and for privacy.

    Best business news I have seen in a while is that private investors are reducing the value of their investment in Dropbox, which is causing some concern at Dropbox. Dropbox management thought it could avoid having to expose its data to investors by avoiding going public and using private investment instead. To its surprise, that didn’t work and its “privacy” expectations have been foiled. Hopefully, Fidelity will further write down its Dropbox investment causing management to lose even more value.

  2. This is just my speculation, but my guess as to what’s going on is that they’re just comparing the size and hash of the files in question against a database of known violations. Dropbox already does file hashing in order to avoid duplication of files, to track changes and enable LAN syncing. As a result, they don’t even need the original files in question (which would still be illegal), but can send a utility to law enforcement that they can use to update the database with a list of new hashes whenever new files are found. That way Dropbox staff don’t have violate any laws by browsing through your private stuff, or maintain a storage drive/folder of child porn – they also don’t have to spend any time or resources on it, but can automate it and not worry about any false positives due to image recognition software failing.

The TeleRead community values your civil and thoughtful comments. We use a cache, so expect a delay. Problems? E-mail newteleread@gmail.com.