Skip to content
Apr 25 / Dan DeFelippi

Dropbox Attempts To Kill Open Source Project

Very poor sketch of a desired icon for DMCA ta...

Image via Wikipedia

Yesterday morning I woke up much earlier than I wanted. Instead of lying in bed, wishing I was asleep, I decided to get up and check out Hacker News. Better to waste my time reading industry news than lying around. One headline in particular caught my attention: “Dropship — successor to torrents?“. The name was an obvious reference to Dropbox and the suggestion it could replace torrents was enticing. Data storage and distribution has been a long time interest of mine and I can’t resist reading about the industry. I had no idea that by the end of the day I’d have received a fake DMCA takedown notice, correspondence with Dropbox’s CTO, and witness the near killing of an open source project.

Make Files Appear

The HN post linked to a blog post about an open source project called Dropship that allows users to exploit Dropbox’s file hashing scheme to copy files into their account without actually having them. Dropship will save the hashes of a file in JSON format. Anyone can then take these hashes and load the original file into their Dropbox account using Dropship. This has some real potential benefits for Dropbox’s users. Anyone could easily share a private file with someone else by simply giving them the JSON string. No need to make the file public. The downside is potential for abuse in distribution and sharing of illegally pirated files.

In Steps Dropbox

Dropbox’s CTO and cofounder, Arash Ferdowsi, did not like Dropship. His reaction was swift. According to the project’s creator, Wladimir van der Laan, Ferdowsi contacted him soon after and requested “in a really civil way” that he take the project off of github. van der Laan complied. This was within hours of the HN post. Another HN member, Peter Steinberger, mirrored the project on his github account using an archive from the blog post. I also mirrored the archive in the public folder of my Dropbox account and linked to it from HN. Within hours Ferdowsi contacted Steinberger and the author of the blog post, Krzysztof Dziądziak, and had them remove Dropship too.

At 1:46PM ET I received the following email from Dropbox support (emphasized text is mine):

Subject: [Dropbox Support] Re: DMCA Violation for [my email address]

Dan DeFelippi, Apr-24 10:46 am (PDT):

Dear Dropbox User:

We have received a notification under the Digital Millennium Copyright Act (“DMCA”) from Dropbox that the following material is claimed to be infringing.

/Public/laanwj-dropship-464e1c4.tar.gz (the Dropship archive)

Accordingly, pursuant to Section 512(c)(1)(C) of DMCA, we have removed or disabled access to the material that is claimed to be infringing or to be the subject of infringing activity.

As a result of this notice, public sharing on your account has been disabled for a period of 3 days.

Please be aware that copyright infringement violates our Terms of Service (TOS) and Copyright Policy,which can be found at the following locations:

Also note that Dropbox has a policy of terminating the accounts of repeat infringers. If you repeatedly use Dropbox to infringe copyrights, your account will be terminated and you will lose access to your files.

If you believe that this DMCA notice was sent in error, you may file a counter notification. Such a notification must comply substantially with 17 U.S.C. § 512(g)(3) and include a statement under penalty of perjury of a good faith belief that the DMCA notice was the result of mistake or misidentification. You cansend counter notifications to the following address:

Copyright Agent
Dropbox Inc.
760 Market Street #1150
San Francisco, CA 94102

The Dropbox Team

This was something new to me. A DMCA takedown being issued against an open source project? I immediately looked up the proper format for responding to a takedown and replied with the following:


The material in question, a file stored on Dropbox under the filename and path of /Public/laanwj-dropship-464e1c4.tar.gz, is not infringing the DMCA. The following is the license contained within the archive:

Copyright (C) 2011 by Wladimir van der Laan

Permission is hereby granted, free of charge, to any person obtaining a copyof this software and associated documentation files (the “Software”), to dealin the Software without restriction, including without limitation the rightsto use, copy, modify, merge, publish, distribute, sublicense, and/or sellcopies of the Software, and to permit persons to whom the Software isfurnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included inall copies or substantial portions of the Software.


Based on this license, which issues permission to copy and distribute freely, it is my good faith belief that this material is non-infringing. As such, I demand the file be restored per 17 U.S.C. Section 512(g).

Daniel A DeFelippi
contact info removed

Soon after Ferdowsi contacted me directly, sending what I now assume is the same “really civil” request he sent to others. He requested that I not only remove the archive from Dropbox but delete my posts on Hacker News, which at that point included the fake DMCA takedown. He outlined his objections, that Dropship reveals their proprietary client-server protocol and that it could be used for piracy. He told me that the DMCA takedown was a mistake and reverted the lockdown on my public files.

First of all, attempting to protect a proprietary protocol is going to get them nowhere. His argument implied security by obscurity. Security by obscurity falls completely flat on its face in this case since their client can be analyzed by anyone with the proper skills and could be deciphered again.

Second, dealing with piracy is the responsibility of Dropbox. It’s not the problem of an innocent hacker who wrote some useful code that could benefit legitimate users and advocates the use of his software for “sharing photos, videos, public datasets, git-like source control, or even as building block for wiki-like distributed databases.”

The Censored Respond

At this point I started emailing everyone who had been contacted by Ferdowsi to find out what had happened to them. I asked Dropship’s author to find out if he had issued a takedown. He told me he had not and that “my code is MIT licensed anyway, you can do with it what you want.” One person told me he took Dropship down for fear of losing his Dropbox account. A few of them expressed support for my resistance to the takedown attempts.


Dropbox’s censorship was nearly successful. In the aftermath Dropship all but disappeared from the internet. All public repositories and archives I could find were taken down. The takedown requests instilled fear in Dropbox users who didn’t wish to lose their account. I doubt van der Laan will continue developing Dropship. Even if he does it will most likely be private since he took his public repository down.

To Ferdowsi’s credit, I understand his position. He’s trying to protect his company. His correspondence was friendly and non-threatening. He’s obviously a very intelligent person and probably made a snap judgement on how to do damage control. The DMCA takedown seems to have been an accident and he remedied it.

In my unhumble opinion censorship is never an option. I’ve defied Ferdowsi’s requests and posted Dropship on my github account. If you are able to I’d love to see contributions. Fork and submit a pull request. To be certain it doesn’t disappear I’m also making the archive available from my own servers.

Dropship Mirror #1
Dropship Mirror #2

Censorship doesn’t work, especially in a community of open source using geeks.

Update: I want clear up a few things. As far as I’m aware all of the Dropship repositories and archives that were taken down was done so voluntarily. Dropbox never made threats, legal or otherwise. It appears the DMCA notice was automatically sent to me when the file was banned from public sharing. There was no real DMCA takedown issued. It was an edge case bug in their file removal system.

Enhanced by Zemanta


  1. Nota Lawyer / Apr 25 2011

    Thankfully all DMCA requests are filed under penalty of perjury. If he claims that he owns the copyright to material he doesn’t own, he has now opened himself up to civil litigation.

    Sue him.

    • Anonymous / Apr 25 2011

      > Thankfully all DMCA requests are filed under penalty of perjury.

      The perjury provision (17 U.S.C. 512(c)(3)(A)(vi)) applies to persons who submit formal complaints to service providers. It does not apply to informational messages that service providers may send to their users. So even if DropBox had intentionally lied about receiving a DMCA takedown notice (which it didn’t; see Arash’s comment noting that the DMCA message was mistakenly autogenerated in response to banning the file), it would still not implicate the DMCA perjury provision.

    • Nick / Apr 25 2011

      Everyone, with regards to the claims of a “fake DMCA notice” please avoid becoming this guy:

      So many people nerd raging about how Dropbox is a great big phony. Don’t be that asshole.

  2. Jeremy Felt / Apr 25 2011

    Well said. Sounds like an interesting project to leverage the power of deduplication (or single instance store) technologies. NetApp does this automagically on the backend of the storage system, which you can call to the forefront to rapidly deploy a virtual machine instance.

    Not that I would recommend taking the situation in this direction, but I’ll put it out there anyway; the US Copyright Office considers it an instance of perjury for someone to send a false DMCA takedown notice. (USC Title 17, Chapter 5, Section The mere attempt at bullying another denizen via the DMCA illustrates its failings as an instrument of justice.

    • Bob / Apr 26 2011

      Not to stray off, but Netapp does dedupe “per volume (flex vol)”, not on the whole storage system.
      You would have to go with an EMC solution to get it at the storage system level (Centera/Atmos).
      Rapid deployment (specifically for Virtual Desktop) is pretty slick on the Netapp though.

  3. R / Apr 25 2011

    I forked Dropship, just in case, and my GitHub repo of it was deleted. I was not notified of this.

    NOT happy with DropBox, and ESPECIALLY not happy with GitHub.

    • Ahmad Alhashemi / Apr 25 2011

      Now that’s worrying. Why would github delete your repository?

      • lassi / Apr 26 2011

        because they’re a company of dweebs.

        don’t trust your project source to some random “yay we support open source” company, they still got bills to pay. even random zip files passed around are more robust from everything because of this.

        the deletion(in this case the fork) in such case would be random, of course, because people work randomly 9 to 5 and randomly think what their authority to do things is.

        dropbox is a company of dweebs too, they provide a service that’s sh*t easy to provide, but needs cash money to keep running. but for some reason there’s no “flickr of dropbox” or such, you can’t trust it for anything, really. it’s insecure and dysfunctional by design and as soon as you start building on top of it they’re going to pull the rug under from you as their business model depends on you paying but not using the service to full(the business model fails as soon as you start using it as a replacement for ftp distro, but they can’t exactly advertise that fact as it would make them seem like a company of dweebs).

    • Dan DeFelippi / Apr 25 2011

      Are you saying you forked the original and that fork was deleted?

      Does anyone know github’s policies regarding forks of deleted repos?

      • Tom Preston-Werner / Apr 26 2011

        GitHub does not remove forks of public repositories when a parent is removed. The network is simply re-rooted to one of the children. We also have not received any DMCA takedown notices for any of these repositories.

        • Arun Vijayan / Apr 26 2011

          So, R’s repository isn’t deleted as he claimed above?

  4. xxdesmus / Apr 25 2011

    I forked Dropship as well — this is just ridiculous. You really would think companies would know better by now. You can’t *ever* erase something from the internet.

  5. sleazye / Apr 25 2011

    Can you look at the SMTP headers of the DMCA takedown to see if they’re coming from a desktop e-mail client or indeed some sort of auto-mailer? Might give a clue if the e-mail was indeed “auto-generated” or not

  6. Dylan / Apr 25 2011

    Forked and downloaded just in case.
    Dropbox is turning a lot of happy customers into a lot of unhappy customers.

  7. dictvm / Apr 25 2011

    Dropbox is getting more and more bad press. Well, I’ve mirrored the file too:

    You cannot share the file in your public Dropbox anymore, btw. You’ll get “Restricted Content – This file is no longer available. For additional information contact Dropbox Support.”

    I don’t like such behavior from companies.

  8. Matt / Apr 25 2011

    The answer is never to censor. The answer is to engineer your way around it. The thought that any self respecting geek at Dropbox would not realize that in 2011 is slightly scary.

  9. dude / Apr 25 2011

    Whine whine bitch bitch. Let’s all just get back to work, shall we?

  10. Mateus Caruccio / Apr 25 2011


  11. Arash / Apr 25 2011

    This is Arash from Dropbox. We removed the project source code from the user’s Dropbox because it enables communications with our servers in a manner that is a violation of our Terms of Service. By our TOS, we reserve the right to terminate the account of users in this case. However, we chose to remove access to the file instead of terminating the account of the user.

    We recently built a tool that allows us to ban links across the sytem (as of a few weeks ago) and I wasn’t aware that the email auto-generated and sent a DMCA takedown email. This was a tool built for our support team and I’d never personally used it. That said, we feel strongly that the code is a violation of our TOS and don’t believe the removal of the content from our site is censorship.

    I’d also like to clarify that nobody’s accounts were threatened: in every case my phrasing was as follows: ‘I hope you can understand our position and can agree to remove the Dropship code’.

    • gillux / Apr 25 2011

      So you, the Dropbox guy, sent a mail to the DMCA saying that people are illegally sharing the file dropship-464e1c4.tar.gz? How clever, that’s a actually a good way to make anyone sharing dropship to be afraid of the DMCA mails coming, like github did (according to R’s comment).

      But wait. How could Arash send such a notice to the DMCA without actually beeing the author of Dropship? And how did the DMCA guys believe into such a crap? Arash successfully used the big DMCA’s crawler scripts to chase what’s disturbing him. That’s the real problem, IMHO.

      • Jonathan Cremin / Apr 25 2011

        The DMCA isn’t an organisation, it’s a piece of legislation.

      • centenary / Apr 25 2011

        That’s not how DMCA works. If a provider is found to be hosting content in violation of copyright, the content owner can send the provider a DMCA takedown notice. The provider is then required to take down the content.

        Most providers e-mail uploaders when content is removed as a result of a DMCA takedown notice. Dropbox has a tool that sends this e-mail automatically when files are removed. Arash accidentally triggered this automatic e-mail when he removed the files from Dropbox.

        > And how did the DMCA guys believe into such a crap?

        There is no DMCA organization

      • Dan DeFelippi / Apr 25 2011

        As my update states the DMCA notice appears to have been a legitimate mistake.

    • Steve / Apr 26 2011

      I don’t use your service, and never saw the need for it. It doesn’t seem to provide much that can’t be done other ways.

      As for your TOS… any time your business model relies on the fact that you have proprietary secrets and people run only your code on their machines… your business model is laughably flawed.

      What dropship does is a perfectly reasonable thing for a person to want to do with their software. Frankly, I hope people wise up and just switch to better software that doesn’t require some central company to run it.

    • sh0cked / Apr 26 2011

      ^^ clearly a troll

    • Michael Maguire / Apr 26 2011

      Oh, that’s good. Because we know Amazon never censors content from their AWS systems…

  12. Quoting:

    We removed the project source code from the user’s Dropbox because it enables communications with our servers in a manner that is a violation of our Terms of Service. By our TOS, we reserve the right to terminate the account of users in this case.

    This is like burning books because they have knowledge on them. I’m not interested in the project (I don’t even have a github account, I settled for Google Code a long time ago), and I’m a happy user of Dropbox, but this way of managing the situation is probably not the best from a customer service point of view.



    • Mark / Apr 26 2011

      “This is like burning books because they have knowledge on them.” it’s not like that at all. It’s like telling people that they can’t turn your very useful cloud storage service into a file sharing facility for people who don’t want to use bit torrent.

      • Steve / Apr 26 2011

        Except that they can, and they have done nothing to stop them… except hope and pray that nobody figures out how to do it.

        If you provide people such a service, they will use it for what they want to use it for, or they just wont use it. Its like selling a hammer with a little sticker on it that says this model is not to be used to build houses.

  13. Alexander / Apr 25 2011

    @Arash: “… enables communications with our servers in a manner that is a violation of our Terms of Service”

    Your terms of service only apply to users of Dropbox when using Dropbox. They do not apply anywhere else or to anyone else. They may only restrict the use of your servers (by such software as the Dropship project), but the proliferation of the software itself may not be restricted under those terms, except when they are distributed as Dropbox files.

    • Ray / Apr 25 2011

      I’d like to see a response to that point.

      • erroneus / Apr 26 2011

        The DMCA not only covers copyrighted material, but also CIRCUMVENTION DEVICES. This software can easily be considered a circumvention device by the classical definitions of the term.

        The DMCA does not prevent your personal rights to content you have rights to, but the tools to exercise those rights are often a matter which is settled in court.

        • Tom / Apr 26 2011

          “This software can easily be considered a circumvention device by the classical definitions of the term.” ???? Excuse me? There is no way that this can be considered a circumvention device by any definition of the term. Circumvention devices defeat a protection mechanism(DRM) without the copyright owners consent, such as breaking the encryption key on a DVD. In this case, the access done with a hash given to you by the owner of the file. If this is used to illegally distribute copyright material, it not a circumvention device since the DRM was defeated earlier to produce the shareable file in the first place.

  14. Ricardo / Apr 25 2011

    No-one seems to notice that Dropship relies 100% on Dropbox’s network bandwidth to send you the files, unless you’re getting them from someone in your local network. That itself is a pretty good reason for shutdown.

    • Eric / Apr 26 2011

      “No-one seems to notice that Dropship relies 100% on Dropbox’s network bandwidth to send you the files, unless you’re getting them from someone in your local network. That itself is a pretty good reason for shutdown.”

      This, I love innovation and i’m sick of public torrents and annoying direct download sites with viruses and premium membership harassment. However, i love my dropbox functionality and the amount of bandwidth that would have been affected by a massive increase in file sharing is not worth losing the functionality we currently enjoy.

  15. deets / Apr 25 2011

    When will you guys realize that it’s not censorship if no govermental institution is involved? Any private group of people – companies or others – has the right to remove content from their systems. Nobody can be forced to host something he doesn’t want to.

    Go rent a server, put the source on it, and be happy. And if the founder of dropbox invites your hoster’s CEO for lunch & convinces him to drop your account (and thus risking his reputation) – it’s his right to do so.

    That’s not to say I concur with dropbox or github’s actions. The Streisand-Effect will hit them, for sure. But don’t feel so self-righteous about your right of free speech. It has nothing to do with this.

    • Dan DeFelippi / Apr 25 2011

      For the most part I agree with you. Dropbox has every right to ban / delete files and close accounts if they wish. No one is entitled to use their service. I even said so in my last email to Arash and complied with his request to delete the file from my account… which I promptly mirrored on my rented servers 😉

    • Corndigger / Apr 26 2011

      Finally someone with some sense. Why has hacker news just turned into another nerd whine-fest like slashdot all those years ago. You guys don’t like dropbox? Show them by not using it! Bunch of babies…

    • AC / Apr 26 2011

      So if Google hide links in search results in China it’s not censorship, just because Google is not the government?

      • Greg Gannicott / Apr 26 2011

        But wouldn’t Google be doing it at the request/demands of the Chinese government? If so, it’s the Chinese government performing the censorship, and Google are simply complying.

        • Bob / Apr 26 2011

          Agreed! Simply complying is always ok as long as you aren’t giving the order. For instance, a 1943 Nazi foot soldier might have executed plenty a Pole and/or Jew, but luckily for him, a government told him to do it, so his complicity in horrific acts was totally ok. After all, he was simply complying. Duh.

    • rdm / Apr 26 2011

      I just want to try to clear one issue up, here:

      Censorship would still be censorship even if it had been self-censorship.

      However, censorship by a private enterprise is not government censorship.

      Also, the U.S. constitutional protection against censorship (the first amendment) is a protection from censorship laws.

    • Steve / Apr 26 2011

      Why is it only censorship if some random organization which you have termed “a government” does it?

      Besides the point tho since DMCA notices were sent… so, even if they were fake, it still constituted the use of a threat of government force being used to stop the distribution.

      Thats kind of like saying, its not a mugging if I just put my hand in my pocket and pretend I have a gun.

      • deets / Apr 27 2011

        Because they (government) can *outlaw* content. Which to me is the “real” censorship. Removing things you personally don’t like isn’t. If that were the case, let me spray some creative phrase on your car, please. And don’t you dare removing it – that’s censorship!

    • barfo rama / Apr 26 2011

      Actually, they can be forced, when they start acting as a common carrier in the internet service provider space. And doesn’t everyone want to be big enough to be a common carrier? The law is still quite unsettled. Comcast got their pee-pee whacked, the FCC may be asserting network neutrality beyond its power, who knows if this will wind up being like the “Hello, we’d like you to have this flower from the religious consciousness church, would you like to make a donation?” from the movie Airplane!

  16. haijvc / Apr 25 2011

    That’s a pretty neat hack. I’d considered the same idea a couple of years back but it never occurred to me to use the Dropbox client itself, instead I tried reverse engineering the client software with moderate success – but eventually got bored of the project.

    They had some interesting protections on the software though. It’s basically distributed as a python interpreter and zip file of pyc files, but the pyc has a serialization format that encrypts the code blocks with a custom scheme. In addition to that the opcodes are scrambled so even with the decrypted blocks, it can’t be loaded into a decompiler straight away – one has to determine the mapping first.

    One interesting nugget of information that I did glean from this exercise is that the client keeps a series of trace log files in the l (lower case L) subfolder of the cache folder. It’s a rather fascinating peek into the internal workings of the client. On Linux, the following snippet of python code will decrypt and decompress them: (python module ncrypt is required for this to work.)

    I’m not sure if this works for all platforms though, just thought I’d share!

  17. Mike / Apr 25 2011

    Just to play devil’s advocate, but it is clear that the DMCA was an error. Beyond that, Dropbox has the right to dictate how customers use the service. It seems like this in the wild benefits very few people but has the potential to cause vast problems for Dropbox and thus their users. What you call censorship I call sound business practice that protects the many users of Dropbox.

    • Bruce / Apr 26 2011

      I can understand their position. People keep talking about the piracy potential of this hack, but it also sounds like it has the potential to allow black-hats to pull down files from other peoples’ acounts without their knowledge.

  18. Kh / Apr 25 2011

    @Deets “…it’s not censorship if no government agency is involved.”

    DropBox, as you said, was within their rights to remove content. However, the false DMCA notification, had it been real, would have been censorship. DropBox suppressed the development of DropShip by feigning an act of censorship.

    I love DropBox; I’m no fan of coercion.

  19. arparp / Apr 25 2011

    Security through obscurity may not be very reliable, but trade secrets are relatively well protected under the law and plenty of people have been jailed or fined for breaking trade secret laws.

    • Dan DeFelippi / Apr 25 2011

      I’m not a lawyer but I doubt publicly accessible protocols could be considered a trade secret. That’s like saying the way Coke bottles are arranged in their shipping container is a trade secret despite the containers being opened by the store.

    • Sam Johnston / Apr 26 2011

      I’d argue that Dropship is likely exempted under the DMCA’s reverse engineering for interoperability provisions, however the *use* of Dropship with the Dropbox service may indeed be a violation of their ToS. Were someone else to offer a Dropbox equivalent with a more lenient ToS then one could argue there are many non-infringing uses for such software (though in reality one would expect the primary application to be filesharing of copyrighted content).

  20. Stephen / Apr 25 2011

    You know, if Dropbox staff had just left it alone, like 5 people would know of the code. The funny thing is, everyone knows this lession.. and yet here we are.

  21. 3-D / Apr 25 2011

    …and this is why we need a true opensource alternative to Dropbox’s entire solution. Never trust any company, no matter how cool, not to behave poorly in the face of modern realities of technology.

    Edge case, my ass. That smells like a backpedal by a bully that got called on their bluff.

    • Natanael L / Apr 26 2011

      KDE has their little project, OwnCloud. Go look it up.

  22. Kurt / Apr 26 2011

    Github also uses data deduplication so there is one copy for all forks. If that copy is deleted or corrupted all forks are also gone. As an alternative consider publishing a copy on amazon s3.

  23. Bill Moore / Apr 26 2011

    Well hell. Guess I’ll be getting something other than dropbox set up.

    What’s a good alternative to Github?

    • I’m pretty happy with → the ToC and PP are relatively sane and their sytem is licensed under the AGPLv3, so you can always just create your own node, if they either close down or you get fed up with them.

  24. Tekkub / Apr 26 2011

    Tekkub from GitHub here, we didn’t do anything. If you had a repo disappear will you please email with details. We did not receive any DMCA notices, and if we had the DMCA procedure requires a 10-14 day window for the user to file counter-notice. We never delete repos the day we receive a DMCA notice. We also now post all takedowns we receive at

  25. Hacim Llih / Apr 26 2011

    /me mumbles joinDiaspora syndrome LOL… new updated version of The Streisand-Effect..

  26. Gubatron / Apr 26 2011

    Oh, I miss (2008). was a dropbox with social features. You could just “copy” files from one account to another if they were publicly available. It had search, embedding, and so much more.

    Too bad it died.

  27. Jeremy Hubert / Apr 26 2011

    Personally, I’m just kind of shocked that you are all being so immature about this. DropBox is a fantastic product run by a great team of people doing something I assume we all want to do (building a product people love).

    I’m kind of ashamed that some of you people aren’t willing to just be nice and remove the code upon request. Arash has seemed to be very polite about this and instead of being respectful, you decide to make his life even worse by forking the project and making an even bigger spectacle out of it?

    For shame. When you make a mistake, do you like it when people publicly rub it in your face and make the situation worse?

    • AC / Apr 26 2011

      Welcome to the Internet.

    • Steve / Apr 26 2011

      Um it wasn’t their code to ask people to remove.

      Their TOS aside, their “nice product” runs on other people’s computers. Those people have the right on their computers to run whatever code they want.

      I say dropbox overstepped their bounds in even trying to regulate such things. Their right to dictate what goes on ends at the line of demarcation between them and the Internet.

  28. John Scott / Apr 26 2011

    Well. Dropbox has been dropped by me. Went to Livedrive, they been around for a while, are in the UK and their servers are faster than dropbox for me.

    • Dan DeFelippi / Apr 26 2011

      I used LD for a year and then cancelled my account. While they have a lot of great features there are a lot of problems too. When I stopped using them the software was slow and buggy. It didn’t split files into chunks so if something changed it needed to upload the entire file again. The Mac software was pretty bad. Its changing monitoring wasn’t good either and required constant drive scanning. Their website was Java based and slow. Their forum support was pretty bad. My complains often went unanswered.

      I hope they’ve fixed these issues. The way their selective sync worked was really cool. Including both file syncing and backup was nice. Unlimited space is killer and FTP access was good (when it worked).

  29. / Apr 26 2011

    Another mirror for dropshop can be found at

    Good luck in your endeavours.

  30. bob bizwal / Apr 26 2011

    @Jeremy Hubert:

    You have to be joking.

    Since when do businesses do things because it’s “nice”?

    I agree with the person who wrote that an open-source version of Dropbox is needed.

  31. Axure / Apr 26 2011

    Someone should put it up on bittorrent. Try to take down that, tossers!

    • Anonymous / Apr 26 2011

      I’ve been using free dropbox for years. While I’m not praising it, I have to admit other alternatives seem worse to me. I’m not happy with its closeness and I’m not sure it is clean and doesn’t contain spyware, there’s no easy way to check that. But it does the syncing job decently and I have to live with that. I always was modest and used only the minimum amount of storage, because I’ve got it for free and I appreciate that. I never shared stupid things like mp3 files. I would just smile and forget when finding out about this whole affair, but the DMCA takedown notice upsets me greatly. Since I think dropbox staff overreacted and did a wrong thing, I’ll do a wrong thing too. I’ll append the dropship archive to all my image files in my dropbox account. RARJPEG FTW and good luck finding them by matching hashes. Bring it on, dropbox, lock my account because parts of my image files contain some bytes you were trying to bully. That’ll only work against you.

  32. Andres G. Aragoneses / Apr 26 2011

    I’m no Dropbox user so I don’t care about taking down my account because I don’t have any. So I have forked the project in my github to help this cause.


    • Runaway1956 / Apr 26 2011


  33. xxdesmus / Apr 26 2011

    My forked repo:
    a mirror:

    If Dropbox had just kept their mouth shut about this no one would have heard about Dropship –instead they encouraged all of us.

  34. Some Free Software DropBox-like solutions that come to mind:
    ownCloud →
    SparkleShare → and

    It really does seem it’s high time for projects like the FreedomBox and similar.

  35. Nowaker / Apr 26 2011

    Well done. You saved the awesome open source project.

  36. Ric / Apr 26 2011

    Thanks for taking the time to point out Shitbox’s attitude and from this day forward I will malign them with the many folks that ask me about such cloud services. Nothing like a little negative word of mouth to help steer people clear of this.

  37. PP / Apr 26 2011

    I’m loading important data into the dropbox folder only after I’ve encrypted them in a different folder. I don’t trust the claims of any company and this accident confirms that the security of Dropbox is a joke. Don’t put there anything you don’t care to be publicly accessible unless you encrypt it.

    • VV / Apr 26 2011

      Hey, “law enforcement can access” != “publicly accessible”.

      • Runaway1956 / Apr 26 2011

        Actually, “law enforcement can access” is ~= “any hacker with a brain can access”

  38. DaveM / Apr 26 2011

    I absolutely depend on Dropbox; used it just today to recover a file from deleted history. It is one of the best IT values around, especially for the individual end-user without access to a 24×7 IT help desk.

    If you screw around and ruin this amazing service for the rest of us, I will be your enemy for life. Go vent your indignation on the gamer community or one of the political blogs. Leave our quiet, invaluable, little service the heck alone.

    • VV / Apr 26 2011

      As someone said earlier in this thread,


      The last thing people will do is leave the service the heck alone. It’s dropboxes problem, not the hackers. In any case there’s no guarantees dropbox won’t alter the terms of the free service much worse or even remove the free offering in the future, just see what spotify did.

      • DaveM / Apr 26 2011

        I’m already using the paid service, and I don’t think much of people mucking with my disaster recovery service just because they have the urge to show people how “open” they can be. I’m a big supporter of open source, both with my own creative works, and with money. This is not about openness. It’s about being respectful of other people’s data. Not everything that can be done, should be done.

        • Steve / Apr 26 2011

          Um nobody forced you to choose this as your DR platform. I wouldn’t even really recommend it. Personally, I run bacula and backup to my own servers at home.

          Still… you chose your solution, you should be mad at dropbox for producing something that… wait… actually just for being against it. Read again what this does… it lets you… privately share files.

          Um… how is that such a bad thing? Thats a perfectly reasonable thing to want to do. Seems to me you should be mad at them for being douchebags about it. Do you pay them to be douchebags or to keep your files safe?

    • Runaway1956 / Apr 26 2011

      There will be another service to replace dropbox if they should close the doors. Stop whining, it’s very unbecoming of a seeming adult person.

  39. David / Apr 26 2011

    What people fail to see is that a project like this one can shut dropbox down, not only for the ones doing it, but for everyone who uses it like it should be used.

    Don’t whine if one day dropbox becomes pay-to-use only.

    I won’t comment on the legality of the deletion of the files they don’t like, but the whole project should never have existed do begin with, no matter how cool it is.

    • Runaway1956 / Apr 26 2011

      So – because some corporate heads might not like a project, the project should never be attempted? You’ve just made the best argument ever that proprietary software inhibits the advancement of computer sciences.

      • David / Apr 26 2011

        No, it has nothing to do with corporate heads or proprietary software. I’m honestly dumbfounded someone actually read that from my comment.

        The network and it’s bandwidth are payed by them. Right now you can use up to 8gb for free. The moment someone starts to abuse these resources the “free” part might disappear or get extremely limited (as in, 300mb for everyone. Hurray!).

        Free or proprietary software have nothing to do with this. Whatever piece of software abuses what is freely given might jeopardize the access privileges of everyone.

  40. Stop A Cop / Apr 26 2011

    This just encourages people to move everything to non-DMCA friendly hosting providers 😉

  41. Devon Young / Apr 26 2011

    Wow. that’s crazy. They would’ve made a lot better if they’d seen the value of Dropship, contacted the creator and said something like “Hey, want a job? We like what you’re doing there. But you’ll have to remove your project from the net as part of the agreement, and it will become part of Dropbox”. That, would’ve solved the problem AND improved their own product, without any legal issues they could now face for sending a fake DMCA.

  42. Runaway1956 / Apr 26 2011

    Driverdan – you’re definitely cool. To many people lack the gonads to stand up for what is right.

  43. jim / Apr 26 2011

    Just wanted to commend you for being rational in your response as well. So often I read about people who run into some small problem with some law and their reaction is to either jut bitch about it online or to do something completely illegal in response. Taking the time to work within what isn’t an incredibly hard system showed maturity and respect that seems to too often be lacking in many of the “nerd rage” prone generation.

  44. Allaun / Apr 26 2011

    Torrent request answered! My net goes down on the 2nd for other reasons but I used the webseed option.

    • Axure / Apr 26 2011

      You are da man! No worries, will seed 4ever.

      BTW, I wonder if Anons r gonna nuke DropBox.

      • Dan DeFelippi / Apr 26 2011

        I sure hope not. There is no reason to illegally attack Dropbox for this. It’s not a good situation but they’ve been friendly the whole time. Friendly dialog is better than using LOIC.

        • Axure / Apr 26 2011

          I totally agree.

          It’s not like Sony, who have been total douche bags, suing kids, putting rootkits on CDs and all kind of nasty stuff. I find it hard to feel sorry for the PSN devastation right now, even though some folks couldn’t play their Playstation over the holidays.

          Here it’s just a silly mistake made by well-intentioned people, who might just come to their senses eventually.

  45. Sensationalist Dick / Apr 26 2011

    Move your “update” to the top of your post.

    Also, just because a project is open source does NOT make it the holy grail of untouchable technology. If dropbox wants to close dropship down then more power to them for protecting their website’s ToS.

  46. Jason / Apr 26 2011

    You guys do realize what his real problem is, right? Dropship just pointed out that anyone can gain access to any file on the system just by guessing a hash. So, what happens when you start randomly poking hashes? You get access to all sorts of information.

    That’s the real problem.

    • Dan DeFelippi / Apr 26 2011

      Guessing or brute forcing SHA256 hashes isn’t feasible. It’s really not a concern.

      • tvi / Apr 26 2011

        True, but they only have to get lucky once. Besides, google would probably return some valid ones.

  47. Anonymous Coward / Apr 26 2011

    Balanced and intelligent report. Well done.

  48. Anonymous Coward / Apr 26 2011

    As noted above, this ISN’T a torrent replacement mechanism at the moment. However, integrate something like OFFsystem or BlocksNet, and you can see the possibilities…..

  49. Simon Heath / Apr 26 2011

    Mirrored, ’cause, why not?

    6b665ffdf219a4a13a30eb00d2bef5e0 laanwj-dropship-464e1c4.tar.gz

    85181eb0aa5170e06a368ac59398754662b7e670ea45f601e303372f4c57f79ba33c7a65885cb4bd536baffc755329e7820235922e6364caf9ced63f725de852 laanwj-dropship-464e1c4.tar.gz

    Will remain there until I need to clean out my temp directory, which tends to happen about once a year. Personally, what I want is an open-source dropbox-like service that I can host on my own server, which sync’s automatically in the background without me invoking it explicitly, that I can access from Linux and Windows (and mac too, why not). Unfortunately the closest thing I have so far is put together with string, duct tape and Mercurial.

Comments are closed.