That’s it for Dropbox

Dropbox has recently changed its terms of service to include a forced arbitration clause. “Arbitration is a faster and more efficient way to resolve legal disputes, and it provides a good alternative to things like state or federal courts, where the process could take months or even years,” writes Ramsey Homsany, Dropbox’s general counsel.

Everything Homsany writes about forced arbitration is true — forced arbitration is a wonderful legal dodge for Dropbox, but it comes completely at its users’ expense. By continuing to use Dropbox, you’re agreeing to Dropbox’s terms — including its new forced arbitration clause — unless you opt out by 23 April 2014. Public Citizen accurately describes the arbitration process as “private, secretive tribunals that favor the companies.”

If you fail to opt-out of Dropbox’s new terms, here’s what you’re agreeing to:

1. You’re no longer able to file a complaint in court (except in small claims court); instead you’re forced to use a paid arbitrator in a binding arbitration process that is heavily biased in the favor of Dropbox because — that’s right friends and neighbors — Dropbox is paying for the abritrator
2. You can’t join a class of similarly harmed customers and bring a class-action lawsuit as a group against Dropbox; each case is handled individually

By opting-out, you don’t necessarily have to resolve any dispute with Dropbox with a lawsuit. You’re only opting out of forced arbitration; you can still choose to arbitrate or settle any dispute, but it’s your choice not Dropbox’s.

Dropbox’s corporate behavior history is, um, less than honorable and forthright:

1. Early versions of Dropbox stored authentication keys as plaintext even though Dropbox adamantly claimed a high level of user security. Additionally, several security experts claim that Dropbox’s privacy policy contradicts its terms of service and that claims of employees not being able to access user files is flatly false. When pressed, Dropbox acknowledges that it holds the encryption key for every account (and yes, you read that correctly; there’s only one encryption key per account).
2. In fact, in the spring of 2011, a complaint was filed with the US Federal Trade Commission (FTC) alleging Dropbox’s continued disingenuousness with regard to its claims of the security of its users’ files. Dropbox has since dialed back much of its security rhetoric.
3. The spring of 2011 was busy for Dropbox. When the open source Dropship allowed access to Dropbox files without authentication (by accessing the files through the Dropbox application programming interface (API) by the files’ hashes), Dropbox filed a fraudulent Digital Millennium Copyright Act (DMCA) takedown notice with Dropship’s hosting provider. Dropbox subsequently attempted to explain this away by claiming the DMCA notice was auto-generated by mistake.
4. Later in the spring of 2011, all files in all Dropbox user accounts were accessible without a password for four hours.
5. The next year, the summer of 2012, a Dropbox employee account was compromised and Dropbox users were inundated with spam.
6. In June 2013, the classified US National Security Agency (NSA) documents leaked by Edward Snowden revealed that Dropbox was included in the NSA’s PRISM warrantless internet surveillance program.

For us, that’s it for Dropbox. Karen and I both have Dropbox Pro accounts that I’ve been gradually migrating to ownCloud running on our own server. It’s past time to make that migration complete.