How Dropbox Knows When You're Sharing Copyrighted Files

Illustration for article titled How Dropbox Knows When You're Sharing Copyrighted Files

You might have seen over the weekend that Dropbox is capable of telling whether you're sharing copyrighted files over its cloud service—without even actually looking at your stuff. But in fact, it's been able to do that for years.


A tweet this weekend from Darrell Whitelaw spoke of a DMCA takedown in his personal folders on Dropbox, sparking outrage. But the takedown is a result of software that the cloud service has been using for at last two years.

The site uses a technique known as "file hashing against a blacklist" to block pre-selected files from being shared person-to-person over its servers. In many ways, it's kinda neat; it avoids Dropbox getting in trouble with the Feds, and never actually interrogates your files, so it doesn't fall foul of violating its anti-infringement policy either.

How does it work? Well, Dropbox uses hashing—a simple algorithmic tool which maps data of arbitrary length to data of a fixed length—to produce a unique identifier for every file you upload (it also then encrypts your file so others can't read them). The hash is unique to that particular file.

But when DMCA complaints are sent Dropbox's way—by record labels or content producers or whoever else—the files to which they relate are also hashed. If you've been uploading the exact same files that Dropbox has received a complaint about, Dropbox will match its hash to one on its list, and stop your sharing it. Like Dropbox explains on its site:

"There have been some questions around how we handle copyright notices. We sometimes receive DMCA notices to remove links on copyright grounds. When we receive these, we process them according to the law and disable the identified link. We have an automated system that then prevents other users from sharing the identical material using another Dropbox link. This is done by comparing file hashes. We don't look at the files in your private folders and are committed to keeping your stuff safe."

Simple, legal, and all done without looking at a single one of your files. Not ideal if you happen to dabble in the occasional illicit download, but at least Dropbox isn't rifling through all of your other stuff to find it. [Engadget]


Bobby Stanley

So just zip the file and you're good to go? HASH checks generally verify integrity of a file, fairly easy to make the file fail a hash check. I'd recommend zipping it with a text file or something to make sure you change the length of the entire file.