Dropbox, a popular tool used for sharing files between computers and friends, recently updated their Terms of Service. They attempted to reduce some of the tedious legalese in order to make it easier for normal people to understand. It appears that they have succeeded in that mission and in the process have taken ownership of every file that uses their service. The section relating to “Your Stuff & Your Privacy” spells out the policy change as follows:

“We sometimes need your permission to do what you ask us to do with your stuff (for example, hosting, making public, or sharing your files). By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent we think it necessary for the Service. You must ensure you have the rights you need to grant us that permission.”

This broad terminology is frightening for end users because it clearly lets Dropbox take a person’s work, whether it is photographs, works of fiction, or scientific research, and gives the company the right to do whatever they want with no recourse from the original owner. Indeed, the company’s blog is full of concerns from users and many posts are claiming that they will be closing their accounts.

Dropbox has had a large number of security issues come up in recent months. Last month, a bug was discovered that allowed users into any account . In April it was discovered that Dropbox uses a simple database table for security and that an attacker can simply recreate the rows on their own machine to secretly access another user’s file. Also in April, Dropbox attempted to >shutdown an Open Source project that exploited the security issue.

As with any provider, it pays to read the terms of service. In many cases, they will surprise you.

Update: After an initial public outcry, Dropbox has added the following line to the end of their license agreement:

This license is solely to enable us to technically administer, display, and operate the Services.

While this is a step in the right direction, it still makes no sense as to why a product that is used to move files from one computer to another needs the ability to "prepare derivative works of" anyone's files. As always, beware of the terms of service for anything you sign up with even if that's easier said than done.