tl;dr: The scenario described by the OP is now less likely to occur. Since October, individual Dropbox users are encouraged to create separate accounts when invited to a Team and warned that Teams admins will have control over the account.
We want individual and Team Dropbox users to have the best possible experience. Some users want to migrate their personal accounts into a Team. Others are much happier with separate personal and Teams accounts. We’ve been working to make that choice much clearer for the account holder and the Teams admin.
If users do choose to merge their personal account with a Team, things become a bit tricky. Teams admins want better control of data within a Team, and users want easy access to their personal stuff, but it’s not possible for us to differentiate between Team data and personal stuff in the same account.
Here are some thoughts on the points raised by the OP:
* Better support for multiple accounts: Users can quickly switch between using personal and Teams accounts on the web today and we intend to make this better across our platforms.
* Improved messaging to Teams admins: We plan to provide better messaging to admins before disabling an account that was migrated in.
* Disabled accounts are not immediately deleted: We can work with Teams admins and users to sort out account issues and recover users’ files.
We’ve contacted the OP to help resolve his case and are sorry for any pain this caused!
Some admins do I'm sure. We had to cancel Teams because of this. :(
Let me explain: most people at Steamclock sync personal stuff in their Dropbox, and we want to also share a large folder. Upgrading everybody to Teams seemed like a good idea, but the "company owns what's in your dropbox" thinking forced everybody to have two separate accounts, and the "only one account can sync to your computer at once" restriction makes one of your two Dropbox accounts fairly useless.
We can only go back to Teams is when multiple accounts can sync to one computer seamlessly. All the problems around DB for Teams (privacy and TOS issues, personal and company data getting mixed up, weird consequences when people leave the plan) are caused by the lack of multiple account sync.
That said, we'd be happy to just pay monthly for a shared folder that doesn't count against users' storage limits. In the meantime, we have the company Visa on a bunch of personal Dropbox accounts which sucks.
For personal use though Dropbox is great. Merry Chrismas!
First of all, in Dropbox's defense, I probably did not give you guys enough time to respond before going public with this (also, living in Israel I sometimes forget that Sunday is a weekend for most people in the world). I apologize for that. I am not a journalist/blogger, and I was driven more by my emotions than by "journalistic ethics" (?) when submitting to HN.
Second, according to your support email (updated the original post with it) it looks like my particular case is going to be resolved. However, it does not seem to resolve the malicious use case I hinted at (and which people on HN did not seem to want to discuss that much): Give someone a terabyte as a gift, and then delete their account. In fact, from the support email it seems like it's even worse: The support staff will need the team admin to approve the account re-enabling. In the malicious case, the admin would not approve.
[EDIT: Recalled a third point I wanted to make.] Third, regarding what you said "it's not possible for us to differentiate between Team data and personal stuff in the same account". I simply don't understand why this is true. Maybe the general case is not like mine, but my Dropbox folder just has a bunch of subfolders, exactly one of which belongs to the "team". Is it possible that certain folders have mixed personal-and-team content? How does that even work? If you saw my account (I don't know if you can... but your code can) it would be blatantly obvious which folders (all but one) are personal.
For most cases though, users should create a new account for the team. The Dropbox for Teams sign up process guides users towards creating a new account when joining a team for this reason.
If only your software actually worked in that scenario. Every single piece of your software is hard wired to believe you only have exactly one account. For example the Windows, Linux, Mac, Android and iOS clients, as well as the website. To see your other account involves logouts and logging back in again having to enter the other account email and password (not saved).
> Users can quickly switch between using personal and Teams accounts on the web today
Huh, the only thing that works for me is to logout and log back in again. I have a personal paid account and a separate team account. What I would expect is how google do it - the account dropdown having your other logged in accounts available for selection.
The first time you select 'Switch Accounts' you will be able to log in your personal account. After that, you will be able to switch accounts without having to type the other username every time.
I am really curious about this statement. Maybe you can explain a little further. I am thinking about something like this:
git add .
git commit -am "Account state prior to joining teams"
git branch personal
git branch team_x
git branch team_y
git checkout team_x
git commit -am "Initial commit for team_x"
git commit -am "Did some more work for team_x"
git checkout team_y
git commit -am "Initial commit for team_y"
git commit -am "Did some more work for team_y"
git checkout personal
git commit -am "Added Dad folder for xmas pictures"
git branch -D team_x
git branch -D team_y
In other words, I am thinking that most of the heavy lifting required to manage the on-boarding and off-boarding of someone from teams, even multiple teams, is already done for your in the form of Git. Wrap it with some business-specific code and it could be really slick. Of course, that alone could be a six month project.
Anyhow, just seat-of-the-pants without much thought applied to it. Curious to hear your opinion.
I'd expect Teams to work like folder sharing, but with the storage not counting towards the individual account space limits.
Wait a sec, does this mean when I delete my files they are ... not being deleted?
> We’ve contacted the OP to help resolve his case and are sorry for any pain this caused!
Great, good for him. So basically next time when I or others have problems with Dropbox, post a rant about it and pray it will get to #1 spot on HN to get customer support response? Ok, dully noted, thanks.
This is true of almost every service on the internet. If it wasn't, whenever the only disk that had your account on it failed you would be absolutely livid about the fact that they never made any backups. (It is generally infeasible to purge backups of any deleted data, because they're stored in compressed blobs.)
Look at all of the people who consider Dropbox a "backup" service, and imagine being the guy on the phone who has to explain that yes, actually, deleting a file on one system is supposed to delete it from all other clients.
I will say that this is a really interesting story, in that it illustrates how Dropbox, like all of the similar services on the market, is handy for many use cases but ideal for almost none. A service that's basically a "scriptable" Dropbox would be pretty compelling.
However, I agree that users should be able to delete a file from Dropbox' servers if the user, since the beginning of the file's life on Dropbox, had the only account possessing the file on Dropbox. The procedure should involve a lot of red warning buttons and re-entering of the account password. I think this should be possible because some files really are too sensitive to be shared, and I can see how they might accidentally be pasted or dropped into the Dropbox folder and instantly duplicated. If the file is dropped into a shared folder, then there is probably nothing to be done because obtaining multiple permissions to permanently delete a file would be so complex socially.
You won't have to combine to the Personal / Team together.
And make it so that the shared folders doesn't count towards the Individual's account space limit.
Bam. Problem solved (?)
The problem is, our shared folders DO count towards the individuals' space limits. So, we have seven people's personal Dropbox accounts on the company credit card. Not convinced this will scale.
This may be way harder than I make it sound, since I don't know about the hurdles this would face. But that does seem like the place to aim.
http://www.dropboxwiki.com/Multiple_Instances_On_Unix
http://theterran.com/blog/2012/6/14/use-two-dropbox-accounts...
The second link is basically a modification of the method from the first link, and has been working well for me for a few weeks. One caveat is that any apps which make us of dropbox for syncing (e.g. 1Password) seem to automatically use the first/normal dropbox instance, which can't be changed.
Of course it's possible. You just don't want to put the work in it make it happen.
I am going to be blunt here and just say it: the 'Team admins will have control over the account' part is completely stupid and not well thought through.
Becoming part of a team should be about sharing data. Not about handing over accounts.
On Linux, I've gone out of my way to install the (pseudo-unsupported?) daemon headless under multiple users to get concurrent access to work and person accounts; would like to see this improve (while dealing with the "I have ten free accounts" and other pathological cases).
On the backend, this would involve converting all current accounts into "sub-accounts". Joining a team would basically create a brand new sub-account under the same login.
IMHO Dropbox should not count Team shared files onto each member. Let the admin pay the bills.
Well, I guess that's a start...
What happened: he had Dropbox synced to 2 computers, but one of them hadn't been used in a while. He turned on the old computer, and apparently, for some reason, Dropbox decided that the fact that many files weren't there was because they were deleted. Of course, the files weren't there because they hadn't been synced yet!
So Dropbox decided, when the old computer was turned on, to delete 10s of thousands of files that were in my colleague's account.
He reached out to them to help restore. It took several days (this happened on a weekend), but they did eventually restore it. Unfortunately, since it was difficult for them to pinpoint exactly what was the start of the event, some files were not recovered (I'm not sure the exact reason this was difficult to do).
I love Dropbox [1], but this was a serious blow to how much I trust them with my files.
[1] Just look at my comment history to see - I've raved about them several times on HN.
Just to dive in a bit for the HN crowd: We base the changes that should be applied to your Dropbox on whether the client has successfully synced the previous version of the file. The server doesn't allow the client to apply changes unless the client is fully up to date. And in the case of deletions, the desktop client is only permitted to issue deletes to files that have been successfully created on disk and then later deleted.
We also have a proper support team to catch things that fall through the cracks, and if you have issues, you should reach out to them first (and as soon as you notice; their ability to fix things becomes harder the more changes you make to your account).
Again, not commenting on the above issue, but I did want to point out that we take the integrity of your data very, very seriously.
sean_lynch is not kidding about Dropbox's support staff. They are great, very helpful, and according to my colleague, are very serious about trying to restore everything. The issue he had was a software bug, and apparently some things are problematic to restore because of other technical reasons, but Dropbox has been very helpful.
And to make this clear - they were very helpful when this happened last week, before this thread - you don't need to write a blog post to get their help and attention.
The guy lost everything because a temporary team membership was revoked. And now you're coming back to talk about your rigor, and how you catch things that fall through the cracks.
This really comes off, to me at least, like LinkedIn did when after their breach and it was revealed they weren't even salting passwords, they tried to brag about their security, as a way to step around owning up.
I think you should consider this tone very carefully.
I've read through a lot of this thread, and I'd like to follow up with a few thoughts.
First of all, just to make it clear: Dropbox support has been GREAT. Though it took a few days because this happened on the weekend, Dropbox support did contact my colleague shortly after, and have made it clear that they will work hard to make sure everything that can be is restored. The problems with realising what is left to restore seem to be technical (again, I'm unsure of details). The support staff themselves have helped a lot. In addition, someone has reached out to me from Dropbox support because of this thread, to try and find the root cause of the problem - I hope we managed to help Dropbox find whatever it was that caused this to happen, so it doesn't happen to anyone else.
Another misconception I saw, about "Dropbox is not a backup solution":
My colleague and I both realize Dropbox is not for backup. The most important files were backed up, at least to some degree. Having said that, Dropbox is used by myself and many others as a semi-backup solution. My personal strategy is to backup the whole Dropbox folder to an external disk every few weeks, but rely on Dropbox for everything else. This is not a good backup solution, but realise that for most people, it's not "Dropbox vs. a real solution", it's "Dropbox vs. no solution at all".
I'll close with the same message I give to most people - Dropbox is brilliant, most of the time. It's not a great backup solution, but it's better than what most people do. If you're not using anything else, Dropbox is a life-changer in terms of ease-of-accessing-your-files-anywhere, and feeling secure that everything is probably backed up.
(I have an old machine that hardly use now that has problems with the motherboard battery and sometime it travels in time to a funny date like 2000 and all the security certificates are marked as wrong.)
I pray they wouldn't ever rely on users' own system clocks.
https://www.dropbox.com/tour/1
> You can relax knowing that Dropbox always has you covered, and none of your stuff will ever be lost.
Although, I thought Dropbox kept a history on each file going back a month.....
Why not come up with some sort of open-sync protocol where you could have your data mirrored by many Dropbox like services at once
Seems dropbox really does believe if a file isn't there, it's been deleted.
My approach for Dropbox on both Windows and OSX is to have the Dropbox folder on a drive that will never see development work, even if that means creating a separate partition for it. In most cases the system drive works fine (you do have separate system and data drives on your machines, right?).
This forces a COPY operation rather than a file MOVE if you drag-and-drop files into any Dropbox folder. Which means that everything in the Dropbox folder could be trashed tomorrow and nothing whatsoever would be lost.
On Windows you can also do this by dragging files while holding down the RMB and on OSX while holding down the Option key. This, however, is fraught with issues because it is easy to forget and move something in or out of Dropbox accidentally.
In addition to that, daily system and data backups to external media on EVERY SYSTEM in the office ensures that even if you took a sledge-hammer to any given machine all the data could be recovered to within a 24 hour boundary.
So, no, this is NOT a "Dropbox horror story" as far as I am concerned. At best this is an unfortunate "pilot error" and at worst this is a sign of incompetence.
Sorry, a little harsh there, but, as a student, I lost six months of heavy coding work once in college. That really hurt. And that was probably the best time and place to learn that lesson. That is all it took for me to be completely insane about having backups of backups on anything important. Now, may years later, you will not find any critical system in my office that is not backed-up at least once and usually twice.
These days there's almost no excuse for loosing your work. Don't go around blaming Dropbox, not their problem.
I am not associated with Dropbox in any way other than being just another user.
FEATURE REQUEST: It would be very nice if Dropbox client software could have an option to auto-magically COPY files in and out of Dropbox rather than allowing any files to be moved. The above-mentioned hack works fine but it'd be nice to not have to use it. Also, I'd venture to guess that most Dropbox users don't do this, which opens them to unintended loss.
It is in no way "pilot error". If the post you replied to is correct, the dropbox software performed an action it should never perform - deleting files the user did not tell the OS to delete. What's more, every dropbox plan I'm aware of keeps deleted files for 30 days, so if it wasn't possible to recover some of the files, dropbox failed not once but twice.
It's all very well blaming the user for not having multiple redundant backups, but that doesn't change the fact that deleting user data without explicitly being told to do so is one of the most egregious sins software can commit. It's not "pilot error" when the software performs an action that should never occur.
I'm not sure knowledge of an obscure Windows-specific drag and drop quirk should be a requirement for using Dropbox safely.
> you do have separate system and data drives on your machines, right?
I'm not sure use of a partition table editor should be a requirement for using Dropbox safely. Most people use the operating system that came installed on their PC as-is.
> daily system and data backups to external media
Dropbox makes the following claims on their website:
"Your files are safe"
"Even if you accidentally spill a latte on your laptop, have no fear! You can relax knowing that Dropbox always has you covered, and none of your stuff will ever be lost."
"Even if your computer has a meltdown, your stuff is always safe in Dropbox and can be restored in a snap. Dropbox is like a time machine that lets you undo mistakes and even undelete files you accidentally trash. "
I think it's completely reasonable to expect Dropbox to be a reliable backup solution as-is.
With that said, I think Dropbox is a pretty amazing service and I credit them for getting Google and Microsoft to wake up and make some similar services which are solid and different in some respects (Google Drive and SkyDrive).
This removes the main point of Dropbox, that when you edit your files they're automatically continually re-uploaded. If you're only making copies into Dropbox, you might as well just mount an SFTP server and save a bunch of money.
It's certainly neither 'dumb' and nor is mentioning a friend who did this down-vote worthy.
I reached out to Dropbox support but got no response yet.
The overhead of maintaining separate accounts is very small (multi-profile browser, multi-account smartphone, etc.), and more than worth it given the liabilities. Beyond that, I think it's just a lot healthier to know where the boundaries between your work and personal life are.
Yes, this is a bad idea.
The problem seems to be that this particular service provider has "one person, one account" and "one computer, one account" baked deeply into their design. Which makes it difficult-to-impossible for people to use more than one account.
This approach probably simplified things when they were making it; as a startup, maybe the complexity would have been outside of the development resources if they hadn't made these simplifying assumptions of the model.
But by now these assumptions are so deeply baked into every part of the service that it'd be really hard for them to change.
This is just a guess; I'm not affiliated with Dropbox in any way, and I've never even used their service.
In particular, I won't set up my work email on my phone unlike many of my colleagues. For one, there have been stories of people's phones being wiped off thanks to an Exchange admin feature. And second, if the company I work for needs me to have access to my email at all times, they need to pay for my phone and my bill. (on top of it, it's typically forbidden by ToS to use your personal account for business purposes) For the same reason, I won't put my cell phone on my business cards or email signature (actually, I don't use email signatures…).
I also set up specific IM and Skype accounts for each company I work for. I don't want all my colleagues to know when I'm up or not, and I might not want to keep that contact after I'm gone. It really helps being harder to reach after hours.
In the case of Dropbox, I also create a new account with the added benefit that I can refer myself and get another 250MB for both accounts. (new email address, new computer) It's not very complicated to manage. I have a couple of shared folders for stuff I really need to access from both computers.
Wow, this is such bullshit. Why isn't there a feature on the phones to block any such admin access?
EDIT: Found the link: http://maketecheasier.com/run-multiple-dropbox-accounts-in-m...
Of course, there's also an opportunity here for Dropbox or a competitor to offer something better. I expect there's a non-negligible demand for the ability to sync multiple accounts to different directory sets on a single client. So, maybe it's a feature that could be offered only to paying customers, to allow them to more easily separate their personal and business accounts.
But, for something new, like cloud storage, and for a company like Dropbox, that prides itself in "just working," this is a critical feature oversight.
Under California employment law, an employer can argue that they own anything created on company machines[1]. If you work on side projects, I think it's a worthy investment.
[1] http://answers.onstartups.com/questions/19422/if-im-working-...
Another option is to make your work laptop dual boot - either with the internal drive (partition) or with a portable external drive.
If you have to return the laptop (with the internal drive partitioned) you can wipe that partition. Not necessary with the external drive option.
For a practical matter (even under california employment law) they aren't going to know that you are doing this.
After an email back and forth with both the DropBox-Team-support and the startup, I got my account back in the exact same state as it was in, when my account got revoked. I still had all of the startups stuff but it no longer synced. As I was many GB over the limit of my free DropBox-account I deleted all the files belonging to the startup (which of course is the right thing to do).
I'm glad this is getting some attention, because it is clearly not working very well as it is right now. Hopefully DropBox will make the user experience better.
Edit: My main point is that I come here to read Hacker News, not Some Other Guy's Support Problems. Treating every dropped use case as a public relations crisis is just an exercise in getting yourself worked up for no reason. If this is a real issue that affects multiple, real users, then I'm sure Dropbox will do something about it. For now, I think it's reasonable to treat it as an oversight until we have a response from Dropbox or more information. Unless, of course, you're the type of person that just likes to get pissed off at companies. In that case, I should probably find another community to read "hacker news".
Not saying that the OP didn't wait plenty of time, but I would find his complaint more compelling if he would have mentioned how long ago he contacted them.
So, I'm not convinced Dropbox will do anything unless it is a "PR crisis"/publicly handled. They have their own earnings driven goals and I don't think discontinued Team members will blip on that radar. Maybe if it significantly inconveniences Team admins, but that doesn't appear to be the case - admins don't lose their data and it seems like they only have to click a button.
However, I'm not saying that this is an issue that should have been publicly addressed. I'm just saying that if it weren't, I wouldn't expect much action to be done on it.
[Votebox]: https://www.dropbox.com/votebox/all#votebox:popular:0
Whether or not it's a PR crisis, it is at a gotcha that is worth knowing about.
Unless, of course, you're the type of person that just likes to get pissed off at companies.
Reading this didn't make me pissed off. DropBox made a mistake, which I assume they will fix. In the mean time, reading this made us better informed and safer.
Too, support boners like this one are illustrative, and can spur good back and forth about design.
Now your only real solution from what I can see is to create multiple accounts, if you don't want to give the team administrator the chance to nuke your account if he/she feels like it. Warnings about the possible consequences do not really solve the underlying issue and having the original team leader have a say in the unblocking of your account doesn't help at all.
This is a feature that will need some serious work and breaks the simple dropbox model that has gotten dropbox to where it is today.
Arguably by putting the "for teams" content in a completely isolated directory it solves the need for being able to sign in to multiple accounts at once[2], but there's still going to be some weirdness if my personal account is added as a team member of a work directory, since then you'd either start getting work stuff on personal machines or have to do per-device authorization which will be a nightmare for team administrators of even a dozen or so people.
The whole thing gets really nasty when you realize that DBFT adds something like 50-100GB/member. I don't need giant photoshop files from our marketing or design teams eating up all the free space on my tiny little Macbook Air. My dropbox status window says I have over 3TB free (yes, terabytes); by default, I have to micromanage selective folder syncing to prevent my hard drive from being immediately filled after signing in. There seems to be a little disconnect between "team" and "company" in how this is used, unlike say Github where it's just people in a relatively ad-hoc group.
[1] I don't go the other way (work files on a personal machine) however. It would create numerous liabilities in terms of file security and IP ownership, among other areas. Except for my iPhone, I won't even open work email on any of my personal devices. There's just too much potentially-sensitive material, and I don't care for the inconvenience of heavily locking down my personal machines to deal with that when they don't really have anything important.
[2] and avoids the possible problem of people signing up under multiple email addresses for free space.
Finally, I got a response from a customer support rep named Todd who explained to me that my account had been deleted when I was removed from the Team. Fortunately, he was able to restore my account and I weaseled an extra 5GB of month for the trouble.
Quite the scare.
My approach for Dropbox on both Windows and OSX is to have the Dropbox folder on a dedicated drive partition. If that is not possible, you can use a drive that will never see development work or any data that will need to be shared via Dropbox (business data, kid's pictures, etc.).
This forces a FILE COPY operation rather than a FILE MOVE operation when you drag-and-drop files into any Dropbox folder. Which, in turn, means that everything in Dropbox could be trashed tomorrow and nothing whatsoever would be lost locally.
For years I have gotten in the habit of having at least two physical drives on every machine: System and Data. If I don't want to create a dedicated Dropbox partition I can usually place my Dropbox folder in the System drive and this will trigger copy-on-drag-and-drop whenever dragging files in from the Data drive.
If you don't have separate physical System and Data drives (highly recommended) you can split a single drive into System and Data partitions or simply split-off a Dropbox partition in order to achieve the same results.
DROPBOX FEATURE REQUEST:
It would be very nice if the Dropbox client software could have
an option to auto-magically COPY files in and out of Dropbox
rather than allowing any files to be moved.Our account is a blip on their revenue radar, but if Dropbox wants to become a a truly monumental company, they'll need to do something to fix this. Being small business friendly isn't the same as "Enterprise friendly," but Dropbox is neither at this point.
So (until Dropbox changes something) there does not seem to be a good solution to your question.
On the downside, the size of the shared directories would probably push the size limit of your account, so it's not a perfect solution.
This would be completely unacceptable, ever to risk my data in any way and I'm a little surprised Dropbox doesn't realize they don't have a business without trust that their data will always be ok.
It seems to be a small minority of people who really do so. And often, they are ignored or even berated, and "slow-tracked", until the shit hits the fan.
If the account is accurate, I have no sympathy for Dropbox on this. This was entirely predictable, and any amount of effective due diligence would have mitigated it.
P.S. Of course, it also goes to say to the "victim": Dropbox is synchronization, not back-up. You need to back your shit up to a medium over which you have control. (Said control including taking it off-line where no online activity can affect it.)
Also, to not delete user's data.
What should've happened is this: revoke my access to the team folder and downgrade my account back to Free. (Then, annoy me and refuse to sync until I go down to 2GB of usage.) That would be good design.
That in itself is okay, but then the conversion mail should have come with big, red warning notices; not the bland email you seem to have received.
Ann has an individual account. She joins a team. She leaves the team, and Bob (the team account owner) revokes her access. Dropbox deletes all her accounts.
What can dropbox do here; set Ann back as a member of that team? Bob (paying a lot of money) is not happy with that.
Note, the hardest part, here? is that you are one of the entities. It's very hard to design a system where a hostile entity compromising owner credentials can't lead to data loss.
Best I could think of would be a service that keeps your data available in read only mode for a certain period of time (for which you pre-pay) - but I don't know of anyone offering such a service.
I suppose a stack of blue-rays in a safety deposit box would come dang close; I mean, sure if /all/ of your credentials were compromised you are still screwed, but if they can impersonate you in person at the bank... well, that's a worse compromise than most people plan for.
You will not have such issues with them.
Sync any folder, security keys, don't have to use the cloud, better data retention, more space, better desktop app, more features in general.
Yeah, almost seems too good to be true. If anyone uses it perhaps they can share some downsides.
I remember, because I contacted the team member, and got him to back everything up before I procceded.
I then contacted Dropbox support, to explain how stupid this was...
My point is, that admin should have some accountability, ignoring big red writing is usually a bad idea.
EDIT: because I realize its not completely obvious, I keep multiple backups with my own servers sitting in different data centers. I don't see how you could trust any external service to store data.
Backups should be both local and off-site. Which is what Dropbox provides, actually.
Regardless of the level of replication it provides, it lulls you into a false sense of security (which is probably just as bad as not having backups in the first place)
Hahaha, when he said that I immediately thought I'd like to see him control flood, fire, theft or "other acts of god". Like you say, backups need to be local and off-site. No single point of failure, that is the key!
It does seem silly that they can't simply remove you from a team without deleting your account, I can't think of anything that would stop them from being able to do that other than not having the time or motivation to implement the feature.
[1] https://www.evernote.com/shard/s5/sh/39bd6ae2-a0b6-41a9-87a4...