Main image
15th October
written by Chris

Dropbox, if you for some reason haven’t heard of them, provides cloud storage which syncs files between the various computers that you might own/operate.  I, for example, have a desktop, a laptop, and another desktop at work.  If I want a given file or directory to be available on all three I simply put it into my Dropbox folder and it magically syncs to the other systems.  It’s rather brilliant.

Signing up for Dropbox gets you 5GB of such synced storage to start with, which is pretty decent, but if you want more you can either pay them or participate in one of their seemingly innumerable little sign-up drives to get more space.  I never seem to qualify for those but recently was informed that they’ve started one for folks who sign up on University campuses.

I, as it turns out, still have access to an email address from my days at Radford, so I tossed that one through Dropbox’s entry form and, lo and behold, I got 3GB of additional space.  What’s more, Dropbox informed me that if I sent others to that page I would get an additional 500MB for everyone who signed up.

That’s pretty cool, I thought, so I published the link on Facebook and Google+ because – hey – who doesn’t need more cloud storage space?

A few moments later I got notice of my first sign up.  Dropbox sent me the following email.

I’ve blurred out the persons’ email, which is more consideration than Dropbox gave.

See, the problem is that while I published the link through social networks – and so, at least in theory, the folks who signed up know me (or know someone who knows me) there exists every possibility that I just flung the link out into the ether – say by putting it on the public web.  There’s no particular reason to give me that email address — I certainly don’t benefit from it in any way — but I suspect it’s the only identifying information that Dropbox had and therefore it’s how they chose to inform me of the sign up.

Again, I’m not a spammer or a bad guy, but who’s to say that someone else isn’t?  Dropbox is putting their name  and indeed their servers, service, and reputation on the line every time one of these links gets distributed.  Unlike a standard phishing scam, we’re talking about a real and legitimate service that just happens to send to the referrer a verified email address every time it’s used.

Would you sell your email address to spammers — or worse — for 3GB of storage space?  Would you at least like to know before you do?

If you’d like to sign up and send me your email address (I don’t much care about your email address but I’d love the extra 500MB of storage) you can sign up here.  If you would rather not trust anyone (including me) with that information, you can still sign up here.

Leave a Reply