More on DropBox’s Terms of Service – run away…

Interesting post from Dave Winer on Scripting News taking a look at DropBox’s possible business plan, which gives me more worries about using DropBox as the basis for an Electronic Lab Notebook.

That means they have to be looking inside your box to get the data they’re going to aggregate, to get to that astronomical valuation. That’s why they didn’t just go with the enterprise-y user agreements that Microsoft and Amazon use. They don’t want your money. They want the advertisers’ money.

What’s inside your Dropbox says a lot about you. And that, of course, is what Dropbox users (like me) are afraid of.

If that’s the case, you’d have to be very brave to use DropBox for Science that wasn’t already in the public domain… best stick with solutions focused on solving the ELN problem, which have the appropriate technical and business architecture! We’d love to talk to you ๐Ÿ™‚

Cloud Applications, ELN & IP

I’ve met a number of groups who are using Commodity “Cloud” services (Google Apps, DropBox etc.) for their Lab Notebook data, and whilst it works well technically (and is always improving!), I’ve always wondered about the IP/Confidentiality issues.

I bumped into an analysis of the Terms of Service of various Cloud service providers on Neowin. It isn’t encouraging reading.

I can empathise with the providers; they are providing a generic service to a large number of users, for free or a very low price. The only way they can execute their business at that scale is to tell people “We get to see your data too, and we can re-use it or give it to other people for whatever reasons we decide”.

Unfortunately, that’s not pretty from an IP perspective. I’m no lawyer but I can’t see how some of these terms and conditions are compatible with securing a company’s IP via Patents or even Trade Secrets (let alone personal privacy).

Caveat emptor!

Interestingly Amphora have found ourselves increasingly providing Cloud-like and SaaS-centric services to our customers. We started providing PatentSafe as SaaS but then we’ve moved into providing offsite backup (using a private CrashPlan service) and other services.

In meeting this customer need, we’ve had to do it with our normal IP-centric Terms of Service – which basically means your data is private to you, and we’re only going to disclose it when you ask us (or, in the extreme, when we get a court order). That’s been hard – it has caused us to shy away from some “Cloudy” infrastructure that I know some ELN vendors have gone for, e.g. the Amazon EC2 and S3 products to name just two. Ultimately that means our costs are higher, but to do otherwise would be irresponsible.

I’d like to say this is a matter of “You get what you pay for” but it isn’t as simple as that – these commodity services are just focused on a different market. So before you get the Cloud bug in the Lab, read the Terms of Service and consider if that’s appropriate for your circumstances. When you’ve done that, check with your provider – do they run the services themselves, or do they use another platform – if they’ve got it all on Google or Amazon infrastructure (excellent technical choices! legally trickier) it is worth taking the time to understand who your contract is with and what is happening to your data.

Interesting (brief) interview with Steven Sasson, who invented the Digital Camera at Kodak.

Inventor Portrait: Steven Sasson from David Friedman on Vimeo.

For the background see the original post on Ironic Sans blog where this is one of a series of Inventor Profiles.

Kodak were Amphora’s first customer, we started working with them and ELNs way back in 1996… the comments in this post give some additional background into Kodak’s lead in digital imaging and the “Innovator’s Dilemma” problem they had in commercialising that.

How often should you change your password

Good article from Bruce Schneier on Changing Passwords.

So in general: you don’t need to regularly change the password to your computer or online financial accounts (including the accounts at retail sites); definitely not for low-security accounts. You should change your corporate login password occasionally, and you need to take a good hard look at your friends, relatives, and paparazzi before deciding how often to change your Facebook password. But if you break up with someone you’ve shared a computer with, change them all.

Two final points. One, this advice is for login passwords. There’s no reason to change any password that is a key to an encrypted file. Just keep the same password as long as you keep the file, unless you suspect itโ€™s been compromised. And two, it’s far more important to choose a good password for the sites that matter — don’t worry about sites you don’t care about that nonetheless demand that you register and choose a password — in the first place than it is to change it. So if you have to worry about something, worry about that. And write your passwords down, or use a program like Password Safe.