The bit where Andy Y. says, "Oh, some spammer just guessed it" was funny. As if spammers needed to do dictionary attacks against the sort of tagged addresses that 0.1% of people use.

But it became hilarious when he said the same thing to the guy who uses 10-random-character tags. As if they would hit upon two different Dropbox addresses like that before the sun cooled to a cider.

The original complainant is much more patient than I am. If that's what I'd gotten as "support" on a paid service when reporting a security breach, I would have closed my account and told them to get fucked.

I agree with the end part of your response, but it's unknown if Forrest is a paid customer.

They're official representatives of Dropbox, even if they are unpaid. Their behavior is entirely on Dropbox, and the fact that Dropbox has farmed out its customer support to unpaid amateurs is possibly a worse realization than the fact that the clueless person was not an employee.

So it's a win win for Dropbox. Free forum support for low level day to day forum chatter and easily absolvable of any wrongdoing if they screw up.

The only question is, are people going to hold them accountable or not (by finding other solutions). I don't use them (I do my own syncing) and this display warns me off of starting to use them any time in the near future.

Taking money and then fail to deliver service or product is the very definition of scam/theft. But beyond having the state putting down regulations, is there any actions people can do without putting themselves at even higher risk (like bans)?

I managed to expedite things a bit by emailing the CEO directly -- drew@dropbox.com.

http://news.ycombinator.com/item?id=4703166

When you post w/o disclosing, you make it seem like someone from this community has found your product interesting and is suggesting others try it. Instead of working for a company and trying to drum up business while disparaging a competitor.

Seriously, things like this reduces the likelihood that I'll ever try Tonido to nil. All you had to do was add "disclosure: I work for Tonido" to your post, if that is the case.

"your affiliation is quite relevant. When you are talking about something when you have a clear conflict of interest, you need to disclose it. Then at least the reader has the right context in which to make a decision."

I used to think the way you do. Then I entered the financial world. At this point, I've seen so many people talk up their positions without disclosing that I automatically assume everyone has a conflict of interest. Then something really strange happened: I stopped caring about the affiliations and really focused on the veracity of their statements.

I recommend you read http://hastebin.com/raw/gefuxumubu, which is a copy of the zerohedge.com conflicts of interest policy. We are all adults here, and a person's persuasion shouldn't somehow affect your ability to make a rational analysis of the arguments that a person lays out.

In this case, if you bothered to look at the offering, you would see that it indeed obviates the problem that dropbox has all of your emails: when you self-host, the accounts are stored on your servers

Note that I haven't actually tried the service, but this is based on my understanding of the offering. There may be vulnerabilities in their implementation. Who knows. But to immediately dismiss a remark because of a conflict of interest doesn't change the fact that the argument may be factually correct and germane.

My response is that it is all about context and community norms. Here, on HN, the norm is that if you're going to bash someone, and you work for a competitor, you disclose that. If you can't pass that small ethical hurdle, there are other companies I can send my money to. (Not to mention, That I consider it uncouth to bash a competitor like that)

In the financial world, things are probably different and you just assume some level of conflict from the beginning. And that's fine, so long as everyone knows the ground rules.

I've actually looked into Tonido a couple of times, so I already knew what the service was. I have a friend who was all ready to buy one of their plugs for their lab when their university got hooked up with Box.net (I think).I probably wouldn't have thought to question them had a) I not already known what Tonido was and b) they had already been downvoted, so I wasn't the only o e to put it together. For some reason, I always had reservations about it, and so this just cemented an already held feeling.

But, you are quite right that different communities have different norms.

This is a totally honest question as I looked when you wrote this and found no bashing.

That was the line I was referring to...

But it's not just how truthful the statement is, it also covers "why am I considering this statement at all?".

And the answer "because someone I trust has had the same problem, considered the available options, and recommends X" is very different to "because someone who works for X says use X".

If you don't understand the difference - or more importantly why one of them bothers people and the other doesn't, you need to stop doing marketing or promotion really quickly. You're going to tarnish the brand of the product you're trying to push.

Do you want people's only lasting impression of Tonido to be 'oh, that's that company that was astroturfing Hacker News'?

"Your affiliation IS relevant when promoting services, because it means it's not an honest recommendation from a happy user, it's paid shilling."

That's not a fair criticism. In this case, there is an issue with dropbox, and he is pointing to a solution which obviates the problem at hand:

'Check out Tonido Cloud (http://www.tonido.com/cloud/) and host your own dropbox.'

I think the wording was poor, but reading into the website offering it is clear that the company doesn't have access to the local credentials. In this case, since the alternative doesn't suffer from the problem at hand, I think it's fair for him to mention the alternative.

I didn't downvote his post at first because it sounded like a genuine suggestion. I consider myself deceived.

The only way in which you could have been deceived is if you went into the discussion assuming no conflict of interest. Years of dealing with financial media and experts has rendered me incredibly cynical, so I focused on the author's claims (which, in this case, are true -- If the product acts as the website claims, the self-hosted solutions store credentials on your servers and not theirs.)

I recommend you read http://hastebin.com/raw/gefuxumubu, the zerohedge.com conflict of interest policy, for it drives home the key point that if you assume everyone has a conflict of interest you won't be deceived and you can focus on what was actually said

Oh how I wish that were the case, but there's a really strong mapping from HN and SV to finance (too much to mention in a reply, but I may try to flesh it out in a blog post one day)

"We've seen many companies leak or improperly use your email addresses and other personal informations. The best solution is to host your own. Check out _____"

That would have been a proper sequitur and wouldn't come off as arbitrary pumping.