WeTransfer just punched itself in the face.
I've been following the implosion of WeTransfer with interest over the last 24 hours.
As a data privacy advocate, the update they attempted to sneak into their T&Cs is, frankly, rather nauseating.
The update, published on the 14th of July, gave the company sweeping rights over user content. Specifically, it granted the company “a perpetual, worldwide, non-exclusive, royalty-free, transferable, sub-licenseable license” to use any files uploaded to the platform, with the option to use this content “for the purposes of operating, developing, commercialising, and improving its services or new technologies, including training machine learning models to enhance our content moderation policies,” as well as “the right to reproduce, distribute, modify, prepare derivative works based upon, broadcast, communicate to the public, publicly display, and perform content.”
Translating that into layman’s terms, if you use their platform to transfer a file, the company will then have IP rights to the contents of that file, meaning they can license it out for a fee and use it to train their AI models, forever.
This kind of clause is not uncommon in big tech, but for WeTransfer, where users expect their content files to be private, it’s a massive overreach.
They have since backtracked on this change, following a huge public backlash, claiming that the update was due to some “confusion”. I would say the confusion is primarily on their side, in thinking that users would accept this ludicrous claim to their private IP.
This is like the post office claiming ownership of every single letter and parcel that passes through its facilities.
Fortunately, in this case, there are many alternatives in the marketplace. It would be interesting to see what WeTransfer's subscriber numbers look like this morning.
If you are a user of WeTransfer, you should look elsewhere. I would strongly recommend a zero-knowledge encryption-based platform, where your data is encrypted locally before sharing. This way, the data host won't be able to do anything at all with your files apart from host the encrypted version.
Good examples include:
I have also developed an open-source password and file-sharing tool, with zero-knowledge encryption, that will cost you very little to run (though you'll need a techie to help you get it going) - https://github.com/patthewebrat/otp
