How Dropbox Hacks Your Mac

Great article, but poor conclusion. He finds that Dropbox is untrustworthy, a finding that likely surprises no one, and reaches for iCloud as the solution. Why move into another walled garden driven by corporate interests? OwnCloud or a similar self hosted solution would be better. I just use NFS and a dead simple storage server to make ~/shared available on all of my machines.

In many cases self hosted is better. One needs to consider that this also needs some time to maintain, though. Personally I also like ownCloud but still mostly use Dropbox.

What happens when you take a laptop to another network?

If you're going to use a Mac, you're trusting Apple already. How does using iCloud make you trust them more?

I wouldn't use a Mac, either :)

Everything freaks out, unfortunately. I would work on a better solution, but I'm not particularly inconvenienced by this issue.

And if you're using Ubuntu, you're trusting package managers, and if you're using Gentoo, you're trusting original developers (how often do you audit source code?)

>And if you're using Ubuntu, you're trusting package managers, and if you're using Gentoo, you're trusting original developers

This is correct. Consider, however, the motivations of the people involved. Apple's motivations are to make money from you. Debian's motiviations (intentionally avoiding Ubuntu here) are to make a good user-centric system. Packages are signed by named individuals that I can personally get to know and trust, and with an accessible process - I can download their package sources and build or verify or tweak them the same way that the maintainer can, report bugs and ask questions directly to them, etc. I trust this model much more than I trust the model of a company who, at the end of the day, has a bottom line and will make compromises to ensure it remains where they need it.

Apple is very well known for using proprietary formats, adapters, you name it. Apple's cloud is also write-only, they intentionally make it difficult for you to pull data out of it and interop with other services. These decisions serve the company's interests, not yours.

>how often do you audit source code?

You would be surprised!

It's interesting because at some level, particularly with closed source products trusting the company developing the product is important. Apple have made some effort to stand up for the privacy of their users. Dropbox on the other hand have board members who support and have authorized warrantless wiretaps:

http://www.drop-dropbox.com/

Isn't a bit naive to think that your solution, which has obvious flaws is one-size-fits-all?

I use cloud storage (e.g.) have access to my password file between my computers and my mobile devices. NFS shares on ~/share that only work on the local network don't really solve this issue.

Because Apple doesn't have a mechanism to access files on your Mac, while they do have a mechanism to access files on iCloud. This means someone guessing your security questions, or somebody with a warrant, or somebody abusing their access rights can get to your files.

Who do you think employs vast majority of Linux developers? Who do you think writes they paychecks? Ever looked into who the biggest Red Hat customer is? Hint, it's the DoD.

Did I say it was a one-size-fits-all, or that it was flawless? I also suggested OwnCloud before describing my own setup. All of your software choices come with tradeoffs.

For my passwords I use pass and store them in a private git repo on a server I trust. http://password-store.org

> board members

Plural? Who else?

There's a difference between bringing in a single famous person and the rest of the board agreeing with them on certain issues.

Yes, you implied that you know better when you critiqued the author's choice to reach for iCloud and suggested your self-hosted 'alternatives' instead as better. Except the one you prefer is not an alternative. It's not even playing the same game.

Some people are willing to spend their finite life building personal infrastructure and the rest pay others to do it. You conflate the two at your peril. The best decision I've ever made was to stop running all of my own stuff -- you get literal days back in your life. Days.

They do provide the OS, so they implicitly have access to all your files at a level that dropbox would have a hard time achieving.

"OwnCloud or a similar self hosted solution would be better."

Perhaps better for limited use cases that don't really apply to the vast majority of Dropbox's user base.

You start off comparing apples to oranges, and with your latter solution, you aren't even comparing to fruit anymore.

> so they implicitly have access to all your files

If you can demonstrate how Apple has access to my files on an OS X installation with no iCloud configured, I will round up a massive bounty.

>>how often do you audit source code?

>You would be surprised!

It doesn't really matter if you do. OpenSSL is one example showing there are critical mistakes of grand level everywhere, same as there might be cleverly hidden backdoor in that multi-100k source tree (or any of the myriad of dependencies) you "audited".

Source?

It's still a lot better than not having the source. There are tons of other benefits too. The one downside is CPU cost to compile everything yourself.

Open your finder. Every file that you see has just been touched by apples code.

Your OS does have access to all files that you have on your computer. It manages all network connections. It exposes all information that tools such as little snitch display to you. Apple signs and provides all software updates to you. They control SPI and app sandboxing. I'm not saying that Apple does access your files. I do trust them not to since they've shown that they at least attempt to step up and defend themselves and their users. Still, they could if they wanted to.

That's exactly right and what people complain about. That Dropbox betrayed the trust they(users) were giving to them(Dropbox).

I don't necessarily agree with them, but that's the sentiment here.

Edit: by the way, regarding open source projects, it doesn't matter if you don't look at the code personally. Somebody else does, and if there is problem with it, it becomes a huge public scandal sooner or later.

burn.

You can melt your MacBook in the oven but not your iCloud account. You're comparing apples to oranges (pun intended).

agreed. The cost of hard disk/ssd storage is constantly falling, I hate having my crap locked up in the "cloud" knowing that if I miss a couple payments it's toast.

lil snitch is one of the best tools out there, and it's what inspired me to never use apple software again... so I did the right thing and gave my lil snitch registration code to a friend.

I'm still looking for a linux alternative to lil snitch that is just as robust and intuitive - but I'm stuck using a few different things to achieve the same effect. Anyone have a recommendation with a slick GUI (for some reason I really like a GUI for firewall management)

I personally think their privacy stance was mostly to protect their own interests rather than any concern for the common man, but they were able to spin it really well and get great publicity as usual. It hurts me to say this as an owner of 2 MBPs and a mac pro which I love, but Apple is not on our side and it's painfully obvious.

I really like EtherApe btw for visualization - would love recommendations for similar tools

What he meant to say was "code can do anything! waves hands"

>> how often do you audit source code?

> You would be surprised!

How often do you audit OwnCloud's source code? (I'd describe it as "naive.")

I actually don't use OwnCloud, so never.

Something to consider when you're comparing products based on "trustworthiness."