How Dropbox Hacks Your Mac

Dropbox circumventing security restrictions (albeit for legit reasons) is particularly worrying because they have board members who support warrentless surveillance.

In my mind Dropbox became a company not worth supporting when Rice joined Dropbox's board (http://www.drop-dropbox.com/). Personally, with a board member who advocates warrentless surveillance it seems unlikely that we share similar views on the security of my data, and I wont be using their service.

Honestly they're pretty much the most expensive out of all of the storage solutions. Other than versioning they have less features than their competition as well. If they were born today I can't imagine they would have gone much of anywhere. Not sure how they're doing financially today but it seems each product they create flops.

So even outside of this surveillance stuff I don't get the point in using them.

What are the legit reasons? Isn't it just reading and writing files to the Dropbox folder?

Their client just works better at syncing quickly and reliably. A huge criteria for me is how much CPU it uses in the background compared to competing solutions from Google or MS and it was often an order of magnitude less (other clients may have improved in the last year or two, I haven't checked).

Another significant advantage is that they support a stable command line client for Linux.

This. I cannot stress how important both of these factors are.

I still haven't found a solution other than (http://meocloud.pt, which was implemented by my former colleagues) that was within an order of magnitude as fast and/or as light in terms of CPU load, _and_ that supported Linux directly (let alone had halfway decent MacOS support).

After Rice joined I actually completely stopped using Dropbox, transferred files, and deleted my account.

The accessibility features of the OS are used by Dropbox to implement the Dropbox Badge / Project Harmony feature.

These should definitely be opt-in, however (I don't use the badge), and I would definitely argue that the way they get on the accessibility list is deceptive at best.

Out of the mainstream ones, they are the only ones supporting Linux.

Got a good alt suggestion?

Spideroak, if your reason for switching is privacy.

I'd rather pay for privacy and security with compute cycles. To whom else do you give your root password and hope that nothing bad happens?

Has anyone tried sync.com? From their website they claim end to end encryption and seem to take privacy ands security seriously.

As long as the client is proprietary, how can one know that they are any better than Dropbox?

Feature-wise sync.com looks interesting, but there seem to be very few users out there. I would be worried that they disappear when they run out of VC money.

I've had significant issues attempting to run dropbox headless on the server for file syncing. We needed to include files from another group that was used to primarily working in Dropbox in a daily report build, and so our first go at it was to just run dropbox on that machine and pull the files directly from there. Long story short, the Dropbox client crashed periodically and would stop syncing due to issues with its local state.

After setting up monitoring around the client to keep it running we wound up switching to a different, more reliable solution.

Dropbox works ok on the server but I wouldn't rely on it as a step in any important workflows unless the client has improved significantly in the past year.

I would say that notifying the user on how to do it through the security panel is the legit way to do it.

As far as I know, DropBox is the only service that does delta block uploads correctly and switches to LAN transfer when two synced computers are in the same network.

I know it's CS 101, but neither Google Drive, iCloud, or OneDrive do this.

Not to mention the other services have bizarre naming limits (e.g., dotfiles are forbidden on OneDrive).

Also, DropBox supports Linux officially.

I've used Dropbox for quite some years because they were (one of) the first and rock-solid. Especially the latter is very important for a service like this.

Oh, and they always supported the big three OSes.

These last two features makes them stand out against the myriad of alternatives. (Especially the offerings from Apple, Google and Microsoft are laughably bad.)

Dropbox is more expensive but not that more expensive given that it just works.

That said, I switched a couple of months ago to Seafile (the German branch) and it has worked almost as good as Dropbox.

The reasons for switching were: not based in the US, supports more OSes, Rice, cheaper.

Some features like selective syncing do not work as well but others like multiple libraries are a solid addition.

I have run into a Git repo issue on Seafile that I never had on Dropbox and the client on Windows could not sync some files due to the filenames (luckily those could be renamed).

The German branch of Seafile: https://seafile.de/en/products/

I switched all my data (about 250Gb) to them from Dropbox a couple of months ago and it has worked out well enough.

Features:

- servers not based in the US

- encryption

- privacy

- open source (thanks lima)

- multiple libraries (like multiple separate Dropbox folders)

- nice file manager for unsynced (parts of) libraries

- price

- payment options (Bitcoin)

- supports more OSes

- one can run one's own server

Cons vs Dropbox:

- syncing problems not always obvious

- some UX issues

- photo support

- selective sync cumbersome (if not using libraries)

- no LAN sync

And Seafile is open source, too.

Syncthing does all of these, but doesn't have the "always available" feature where the service provider keeps a copy of everything for you. If that's not crucial, maybe Syncthing is a viable alternative.

I didn't think Dropbox was meant for use on servers. I can see reasons why you would, but it seems like mapping a drive / mounting a share / etc would be better suited for accessing files on a server.

If you're up for a self-hosted option, Seafile is great. The server and the client are both pretty lightweight. You should create and store encrypted volumes yourself and not trust its encryption mechanism, but it handles delta sync very well, which means it's only sending the pieces that change (and e.g. a Veracrypt/Truecrypt volume doesn't change a lot when adding/removing data from a volume, so you won't sync a lot for example with OwnCloud, which also has the nasty habit of eating your files).

Seafile does, too. OwnCloud definitely does not. Actually OwnCloud's Github issue for delta sync is a great read, if you're up for some humor.

OwnCloud https://owncloud.org

I use (and pay for) Spideroak pretty much for that reason but given that their client is not open source I kinda feel like it's just homeopathic security. They could backdoor my client and I wouldn't know better.

So I definitely wouldn't store very sensitive stuff on SpiderOak either but I guess it's slightly better than dropbox.

Ditto; now I use SpiderOak which has a solid no-knowledge replacement, but I hear Box is also good.

How so? Seafile and SpiderOak both thrive on their excellent Linux support, and Mega also supports Linux with an official client. They are, if not in the top five, at least in the top ten of popular consumer cloud storage solutions.

This is why you use their web interface and don't install any of their hackware on your devices.

There's a version that can be run on a linux server without X installed. IIRC Dropbox provides it, but doesn't really support or make any promises wrt its reliability.

If all you need is folder/volume sharing between two machines, samba or nfs (or something similar) works great, but as I mentioned the reason for attempting to use dropbox in that fashion was to integrate with a workflow already being used by another team.

Is the SpiderOak client open source/auditable?

The combo of Rice and now this revelation that Dropbox gains user-level access to your files (and network resources) really makes me wonder if Dropbox isn't really a NSA plant.

What better way to gain access to users' files than through a startup's free app that demands your password?

I use Syncthing: https://syncthing.net/

Totally distributed, works like magic. Being distributed means you do have to blindly trust a third party, but also that don't have to worry about $ per megabite. For example, one of the machines I have in my Syncthing network is a Raspberry Pi with a 3TB drive getting a backup of my laptop $HOME and important stuff from other machines all the time.

Box EKM is an insecure piece of shit

Look into Syncthing. It's free and libre and works excellently as a replacement.

Is it a Pi 1? I tried for months to get it to work with it, but even overclocked, it was still too damn slow to function.

I love Syncthing, though, but I had to take the Pi out of the pool.

With all due respect but this is the first time I've heard of Seafile, probably because Seafile isn't for consumers [1], SpiderOak is primarily a backup solution that learned to do sync, with its client implementations being weird, ugly and featureless and while I never tried Mega, I really don't think anybody sane can trust Kim Dotcom's Mega with any important files.

As anecdote I have zero acquaintances using any of these. Mainstream are Dropbox, Google Drive, Box.com, Microsoft OneDrive, Apple iCloud and Amazon Drive. That's already Top 6 and combined they probably cover more than 98% of marketshare.

[1] https://www.seafile.com/en/product/private_server/

Although you might think that the NSA wouldn't want the blood-stained hands of a Bush era crook drawing attention to the company.

> So even outside of this surveillance stuff I don't get the point in using them.

It's the only service with decent cross platform support, and by that I mean first class Linux support is a 100% requirement.

And Dropbox is among the only ones with Linux support.

"switches to LAN transfer when two synced computers are in the same network"

Dropbox LAN Sync still requires the local network to have Internet access, because it can't sync anything locally without a connection to the master Dropbox server, i.e. if your office goes offline, LAN Sync will not work.

Yeah, admittedly I also tried with a Pi 1 but it was too slow, now I have a Pi 3 for that.

> With all due respect but this is the first time I've heard of...

and

> As anecdote I have zero acquaintances using any of these.

Your experience is not the same as everyone else's. Do a Google search for "cloud storage" and you'll see all the ones I mentioned coming up in lists in the first page of results. If that's not "in the top 10", I'd love to know your definition. Oh, right, you already gave it: "Well I've never heard of it!"

It's interesting to read this as I've had instances running on servers for years without having to be restarted. That's on Ubuntu. Maybe the binaries they distribute aren't adequately tested on other distros?