Most active commenters
  • lucb1e(3)

←back to thread

How Dropbox Hacks Your Mac

(applehelpwriter.com)
1037 points 8bitben | 20 comments | 09 Sep 16 15:52 UTC | HN request time: 1.669s | source | bottom
Show context
newhouseb ◴[09 Sep 16 18:15 UTC] No.12464730[source]
Hi HN — Ben from Dropbox here on the desktop client team. Wanted to clarify a few things —

- Clearly we need to do a better job communicating about Dropbox’s OS integration. We ask for permissions once but don’t describe what we’re doing or why. We’ll fix that.

- We only ask for privileges we actively use -- but unfortunately some of the permissions aren’t as granular as we would like.

- We use accessibility APIs for the Dropbox badge (Office integrations) and other integrations (finding windows & other UI interactions).

- We use elevated access for where the built-in FS APIs come up short. We've been working with Apple to eliminate this dependency and we should have what we need soon.

- We never see or store your admin password. The dialog box you see is a native OS X API (i.e. made by Apple).

- We check and set privileges on startup — the intent was to make sure Dropbox is functioning properly, works across OS updates, etc. The intent was never to frustrate people or override their choices.

We’re all jumping on this. We’ll do a better job here and we’re sorry for any anger, frustration or confusion we’ve caused.

replies(30): >>12464748 #>>12464757 #>>12464795 #>>12464842 #>>12464871 #>>12464901 #>>12464973 #>>12464992 #>>12465003 #>>12465065 #>>12465178 #>>12465579 #>>12465584 #>>12465819 #>>12465975 #>>12466068 #>>12466126 #>>12466141 #>>12466143 #>>12466315 #>>12466502 #>>12466626 #>>12466822 #>>12468525 #>>12468769 #>>12468833 #>>12469145 #>>12470515 #>>12473045 #>>12481821 #
1. seanhunter ◴[09 Sep 16 18:19 UTC] No.12464757[source]
It's very strange that after I remove Dropbox from the accessibility list you think it's ok to add it back in again. That's the reason I'll be closing my account.
replies(4): >>12465297 #>>12465446 #>>12465874 #>>12466349 #
2. __jal ◴[09 Sep 16 19:20 UTC] No.12465297[source]
Absolutely. I dropped Dropbox some time back, when it became obvious that they didn't respect the user's wishes at all.

This has been a long-standing thing with them - some years back there was some stink about the forced Dropbox branding in the Finder (which we now see is related to this). Many people (including me) found it rude that it insists on adding useless widgets, badging icons and inserting crap in the Finder sidebar. For whatever reason, Dropbox (the corporation) apparently believes that junk to be important enough to their business to disregard what the owner of the machine wants, and now we see the lengths they go through to force themselves on the user.

I used to simply consider Dropbox rude enough to make me not want to use it. Now that I see the company is actively going out of their way to break the intended function of security-related OS components, I now consider Dropbox malware and will begin warning others about the company.

replies(2): >>12467410 #>>12468164 #
3. Dylan16807 ◴[09 Sep 16 19:40 UTC] No.12465446[source]
Most programs don't consider that you might try to explicitly revoke permissions. It's a very understandable bug/behavior. I think it's worth giving them a chance to amend that code.
replies(1): >>12465830 #
4. moosemilkie ◴[09 Sep 16 20:32 UTC] No.12465830[source]
It didn't even ask for permission the first time.
5. jimmaswell ◴[09 Sep 16 20:37 UTC] No.12465874[source]
Why would you even do that? What nefarious and yet undiscovered things did you think DropBox was likely to do specifically with the accessibility permission?

Permission systems in general seem like a solution without a problem to me. Nobody but a minority of people very concerned about theoretical security problems wanted them on platforms that didn't have them, almost nobody cares what permissions programs use on platforms that have them now, and people get along perfectly fine and with less inconvenience shoved in their face running programs without permissions systems aside from a simple admin rights/no admin rights today on Windows and Linux.

replies(4): >>12465969 #>>12466109 #>>12466456 #>>12466916 #
6. guitarbill ◴[09 Sep 16 20:54 UTC] No.12465969[source]
Right, they have all your files already, so there's clearly some level of trust.
replies(2): >>12466138 #>>12466316 #
7. djsumdog ◴[09 Sep 16 21:16 UTC] No.12466109[source]
What if Dropbox has an exploit they're unaware of. Someone finds a whole in Dropbox and boom, now they have accessibility access.

Even if you trust the software vendor, security concerns can cascade.

replies(1): >>12466331 #
8. Johnny555 ◴[09 Sep 16 21:20 UTC] No.12466138{3}[source]
They only have (well should only have) access to the files I share on Dropbox, which is pretty much just music files, so if someone steals those files, I won't be too upset.
9. lucb1e ◴[09 Sep 16 21:52 UTC] No.12466316{3}[source]
> they have all your files already

Hell no they don't? They have some shared folders between classmates and a few encrypted archives for personal backups.

replies(1): >>12466345 #
10. lucb1e ◴[09 Sep 16 21:55 UTC] No.12466331{3}[source]
This got downvoted and I'd like to know why. This was one of my first thoughts as well while reading the article: what if Dropbox gets hacked? Their client apparently has access to everything.

What if the hack pushes a rogue client? Or one CDN endpoint serves a malicious update? Or a little bit of code is sneaked into the development process? Or an employee gets sour? Or a million other things that you hope never happen. There is a reason we don't run apache/nginx/any networked service as root. (You don't, right?)

11. chris_7 ◴[09 Sep 16 21:59 UTC] No.12466345{4}[source]
1. Dropbox asks for root

2. Dropbox does not use sandboxing (at least, the one I have doesn't)

So, they do.

replies(2): >>12466428 #>>12466967 #
12. lucb1e ◴[09 Sep 16 22:14 UTC] No.12466428{5}[source]
There is a difference between having all my files and being able to access all my files via a client.

1) My files are not on their service and thus not available at their discretion; they would first have to be uploaded.

2) With that logic all applications "have" all my files, but you bet I'd find it weird if I caught Libreoffice uploading files of interest to a service of theirs.

That said, I do see your point. Most desktop applications (as opposed to mobile apps) are capable of a lot more than they need to, and even many popular mobile apps are. I just wouldn't say I implicitly trust them with all of my files.

replies(1): >>12467301 #
13. __jal ◴[09 Sep 16 22:20 UTC] No.12466456[source]
> and people get along perfectly fine and with less inconvenience shoved in their face running programs without permissions systems aside from a simple admin rights/no admin rights [...]

...For values of "perfectly fine" that include millions of malware slaves on the net, hundreds of millions of stolen passwords, targeted 0 days attacking human rights workers, file-encryptor extortion apps, etc. etc. etc.

> What nefarious and yet undiscovered things

If they're undiscovered, how am I supposed to list them?

As far as discovered things, the permission allows Dropbox to sniff the keyboard and interact with any other application as the user. Add that to unrestricted filesystem access, and the right question to ask is what nefarious things Dropbox can't do.

14. skywhopper ◴[10 Sep 16 00:03 UTC] No.12466916[source]
I prefer to know what the apps I install are going to be doing. To this end, OS-enforced permissions for using various services are a godsend. No program should need "admin" rights. And I should be able to know and control what each app I run can and cannot do. This seems utterly obvious to me. Even if most people dont' care, the tools should be there. There've been more than enough cases where apps have collected information they shouldn't have, whether intentionally or lazily. It baffles me that anyone could seriously make the argument you seem to be making.
15. guitarbill ◴[10 Sep 16 00:14 UTC] No.12466967{5}[source]
There's been some downvotes (thanks for the constructive feedback /s), but I'd agree that this is a better way to put it. Anything that asks for root has 100% access at that moment, and possibly in future. It's easy to forget with all the "training" that `sudo`and confirmation dialogs provide, but true. Heck, if you install something (and by install I mean allow itself to integrate into the system, as opposed to say a script), you have to trust something. Either you trust the issuer, the package maintainers, or yourself (after you've checked 100% of the source code and compile it), but there's trust at some point.
16. chris_7 ◴[10 Sep 16 02:07 UTC] No.12467301{6}[source]
> 2) With that logic all applications "have" all my files, but you bet I'd find it weird if I caught Libreoffice uploading files of interest to a service of theirs.

On macOS this is not true though, for well-behaved document-based apps! Sandboxing prevents access to anything you haven't explicitly granted access to. I don't know if Libreoffice implements it correctly, though.

replies(1): >>12468187 #
17. cstejerean ◴[10 Sep 16 02:45 UTC] No.12467410[source]
For what it's worth I find the finder icons and sidebar additions to be nice touch, but I guess it would be nice to be able to disable that. The office integration on the other hand is beyond useless. The Dropbox badge mostly gets in the way of being able to scroll trough my documents and I have never used it for anything.
replies(1): >>12469748 #
18. danieldk ◴[10 Sep 16 07:42 UTC] No.12468164[source]
badging icons and inserting crap in the Finder sidebar

Their branding strategy is really annoying. I pay 10 Euro per month for Dropbox Pro, but they have Dropbox Business ads plastered all over the web interface.

19. danieldk ◴[10 Sep 16 07:50 UTC] No.12468187{7}[source]
And before someone says that this is not feasible for a Dropbox-like application: OneDrive is distributed via the App Store (with its sandboxing requirements).
20. ddeville ◴[10 Sep 16 15:59 UTC] No.12469748{3}[source]
You can disable the Finder integration in the preferences, same for the badge.