←back to thread

How Dropbox Hacks Your Mac

(applehelpwriter.com)
1037 points 8bitben | 1 comments | 09 Sep 16 15:52 UTC | HN request time: 0s | source
Show context
Dylan16807 ◴[09 Sep 16 17:05 UTC] No.12464088[source]
I don't really understand the conclusion here. So the scenario is you trust dropbox with your files, and you trust them with a kernel blob implementing the filesystem, but you don't trust them to silently have accessibility rights?
replies(3): >>12464120 #>>12464611 #>>12464701 #
lm2s ◴[09 Sep 16 17:08 UTC] No.12464120[source]
You're assuming everyone trusts Dropbox with all their files and that everyone installs their kernel extension, which is a wrong assumption.
replies(1): >>12464197 #
Dylan16807 ◴[09 Sep 16 17:16 UTC] No.12464197[source]
If we're worried about theoretical abuse, the client could access all of your files because it runs as you.

You can opt out of the kernel extension? Still, you give it root to install, and it has a long history of hacking the file browser to get icon overlays... it seems weird to me that this would be a deciding factor.

replies(1): >>12464264 #
lm2s ◴[09 Sep 16 17:23 UTC] No.12464264[source]
I was under the impression that the kernel extension was a separate product, it's being included in the standalone Dropbox application? You do have a point about giving it administrator privileges, the post however shows very clearly that they are abusing your trust which is enough for people to think twice before using their application..
replies(1): >>12464335 #
eridius ◴[09 Sep 16 17:30 UTC] No.12464335[source]
What kernel extension? Dropbox has a Finder plugin for badges, but what would they need a kernel extension for?
replies(1): >>12464474 #
0x0 ◴[09 Sep 16 17:47 UTC] No.12464474[source]
This kernel extension:

/Library/Extensions/Dropbox.kext

And good question.

replies(2): >>12464559 #>>12464804 #
1. _razvan ◴[09 Sep 16 18:25 UTC] No.12464804{3}[source]
The kernel extension implements Dropbox Infinite.