How Dropbox Hacks Your Mac

(applehelpwriter.com)

1037 points 8bitben | 1 comments | 09 Sep 16 15:52 UTC | HN request time: 0.206s | source

Show context

newhouseb ◴[09 Sep 16 18:15 UTC] No.12464730[source]▶

Hi HN — Ben from Dropbox here on the desktop client team. Wanted to clarify a few things —

- Clearly we need to do a better job communicating about Dropbox’s OS integration. We ask for permissions once but don’t describe what we’re doing or why. We’ll fix that.

- We only ask for privileges we actively use -- but unfortunately some of the permissions aren’t as granular as we would like.

- We use accessibility APIs for the Dropbox badge (Office integrations) and other integrations (finding windows & other UI interactions).

- We use elevated access for where the built-in FS APIs come up short. We've been working with Apple to eliminate this dependency and we should have what we need soon.

- We never see or store your admin password. The dialog box you see is a native OS X API (i.e. made by Apple).

- We check and set privileges on startup — the intent was to make sure Dropbox is functioning properly, works across OS updates, etc. The intent was never to frustrate people or override their choices.

We’re all jumping on this. We’ll do a better job here and we’re sorry for any anger, frustration or confusion we’ve caused.

replies(30): >>12464748 #>>12464757 #>>12464795 #>>12464842 #>>12464871 #>>12464901 #>>12464973 #>>12464992 #>>12465003 #>>12465065 #>>12465178 #>>12465579 #>>12465584 #>>12465819 #>>12465975 #>>12466068 #>>12466126 #>>12466141 #>>12466143 #>>12466315 #>>12466502 #>>12466626 #>>12466822 #>>12468525 #>>12468769 #>>12468833 #>>12469145 #>>12470515 #>>12473045 #>>12481821 #

seanhunter ◴[09 Sep 16 18:19 UTC] No.12464757[source]▶

>>12464730 #

It's very strange that after I remove Dropbox from the accessibility list you think it's ok to add it back in again. That's the reason I'll be closing my account.

replies(4): >>12465297 #>>12465446 #>>12465874 #>>12466349 #

jimmaswell ◴[09 Sep 16 20:37 UTC] No.12465874[source]▶

>>12464757 #

Why would you even do that? What nefarious and yet undiscovered things did you think DropBox was likely to do specifically with the accessibility permission?

Permission systems in general seem like a solution without a problem to me. Nobody but a minority of people very concerned about theoretical security problems wanted them on platforms that didn't have them, almost nobody cares what permissions programs use on platforms that have them now, and people get along perfectly fine and with less inconvenience shoved in their face running programs without permissions systems aside from a simple admin rights/no admin rights today on Windows and Linux.

replies(4): >>12465969 #>>12466109 #>>12466456 #>>12466916 #

1. skywhopper ◴[10 Sep 16 00:03 UTC] No.12466916[source]▶

>>12465874 #

I prefer to know what the apps I install are going to be doing. To this end, OS-enforced permissions for using various services are a godsend. No program should need "admin" rights. And I should be able to know and control what each app I run can and cannot do. This seems utterly obvious to me. Even if most people dont' care, the tools should be there. There've been more than enough cases where apps have collected information they shouldn't have, whether intentionally or lazily. It baffles me that anyone could seriously make the argument you seem to be making.

↑