←back to thread

How Dropbox Hacks Your Mac

(applehelpwriter.com)
1037 points 8bitben | 1 comments | 09 Sep 16 15:52 UTC | HN request time: 0.001s | source
Show context
newhouseb ◴[09 Sep 16 18:15 UTC] No.12464730[source]
Hi HN — Ben from Dropbox here on the desktop client team. Wanted to clarify a few things —

- Clearly we need to do a better job communicating about Dropbox’s OS integration. We ask for permissions once but don’t describe what we’re doing or why. We’ll fix that.

- We only ask for privileges we actively use -- but unfortunately some of the permissions aren’t as granular as we would like.

- We use accessibility APIs for the Dropbox badge (Office integrations) and other integrations (finding windows & other UI interactions).

- We use elevated access for where the built-in FS APIs come up short. We've been working with Apple to eliminate this dependency and we should have what we need soon.

- We never see or store your admin password. The dialog box you see is a native OS X API (i.e. made by Apple).

- We check and set privileges on startup — the intent was to make sure Dropbox is functioning properly, works across OS updates, etc. The intent was never to frustrate people or override their choices.

We’re all jumping on this. We’ll do a better job here and we’re sorry for any anger, frustration or confusion we’ve caused.

replies(30): >>12464748 #>>12464757 #>>12464795 #>>12464842 #>>12464871 #>>12464901 #>>12464973 #>>12464992 #>>12465003 #>>12465065 #>>12465178 #>>12465579 #>>12465584 #>>12465819 #>>12465975 #>>12466068 #>>12466126 #>>12466141 #>>12466143 #>>12466315 #>>12466502 #>>12466626 #>>12466822 #>>12468525 #>>12468769 #>>12468833 #>>12469145 #>>12470515 #>>12473045 #>>12481821 #
brentdax ◴[09 Sep 16 21:52 UTC] No.12466315[source]
> - We never see or store your admin password. The dialog box you see is a native OS X API (i.e. made by Apple).

To clarify for others: In /Library/DropboxHelperTools, you'll find a folder for each user full of setuid tools which run as root and do various privileged things. I assume that the client is presenting the normal OS X "ask for elevated access" UI and then using that elevated access to configure and install these. (I don't work for Dropbox or anything; I've just been poking around.)

> - We use accessibility APIs for the Dropbox badge (Office integrations) and other integrations (finding windows & other UI interactions).

@newhouseb, I don't have Office, so I've turned off the badge. Is Dropbox now going to leave my accessibility permissions the way I set them? Or is it going to reactivate a permission behind my back that it no longer even needs?

I understand the desire to make your features "just work", but circumventing the user's privacy controls to do that is never acceptable. Especially accessibility, which is basically a general warrant to snoop on everything the user does. You wouldn't be on my system anymore if my work didn't require Dropbox. You're going to lose a lot of trust over this, and it won't even be half of what you deserve.

And it's not even in your interest in the long term. This fiasco has probably made it more likely that Apple will further lock down the accessibility APIs, possibly even making them unavailable without an Apple-issued, potentially App Store-only entitlement. Since Dropbox can't really do its job when it's locked in a sandbox, I really don't think that's what you guys want to happen.

Teams like yours are why we can't have nice things.

(P.S. plz respect NSFileCoordinator this isn't Tiger anymore kthxbai)

replies(4): >>12466524 #>>12466747 #>>12466921 #>>12467925 #
newhouseb ◴[09 Sep 16 23:24 UTC] No.12466747[source]
> @newhouseb, I don't have Office, so I've turned off the badge. Is Dropbox now going to leave my accessibility permissions the way I set them? Or is it going to reactivate a permission behind my back that it no longer even needs?

Yep, we’re going to fix this so that if you uncheck it, we leave it unchecked.

> This fiasco has probably made it more likely that Apple will further lock down the accessibility APIs, possibly even making them unavailable without an Apple-issued, potentially App Store-only entitlement.

As alluded to elsewhere in this thread, this is already happening in macOS 10.12. We’ll be switching to the same approach that Steam (among others) do to request accessibility.

replies(2): >>12467026 #>>12468539 #
electic ◴[10 Sep 16 00:31 UTC] No.12467026[source]
Honestly, after the last year and a half, anything that wants root access, that is not open source, is out. Now, being open source does not make that automatically safe but it is a step in the right direction. Dropbox, MS Office, etc, are closed source tools that puts too much at stake.

Granted my team is small, but we just uninstalled dropbox today. Going to use the web interface and look for another solution in the meantime.

replies(3): >>12467179 #>>12467208 #>>12470386 #
jkmcf ◴[10 Sep 16 01:31 UTC] No.12467208[source]
I'd love to hear what you find. My research has shown that Dropbox is mostly the only sync service supported in mobile apps. iCloud is next. After that it's very rare to see any other integration.

I'd love to see Box or someone else encourage popular apps to support their sync platforms, but I doubt it will happen. I blame Apple for not supporting easy 3rd party integrations.

replies(3): >>12467780 #>>12469923 #>>12470261 #
wlkr ◴[10 Sep 16 05:00 UTC] No.12467780[source]
I switched from Dropbox to Mega a few years ago and they now have mobile apps, sync clients for multiple operating systems and decent browser extensions in addition to a more generous storage allowance. There is also the added benefit of encryption. So far I remain impressed with their service.
replies(1): >>12467895 #
PhantomGremlin ◴[10 Sep 16 05:52 UTC] No.12467895[source]
I switched from Dropbox to Mega

Really?

FWIW Kim Dotcom, the founder of Mega, has distanced himself from it, saying the company had "suffered from a hostile takeover by a Chinese investor who is wanted in China for fraud"[1]

So yeah, don't trust Dropbox. Instead trust some shady Chinese characters. Can you name one of them? In comparison, note that Ben Newhouse, a Dropbox employee, is actually posting in this discussion.

There is also the added benefit of encryption

Without full source code to said encryption, all you have to go on is "trust us".

Forced to choose between the two, I know who I'd trust, and it wouldn't be Mega. YMMV.

[1] https://en.wikipedia.org/wiki/Mega_(service)

replies(2): >>12468028 #>>12480154 #
1. kuschku ◴[10 Sep 16 06:51 UTC] No.12468028[source]
Luckily, there's third party clients that are open source for Mega.

And they're actually usable.