How Dropbox Hacks Your Mac

Hi HN — Ben from Dropbox here on the desktop client team. Wanted to clarify a few things —

- Clearly we need to do a better job communicating about Dropbox’s OS integration. We ask for permissions once but don’t describe what we’re doing or why. We’ll fix that.

- We only ask for privileges we actively use -- but unfortunately some of the permissions aren’t as granular as we would like.

- We use accessibility APIs for the Dropbox badge (Office integrations) and other integrations (finding windows & other UI interactions).

- We use elevated access for where the built-in FS APIs come up short. We've been working with Apple to eliminate this dependency and we should have what we need soon.

- We never see or store your admin password. The dialog box you see is a native OS X API (i.e. made by Apple).

- We check and set privileges on startup — the intent was to make sure Dropbox is functioning properly, works across OS updates, etc. The intent was never to frustrate people or override their choices.

We’re all jumping on this. We’ll do a better job here and we’re sorry for any anger, frustration or confusion we’ve caused.

It's very strange that after I remove Dropbox from the accessibility list you think it's ok to add it back in again. That's the reason I'll be closing my account.

Why would you even do that? What nefarious and yet undiscovered things did you think DropBox was likely to do specifically with the accessibility permission?

Permission systems in general seem like a solution without a problem to me. Nobody but a minority of people very concerned about theoretical security problems wanted them on platforms that didn't have them, almost nobody cares what permissions programs use on platforms that have them now, and people get along perfectly fine and with less inconvenience shoved in their face running programs without permissions systems aside from a simple admin rights/no admin rights today on Windows and Linux.

Right, they have all your files already, so there's clearly some level of trust.

> they have all your files already

Hell no they don't? They have some shared folders between classmates and a few encrypted archives for personal backups.

1. Dropbox asks for root

2. Dropbox does not use sandboxing (at least, the one I have doesn't)

So, they do.

There is a difference between having all my files and being able to access all my files via a client.

1) My files are not on their service and thus not available at their discretion; they would first have to be uploaded.

2) With that logic all applications "have" all my files, but you bet I'd find it weird if I caught Libreoffice uploading files of interest to a service of theirs.

That said, I do see your point. Most desktop applications (as opposed to mobile apps) are capable of a lot more than they need to, and even many popular mobile apps are. I just wouldn't say I implicitly trust them with all of my files.

> 2) With that logic all applications "have" all my files, but you bet I'd find it weird if I caught Libreoffice uploading files of interest to a service of theirs.

On macOS this is not true though, for well-behaved document-based apps! Sandboxing prevents access to anything you haven't explicitly granted access to. I don't know if Libreoffice implements it correctly, though.