←back to thread

How Dropbox Hacks Your Mac

(applehelpwriter.com)
1037 points 8bitben | 4 comments | 09 Sep 16 15:52 UTC | HN request time: 0s | source
Show context
newhouseb ◴[09 Sep 16 18:15 UTC] No.12464730[source]
Hi HN — Ben from Dropbox here on the desktop client team. Wanted to clarify a few things —

- Clearly we need to do a better job communicating about Dropbox’s OS integration. We ask for permissions once but don’t describe what we’re doing or why. We’ll fix that.

- We only ask for privileges we actively use -- but unfortunately some of the permissions aren’t as granular as we would like.

- We use accessibility APIs for the Dropbox badge (Office integrations) and other integrations (finding windows & other UI interactions).

- We use elevated access for where the built-in FS APIs come up short. We've been working with Apple to eliminate this dependency and we should have what we need soon.

- We never see or store your admin password. The dialog box you see is a native OS X API (i.e. made by Apple).

- We check and set privileges on startup — the intent was to make sure Dropbox is functioning properly, works across OS updates, etc. The intent was never to frustrate people or override their choices.

We’re all jumping on this. We’ll do a better job here and we’re sorry for any anger, frustration or confusion we’ve caused.

replies(30): >>12464748 #>>12464757 #>>12464795 #>>12464842 #>>12464871 #>>12464901 #>>12464973 #>>12464992 #>>12465003 #>>12465065 #>>12465178 #>>12465579 #>>12465584 #>>12465819 #>>12465975 #>>12466068 #>>12466126 #>>12466141 #>>12466143 #>>12466315 #>>12466502 #>>12466626 #>>12466822 #>>12468525 #>>12468769 #>>12468833 #>>12469145 #>>12470515 #>>12473045 #>>12481821 #
brentdax ◴[09 Sep 16 21:52 UTC] No.12466315[source]
> - We never see or store your admin password. The dialog box you see is a native OS X API (i.e. made by Apple).

To clarify for others: In /Library/DropboxHelperTools, you'll find a folder for each user full of setuid tools which run as root and do various privileged things. I assume that the client is presenting the normal OS X "ask for elevated access" UI and then using that elevated access to configure and install these. (I don't work for Dropbox or anything; I've just been poking around.)

> - We use accessibility APIs for the Dropbox badge (Office integrations) and other integrations (finding windows & other UI interactions).

@newhouseb, I don't have Office, so I've turned off the badge. Is Dropbox now going to leave my accessibility permissions the way I set them? Or is it going to reactivate a permission behind my back that it no longer even needs?

I understand the desire to make your features "just work", but circumventing the user's privacy controls to do that is never acceptable. Especially accessibility, which is basically a general warrant to snoop on everything the user does. You wouldn't be on my system anymore if my work didn't require Dropbox. You're going to lose a lot of trust over this, and it won't even be half of what you deserve.

And it's not even in your interest in the long term. This fiasco has probably made it more likely that Apple will further lock down the accessibility APIs, possibly even making them unavailable without an Apple-issued, potentially App Store-only entitlement. Since Dropbox can't really do its job when it's locked in a sandbox, I really don't think that's what you guys want to happen.

Teams like yours are why we can't have nice things.

(P.S. plz respect NSFileCoordinator this isn't Tiger anymore kthxbai)

replies(4): >>12466524 #>>12466747 #>>12466921 #>>12467925 #
newhouseb ◴[09 Sep 16 23:24 UTC] No.12466747[source]
> @newhouseb, I don't have Office, so I've turned off the badge. Is Dropbox now going to leave my accessibility permissions the way I set them? Or is it going to reactivate a permission behind my back that it no longer even needs?

Yep, we’re going to fix this so that if you uncheck it, we leave it unchecked.

> This fiasco has probably made it more likely that Apple will further lock down the accessibility APIs, possibly even making them unavailable without an Apple-issued, potentially App Store-only entitlement.

As alluded to elsewhere in this thread, this is already happening in macOS 10.12. We’ll be switching to the same approach that Steam (among others) do to request accessibility.

replies(2): >>12467026 #>>12468539 #
electic ◴[10 Sep 16 00:31 UTC] No.12467026[source]
Honestly, after the last year and a half, anything that wants root access, that is not open source, is out. Now, being open source does not make that automatically safe but it is a step in the right direction. Dropbox, MS Office, etc, are closed source tools that puts too much at stake.

Granted my team is small, but we just uninstalled dropbox today. Going to use the web interface and look for another solution in the meantime.

replies(3): >>12467179 #>>12467208 #>>12470386 #
1. fmajid ◴[10 Sep 16 18:40 UTC] No.12470386[source]
Try SyncThing. It's cross-platform (written in Go), fast and secure (BitTorrent Sync style, but open-source).
replies(1): >>12471575 #
2. tjl ◴[11 Sep 16 00:52 UTC] No.12471575[source]
I use it, but there's no iOS solution so I can't use it for a number of things.
replies(1): >>12472507 #
3. killerpopiller ◴[11 Sep 16 08:27 UTC] No.12472507[source]
BT-Sync is the original of syncthing with iOS-support but considered bad because its closed source and comercial

I like it though

replies(1): >>12474398 #
4. tjl ◴[11 Sep 16 17:18 UTC] No.12474398{3}[source]
I don't use BT Sync because if I'm on my local university network they block BitTorrent. It's not a big deal since I've graduated, but I still go there and use the library and meet with people so it would be inconvenient.