Has anyone heard what Dropbox is doing to Macs?

wkleem
wkleem
Community Member

Apparently, Dropbox has the ability to regenerate itself if there is an attempt to remove it from Accessibility?

Read about it here:
https://macintouch.com/forums/showthread.php?tid=637&pid=4952#pid4952

"tvalleau Wrote:
Yeah... but look at your list of enabled items in Accessibility. How many do you have? That is true of all of them.[…]
I'm not about to give up using all those items. Yes, Accessibility is a possbile attack vector. Life is a tradeoff.
Since I'm keeping all those, I don't mind having Dropbox in there as well.

The problem isn't that it's in the Accessibility items; that's fine. The problem is that in order to put itself there, Dropbox performs a social engineering hack on us in order to inject its own software, which itself then re-adds itself to the Accessibility settings even after you try to remove it. They can't even try a defense such as "it's the only way we can make the software work", because that isn't even remotely true.

This is a big, big deal. This is a serious breach of trust.

Dropbox is built into my daily workflow, so I can't just jump off, but I'm seriously looking into other options. This really isn't acceptable behavior from a developer.

(Say, hands up if you remember the Panic/Transmit brouhaha way back when.)"


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @wkleem: I guess I may be missing something, since it seems pretty typical for me for a desktop app to do what it needs to provide the functionality that the user installs it for. I was used to having all kinds of scripting additions and kernel extensions, though Apple has really locked down a lot of that in recent macOS releases. But I still had to boot into recovery mode to temporarily disable the security check to install Bartender. I even had games that added themselves to accessibility not long ago.

    However, I'm really happy that 1Password has a minimal "footprint" in this regard: it just sits there in Applications and runs a process in the background for browser integration. Nothing crazy there. But on the other hand, we're not asking 1Password to do anything like the filesystem and system integration that we depend on Dropbox for. I think a good illustration of this is the Dropbox UWP app (in the Windows Store). It is super non-invasive...but almost useless, unless you happened to be on a Windows phone or RT device that could only run that version. I don't know of anyone who'd willingly choose to run that sort of app over the desktop client, given the option. We can't have it both ways.

    I guess I just don't install software unless it benefits me somehow, and we all need to weigh the pros and cons of running anything on our systems. Like you, I use Dropbox daily, and if there's something specific that its doing that I'm not okay with, I'll have to reevaluate things. So far it sounds like the objections are philosophical rather than practical though, but I'm definitely interested to see where things go.

  • wkleem
    wkleem
    Community Member
    edited September 2016

    Hi

    I'm guessing the concern is that Dropbox is a bit malware like? I have closed some old Dropbox accounts as they were redundant. I also cannot completely switch to Teams as I have legacy MACs which I doubt will work with Teams. I have not booted into Lion (X.7) or earlier (Leopard for Intel) for some time.

  • danco
    danco
    Volunteer Moderator

    I gathered from the reports that the concern was not that Dropbox was requiring use of Accessibility but that it did this without any proper warning to the user. Correct behaviour would be to ask the user to allow Accessibility (and maybe explain why). But Dropbox used a sneaky procedure to set up accessibility.

  • That makes sense, @danco. I'm not defending them, as I'm not fully aware of the circumstances or situation, but I suspect they may have done so to avoid having "click fatigued" users who have been trained to just say "no" to everything from botching the install by saying "no" when a "yes" is required.

    Ben

  • Sounds reasonable to me, personally.

  • James_Mallorca
    James_Mallorca
    Community Member

    I have some issues with the way they've done it, and then their total lack of customer service in general. I've deleted their software and my account with them. I'm sure they would never have done anything nefarious, but it once more feels like bigger companies running roughshod over their clients, us, so I won't be using their products.

    If iCloud let me share documents in the same way, I'd just stick with that and be done with it, but as that isn't really the case I'm still looking for an alternative, if anyone has any recommendations...

  • I use Google Drive some. But I'm not sure they have any better of a record in this regard than Dropbox.

    Ben

This discussion has been closed.