What are the security implications of Dropbox's Project Infinite?

PJ1
PJ1
Community Member

I use Dropbox with a 1P .opvault and sync between 1 iMac and two iPhones on different Apple accounts.

The second phone is my wife's who is not a big user and I use it with 1P as secondary access should my iPhone drop dead for some reason.

However, my concern now is if I continue to use Dropbox and they decide to implement kernel-level 'intrusion' on my Mac, it seems that security implications go way beyond my comfort zone with this company. (are my concerns well founded?)

I looked at 1P Families but as I am a single light user, the cost is prohibitive in relation to my needs.

The basic question, from a security perspective is: should I be concerned about continuing to use Dropbox?

It seems that the only alternatives I have is to use iCloud Sync - which means I can only use devices logged into my Apple Account - or Wifi sync which will only allow me to sync when at home on my local wifi network.

If you guys can clarify for me and perhaps point me in a 1P and Mac security direction, it would be much appreciated.

Thanks
Paul


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Dropbox

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @PJ1: Great question! To be clear, Dropbox has always used deep hooks into the system (at least on desktop OSes) to get the kind of filesystem integration that those who prefer Dropbox love. The interesting thing is that "Project Infinite" essentially mirrors something that Microsoft's OneDrive (née SkyDrive) did for years: present non-local data as part of the filesystem, and then download the data on demand. While this is really nice on devices with limited storage, Microsoft has since backed away from this approach because frankly it can be pretty confusing to a user to see a file and not be able to access it (for example, when they're without an internet connection to download it).

    Regarding security, this doesn't have an impact on your 1Password data. Even though Dropbox encrypts communications, your 1Password data is encrypted even before that using your Master Password, so it never depends on the security of the transmission or storage medium you're using.

    I hope this helps. Let me know if you have any other questions! :)

  • PJ1
    PJ1
    Community Member

    Hi @brenty, thanks for getting back to me. Yes, indeed it does help.

    I am pretty clear that there are no real implications regarding my 1Password data pre-transmission, as it was the AgileBits attitude towards encryption that attracted me a good few years ago.

    I suppose I was asking because, in the first instance, I am not sure of the access-to-data implications with Dropbox's planned way forward and, whilst 1P is open on my system, whether or not this can then be exploited.

    The trend towards everything being open for the world to see makes me uneasy and I don't like the thought of that choice being taken out of my hands. No, not quite time for my tinfoil hat just yet!

    In the second instance, I suppose I was asking because if I become so uneasy with Dropbox in general and remove it from my Mac, is there an alternative synchronisation option?

    I know AB is considering somewhere down the line offering a Families option to single users and using your servers, for me, would be a better option than Dropbox. Or wifi sync as I only have one Mac and two iPhones. I looked into wifi sync a long time ago but there were issues with attachments not syncing and it seemed a but clunky back then.

    In short, am I being a bit too paranoid with respect to Dropbox's potential reach into my extended computer as I am unclear as to what the implications are?

    There you go, grab a beer and a bite and chew on that for the weekend!

    Regards
    Paul

  • AGAlumB
    AGAlumB
    1Password Alumni

    @PJ1: Likewise! I hope you're enjoying your weekend. Call me crazy, but I wanted to follow up here. I love these kinds of discussions. :chuffed:

    In short, am I being a bit too paranoid with respect to Dropbox's potential reach into my extended computer as I am unclear as to what the implications are?

    I think the answer is both yes and no. While I think it's always prudent to consider the security (and privacy) implications of installing software (especially at a deep system level), I think you're overlooking one important fact: Dropbox has had this type of access for years on computers — as far back as I can remember using it. Their software integrates deeply with the filesystem, which is how it's able to monitor for changes to sync your data, and of course this is also why you won't find it in the Mac App Store: it cannot work in a secure sandboxed environment. And of course all of your data is part of that filesystem. So this is just more of the same, if a bit more ambitious.

    Now, I don't want to give the wrong impression. While the way Dropbox works does have security implications, I don't personally have any problem trusting them. But each of us has to make that determination for ourselves when it comes to installing anything that can access our personal data. On computers, there is very little an app can't do. On iOS (and Android, to a lesser extent), apps are instead defined by the (relatively) little they can do.

    But I think it's safe to say that it's too early to tell if Dropbox's new features are something to be concerned about or not. Ultimately it will depend on the implementation, and I imagine there will be security and privacy documentation and agreements to examine. Nearly anything can be done with or without taking into account privacy and security, so, as I like to say, "Do not pass judgement until the yogurt has been tasted." ;)

  • PJ1
    PJ1
    Community Member

    Hi @brenty, thanks for getting back to me.

    Yes, good weekend here - it's a long one - so never a bad thing!

    I take on board what you say about access from Dropbox over the years and will have to determine for myself how I feel about that over time.

    Just a quick last enquiry regarding wifi sync. Are there any current issues with it regarding file/attachment limitations, or any quirks I should know about? It seems that it's a straight decision between Dropbox and moving over to wifi sync unless AB looks at the 'Families' pricing option for the single user.

    Thanks again for your time.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @PJ1: Oh jeez. I am so sorry! Long weekend indeed! I had fully intended to address the question of Wi-Fi Sync, but I got carried away with the rest and forgot. :(

    While I'm glad that Wi-Fi Sync exists and it certainly works, it not nearly as flexible as the other options. That said, attachments are supported, where previously they weren't supported with all vault configurations. The real quirk is that it depends heavily on the network setup, so it isn't something I often recommend.

    Most people prefer the automatic sync methods, but Wi-Fi Sync is a great option if you want to keep everything local. And connection issues are less common on OS X than on Windows (due to antivirus/firewall/etc.) But if you've ever had trouble with AirPlay or AirDrop, you'll know that Bonjour isn't perfect even in Apple devices.

    Again, I'm sorry I failed to address that previously. Thanks for the extra poke there. Let me know if I've missed anything else! :lol:

  • PJ1
    PJ1
    Community Member

    @brenty: No problem. Don't know how you all get so enthusiastic day in day out. Caffeine maybe?

    Think in the short term I'm going to have to stick with Dropbox and wait and see how they decide to progress 'Infinity' over the coming weeks/months and, of course, how your Families option moves forward.

    Thanks again for your time with this.

  • Megan
    Megan
    1Password Alumni

    Hi @PJ1,

    It’s great to see that you are thinking seriously about the security of your data, and your computer, and I’m glad that Brenty was able to help you out here.

    If you ever have any questions about 1Password, we’re always happy to answer. :)

  • AGAlumB
    AGAlumB
    1Password Alumni

    No problem. Don't know how you all get so enthusiastic day in day out. Caffeine maybe?

    @PJ1: We've got the BEST customers in the world, and we LOVE what we do. And of course caffeine helps. ;)

This discussion has been closed.