Question How Can Users be Assured that Dropbox is not a Trojan?

NeedleFactoryNeedleFactory Junior Member
edited December 1969 in 1Password 3 – 6 for Mac
Dropbox (the software) can read/write files in Dropbox (the folder).
Doesn't that mean it can also read/write files elsewhere on my Mac?
And doesn't that mean it could read files on my Mac, not in the Dropbox folder,
and write them to Dropbox servers in the cloud
(but not to the master Dropbox folder in the cloud)?

Is there a way to pub the client-side Dropbox software in a "sandbox"
so it has file access only to the local Dropbox folder?
Or a way to monitor what files the Dropbox folder is reading?

Comments

  • NavstarNavstar Member
    edited July 2010
    Dropbox has a passionate cult-like following of millions of users. It's been out for years. If there was sneaky funny business going on, the word would have gotten out by now.

    I trust them completely with my data. (But every good Mac user should be Time Machining anyway)

    Check out the Dropbox blog at blog.dropbox.com and forums at (you guessed it) forums.dropbox.com. And vote on new features at dropbox.com/votebox
  • roustemroustem AgileBits Founder

    Team Member
    edited December 1969
    Dropbox (the software) can read/write files in Dropbox (the folder).
    Doesn't that mean it can also read/write files elsewhere on my Mac?
    And doesn't that mean it could read files on my Mac, not in the Dropbox folder,
    and write them to Dropbox servers in the cloud
    (but not to the master Dropbox folder in the cloud)?

    Is there a way to pub the client-side Dropbox software in a "sandbox"
    so it has file access only to the local Dropbox folder?
    Or a way to monitor what files the Dropbox folder is reading?


    This question can be asked about any application (or even widget) you install on your Mac. It can even be asked about Mac OS X itself :)

    Dropbox is a real company with working business model and over 1 million users. I spoke with Dropbox people and we received technical support from them too. This is enough for me but you should certainly go with what makes you comfortable.
  • kylefkylef Junior Member
    edited July 2010
    Or a way to monitor what files the Dropbox folder is reading?


    You can use dtrace, here is a dtrace script which will let you see open file's and what processes are opening them:

    http://www.brendangregg.com/DTrace/opensnoop_example.txt
    http://www.brendangregg.com/DTrace/rwsnoop_example.txt

    dtrace is a very powerful tool, very useful for stuff like this, or even debugging a application.

    EDIT:

    I just realised that opensnoop is already in OS X, so you could just run:

    sudo opensnoop
  • Alex KnightAlex Knight Member
    edited December 1969
    Also if you want more piece of mind. Read the terms of service and privacy policy legal statements on dropbox.com. These are legally binding documents that very clearly make a stance on how important data integrity is to the client. If you read those, it should clear any pre-conceived notions.
This discussion has been closed.