Dropbox en säkerhetsrisk på din Mac

Duncan Davidson:

Earlier today, I saw a very concerning tweet from Steve Streza about how Dropbox has been doing funky stuff inside of OS X/macOS. Not for nefarious purposes, mind you. Almost certainly not. They’ve simply been grabbing onto root privileges and holding onto them after install so that they don’t have to bug you again when they want to change things up later.

In other words, they effectively backdoor your system so that they don’t have to ask again if they can add or change things later on.

After all, every time they ask permission, not only do they annoy the user, they let them consider saying no, which is bad for numbers in a company driven by the almighty gods of daily, weekly, and monthly active usage.

Regardless of the user experience argument of keeping things simple so that the user doesn’t have to make more decisions, there are two big problems with the way that Dropbox does this:

  1. It’s a violation of trust. Dropbox didn’t ask for the ability to modify my system again in new and novel ways without asking me.
  2. It’s an additional attack vector for bad actors to exploit. There are enough of these as it is.

Furthermore. Dropbox is moving functionality into a kernel extension as part of Project Infinite. It’s pretty cool stuff—heck, I want it now!—except for the part where they’ll install a kext without asking or telling you. Regardless of whether or not you want a closed source kernel extension running in your system—and you very well might to get the benefits of an infinite cloud based filesystem—it’s shitty to put one in on the sly.

Orolig för vad Dropbox. iCloud Drive och andra molntjänster håller på med?  Kör en egen!

© 2021 Omsoc Publishing AB