[cryptoz]

Is the Dropbox client fully open source yet? I won't use a spying tool that hires international spies to be on the board if they continue to be closed-source and intent on spying. Their new SDKs seem to be open source - why not their main client product?

[flyt]

What are you worried about in the client app that would require it to be open source? Should they also open source their backend systems and give you access to them?

[ohitsdom]

There was serious concern with some evidence a few years back that the Dropbox client was touching files in folders that weren't shared. Not sure if that is what OP's concern is. But I agree with your point, the client is only one small piece of the puzzle and won't reveal much.

[tpopp]

This concern pops up every once in a while because people like to put it out of context. Most operating systems don't allow any way to poll for file events in a specific folder only, so you either keep looping through all files in the folder looking for changes which would be an annoying resource hog or you get all events and ignore changes that don't occur in the folder of interest. It's completely fair to say that any installed application can do whatever it wants so you are concerned, but the touching files part is just people wanting to complain.

[hitekker]

The "international spies" probably refers to: http://bits.blogs.nytimes.com/2014/04/18/protests-continue-a...

[MichaelGG]

It'd go a long way to re-establishing trust. Thinking about their "Employees cannot access your data" statement, which really meant the exact opposite. And how they didn't immediately back down and apologize, but sorta tried to defend it.

OTOH, since your data is accessible to anyone after they push "return true" as their auth mechanism, I guess it doesn't really matter. If they offered proper encrypted storage, it'd be much more important.

Though even without encryption, a closed-source client that auto-updates leaves one big hole: They can push an update to specific users or activate code for them. With an open source client, that part could be mostly avoided.

Unfortunately, Tarsnap seems to be the only contender in this area (trustworthy backups). On Windows, this means using VMware shared folders.

[joshbaptiste]

Tarsnap runs fine under Cygwin.

[mtgx]

They don't necessarily need to do that. What they could do however, is allow files to be encrypted locally before they are synced and uploaded to their servers. The vast majority of people would still not do it anyway, but those that care would.

I really like how Cryptomator works, and I think Dropbox could easily provide similar functionality, and perhaps in an even more user-friendly way, too, since they can just integrate it with their Dropbox app, rather than this functionality being in a whole separate application.

https://cryptomator.org

Dropbox is not an advertising company like Google. They still have some of the highest fees for cloud storage around. So why do they care about seeing what's in people's files? Why not allow people to encrypt the files locally before uploading them?

And lest we forget, in the PRISM slides, Dropbox was mentioned as "coming soon". So unless they want to admit they are already part of the PRISM program, then what better way to dispel those rumors (not made any better by getting Condoleezza Rice on their board) that they are cooperating with the NSA.

http://www.zdnet.com/article/fbi-nsa-said-to-be-secretly-min...

[flyt]

Take a look at nCrypted Cloud for an option: https://www.encryptedcloud.com/

Realistically, though, Dropbox can't offer many of the features that differentiate them in the marketplace (collaboration, previews, sharing, etc) if all of the files they store are opaque to them. Playing in the "generic blob storage" market alongside S3 is a losing game for pretty much everybody.

[incongruity]

AFAIK, right now, there's no convenient S3 desktop client that makes it trivial to automatically mirror and share folders, much less make client-side encryption of files trivial on top of all of the above. IMHO, that's a very viable niche... User experience matters – it's not solely about cost.

Also, about n-crypted cloud – last time I looked, the file size limit was 150 MB – that kills the utility for my team, but it's still a decent option from my experience...

[sdegutis]

Not OP, but personally, 100% of the Dropbox functionality I care about is the storage and synchronization of explicitly allowed files (even if that only means "everything in ~/Dropbox"). So how the client-side synchronizer works shouldn't be a trade secret, assuming it's doing exactly what I'm paying it for and nothing else.

[benologist]

It can read and see everything you do on your computer...

...until you close it for grinding too much cpu.

[cryptoz]

Yes, they absolutely should open source their backend systems. Is the value of Dropbox really in their source code? I doubt it. They want my files, all of them, but they won't tell me what they're doing with the files or how their code works?

Everything about this should be open source, and I won't ever use it until it is. Also they should make a lot more effort towards promising privacy and security. As it stands right now, they seem intent on handing your file access to governments and building systems that are insecure by design. No thanks. Open source and then we'll talk.

[flyt]

You aren't obligated to be a customer of Dropbox. There are plenty of other services, either self-run or not, that caters to people that value baseless paranoia over functionality and usability.

[benologist]

Baseless paranoia?

Have you read the news this year? There's never been a worse time to be unaware and unclear of what software installed on your device does. Companies are so bad at security they lose people's private information by the million, Dropbox themselves didn't even validate passwords for a four hour window once upon a time.

[Menge]

> baseless paranoia

You mean like this: http://www.theregister.co.uk/2015/06/10/condoleezza_rice_to_...

But a paranoid board director is reasonable, or?