Of course I see the possibility of harm here, but really, isn't automatic updates pretty standard by now? I mean, it's got to be better than letting a large swath of users run old versions of the software because they don't know how/don't care to update it. I mean, isn't that the more severe security issue at hand?
And if you're conscious enough about your digital security that you really do mind Dropbox updating itself automatically, why did you install their app in the first place? The only OS I actually expect to protect me from the apps I install is iOS, and only in combination with the AppStore review process.
From what I hear, Apple's attempts at creating similar safeguards in macOS with the Mac AppStore has not been received that well with developers because of the restrictions sandboxing place on the apps.
> because they don't know how/don't care to update it
In this case the reality probably is closer to: because they don't know they should be worrying about it.
(Sample of one, obviously, but I certainly didn't know I should, and yet never got any kind of notification to that effect until I sought to delete the app a few weeks ago.)
It's so matter of factly on consumer devices that things just update themselves or nag you to do it from time to time, that it somewhat boggles the mind that it wasn't automated.
i disabled the automatic update on my android device. i had a lot of apps installed and had the feeling something is updating all the time and trashing my battery life. and then there is problem that alot of times the new wersions are worse then older ones. i had the instance where newer versions of apps, had features removed because they now offer "pro" version, and also change the layout to cram more ads. so now im updating the app only if i notice that something is not working right.
Because I hate it when features are irreversibly changed, at random. Which is what happens with "evergreen" software. I don't care if it only happens occasionally. Never is better than occasionally.
I want the peace of mind to know that if something stops working, that it's not because of an update.
If you're going to introduce feature regressions, you'd better at least make it easy to undo them.
If you're going to make users update on your schedule, you'd better be really really good at making your updates smooth. Google can almost get away with this, but Dropbox, OneNote, Skype, and especially Firefox have introduced major bugs without telling me.
Firefox is the worst offender, because even if you explicitly disable automatic updates, it will just repeatedly download updater.app anyway.
I discovered this when I had to fix something on a 3G cellular connection on a strict deadline. Another morning, I woke up to find a bell icon added[1] next to my clock, with no obvious way to remove it. It brought me back to the bad old days of Windows 98 where drive by installers would just add stuff to your computer. Eventually, I just chflags -R schg /Applications/, and ripped out all of the updater daemons out of frustration, and I'm happier ever since.
The thing I object to the most, is for software you already have installed to have features removed and replaced with a nag to buy back the features you just had before the update. LogMeIn's Hamachi app did that, but thankfully I keep backups. Or, a classic example from a long time ago, was iTunes 4.01, which had an "emergency" update for iTunes 4 that removed the local network music sharing feature. [2]
Think about what's really going on with the updating ecosystem we have. Are you really OK with software like the deceptively named "keystone agent" running as root, that can add and execute data anywhere on your filesystem? Google Drive and Google Earth will try to reinstall it if you remove it, and nag you with deceptive messages about how they need you to authorize superuser access for them so that they can run properly, when in reality they are just adding the updater daemon, which they do not require to function.
After having been burnt by new bugs, and outright dishonesty, I'm very careful now.
I think the concern might be that we are more and more granting ownership of our machines: If NSA wants to install a spyware on targetted systems, they have a dozen autoupdate channels to do it through now.
Which is good because we do nothing wrong. Apart from Youporn, where only one underage model that you didn't know about could lead you to jail. You know, accusations do wonders for your career.
Apart from this catastrophic scenario, I don't either see what's wrong. How many people per year are accused of pedophilia, that could be due to conflicting work/nation interests?
> I think the concern might be that we are more and more granting ownership of our machines: If NSA wants to install a spyware on targetted systems, they have a dozen autoupdate channels to do it through now.
> Which is good because we do nothing wrong. Apart from Youporn, where only one underage model that you didn't know about could lead you to jail. You know, accusations do wonders for your career.
> Apart from this catastrophic scenario, I don't either see what's wrong. How many people per year are accused of pedophilia, that could be due to conflicting work/nation interests?
Thank you. And to people who think this won't affect them, it doesn't even have to be cp charges. NSA has lost the fight to keep its uncensored dragnet data to itself. Today, it is FBI who has access to it. Tomorrow, it will be the IRS which is fine. However, the real kicker will come when state departments of revenue and city police get their hands on it.
Remember, we as a people, legitimately break the law millions of times every day. It doesn't have to be cooked up evidence. If someone wants to hang any of us "upstanding" citizens, they just have to look hard enough.
How long until we are issued tickets for speeding when we say simple things like, "I was hauling butt to get to work today!" on FB? Or have our insurance premiums jump because of it.
Certainly the former wouldn't hold up with current laws, but how long until the laws are changed?
The more we allow our privacy to be eroded, the closer we are to having this come true.
What's wrong is that the capability to safely serve and share files over the Internet to people you want to serve, safely and with some modicum of security, is perfectly within the reach of the vendors of Operating Systems.
However, these vendors have fallen asleep at the wheel and are allowing basic system services to be fractured at the base (i.e. in the base OS install), in order that third parties might fill the gap.
This is a heinous state of affairs for anyone thats been paying attention over the years, because there are no good reasons we can't just use our existing computers, and their operating systems, to provide the same kind of user experience as one might obtain with Dropbox, albeit without the creepy commercial-control/exploitation aspect.
I mean, honestly, if folks would just have a way to create their own VPN's out of the box, share the details, and set up a peer network as if it were .. y'know .. a function of the operating system instead of something you learn about from seeing it on a billboard or the back of a bus ..
Dropbox seems to be singled out for doing things like this, despite browsers, Win10, etc.
The updater changes nothing unless someone has done a full audit of the Dropbox binary.
Updater or not, Dropbox/$minitrue can read/write anything you store there. If you have any executables (incl. source code, word docs with macros enabled, git repos via hooks…) in Dropbox, you're pwned as well.
If you don't trust Dropbox, an updater is the least of your concerns.
Given the amount of vulnerabilities in commonly used applications, they would not need the auto update to infect your computer with malware. Just modify some existing document stored in your computer and wait for you to open it.
And to do that, there's no need to work with Dropbox. Eve could just work her way through your colleagues you are sharing files with to find the weakest link, plant the documents on his computer and wait for them to automatically sync to yours.
This is NOT about keeping everyone updated and reducing the pool of older clients. This can be done by simply denying service to outdated versions. It worked very well for AOL Messenger 20 years ago, no reason why it won't work just as well today.
This is strictly about being able to install anything on users' machines at will and having a formal consent to do that.
The fact that Chrome and others do that doesn't make it any less _unacceptable_. You are losing control over what exactly and when you allow to run on your machine.
You do realise that would probably increase the amount of customer support cases raised, from confused/angry users - which is the exactly the opposite effect that Dropbox wants.
For the majority of typical users of Dropbox (and HN certainly doesn't count as typical), this is a net win in every way. They get the latest bugfixes, and they don't need to worry about all this downloading installers rubbish that seems so last decade.
Also - if you were deathly worried about Dropbox and what they could do - firstly, why would you install their client to begin with, considering it's entirely closed-source? Secondly, why would you use a cloud storage provider like them to begin with?
You talk about "losing control" - why not spin your own Dropbox? (I suspect many people, nerds included, underestimate the sheer amount of engineering and technical man years that go into something like this). However, for the Stallman's among it, it may make sense.
They get the latest bugfixes, and they don't need to worry about all this downloading installers rubbish that seems so last decade.
They could also distribute Dropbox through the Mac App Store, then they wouldn't have to sneak in SUID binaries and run background processes with launchd. As an added bonus, Dropbox would be sandboxed.
Before someone says it can't be done: the OneDrive app is
installed via the Mac App Store, is sandboxed and provides Finder integration. (Yes, the Office badge would probably be a problem, but that is a hack now anyway.)
Edit: that sounded too negative. I agree that this benefits a lot of users, I just wanted to point out that an App Store version would be even better.
>You do realise that would probably increase the amount of customer support cases raised, from confused/angry users
No, it won't.
It's an urban legend.
For every support request that cannot be answered from a stock pile of answers, the first reply is "update to the latest version and then come back." and not once did I see anyone ever complain about it (leave alone become angry) in my 20+ years in IT business. Never. Not a single complaint. Those who can upgrade will upgrade when asked.
That depends on the industry. I have worked with support for about as long as you, and many clients wants to find a solution that they can use until they upgrade (since the upgrade process can take quite some time if you have lots of dependent software that needs validating).
Sure, there are clients like that and those who can't upgrade due to internal policies, QA restrictions, etc.
Point being is that the extra load from having to deal with clients on outdated versions is insubstantial and it certainly does not justify force-shoveling updates down everyone's throats.
"You talk about "losing control" - why not spin your own Dropbox?"
I agree that auto update is a net positive and most people will be fine with the arrangement. But your line of argument is flawed . by this logic anyone who wants to enquire and wantto have an informed discussion on health he /she should go study medicine ? Right !
Well, I like staying current, but I DON'T like auto updates. I can't count how many times Windows broke because of auto updates. I would so much rather have a notification than just to have something update in the background and break. Nothing ever breaks at a convenient time.
I wonder how they did the auto-update that brought that feature to me... I have a pretty shitty internet connection here and i recognized the dropbox updater sucking up my bandwidth yesterday... I've not triggered any manual update...
They've had an auto-updater for many years. They've now separated it into a separate process, so the Dropbox sync daemon doesn't have to have privileges to self-modify.
When exactly did HN transition from from fawning over one of the best YC success stories to being upset with nearly everything Dropbox does?
The number of extremely negative comments here here about using a second process [just like Chrome, Creative Cloud and countless others] to auto-update is really surprising. I can understand people not being thrilled with a kernel extension being installed, but most of those comments there seem misguided or uninformed.
The obvious transition point [to me, it seems] was when they put Condi on the board. HN opinion on nearly everything Dropbox does has really soured since then.
I started looking at HN right when Dropbox announced on it.
Funny enough, I came to HN looking for something like Dropbox. I even remember when Dropbox was doing odd things that Apple had to ask them about because they didn't know how they put the check marks in.
Yet here we are, angry at Dropbox for continuing down that path of making things more and more user friendly.
But unless you audited the chrome code (with a team of 1000 experts) you have already trusted them, both to write quality code and to prevent malicious code sneaking in. Why not trust them to patch your browser against malware?
If it's unacceptable, why would you use the Google Chrome browser?
It's open-source (Chromium project) - just compile it yourself?
Once you've run somebody else's binary, you're already conferring significant trust on them. And I might be biased, but the Chrome team has shown themselves to be very vigilant with security, and generally on-the-ball on all of these things. (Memory issues aside...although I'm not going to get into that...lol).
Many newer projects do this - e.g. Atom from Github auto-updates.
VS Code from Microsoft does this - I think it's awesome! =)
>Once you've run somebody else's binary, you're already conferring significant trust on them.
This is the "you agreed to a date, that means you agreed to go all the way" argument.
Even when a someone extends trust or tentative trust, that doesn't mean they should be expected to give up the right to maintain control of that choice at each successive moment in time.
EFF strongly discourages auto updates that can't be turned off, because they can be used for enabling DRM and curtailing freedom.
All you can do is gently request that the google updater deamon (keystone agent) please not update. It is still running. And the way to disable it is very obscure, and no user would be able to discover how to disable it on their own.
If you remove it, and then try to run any Google Software, it will first lie to you and say that it needs you to authenticate so it can "function" properly. If you refuse, it will try to install it's code in ~/Library instead. If you intercept that, it will stop asking and work properly.
Google software does not depend on its updater in any way. There is no technical reason to keep asking you to install it. They just don't respect your agency. And if you say no to root installation, they will settle for just a user installation.
A lot of software that asks for authentication on first run is doing it solely to install it's helpers.
Not just is it creepy asf and wrong, but sometimes features will be removed or changed without my consent.
Software that was free when you downloaded it just got "upgraded" to shareware. Or maybe it just irreversibly converted all of its saved data to the new format that isn't backwards compatible.
You would never have agreed to install that update if you actually knew what it was going to do. That makes it dishonest.
VSCode, Atom, Firefox etc. do this but they all provide sane and easy methods to disable the behaviour. It's as simple as unchecking a box (or toggling a string in VSCode). It's not mandatory in those products unlike Chrome and Dropbox (AFAIK) now.
Yes. It uses apt but do you realise that you didn't install it using APT? You used plain dpkg but it now registers itself with APT (I think using something similar to a PPA) so that you can autoupdate.
EDIT: Sorry if this sounded accusative. Wasn't meant that way.
Would be fun trying to autoupdate deb packages though.
So, what is a good alternative to Dropbox that supports LAN sync, block-level uploads [1], revisions, and that most of my colleagues, friends and friends have or can set up?
If you actually look at the competition, most of them do not have LAN sync or block sync (OneDrive, Google Drive), they do not have proper support for revisions (Resilio Sync), or are hard to set up for most people (Syncthing).
[1] So that if I change a small piece of a large file, it does not upload the complete file again.
There is probably no product with the exact feature set of Dropbox. But if you want to take the principled stand, you'll have to live with that. You can't be all "refuse closed-source autoupdating software, it is evil! Richard Stallman was right all along!" and then complain about you not getting the features that those products offer. That's the price you pay for your principles.
Chrome is a program that has standalone functionality where the program would still do useful work without updating.
The Dropbox sync service, on the other hand, is literally just the client half of Dropbox's own proprietary backend. If Dropbox makes an ABI-incompatible change to their sync protocol on the server side, the non-updated client will just break until you update.
Wanting to disable updates to such a service, would be like wanting to load the old version of a webapp SPA whenever you visit the site. What's the point? It's not going to (have been designed to) work that way.
Websites are sandboxed sufficiently that they aren't supposed to be able to do anything crazy to my computer or access any of my data as new versions come out: the same is not true of Dropbox. I don't want some system automatically upgrading the code running on my computer. I want to be able to download new code for my computer and choose to install it. This means that if there's a bug introduced by the new software in my workflow, I have at least some chance in hell of knowing what caused the issue: "oh yeah, I just upgraded Dropbox"; when Dropbox just upgrades itself, one day my computer just starts being unstable, and I'm essentially screwed. This is markedly different (and worse) than Chrome updating itself, as Chrome doesn't inject itself into other random processes or extend the functionality of other parts of my computer: if Chrome upgrades itself into something broken, I will almost certainly be able to notice when I start by closing everything that I'm running, one by one. Software that automatically upgrades itself is also subject to targeted attacks: maybe one day I, and only I, get targeted with a new version of Dropbox, maybe not even being sent to me by Dropbox (due to some MITM-able flaw in their upgrade system) that is actually spyware. When I manually download new software on my schedule, particularly if I'm downloading it manually with a web browser, especially so if I download it once "anonymously" and reuse the download on all of my computers, I can feel a lot safer that I'm not being targetted. This is just so so so fundamentally different than a new version of a web site :/.
I think your trust in browser sandboxing of websites has been, and is continually being, disproved. Browser vulnerabilities are the most consistent way of compromising a remote system.
Microsoft Office does not autoupdate. It notifies you of an update, but you have to confirm the transfer and installation. At least that's how it works on my Mac.
That's because they don't have a robust self-update feature for the Microsoft Updater app. They added an automatic update mode and it appears to be on by default now, which is probably good given the number of exploits Office has had over the years.
On Windows, it updates through Windows Update (which you can moderately control) or through their own App-V/Click-To-Run thing, that updates transparently
The minimum required operating system version isn't necessarily indicative of the age of the feature. I can develop an application on macOS 10.12 now and have it support all previous versions up to OS X 10.7.
(Assuming this is true....) Because if they're stuck supporting old versions of Dropbox, they're miserable (having to support dozens of versions) and you're miserable (things start to break). I understand why people would be worried about Dropbox auto-downloading software, but honestly... if you're the kind of person worried about the security around Dropbox auto-updating the same way every app on your phone does, you probably aren't using Dropbox to begin with.
> auto-updating the same way every app on your phone does
I'm on the latest iOS (10.2.1), and it's optional - I have 23 apps ready for updates, but I can scan through the release notes before initiating the update.
Except that each of those sandboxed apps keeps uploading your behavioural and private data pretty much constantly with no ability for you to limit or stop it like you can on the deskop :)
And you can never downgrade to an old version. Or add a firewall that will block ads. Or disable javascript selectively. Or control when programs can run. Or know whether they use crypto safely. Or have any control over when your phone will get patched for the 200-day level 10 RCE bug.
Now I just want to smash my phone with a hammer. Smash it into tiny tiny pieces.
Though this is not a phone app and Dropbox does have a history of mistakes causing data loss.
I assume it's true because:
"If you don’t want Dropbox Update to run on your computer, you can uninstall the Dropbox application. You can still access your files on dropbox.com and using the Dropbox mobile apps."
> Though this is not a phone app and Dropbox does have a history of mistakes causing data loss.
A history of random forum posters making huge assertions which inevitably turn out to be significantly overstated. It's trendy in certain circles to complain about Dropbox and the hype factor makes it easy to forget that for every person repeating anecdotes on HN there are a million normal people who use the service without issues.
As one of those 'random forum posters' aka Dropbox Customers who has lost data, I don't think it would be over stating it that I was fucking pissed off that my data was gone. I didn't really give a shit that other people were using the service without issues.
Its not rocket science to understand that a cloud data storage company is (a) going to have bugs, hence (b) data will be lost, and (c) customers will be dissatisfied.
The only saving grace for Dropbox is that the Google Drive windows client is a totally catastrophic data destroying pile of rubbish, and the Azure/Onedrive system is so microsofty and has no linux client either.
Again, there are people who've lost data and in some of those cases it was even caused by Dropbox — as opposed to the hardware failures or human errors which are often attributed to a service like Dropbox because that's what first made the problem visible — but that's still anecdotal rather than proof of widespread problem and, going back to the topic at hand, it doesn't tell us that the answer is to avoid installing updates. For a widely deployed consumer app, a significant fraction of the work will be defensive coding to reduce the impact of problems on the client and holding back updates will actually increase someone's exposure interval.
I don't understand the implementation. They already have a background process running (on my Mac it shows an icon in the menu bar) and that application talks to the network. Why use a second process? I can understand spawning a process to actually do an update once one has been downloaded. So what am I missing?
(and since this is HN: as for the updating, fine. It's no different from visiting a web site and having the pages served by different revisions of the back end, and it's not like it has a complex UI that could cause user confusion. I assume DB doesn't update all that often anyway).
If anyone from DropBox is in this thread. Did a DropBox update put itself on the toolbar of the Finder, and if so, did you test that functionality with a machine that already had a custom toolbar setup?
This makes the client a tempting target for court-ordered and government-ordered surreptitious and potentially individually tailored updates (i.e. a malware delivery service for any government). It's a very bad idea.
And if you're conscious enough about your digital security that you really do mind Dropbox updating itself automatically, why did you install their app in the first place? The only OS I actually expect to protect me from the apps I install is iOS, and only in combination with the AppStore review process.
From what I hear, Apple's attempts at creating similar safeguards in macOS with the Mac AppStore has not been received that well with developers because of the restrictions sandboxing place on the apps.