| HN Mirror

Websites are sandboxed sufficiently that they aren't supposed to be able to do anything crazy to my computer or access any of my data as new versions come out: the same is not true of Dropbox. I don't want some system automatically upgrading the code running on my computer. I want to be able to download new code for my computer and choose to install it. This means that if there's a bug introduced by the new software in my workflow, I have at least some chance in hell of knowing what caused the issue: "oh yeah, I just upgraded Dropbox"; when Dropbox just upgrades itself, one day my computer just starts being unstable, and I'm essentially screwed. This is markedly different (and worse) than Chrome updating itself, as Chrome doesn't inject itself into other random processes or extend the functionality of other parts of my computer: if Chrome upgrades itself into something broken, I will almost certainly be able to notice when I start by closing everything that I'm running, one by one. Software that automatically upgrades itself is also subject to targeted attacks: maybe one day I, and only I, get targeted with a new version of Dropbox, maybe not even being sent to me by Dropbox (due to some MITM-able flaw in their upgrade system) that is actually spyware. When I manually download new software on my schedule, particularly if I'm downloading it manually with a web browser, especially so if I download it once "anonymously" and reuse the download on all of my computers, I can feel a lot safer that I'm not being targetted. This is just so so so fundamentally different than a new version of a web site :/.