Dropbox removed ability to opt your files out of AI training::undefined

  • LastYearsPumpkin@feddit.ch
    link
    fedilink
    English
    arrow-up
    155
    arrow-down
    3
    ·
    11 months ago

    Why does dropbox have the ability to see your files at all? That seems like a pretty bad security flaw in the first place.

    • LufyCZ@lemmy.world
      link
      fedilink
      English
      arrow-up
      92
      arrow-down
      6
      ·
      11 months ago

      Because you gave them the files?

      If you don’t want dropbox to see them, encrypt them.

        • unexposedhazard@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          16
          arrow-down
          9
          ·
          11 months ago

          If you believe in any implementation of e2ee made by apple i wish you good luck in life, cuz u will need it with your naivety.

        • Plopp@lemmy.world
          link
          fedilink
          English
          arrow-up
          15
          arrow-down
          8
          ·
          11 months ago

          Apple makes a shitload of money from the devices and ecosystem that have access to their cloud storage, they don’t have the same incentive to use the data itself for profit. In fact, keeping the data as private as they can is a selling point for the devices and ecosystem they make bank from. Dropbox doesn’t have that.

            • Plopp@lemmy.world
              link
              fedilink
              English
              arrow-up
              10
              arrow-down
              5
              ·
              11 months ago

              Yes, and? It even says right there in the article that they have to balance the ad part to not demolish their reputation for privacy. It’d be extremely foolish of them to start accessing people’s private files like that if they want to still be seen as caring about privacy, and I can promise you they are fully aware. That doesn’t mean that they will always put an emphasis on privacy, but for now they do.

              • circuscritic@lemmy.ca
                link
                fedilink
                English
                arrow-up
                8
                arrow-down
                4
                ·
                edit-2
                11 months ago

                Oh, well then I’m sure Apple will be the first big tech advertising company that doesn’t violate their users privacy in search of more profits.

                Sounds like you have nothing to worry about.

                • Plopp@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  arrow-down
                  2
                  ·
                  11 months ago

                  I do have nothing to worry about because I’m not an Apple user.

                  Key words right there: “more profits”

                  Many iPhone users use that particular phone because of privacy, since the only other option is Google who has a well known track record of not caring about it. If Apple destroys their reputation for privacy they remove the biggest reason for why many users choose their phones, which often in turn leads to a buy-in to the whole ecosystem (=lots of money). They might as well choose Google then. That would be a loss of profits. For it to be worth it the data mining of people’s private files would have to on its own provide an increase in profits greater than the loss from consumers fleeing. And it might, but again, they’d lose a very unique and often times important reputation. That’s a big and risky decision for them to make - to radically change their whole public persona. My guess is they want to keep that reputation for as long as they can and use other means to make their ads effective that aren’t as blatantly privacy invading. Down the line though it will of course only get worse, because that has been the only trend in this world of enshittification.

      • kingthrillgore@lemmy.ml
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        11 months ago

        The downside is I used to use Dropbox a lot for collabs with others. We’re now using something else (Google Drive 🤮) but for a while, Dropbox was king.

        • Salix@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          edit-2
          11 months ago

          Then encrypt and share the password and/or key with your collaborators?

          You can use something like cryptomator

      • Tangent5280@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        Email is like the one critical part a lot of people miss when talking about taking control of your data. Imagine how much could be gleaned out of email history? Where you go, what you do, who you talk with, what you buy, what you rent, what media you consume, everything. If you dont have a lot of friends someone with your email account could pretty much just doppelganger you and go on as if nothings happened.

    • hersh@literature.cafe
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      3
      ·
      11 months ago

      There are drawbacks to end-to-end encryption (E2EE). I’m not aware of any E2EE cloud storage systems that have the features Dropbox provides. I would LOVE to know of any that…

      1. Support at least the big 5 platforms (Android/iOS/Mac/Windows/Linux).

      2. Have a functional web interface.

      3. Support sharing and collaboration.

      4. Have a search feature

      5. Sync to the local filesystem on a folder-by-folder or even file-by-file basis

      6. Integrate with other tools (e.g. android file picker)

      It’s not easy to do all that with E2EE, like a functional web interface, search, and integration.

      ProtonMail’s search, for example, is limited to subject and metadata, and that’s specifically because they DON’T use E2EE for that.

      I’m willing to compromise some of this for the sake of E2EE, but I’m not at all surprised that feature-first services are more popular than privacy-first services.

      • Ohh@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        You will probably have tradeoffs. And somehow need to script accept that at some point, you need to trust someone. At the very least with firmware. And you probably need to change workflow.

        I find cryptpadb works almost as well as Google docs did a few years ago.

        • hersh@literature.cafe
          link
          fedilink
          English
          arrow-up
          3
          ·
          11 months ago

          I just checked to see if I missed a big update.

          There’s still no Linux client, and it cannot sync files on Android (it only supports photo backups).

          I can’t work around that limitation on Android with FolderSync, either, the way I can with Google Drive, Dropbox, Box, or any WebDAV- or S3-compatible server. Since it uses E2EE, any uploads need to go directly through the app, so integrations are difficult.

          It doesn’t seem to have a search feature, either, at least not on Android. I can’t imagine there’s any content-aware search on the web UI, since that can’t be done server-side.

          There’s been some interesting research in homomorphic encryption over the past couple years, which might someday lead to encrypted server-side search. But I think there are still major hurdles to actually implementing it securely and efficiently.

      • Natanael@slrpnk.net
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        11 months ago

        1: easy to port E2EE, it’s just math

        2: browsers and E2EE is hard, you need an extension to implement it securely so the password can’t be made accessible directly to the server (you need it to remain secret even from the hosting company) or else you’re dealing with MITM risk

        3: easy by sharing encryption keys using E2EE messaging protocols on top

        4: encrypted search is a thing, but such indexes does tend to have some limitations

        5: still easy

        6: still easy, Android specifically have APIs to let apps register themselves to the file picker so they can transparently encrypt and decrypt files. But yes on other systems where 3rd party apps can’t offer such integration then it’s hard

        I’ve seen one called Skiff that’s trying to do most of these things

        https://skiff.com/pages https://skiff.com/drive

      • mitrosus@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        2
        ·
        11 months ago

        Mega uses e2ee and is available in all platforms I use. I don’t use apple. Web interface is very functional. I think it does support sharing files via link. Should have a search feature also, never used (because I know exactly where I keep my files). It does sync with locals. I don’t know about android file picker.

        Mega is not a good choice for Lemmy users or Foss activists, probably because of its history - which is not as clean as say next cloud, but is not like google either. As long as it works :/