
Dropbox responds to accusations its Mac desktop client hacks OS X security - doener
https://techcrunch.com/2016/09/09/dropbox-responds-to-accusations-its-mac-desktop-client-hacks-os-x-security/
======
nicky0
> [...] Dropbox’s Ben Newhouse, from its desktop client team, told TechCrunch.

TechCrunch, FYI: quoting an HN comment doesn't really count as "told
TechCrunch".

~~~
labrador
I'm assuming TechCrunch contacted Mr Newhouse to verify that he wrote that HN
response, so he did tell TechCrunch. It would be a bigger journalistic problem
if they didn't verify with Mr Newhouse and just took text from some commenter
purporting to be Mr Newhouse.

~~~
vmasto
It still doesn't count as "told TechCrunch".

~~~
recursive
Would it count if he then repeated the words as well? What are you looking for
?

~~~
Dylan16807
> What are you looking for ?

Probably for TechCrunch to use a term like "said" instead of involving
themselves after the fact.

------
stephenr
So whether this is just the HN comment copy/pasted or if they followed up, I
don't care. There are much bigger issues in tech journalism to worry about.

Even more concerning is the actual response.

Basically the comments on the earlier HN thread and then the quotes on the
article show their point of view being that what they _did_ isn't a problem,
just that they got found out and it paints them in a justifiably negative
light.

This is one of the exact reasons why I _very much_ prefer to get apps from the
Mac App Store: Sandbox enforced; No setuid; No privilege escalation; No
futzing with the OS UI.

------
lucb1e
Tomorrow: TechCrunch responds to accusations of copying from Hacker News and
calling it "Mr. X told us"

I actually think Ben just told TC the same as he told us, so no foul play by
TC or anything. They're just not reporting anything new at all.

------
Dylan16807
"However, the company’s justification for utilizing the Accessibility route to
gain root access did little to impress some critics."

That.. no. They use root to gain access to Accessibility!

------
ubanholzer
«[...] Dropbox’s Ben Newhouse, from its desktop client team, told TechCrunch.»

He wrote this on HN..

------
f_allwein
Not so bad, actually. At least Dropbox has commented on it and is ideally
working on making some improvements. Plus, a big tech site has picked up on
the story, so a lot more people are aware of it now. And finally, it looks
like HN played a role in raising this issue.

Still not an ideal situation, but could have been worse.

------
onewhonknocks
Hanlon's razor, gents. Maybe Ben just sent TechCrunch the exact message he
posted here.

~~~
IANAD
Please stop with the razors. Someone will get cut.

------
matt_morgan
Sounds like more or less nobody at Dropbox knew how that stuff was getting
done either.

------
danieldk
Modern-day tech journalism: cut and paste together some quotes from Hacker
News comments.

[https://news.ycombinator.com/item?id=12464730](https://news.ycombinator.com/item?id=12464730)

~~~
tekacs
I'd love to hear what exactly folks consider to be wrong with that.

I've seen this sort of criticism in a few places before, but especially in
cases such as this where someone from the company responded and talked of
making change, being on top of happenings like this seems like a reasonable
thing to do.

It certainly seems better than the old 'ask random people for their opinion'
approach of conventional huge media.

I'm struggling to find links to posts about this, but it's not too hard to
point to cases, both mentioned online and through my friends, where utterly
unqualified opinions were sourced based on journalists using indicators like
'owning a domain name' as proof of a person's authority on a topic.

Edit: at least on HN and social media you can verify the full text of what
someone said after the fact and oftentimes even look up their background!

~~~
danieldk
_I 'd love to hear what exactly folks consider to be wrong with that._

Ben Newhouse's answer left quite a few questions open. How about poking him or
Dropbox a bit more? For instance, competing products (OneDrive, Resilio Sync,
etc.) provide similar functionality without placing SUID 'backdoors'. Given
that OneDrive's client is distributed via the app store, I'd guess that it
even uses OS X sandboxing.

What about asking a security expert (or perhaps Apple) to comment?

A good journalist doesn't just literally relay information, but provides
context/interpretation.

(Of course, it's in TC's right to do this, but it doesn't add much to the
conversation.)

~~~
tekacs
All valid points, although perhaps it's more in their interest to publish
soon/rapidly/without dedicating much effort to every post that they put out?

What you're describing may be in line with what we expect from conventional
journalists, but media put out starting at once a day is a different medium
with different constraints, is it not? Don't the even faster media forms
(intra-day news on TV, radio) have more people on board to help make that
process happen quickly?

------
exmuslim
"Joutnalists" really have their work cut out for them these days, quoting
Reddit and HN comments is hard!

~~~
ptaipale
If they actually pick a comment from HN and then _verify the authenticity and
expand on it by interviewing the author_ , then I think they are really doing
their job.

