Hacker News new | comments | show | ask | jobs | submit login
Dropbox Hasn't Learned Their Lesson (sethvargo.com)
553 points by rcarmo on Oct 1, 2016 | hide | past | web | favorite | 191 comments

For folks looking for a Dropbox alternative, I recommend Syncthing [0].

Syncthing is a free software (MPL-2.0) cross-platform [1] and decentralized peer-to-peer file synchronization utility with end-to-end encryption, and with support for relaying [2].

Check out their getting started guide [3].

[0]: https://syncthing.net [1]: https://docs.syncthing.net/users/contrib.html [2]: https://docs.syncthing.net/users/relaying.html [3]: https://docs.syncthing.net/intro/getting-started.html

I've recently started using Librevault after seeing it on HN a while ago, and really like it so far: https://librevault.com/

HN thread: https://news.ycombinator.com/item?id=12261409

Here's a nice overview of differences compared to Syncthing from the developer: https://news.ycombinator.com/item?id=12262704

Offering file watching without any extra configuration and supporting decentralized discovery though the mainline DHT are its most compelling advantages over Syncthing for me.

One major reason I use Dropbox (other than the fact that it has, for the most part, "just worked") is to get files from the cloud on an as-needed basis on iOS phones and tablets. Considering my home Internet connection is not good enough to handle outgoing requests (like a server), I still need an online location to store maybe 20-30GB of files at a low price (my Dropbox account is a free one with a lot of bonus storage) that can integrate with solutions like Syncthing or Librevault or anything else. What are the options for those?

Syncthing can be weird at first, LibreVault seems more like Dropbox but doesn't provide a server.

Try https://hubic.com/en/offers/ it was created by "The number 3 internet hosting company in the world" OVH works quite well if you don't mind the dated interfaces

If you're okay with spending a small amount of money, you could spin up a VPS somewhere and run Syncthing/Librevault on it. For $5-$10 a month, you should at least be able to get 20 or 30gb of space.

You can get a VPS with 30 GB storage for $20/year[1]. Payment options allow to pay $11 per 6 months.

[1] https://www.vpscheap.net/pricing.aspx Section “Budget Servers”

Can you offer "public shares" with that?

I see it has no mobile clients, that's almost a dealbreaker for my every-day use. Syncthing runs great on my Android.

Have they solved their discoverability issues? I haven't used it in a looong time but too often it would fail to sync two computers in the same LAN unless the daemon was restarted several times until they saw each other.

Could I rely on this just like I would rely on Dropbox to instantly get my files synced or do I still need a centralized option for that?

This was actually the question I had when I decided to try Syncthing again a few months ago.

I've been using it for a while now, and though I feel there's room for improvement, it's definitely much more reliable than it used to be before and I haven't had to restart the daemon multiple times.

As for your second question about instant syncing, there's syncthing-inotify [0] which detects file changes immediately (instead of 60 second rescan interval), but I haven't tried it yet.

For syncing outside your local network, Syncthing supports relaying, which I linked in my previous comment.

[0]: https://github.com/syncthing/syncthing-inotify

syncthing-inotify works great! I have been running Syncthing with this plugin for about a month now and I haven't had any problems with it.

I started using Syncthing for some of my projects after Dropbox stopped syncing files without notice for the third time. The failed Dropbox syncs were related to either C++ or Doconce+LaTeX projects where many temporary build files were being modified often. Syncthing doesn't seem to have a problem with these files, and it is even possible to configure Syncthing to ignore specific file patterns if you just don't want it to sync such files at all.

Are building software in your dropbox folder? I mean, it should work, I guess.. but why on earth..

It isn't optimal, but it used to work. I kept C++ projects on Dropbox in addition to Git because I work on multiple computers and want to be able to continue where I left off if I get interrupted. I don't like the idea of having to commit and push to git for all work in progress, even if it is on a separate branch.

The default setup in Qt Creator is to have a build folder next to the sources, but after the first big sync failure I configured Qt Creator to always build outside of Dropbox. But I experienced failed syncs after that, even with only C++ sources inside Dropbox and when building Doconce+LaTeX projects.

Yeah... is there a "gitignore" option for dropbox or alternatives (like Syncthing)?

I mean... there's a certain point where you are now syncronizing "crap" that shouldn't be needed (bin/obj/etc)...

Syncthing has the .stignore file: https://docs.syncthing.net/users/ignoring.html

I have relay disabled so I can only comment on the LAN experience. Been using Syncthing for about 6 months on Mac, Windows and Linux with great success and no discovery issue.

What about SpiderOak, if you still want something centralized?

If you want to access your own files anywhere, you're not really in it for the sync aspect, and you're willing to host your own, there's this great piece of software called OpenSSH, that implements remote shell access as well as a protocol called SFTP that you can use to remotely access files. There are clients available on all systems, frequently installed by default, it's incredibly secure - you may have heard of it. It's kinda new, and the up-and-coming thing in personal cloud software. The investors are really excited.


I've been using SpiderOak for over 6 years now, and three things haven't changed:

Their UI is crappy and laggy, and doesn't look like it belongs in any platform.

It takes forever to sync files between devices.

It sometimes gets confused when I rapidly switch between branches in a git repository, touching thousands of small files each time.

But I love the ability to pick and choose exactly which files and folders to backup and sync. SpiderOak adapts to my workflow, instead of demanding that I put my files in specific folders. If inefficiency is a necessary cost of combining this kind of flexibility with full client-side encryption, I can live with that.

I've been pretty happy with SpiderOak overall. I lucked out and got a coupon to get 'unlimited' space for relatively cheap, so I like that I can back up all of my machines without worrying about needing to pay more.

1000s of small files, or one rapidly changing file cause me problems as well. It's also annoying that each client has to decode new data whenever something is backed up on another machine. This causes my cpu to hit 100% on my laptop while my desktop is backing up a bunch of new files.

[Edit: Removed an incorrect statement about SpiderOak Hive.]

I agree, the UI is not great and it's quite slow. It often uploads the same files again and creates multiple versions, with no way to delete older versions of files at a folder or device level. The skewed non-linear pricing is also heavily biased toward those who use less but like the 1TB option, with the next tier below being a paltry 30GB.

The thing I miss most from spideroak is the ability to upload from phones and tablets.

I was looking fir a way to easily _move_ (not copy) a file on a different device through the syncthing interface. The alternatives I know of are scp and SFTP. However, in that case, you need to know the ip address of your devices. My devices tend to change networks often, so it would be nice to easily scp or SFTP to a device, through any (secure) means possible, without having to check their IP addresses every time.

Please let me know if you know of such a solution!

Yeah, so SCP/SFTP copy, not move (but you can delete the copy from the original computer to simulate that, which is your plan, I assume). Here's my solution:

I have a central SSH server where I store all my files. When I want a file on a given device, I pull it down from there. If I want to add a new file or update a file, I push a file up. Pretty simple. You do need at least one computer that stays in a constant location (typically at your house) to do this. From there, you portforward SSH to a high numbered port (it keeps every bot in the world from knocking, and some ISPs block 22) on your router. However, if you're like most of us, your ISP doesn't assign you a static IP. But, because your IP probably changes only rarely (probably only sometimes if your router goes down), you actually needn't use dynamic DNS. Furthermore, because you aren't actually publishing on that address, you can use any domain, regardless of ugliness, and there are plently of DNS services willing to offer you a subdomain for free. I reccomend freedns.afraid.org, myself.

It doesn't work for everyone, likely, but it works well enough for me.

> so it would be nice to easily scp or SFTP to a device, through any (secure) means possible, without having to check their IP addresses every time.

If these are public IP addresses, any DynDNS provider could work well.

If these are internal IP addresses chosen by DHCP and you control the DHCP server, pin the MAC addresses of the devices to fixed IPs. They will still do DHCP, but get the same IP every time.

Do you have a computer that doesn't change IP?

You can use it as a way to bridge all computers. Basically, have all computers create a tunnel to this computer and then you can access them.

I do something similar with a small VPS, but it could be something at home. What I do is that all my computers automatically connect to this VPS and bind to a different port. This is with SSH (and autossh). If I want to access computer X, I can SSH to this VPS use the port that I know computer X has.

For your scenerio, you can forward this port to your local machine and run rsync -p to it...

Thank you for the suggestion! I like it, and it is somewhat what I had in mind for thing. You access all the devices the same way.

That, I would use maybe half the time. However, sometimes my devices are on the same network. What if both of my devices are on the same network? I think that I would prefer not to send the files through the internet in that case.

One solution for each vae would be nice (please share if you do have one). However, one solution for both would be nice.

Assuming your server is also at home, what will happen is:

    Computer A > router > local server > router > Computer B.
Instead of:

    Computer A > router > Computer B
You can use some scripting and configuration to get the second one if at home. But basically you have to have a way to guarantee that both devices are at home.

To make sure both devices are home, you can assign static IP at the router level to the devices.

Now, if both devices are wireless.

    – Check you are home by checking the SSID you are connected to.
        – If you are home, ping the other device static ip.
            – If it responds, you can connect directly to it

If any of these fail, connect to example.com.

Well, if you've got a computer in your house, you can use that as the server (as I described another post, above), and if it's in your house it would likely be on the same network as your other devices.

Does it have seemless integration with drag n drop plus sll this setup automatically on install? And on each supported platform? This combo is Dropbox's market.

No, no, and no. That's why every consumer doesn't have one.

But for most HN readers, if it's the sort of thing you're looking for, it'll do the trick.

Anyone like this comment but don't like|want|willing to deal with command line in windows, I recommand SyncTrayzor[0].

From My understanding, SyncTrayzor is the GUI version for SyncThing with MIT license[1].



I have been using Box at work and it is rather nice. It is fairly unobtrusive. Granted, I don't use the desktop integration just open stuff over the web page, upload files when I need. There is an interactive notes and presentation editing.

I think Dropbox's problem is mostly Google. I used Dropbox at home but once Google got their drive up to speed and it integrates with other things like Gmail and such, it is hard for me to justify using Dropbox. So I uninstalled it and just use Google for everything.

Seafile is more like Dropbox, Syncthing does much less (but does so very well.).

https://www.seafile.com/en/home/ / https://github.com/haiwen

This is how simple it is to set up the server https://manual.seafile.com/deploy/using_sqlite.html

For folks looking for a Dropbox alternative, I recommend Syncthing [0].

Syncthing is great if your goal is to synchronize files between different machines. However, if you want to share files/folders with people who do not have a strong tech background it's not really an option.

rclone ( http://rclone.org ) is the perfect tool for that. It is a command line program which tries to work like rsync except copying to cloud storage providers (Dropbox, Amazon Drive, S3, Google Drive, B2 etc) . By default it will copy the files 1:1 file to remote object.

I use it to share stuff on Dropbox. I run Linux and have never installed the Linux client (if there is one, I don't know!)

PS I wrote rclone!

My only problem with syncthing is how much CPU it eats up when you have a lot of files under sync, regardless of if you use file watch or not. Is there a way to reduce its tickrate so it isn't constantly checking files for changes?

You can increase the rescan interval in the folder settings (advanced settings section). If you use inotify, you can just set it to 0 to disable automatic rescans.

In that same spirit there's also BitTorrent (BT) Sync: https://www.getsync.com. Seems it's branded as Resilio nowadays.

yea but you need a login and have to pay for p2p. syncthing does the same but free and without a login.

no you don't. i p2p my files and don't list trackers in their public database so don't need a login. offhand i'm not sure what you need to pay for, but i haven't needed those features -- i think they're targeted more around permissions and acls that individual use doesn't really require.

The best Dropbox alternative IMO is https://mega.nz/

Hi folks, Ben from Dropbox on the desktop client team --

This is an experiment that is being tested with a fraction of users primarily on beta releases (which Seth is on, as evidenced by the version number in his screenshots). We haven’t shipped it to everyone so that we can continue to iterate and incorporate feedback. I checked with the team about the “Finder Toolbar” drop down and it looks like it requires a restart of the Dropbox client in order to take affect — let us know if that doesn’t work.

Hi Ben from Dropbox. You seem to completely miss the point. It's not about the feature itself, it's your way of "hacking" or "injecting" Dropbox features into places the user didn't expect.

This is not the first time that Dropbox ignores the system guidelines (or even permissions if the user explicitly disallowed Dropbox access to Accessibility features). Why are you ignoring the feedback concerning Dropbox' way of "hacking" itself into system areas like Finder?

This is not true for everyone. I find Dropbox especially useful because of its Finder integration and the whole experience feels really intuitive and not something i didn't expect..

Agreed - this kind of integration is part of what I like about Dropbox. I understand the original poster is upset the option didn't work, but he's also opted into the beta releases - is not finding issues like that kind of the point?

Pretty sure most people use Dropbox exactly because of its seamless Finder integration...

File system integration, maybe. Not finder integration.

Finder and Windows Explorer integration is great. This may be a bit intrusive, and it is a beta option, and it can be disabled.

On Windows, immediately adding Dropbox to 'Favourites', and the icon integration to show sync status is an awesome feature. It is invasive for Dropbox to hijack your icons and overlay a checkbox? Yup. But incredibly helpful in my opinion.

Maybe it isn't everyone's cup of tea, but the close integration with file browsers on multiple OSes is (was?) definitely one of the differentiating aspects of Dropbox, polarizing or not.

Although I have mixed feelings about Dropbox's approach on Mac, there is one key difference to the Windows implementation that makes the situation incomparable: Windows explicitly provides APIs for file badges and other extensibility features.

In recent versions, yes. Dropbox has monkey-patched less over time but it feels like they were one of the user successes which lead Apple to prioritize adding new official APIs to remove the need for ugly workarounds.

To normal people, those are the same - and convenience matters more than some seemingly arcane technical nuance.

No, Finder integration. I rarely care about the underlaying filesystem, but always about the primary UI.

I completely and absolutely disagree.

Seamless Finder integration is why I like Dropbox. Sure, this is an annoying bug, but I'd hate it if the stopped doing it.

In 2011, a startup I was consulting with standardized on Dropbox (gratis at the time) to sync design files. Even back then, I was wary of Dropbox's ability to sync files at the level of the Finder/OS with badged folders.

To me, the Finder integration was straight up spooky, suggesting an extraordinarily high risk profile.

When my consulting gig was up, I uninstalled Dropbox precisely because of the Finder integration, and I have advocated against using Dropbox as a file-sharing solution in all subsequent consulting arrangements.

I've also avoided using it as part of my day job, even though some of my teammates used it.

Not entirely clear why you are posting this?

It's clear that there is some diversity of opinions on this topic, but we already knew that.

To me, your datapoint shows that Dropbox is right to behave the way they do: in 2011 you thought it was high risk, they have kept with that behavior and yet nothing bad has happened. I'm unsure if that was your intention, but that is how it looks to me.

It is entirely unclear why you think this is particularly risky: If Dropbox can do it, then other malicious programs can too.

Dropbox's behavior creates no additional security risk, but increases the usability of their software.

If there really is a security problem here, then surely that is a problem with the OS, not Dropbox, and it is the OS that should be fixed?

My reason for making my earlier post is unclear because I buried my lede when replying to the GGP. That lede should have been something like "Finder integration is not necessarily a selling point to security-minded users."

To my mind, the security risk comes in having multiple points of connection in the local file system that are tightly bound to files on an external system.

In the case of inexperienced users (and even a few experienced ones), those points of entry could be scattered throughout the local file system. Consequently, these external files were effectively pipelines from systems all with unknown security profiles. This combined with the Finder integration troubled me enough to stop using Dropbox as soon as was practicable.

EDIT: Clarify meaning in first sentence. Correct plural. Split last sentence into two. Change tense.

So your problem is with Dropbox's main purpose of existence?

That's fine, but don't pretend it has anything to do with the finder integration. A more consistent position would be to praise that because it makes the other functionality more visible, reducing the security concerns.

> That's fine, but don't pretend it has anything to do with the finder integration.

I wasn't pretending but was, in fact, the victim of my own faulty rationalization.

That is, you're right that Finder integration has nothing to do with connections to potentially insecure systems.

By way of explanation: when I first saw the Finder badging, I intuitively understood the insecure nature of connecting my system to others. So, I conflated the two ideas in my head: "Finder integration is terrible", which of course is just plain wrong.

It was never my purpose to misrepresent my feelings. I wasn't "pretending". I simply tried to make rational something I only intuitively understood.

Good catch. Thank you.

"I formed an opinion in 2011 and I continue to hold it now."

Sure, this is an annoying bug, but I'd hate it if the stopped doing it.

You've also missed the point of the rant. It's not that this specific thing has bugs, is that it takes control and ignores the user's preferences.

Based on this thread, it appears that "ignoring user preferences" is a bug: others are reporting it works for them, and someone from the company has specifically said that it is supposed to work.

My comment is based on that assumption.

If you don't want dropbox integration so much what do you want the client for? Use the browser instead. It kind of beats the point of a desktop client if its featureless.


could you please start including proper changelogs in your release notes on the Dropbox forum?

Beta testing makes no sense when the changelog states "bug fixes and improvements". That's also a common complaint of the people in the forum, which you're ignoring completely.

It seems that they are ignoring pretty much any user feedback. People are complaining everywhere about them polluting the web interface Dropbox Business/Team advertising, even for paying Pro users.

The best you can get is 'I will forward this to the team', but usually there is a wall of silence.

Please Dropbox, fix this, listen to your most valuable asset, paying users!

I have restarted both the client and my computer. No results.

Why didn't you post that you were on a beta version branch?

Choosing to use beta software and then posting rants about something you don't like is a pretty shitty thing to do, especially without disclosing you are using a beta.

@moefogs - your reply is dead so I can't reply directly. You are wrong though: you choose a beta build via this: https://www.dropboxforum.com/hc/en-us/community/topics/20021...

Edit: Also the language I used was a reference to the language in the authors post. I agree somewhat that was unnecessary, and I accept that I could have said the same thing different ways.

Thanks, circling back with the team...

Edit: if you'd be willing to file a ticket here: https://www.dropbox.com/support/s/219/5481540/c/219 with "att. Of Luke" in the subject it'd really help us get to the bottom of this.

When will you implement email verification before creating accounts? Security is job 9 at DB.

I am going to cancel my premium membership. It was due for renewal, but I am not going to do it. Don't like the direction this is all heading.

Stop. Hacking. My. Mac. Make every shit feature like this explicitly opt in. FFS any decent Product Manager would know this is a ridiculous way of integration (mysterious and with no obvious control). I'm about ready to move my business somewhere else.

You do a realize that if Dropbox used only official API's it would never have been a product in the first place right? Other products sucked because they used the official crappy Apple API's.

Why on earth do you people want to keep fucking with the OS like this? Why can't you just knock it off?

Question... When are you folks going to grow up and iterate and ship transparently and responsibly? Will that be before or after I have to cancel my account?

If you intentionally install a beta version of a piece of software, you get to deal with bugs. If you don't want bugs, you stick to stable versions. You are literally choosing to test new, buggy functionality by not using a stable version.

They don't report any change logs, features, bug fixes, or anything else regardless of whether it is a beta or stable release.

When shit goes sideways, you have no idea what is broken. Logging also seems mostly non-existent, at least via macOS' Console app.

Shit went sideways around 9/23 for many people across different platforms. It was definitely on the service side, but status.dropbox.com reported no problems. At some point on 9/26, someone fixed it, but no one was notified. Most people eventually re-tried, for the 100th time, of unlinking and re-linking their account. No system logs showing problems and no reports from Dropbox.

If it wasn't such an established service, i.e. widely supported by applications, I'd have ditched it long ago.

It's not a matter of maturity, it's a matter of which development methodology is conducive to rapid progress for the greater good.

>If you were any other company, you would be liable for a lawsuit for hacking. Please stop using your position as a company to hack our systems.

This post is full of ridiculous hyperbole, and it really detracts from the actual message.

"Your honor, the defendant installed a hacky UI overlay element on my system."

stunned silence in the courtroom

Thanks for the feedback. I've removed the rants about Dropbox the company to focus on the UX and lack of disabling issues.

You're using a beta version of Dropbox, right? I haven't seen this behaviour on the regular non-beta version I'm running.

You'd expect bugs in beta.

Bugs, yes.

Blatant disregard of user-specified OS-level permissions and inability to access your own files when there are more than fifteen in a folder, no.

Keep in mind Dropbox literally got its start with adding the sync icons in Finder when Apple said it could not be done. The entire company was essentially based on their ability to make a better user experience through a tighter integration with your files then was technically allowed at the time. I'm not saying you have to find that acceptable but it is what it is and its the reason why millions of people have heard of Dropbox and proclaim its joys.

Anyway both things you mention are bugs even if you find them frustrating. The original poster was having issue with the option to turn off the Finder integration but the option was put there so you can control it. The only reason you can't access files with more than fifteen in a folder is clearly due to a bug in the beta.

If you want to say that a company the size of Dropbox should never have bugs of that scale even in their beta, then I would point at several of Apple's broken iOS updates (bricking phones, etc.) or Samsung's recent Galaxy Note 7 fiasco as evidence that much larger companies ship software and hardware that isn't in beta and has undergone much more due diligence with catastrophic bugs.

Anyway I don't use Dropbox really but I felt compelled to comment because I couldn't understand how you could say you expect bugs but don't expect the reported bugs in a beta.

You're right: in a sense, "everything you don't like is a bug". But it still seems important to distinguish "they broke the entire permission model, where I can no longer trust the sandbox boundaries" and "I'm locked out of crucial parts of my system" from "gosh, this is slower/more confusing than I might like".

I'm not sure the beta testers understood they were giving up that level of control by installing Dropbox's new software. The post's author certainly didn't.

True, Dropbox got away with grabbing permissions that apps shouldn't have, and then getting away with it. But it's still IMHO a bit more than a bug to take this attitude of "let's take whatever we can! It's Easier To Ask For Forgiveness..."

> But it still seems important to distinguish "they broke the entire permission model, where I can no longer trust the sandbox boundaries" and "I'm locked out of crucial parts of my system" from "gosh, this is slower/more confusing than I might like".

Well, if they succeeded at that it means the permission model is broken, and you can not trust the sandbox boundaries, whether you have Dropbox installed or not. So no reason to be angry at Dropbox; ask Apple to fix the sandbox model instead.

Dropbox is not a sandboxed app on macOS.

Yeah I hear you. I wouldn't say "everything you don't like is a bug" but if there is a dropdown to select something and it doesn't work then its a bug.

If not in a beta, where would you expect these issues to be revealed?

I am guessing that Dropbox has roughly 4 stages of "releasing":

1. Something for devs working on this feature get to see it in action. I would guess this means a few hundred people see this release.

2. A release for dropbox employees. I would guess a few thousand people see this release, and since they work at Dropbox I would guess that 99.9% of them keep these features enabled.

3. A beta release. This is the first time that we are likely to see anyone who actively disables integration features use the product, and even that is probably minimal.

4. Official release.

You are extremely unlikely to see people disabling features like this in (1) and (2) unless the feature is so broken they can't use it. In fact they probably encourage people not to disable it so they can get more feedback about how the new integration is working. This leaves (3) the beta release as the most likely spot for this type of bug to pop up.

This isn't a non-reversible bug. It doesn't delete your files or do anything that can't be reversed by reverting to an official release of Dropbox or quitting the app, both of which are relatively easy fixes.

It also isn't a bug that is likely to be caught by the majority of Dropbox users. Based on my interactions with people, at least 75% of them keep the OS integrations enabled. Only techies even consider disabling it.

As a result, this seems like exactly the type of bug that I would expect to see in a beta release, and I can't see any real harm in it making it that far.

Don't you think it's possible that it is just a bug that "enable finder integration" being unchecked doesn't disable this by greying out "finder toolbar" and disabling it?

Agreed. The relevant part of the post seems to be the UX issues.

To sum the post up to avoid this in the future :

- OP needed to state he used the beta release, which are prone to be in an unfinished state,

- Dropbox needs to be more transparent about their releases, with including proper changelogs (they're only stating "bug fixes and optimisations" in the Dropbox forum). If you're adding/changing the UX in some way, document it. If you want a feature to be developed discretely, make a private beta, but still - document it.

It's an opportunity to learn something from this.

Dropbox still refuses to answer why their client takes up a ton of CPU anytime there is IO on the system. It seems like they are monitoring ALL filesystem activity, not just the Dropbox folder. What they are doing with that data I have no idea.

They prompt continuously for access to Accessibility and the "control other applications" permission, no matter how many times you deny it.

As soon as I finish this project (where I need access to Dropbox) I'm uninstalling it.

"Don't attribute to malice what could equally be explained by ignorance" is one of my favorite sayings and though I would hesitate to attribute ignorance to Dropbox I do feel some empathy when it comes to dealing with multi-platform file-system permission settings.

I think it's completely reasonable to suspect at least some of Dropbox to be old code pushed quickly into production and caste almost instantly into legacy-matenence-mode that can not be easily refactored or iterated upon ("move fast and break things har har"). While this is almost inexcusable for an established and well-funded company that does not have a shortage of resources to fix the problem, I find it significantly more likely then some 5-eyes-esque surveillance or data mining strategy as you allude to.

I think the original quote is


The Jargon quote was “Never attribute to malice that which can be adequately explained by stupidity”. [1]

[1]: http://www.catb.org/jargon/html/H/Hanlons-Razor.html

I uninstalled it a while ago. It was like one of the first things I'd install on a new OS but all these weird ass hacks and stuff irks me. Losing trust of their users is not good for a cloud storage company.

Just putting this here so that the Dropbox employees who inevitably read this can be aware: I've used dropbox for 5+ years, and as a paid user at that. Today I deleted dropbox because of the recent shenanigans and bad press as well as because there is a lot of high quality competition in the synced file storage space that I can turn to.

My experience is that file sync is all about edge cases, and there are so, so many. I believe Dropbox is the only one that has solved most of them (a function of time, energy, and large user base).

A colleague just had google drive not properly syncing for 2 weeks, and all of the sudden it started working except it overwrote a very active Sketch file with the two week old copy (and no duplicate "conflict" copy made as Dropbox does). Google around and you'll find many such stories across all services.

I would like to present a counter to this. I recently became a paid Dropbox user just because of the convenience I have experienced through the Finder integration.

Another thing the OP hasn't mentioned is which service he/she will move to. Dropbox is by far the best file sharing/storage product I have used. I don't think about sharing/storing files anymore - all the tools and convenience Dropbox offers (and Finder integration is a big part of that) take care of this itself!

What service did you end up with? Do they offer full rollback if files get encrypted by ransomware?

Out of curiosity, what did you switch to?

Not op, but SeaFile looks nice.

With a brief look at the alternatives, Tresorit [1] looks quite nice with their encryption features.

[1] https://tresorit.com

It doesn't look like you can install Tresorit on your own webserver.

Nextcloud is decent as well.

it's also quite stable. We never had an issue in ~ 2 years with ~ 20 users.

What solution did you turn to, if any?

Not parent, but Google Drive has always been great for me. It has much improved from the clunky offering that was the release version. the only trouble I've had was corporate proxies, but God knows what hackery makes Dropbox work in this case.

Now you have the ability to selected nested folders to sync, it does everything I need, and the storage is shared with Gmail, Photos, etc.

Unfortunately, Google Drive has quite serious issues for heavy users of file synchronization (the last time I tried it):

* It does not do chunked syncing. Change one bit of a 5GB file, it gets resynced completely.

* You cannot get a list of shared files/folders. You basically need to check sharing per file/folder by hand or write/use a Google Apps script (which is very slow).

* It does not support LAN sync. When I share large directories with colleagues on Dropbox, sync is very quick, because the transfers are just over the local network.

* The last time I tried, the Google Drive client regularly had problems syncing some files when syncing a very large set of files.

(* There is no first-party client for Linux.)

Next up - Dropbox starts conditionally disabling features if it detects that the user is a developer (i.e. XCode is installed or Terminal.app is in the list of running processes).

This is just blatantly false... the setting to disable the feature works after you've restarted Dropbox, just as the UI tells you to. Proof: https://twitter.com/ummjackson/status/782387668713771008/pho...

I'm toolbar free and it was a very minor inconvenience - not worth a rant-filled blog post like this.

Before you even posted this comment he already replied saying restarting Dropbox didn't work.


It's obviously a bug in his environment... this is a beta feature they're testing and hence not perfect. I've tried on multiple machines and it's working. Perhaps he should try a reinstall. Agreed it's annoying, but worthy of an entire blog post? Eh, not really.

I see in the screenshot of the settings at the bottom "Finder Toolbar" set to On. Is that not how you disable this?

That wasn't present in 11.4, so that seems like a good bet. Still seems like a useless feature.

Unfortunately that doesn't disable it. I've updated the post to make that point clearer. It seems like that option was added, but doesn't actually control anything. Maybe that UI option was never actually wired into the functionality /shrug.

disable and restart finder. works here...

That refers to the native toolbar.

I'm not sure why people still use Dropbox besides inertia.

I mean, it's not even competitive on the pricing. 1 TB @ 9.99$/mo while Microsoft gives you the whole Office suite plus 1TB of OneDrive at less than that.

I switched from Onedrive to Dropbox about 3-4 months ago for several reasons.

1) I have zero usage for MS office, and if I did I could just use my wife's version she got for being a student. So this isn't a value add for me.

2) I find the web interface and the windows integration much better on the dropbox side

3) Most importantly, Onedrive has zero support for tracking versions of non-document files. Since I have the extreme need to quickly exchange files between my several computers the last thing I need is for some ransomeware to get activated by some 0-day and compromise my primary backup. Yes I have secondary backups but it is not nearly as easily as rolling back files in dropbox.

4) I REALLY did not like how integrated windows is with OneDrive, going as far as making it a royal PITA to not make it the default save location for new files, and the complication of now having 2 "My Documents" folders.

There were other misc issues that I had with Onedrive that I can't remember at this point in time but I really did not like one drive as a whole and have been happy since moving to Dropbox.

Because it works, it works reliably, and it does so on all of my devices. That isn't the case with most of the competition that I've seen or tried.

I find the interface (both local and web) to be much nicer with DropBox as well, especially over things like Drive.

The price differences are relatively small, and I have no use for the Office suite.

My company pays for both and I had the same thought recently, but the consensus from the web seems to be that the Mac OneDrive client doesn't work very well.

My big problem with OneDrive is that it complains about some of my filenames and won't sync them until I change them to meet their requirements. So, I'm only using their free plan until that changes. I only have a few things there right now.

Price sensitivity to consumer SaaS always catches me by surprise. Ten dollars a month is a rounding error in most budgets, a single grocery store impulse buy.

It's more about paying for something you're likely not going use or need. They only offer the 1 TB tier which sounds great, but I wouldn't be surprised if most people used at best 5-6 GB. Enough to fill the 2 GB free plan, not enough to justify the 1 TB, but there's nothing in the middle.

Also, subscriptions add up quickly. One less is always better.

The competition (Google, Microsoft) can probably only offer intermediate plans because they subsidize cloud drives with other products (Office, ads, etc.) to do a quick land grab. I am pretty sure that it will be hard to provide 1TB storage for $10 per month with heavy redundancy, proper security, support, etc. So they need to get their margin from people two use significantly less than 1TB.

Also, you are not only paying for storage, but also maintenance of network infrastructure and the client/server software.

It adds up. A few bucks for dropbox, a few for music streaming, a few for audible, a few for repo hosting, a few for test vms, a few for something else. Suddenly you're paying annually over $1k for all the services that cost you less than ten dollars a month.

I did mix up consumer and development, but I think the general point still stands.

I did mix up consumer and development, but I think the general point still stands.

I don't think so, especially because you are mixing the two. For an employee that costs $6000 a month, $10 per month per employee that increases productivity significantly is a steal.

If you have a household budget where you can spend $100 per month on luxury goods, you might want to forgo the technical advantages of Dropbox over competitors and opt for a competitor that undercuts Dropbox' pricing.

Ok, shouldn't have mixed them. What I meant is that you can replace the VMs with netflix, instagram filters, or some other consumer services. There's lots of standard luxury goods-like services available. And you're right - you may go with the cheaper competitor when you don't have that kind of money to spend on something not necessary.

The parent said: "Price sensitivity to consumer SaaS always catches me by surprise." - which is what we both seem to agree on - even consumer prices add up and people will go for cheaper alternatives.

I said this last time but it bares reiterating:

Dropbox circumventing security restrictions is particularly worrying because they have board members who support warrentless surveillance.

In my mind Dropbox became a company not worth supporting when Rice joined Dropbox's board (http://www.drop-dropbox.com/). Personally, with a board member who advocates warrentless surveillance it seems unlikely that we share similar views on the security of my data, and I wont be using their service.

I remember the last time I used dropbox on my laptop. I tried to open a random file outside my dropbox folder and I got the error message that I can not open it because it is used by dropbox at this moment. I deleted the desktop app at that moment.

I am not an OS hacker but as a user I am pretty sure the desktop app should not access files outside my dropbox folder. The excuse of "testing some desktop features" is pretty lame. If you catch your housemaid sniffling your panties it is simply not an effing feature, even if your panties are clean and sexy!

And this is not part of the mass surveillance...

That little overlay on the site that tells you how many minutes of reading you still have left I find infuriating. It disappears the second I stop moving and gets right in the way when I start scrolling. Especially when you increase the font a bit b/c eyes and it's no longer confined to an empty column on the right of your screen.

If not Dropbox, what solution are others turning to?

I recently signed up for Sync.com, due to their prioritisation of security features and they seem like a good company. I have come across some minor bugs, but I sent these onto their customer support who were reasonably responsive. Even with these minor bugs I'm still happy with the trade-off to move off Dropbox.

I must admit the most difficult part was definitely the services I used that directly integrate with Dropbox, like 1Password syncing. So I also had to find solutions to not just Dropbox, but also third-party services that integrated. For 1Password, I signed up for their Account option where they handle the syncing for you at a cost of $2.99 per month. Again, another trade-off I was happy to make.

If not Dropbox, what solution are others turning to?

I mostly use Resilio Sync besides Dropbox. It works really great: fast syncing, nice user interface, etc. What keeps me from fully switching is that I hit some nasty bugs in the past (e.g. all folders suddenly getting disconnected, etc.).

I recently signed up for Sync.com, due to their prioritisation of security features and they seem like a good company.

I also tried sync.com recently. Unfortunately, the client did not look very native on macOS (poking around revealed a lot of .exe files, so I guess they are using Mono). Besides that sync was quite slow compared to Dropbox.

...the client did not look very native on macOS (poking around revealed a lot of .exe files...

I also noticed this. But I have the mind frame that they are still a fairly "new" company, 3 years old, compared to Dropbox, 9 years old, and their growth and features continue to improve. In saying that, I would definitely prefer a more native look on macOS.

Besides that sync was quite slow compared to Dropbox.

I'm from a place in Australia with a generally slow Internet speed, especially upload speed, and may not have noticed this pitfall as much as others might.

Another area where Dropbox seems to be slipping is customer support. DB stopped working on one of my machines after an unscheduled shutdown. Submitted a ticket along with a thorough description of the problem and error log, and after nearly a week the only response I've had was an automated reply that I should disable antivirus programs. This being an Ubuntu desktop, I don't have any AV installed.

This company gets $120/yr from me and they can't answer a support ticket? There have many competitors who charge less and I bet some of those competitors actually support their paying customers. You are looking at one soon-to-be-ex-customer unless DB pulls a rabbit out of their hat very soon.

Even if you can remove the overlay somehow, you still can't remove Condoleezza Rice from Dropbox's board, which should be plenty of reason to avoid it entirely.

This is just like stuff that adds itself to right click menu in windows without asking during install

At least the Windows right-click menu doesn't obscure the main UI and is actually designed for third-parties to plug into. I agree that you should be able to turn it off, but adding something to the context menu is completely different than adding a large UI element over the main view of a Finder window.

I think I've seen a few of those, but what are your examples? Interested to know. I normally check carefully for cases where the software tells you its an option (adding itself to right click menu, or to startup menu). But don't remember coming across one where it does it silently. Would like to know of those.

Does AMD Catalyst Control Center count?

Not sure if it prompts, but I usually untick optional things, and I still have that when right clicking on the desktop.

I guess yes. Any that meet the criteria.

After learning about their mac client backdoor, I removed all their software from my devices and stopped using the service. I'd suggest everyone do the same and use the web interface if you absolutely need to consume or share with other parties who still use them.

what backdoor?

Dang, I've always been a fan of Dropbox, but after upgrading from El Capitan to Sierra I opted to completely cut Dropbox out of my tools used, as I only ever used it hold an archive of documents I wanted to keep but don't interact with often (Such as license files for software and online receipts for things like tickets bought and stuff) and opted for using iCloud Desktop & Documents.

Siracusa probably knows what he's talking about when he tells you to run, not walk, away from this feature. Backup everything before you disable it too.

I'm unaware of what you're talking about..

Probably you won't see this anymore, but this is just one example of things going very wrong with iCloud documents:


In general Apple has simply been terrible at ensuring reliability of their iCloud services. Their idea of hiding everything away simply doesn't work - there are legitimate and regular edge cases that won't be handled if you don't give a UI.

If want to hear the Siracusa story, see this:


I don't know about you, but I simply don't trust iCloud with documents. Personally, I've tried it with something very simple first: Notes. It just doesn't sync reliably at all, totally useless.

Thank you for the links. I haven't had any issues with iCloud, and Desktop & Documents switch has been going swimmingly.

Here's an article that has a review of the feature pointing out UX issues and recommends avoiding it. [1]

[1]: https://derflounder.wordpress.com/2016/09/23/icloud-desktop-...

Interesting article, but none of it really matters to me. The only thing that seems bad is moving of files after turning it off, but I have no intentions of turning it off.

Space isn't an issue. I pay $0.99/mo for 50GB of space in iCloud, that's about 5x as much space as I need currently, including all the photos I have stored in it. And in the event that I do manage to use that 50GB up, $9.99/mo for what 500GB? is again well worth it.

I'm well invested into the Apple ecosystem and that does not bother me. I have 3 MacBook Pro's, an iMac, an iPad, 5 iPhones and an iPod Mini. The benefits of removing yet another app that just sits there taking up resources, and utilizing the ecosystem to handle something I've always done, is value enough for me.

I appreciate the concerns, but like I said, none of it is an issue to me.

In the latest episode of the ATP.fm podcast, one of the hosts (John Siracusa) expressed his doubts about iCloud Desktop & Documents: http://atp.fm/episodes/189

Kill the messenger, eh?

If Dropbox really, to quote 'SilasX, "broke the entire permission model, where I can no longer trust the sandbox boundaries" - well, the cat's out of the bag, Apple's sandbox model sucks. You should bring it up with Apple so that they fix it (either allow proper extensions or just patch up the hole and brick Dropbox in the process).

It's remarkable that they have such a stellar product design team but push out stuff like this.

We're still waiting on an answer of how does Dropbox do this without Accessibility. What happens when every other service wants to start putting toolbars on my finder?

Dropbox has been modifying the Finder since 2008, nothing new here.

Listening to these comments one would think Dropbox is the worse company in the universe and we have a thousand alternatives. But then time goes by and people are still using dropbox and nobody talks about the alternatives.

Another point is, you're using someone else's drive somewhere in the cloud and storing there (more or less) sensitive files and you're talking about privacy and security? Gimme a break.

Third and last, if you're that unhappy with a piece of software that's for the most part free, go ahead and pick something else. Nobody's forcing you. Same goes for Windows, Office, Gmail and whatnot.

you are allowed to complain about free software

this is not complaining. this is villagers with torches and pitchforks at the gate

Do you have any footage from the gate cam?

Does the author not see the "Finder toolbar: On" option in their own screenshot? And they claim it can't be disabled?

> Update: As some folks have pointed out, there is a "Finder toolbar" option that is enabled. Toggling that yields no results, although maybe it will work in the future.

It's there in the article

According to this, https://news.ycombinator.com/item?id=12620632

It seems to work, but you need to restart... /shrug

I removed Dropbox from my Windows computer as soon as they started to include a minifilter driver with new versions.


I don't believe a program needs to integrate so deeply into the system just to sync the files.

FWIW, I would presume the reason that was added would be some shortcoming(s) in [1], since I doubt they wrote a minifilter driver just for kicks.

(It might have been that some programs were doing IO that avoided triggering the change notification, and a sufficiently large {number of customers,customer} complained about it.)

I don't work for Dropbox, and I haven't used the API, but as I said, I really doubt they added a (signed) driver requirement lightly.

[1] - https://msdn.microsoft.com/en-us/library/aa364417%28VS.85%29...

They made it primarily to support the functionality called "Project Infinite":


I gave up on drop box long ago, but someone in my company uses a paid version of it for some reason still, and group policy means it's on my windows machine. I made the mistake of plugging my phone into my work PC to charge it recently and got a lovely little attempt to get me to back up my photos from my phone - so I don't lose my memories! which caused me to promptly circumvent corporate policy via my buddy working in helpdesk and uninstall it.

I don't understand why, once already installed, they are trying to get me to use it more. They won't make more money will they? Are they using this as a way to get me to get close to a limit and upgrade?

You may know it's possible, others on HN may know it's possible. But if you release Dropbox for Joe Random on the internet, it actually makes sense to notify him that he can backup his photos from the phone when you discover the phone is being connected. It's helping feature discovery, not pushing addons - as you say - they don't explicitly make more money from this.

Question about Dropbox. Since their product uses open source software, that means they use non GPL licensed open source software, correct?

Probably, lots of non GPL software out there.

I haven't used Dropbox in forever. If you really need sync, SyncThing's your best bet, but all I really needed was access to all my files from anywhere.

SSH and Git work pretty well for that.

I'll take a trusted piece of open source sofware with strong security running on my own server (openSSH) over a magic pocket any day.

Hmm I wonder what the author means by: "Aside from the fact that this banner looks like something free software would install as a toolbar, [...]"

As alternives, depending on your requirements, I recommend SpiderOak, SyncThing, or a third-party offering / your self-hosted Nextcloud.

... or ownCloud.

nextcloud and owncloud are not basically same thing?

Next cloud is a fork of owncloud. Right now they haven't significantly diverged yet.

I use sshfs (FUSE on mac) with a mount point on a small instance that has mounted my S3 bucket. Files get transferred to the server and eventually make it to s3.

If you have a little time, you don't need Dropbox at all. And you can't get much cheaper than raw S3.

I completely uninstalled dropbox desktop client and replaced it with expandrive [0] which I was already using for mounting drives trough SSH

[0]: http://www.expandrive.com

I'm using SyncThing ( https://syncthing.net/) to synchronise files between my systems (Linux and Android) and it's great. No complaints so far.

Did they literally just remove it as fast as they added it? I have 11.4.21 and it's not there, and it also has no 'finder toolbar' in settings.

I have not had dropbox installed on any of my devices for a few years now. I still have files in dropbox but that is mostly files from when I was in college.

"The only way to disable this this is to completely quit Dropbox"

I went ahead and disabled it a few months ago.

Quit Dropbox and have been advocating against it for years.

But then what are you using instead?


Same company that endlessly lies about getting unlimited space for an extra $2.50/month.

I say people haven't learnt their lesson of they're still on macs.

Dropbox will never learn their lesson if it's not in their interest (cf. Upton Sinclair).

For instance, client side encryption? Mwahahaha. Studiously ignoring that for the better part of a decade, why change now?

Valuation is OK, ain't it? Doing fine, then.

This is it in a nutshell, Dropbox won't care what the noise about this is because it won't be heard by the vast majority of their users.

This is more of a design problem than an engineering problem. Dear Dropbox Design Team, please get your shit together.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact