Hacker News new | past | comments | ask | show | jobs | submit login

Not entirely clear why you are posting this?

It's clear that there is some diversity of opinions on this topic, but we already knew that.

To me, your datapoint shows that Dropbox is right to behave the way they do: in 2011 you thought it was high risk, they have kept with that behavior and yet nothing bad has happened. I'm unsure if that was your intention, but that is how it looks to me.

It is entirely unclear why you think this is particularly risky: If Dropbox can do it, then other malicious programs can too.

Dropbox's behavior creates no additional security risk, but increases the usability of their software.

If there really is a security problem here, then surely that is a problem with the OS, not Dropbox, and it is the OS that should be fixed?

My reason for making my earlier post is unclear because I buried my lede when replying to the GGP. That lede should have been something like "Finder integration is not necessarily a selling point to security-minded users."

To my mind, the security risk comes in having multiple points of connection in the local file system that are tightly bound to files on an external system.

In the case of inexperienced users (and even a few experienced ones), those points of entry could be scattered throughout the local file system. Consequently, these external files were effectively pipelines from systems all with unknown security profiles. This combined with the Finder integration troubled me enough to stop using Dropbox as soon as was practicable.

EDIT: Clarify meaning in first sentence. Correct plural. Split last sentence into two. Change tense.

So your problem is with Dropbox's main purpose of existence?

That's fine, but don't pretend it has anything to do with the finder integration. A more consistent position would be to praise that because it makes the other functionality more visible, reducing the security concerns.

> That's fine, but don't pretend it has anything to do with the finder integration.

I wasn't pretending but was, in fact, the victim of my own faulty rationalization.

That is, you're right that Finder integration has nothing to do with connections to potentially insecure systems.

By way of explanation: when I first saw the Finder badging, I intuitively understood the insecure nature of connecting my system to others. So, I conflated the two ideas in my head: "Finder integration is terrible", which of course is just plain wrong.

It was never my purpose to misrepresent my feelings. I wasn't "pretending". I simply tried to make rational something I only intuitively understood.

Good catch. Thank you.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact