Dropbox removed ability to opt your files out of AI training::undefined

  • LastYearsPumpkin@feddit.ch
    link
    fedilink
    English
    arrow-up
    108
    arrow-down
    3
    ·
    11 months ago

    Why does dropbox have the ability to see your files at all? That seems like a pretty bad security flaw in the first place.

    • hersh@literature.cafe
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      3
      ·
      11 months ago

      There are drawbacks to end-to-end encryption (E2EE). I’m not aware of any E2EE cloud storage systems that have the features Dropbox provides. I would LOVE to know of any that…

      1. Support at least the big 5 platforms (Android/iOS/Mac/Windows/Linux).

      2. Have a functional web interface.

      3. Support sharing and collaboration.

      4. Have a search feature

      5. Sync to the local filesystem on a folder-by-folder or even file-by-file basis

      6. Integrate with other tools (e.g. android file picker)

      It’s not easy to do all that with E2EE, like a functional web interface, search, and integration.

      ProtonMail’s search, for example, is limited to subject and metadata, and that’s specifically because they DON’T use E2EE for that.

      I’m willing to compromise some of this for the sake of E2EE, but I’m not at all surprised that feature-first services are more popular than privacy-first services.

        • hersh@literature.cafe
          link
          fedilink
          English
          arrow-up
          4
          ·
          11 months ago

          I just checked to see if I missed a big update.

          There’s still no Linux client, and it cannot sync files on Android (it only supports photo backups).

          I can’t work around that limitation on Android with FolderSync, either, the way I can with Google Drive, Dropbox, Box, or any WebDAV- or S3-compatible server. Since it uses E2EE, any uploads need to go directly through the app, so integrations are difficult.

          It doesn’t seem to have a search feature, either, at least not on Android. I can’t imagine there’s any content-aware search on the web UI, since that can’t be done server-side.

          There’s been some interesting research in homomorphic encryption over the past couple years, which might someday lead to encrypted server-side search. But I think there are still major hurdles to actually implementing it securely and efficiently.

      • Ohh@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        You will probably have tradeoffs. And somehow need to script accept that at some point, you need to trust someone. At the very least with firmware. And you probably need to change workflow.

        I find cryptpadb works almost as well as Google docs did a few years ago.

      • Natanael@slrpnk.net
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        11 months ago

        1: easy to port E2EE, it’s just math

        2: browsers and E2EE is hard, you need an extension to implement it securely so the password can’t be made accessible directly to the server (you need it to remain secret even from the hosting company) or else you’re dealing with MITM risk

        3: easy by sharing encryption keys using E2EE messaging protocols on top

        4: encrypted search is a thing, but such indexes does tend to have some limitations

        5: still easy

        6: still easy, Android specifically have APIs to let apps register themselves to the file picker so they can transparently encrypt and decrypt files. But yes on other systems where 3rd party apps can’t offer such integration then it’s hard

        I’ve seen one called Skiff that’s trying to do most of these things

        https://skiff.com/pages https://skiff.com/drive

      • mitrosus@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        2
        ·
        11 months ago

        Mega uses e2ee and is available in all platforms I use. I don’t use apple. Web interface is very functional. I think it does support sharing files via link. Should have a search feature also, never used (because I know exactly where I keep my files). It does sync with locals. I don’t know about android file picker.

        Mega is not a good choice for Lemmy users or Foss activists, probably because of its history - which is not as clean as say next cloud, but is not like google either. As long as it works :/

      • Tangent5280@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        Email is like the one critical part a lot of people miss when talking about taking control of your data. Imagine how much could be gleaned out of email history? Where you go, what you do, who you talk with, what you buy, what you rent, what media you consume, everything. If you dont have a lot of friends someone with your email account could pretty much just doppelganger you and go on as if nothings happened.