Dropbox gets all up in your kernel with Project Infinite. Cue uproar - Polidicks

[QUOTE=wauterboi;50401055]Okay, well how about these? [url]http://techcrunch.com/2011/06/20/dropbox-security-bug-made-passwords-optional-for-four-hours/[/url] [url]http://www.zdnet.com/article/dropbox-drops-the-security-notification-ball-again/[/url] And really, the problem isn't just Googling the link. If you click on a link inside of a Dropbox document, the referrer header is going to say "Hey, I was linked by this Dropbox link." So if you want to say that Dropbox gets off scott free because their design doesn't anticipate that, I dunno what to tell you. It's still a problem, and something they should be focused on changing.[/QUOTE] Isn't that second link the same case you linked in your previous post?

Everyone's freaking out about the little things but not thinking about the fact that Dropbox is one of the first companies that got in bed with the NSA.

[QUOTE=Cock Boner;50401295]Everyone's freaking out about the little things but not thinking about the fact that Dropbox is one of the first companies that got in bed with the NSA.[/QUOTE] Again, if your files are *that* sensitive then you shouldn't be using dropbox. You should use it for general office work etc. Or failing that, encrypt your files before uploading them to dropbox. Dropbox/Google etc all index your files, breaching your privacy but also allowing for you to find files mad shit quick. The same as Gmail; you may want to run your own private mail server etc etc etc. But gmail makes it far easier to find that one email amongst tens of thousands in a few seconds.

[QUOTE=wauterboi;50401055]Okay, well how about these? [url]http://techcrunch.com/2011/06/20/dropbox-security-bug-made-passwords-optional-for-four-hours/[/url] [url]http://www.zdnet.com/article/dropbox-drops-the-security-notification-ball-again/[/url] And really, the problem isn't just Googling the link. If you click on a link inside of a Dropbox document, the referrer header is going to say "Hey, I was linked by this Dropbox link." So if you want to say that Dropbox gets off scott free because their design doesn't anticipate that, I dunno what to tell you. It's still a problem, and something they should be focused on changing.[/QUOTE] According to [url=https://www.grahamcluley.com/2014/05/dropbox-vulnerability-privacy/]this[/url] they did fix the referer exploit. They can't fix idiots Googling the share link and then clicking ads, beyond just removing the ability to have share links without further authentication.

[QUOTE=Banned?;50400533]A cloud storage application doesn't ever need to be integrated into the kernel of the OS.[/QUOTE] People say this every time some company comes with a software only driver, if they want this functionality, its just the way it is.

[QUOTE=Thunderbolt;50400622]It's not a direct link, I need it to link straight to the .exe or .jpg or whatever else I want to share, not the google drive page that lets you download it[/QUOTE] If Google Drive had this I would switch in a heartbeat.

[QUOTE=bitches;50400623]direct link isn't the same as the shareable link direct links are a lot less annoying for example to embed on a forum, since they are one step to the direct .jpg or whatever it is[/QUOTE] Dropbox started to do this shit too, still possible to obtain a direct link using scripts or just going to the share page but it's still stupid

[QUOTE=damnatus;50401759]Dropbox started to do this shit too, still possible to obtain a direct link using scripts or just going to the share page but it's still stupid[/QUOTE] Huh? It still works the same way for me on all my devices.

Seems to have more to do with Windows lacking the functionality to do this outside the kernel than malicious intent. It's still not a good solution. For comparison, [URL="https://en.wikipedia.org/wiki/Filesystem_in_Userspace"]FUSE[/URL] (works in Linux, OS X, Android) allows you to do this in userspace without touching the kernel.

[QUOTE=Matoking;50402029]Seems to have more to do with Windows lacking the functionality to do this outside the kernel than malicious intent. It's still not a good solution. For comparison, [URL="https://en.wikipedia.org/wiki/Filesystem_in_Userspace"]FUSE[/URL] (works in Linux, OS X, Android) allows you to do this in userspace without touching the kernel.[/QUOTE] please read the article... in windows you don't need to run as a kernel mode driver as you just use a copy hook handler. OSX lacks the ability to do such a thing

Onedrive on windows actually had this feature a year or two back, but it was removed for some reason.

I feel like they'll do something shitty like show ads in your DB folder or something

[QUOTE=Banned?;50400533]A cloud storage application doesn't ever need to be integrated into the kernel of the OS.[/QUOTE] Whoever originally said "integrated into the kernel" is probably an idiot and should be disregarded in all tech news in the future. This is either a new feature in the file browser extension which acts on empty files (a la OneDrive placeholders, may they rest in peace), or a new "filesystem", which technically runs from the kernel but isn't "integrated" with it in any meaningful way. I doubt Dropbox is actually running any code in kernel space.

[QUOTE=lavacano;50402537]Whoever originally said "integrated into the kernel" is probably an idiot and should be disregarded in all tech news in the future. This is either a new feature in the file browser extension which acts on empty files (a la OneDrive placeholders, may they rest in peace), or a new "filesystem", which technically runs from the kernel but isn't "integrated" with it in any meaningful way. I doubt Dropbox is actually running any code in kernel space.[/QUOTE] This sort of thing done with a Kernel module is very common. A good example is [URL]http://www.ext2fsd.com/[/URL], a kernel module that adds support for EXT filesystems in Windows. Dropbox is doing the same thing here, just using their unique brand of FTP as a new 'filesystem' in Windows. That way, everything in Dropbox is actually there according to Windows, and every single program can access it natively. The real question is: Does that freak you out? Dropbox could probably avoid all this hate by just open-sourcing the Windows kernel module and nothing else.

[QUOTE=1/4 Life;50402548]This sort of thing done with a Kernel module is very common. A good example is [URL]http://www.ext2fsd.com/[/URL], a kernel module that adds support for EXT filesystems in Windows. Dropbox is doing the same thing here, just using their unique brand of FTP as a new 'filesystem' in Windows. That way, everything in Dropbox is actually there according to Windows, and every single program can access it natively. The real question is: Does that freak you out? Dropbox could probably avoid all this hate by just open-sourcing the Windows kernel module and nothing else.[/QUOTE] The problem I have isn't with what they made, it's people calling it a "kernel module", like it's something buried deep into ntoskrnl and has direct access to everything. It isn't. It's a filesystem driver, with access to the "filesystem" it's meant to interact with (in this case, Dropbox's servers and a directory on C:\ somewhere), and nothing more.

[QUOTE=1/4 Life;50402548]This sort of thing done with a Kernel module is very common. A good example is [URL]http://www.ext2fsd.com/[/URL], a kernel module that adds support for EXT filesystems in Windows. Dropbox is doing the same thing here, just using their unique brand of FTP as a new 'filesystem' in Windows. That way, everything in Dropbox is actually there according to Windows, and every single program can access it natively. The real question is: Does that freak you out? Dropbox could probably avoid all this hate by just open-sourcing the Windows kernel module and nothing else.[/QUOTE] I think the part that does freak people out isn't totally that its closed source (open sourcing would be good though). Its that it could be compromised, and once you have kernel access, you have complete control over the system.

[QUOTE=Demache;50403424]I think the part that does freak people out isn't totally that its closed source (open sourcing would be good though). Its that it could be compromised, and once you have kernel access, you have complete control over the system.[/QUOTE] Honestly how long do you think it'll be until someone makes an open source version of Dropbox that is 1/10th of the current price? I give it 6-12 months.

[QUOTE=icarusfoundyou;50403455]Honestly how long do you think it'll be until someone makes an open source version of Dropbox that is 1/10th of the current price? I give it 6-12 months.[/QUOTE] If it was happening, it would have already happened. Dropbox isnt some new idea or a monopoly.

[QUOTE=icarusfoundyou;50403455]Honestly how long do you think it'll be until someone makes an open source version of Dropbox that is 1/10th of the current price? I give it 6-12 months.[/QUOTE] I don't know about you but I get 20gb free

[QUOTE=Banned?;50400533]A cloud storage application doesn't ever need to be integrated into the kernel of the OS.[/QUOTE] I have a pro account with 1TB of dropbox space, I currently have a folder dedicated to things I need to keep local to edit and the rest is just in the cloud, my dropbox is shared between 5 separate computers so for me at least project infinite sounds like the best thing to happen to dropbox in years I can finally have access to my whole dropbox on all my machines without having to use the online browser. :excited:

This isn't quite as sensational as it sounds, you probably have lots of kernelmode drivers installed, especially from anticheats. On a desktop computer kernel privilege escalation isn't much worse than usermode malware running under the user's account. Privilege escalation is a big deal for things like webservers (especially shared ones) running under a restricted user with limited file access, but on a desktop computer malware will already have access to all/most of the filesystem.

Guys actually this is super useful I'm not even kidding you I work in IT and this is actually the fix to a certain problem we had not too long ago lol The problem was that one of our workers couldn't properly set up her computer with dropbox and integrate some file backup feature. Turns out that on windows computers it is impossible to make dropbox integrated with your OS, so a certain feature wasn't working properly. Sorry if I didn't explain it well, it's a bit hard to articulate, I am in IT anyway lol not English

[QUOTE=SGTNAPALM;50402009]Huh? It still works the same way for me on all my devices.[/QUOTE] If I use the "get public link" from the Dropbox folder on my PC it doesn't give me a direct link to the file, instead it gives a link to a "download" Dropbox page. My ShareX dropbox setup however uses direct links so I guess it's easy to bypass