![]() ![]() Relaunch Dropbox, but now you hit ‘Cancel’ when it asks you for an admin password: So that leaves us with just one last question: how to get Dropbox out of there? The short answer is that you first quit Dropbox, then remove it from the Accessibility pane, then delete the DropboxHelperTools folder (see my procedure here). There really isn’t any excuse for Dropbox to ride roughshod over users’ security and preference choices. Caveat: I haven’t tested Dropbox against all of OSX’s Accessibility features, but certainly for a ‘standard’ set up of OS X, it is not needed – and, let me repeat, even if it were needed for some particular feature to work, Dropbox should have explicitly asked for this permission, like every other app, and obeyed the user’s decision to revoke that permission when removing it from the list of allowed apps. I haven’t experienced any issues using it whatsoever while denying it access to Accessibility. I use Dropbox across 3 different macs and an iPhone. Second, because the only way I could be sure that DB didn’t need to be in the list of apps with Accessibility privileges was to test it over a period of time. Why has it taken me this long to write about it? First, because after having reported it to Apple Product Security at that time, I wanted to see if they would force Dropbox to change this behaviour (they haven’t… yet )). I figured out what Dropbox was up to in October 2015. Which is the third reason why it matters: Dropbox doesn’t appear to need to have access to Accessibility features in order to work properly ( update). The essence of good computer security and indeed the very reason why OSX has these kinds of safeguards in place to begin with is that apps should not have permissions greater than those that they need to do their job. Of course, that’s entirely theoretical, but all security risks are until someone exploits them. And that means, if Dropbox itself has a bug in it, it’s possible an attacker could take control of your computer by hijacking flaws in Dropbox’s code. It remains the fact that the Dropbox process has that ability. Let’s assume for the sake of argument that Dropbox never does any evil on your computer. It just overrode your and Apple’s security preferences without asking you, and – as you’ve seen if you tried to remove it and noticed its magic reappearance act – it disregards your choices and re-inserts itself even after you’ve explicitly removed it (we’ll sort this naughty behaviour out in a minute). Two, and more importantly, you already have hard proof that Dropbox can’t be trusted. So assuming you can trust a “big name” company not to “ feck you off’ because they might lose your business is not “smart computing”, even less smart if they figure that you’re a customer on a free plan anyway… :p ( See this for more reasons why big companies in general don’t pay much attention to ethical values). If a 1000 people read this post and stop using Dropbox because of it, it’s not going to make much difference to Dropbox. ![]() One: the bigger the name, the less effect customer dissatisfaction has. After all, they’re a big name company who wouldn’t want to upset their customers, right? As anyone can readily see, what that allows is GUI control just as if the program or script was clicking buttons and menu items.īut perhaps you implicitly trust Dropbox to not do anything untoward. Accessibility frameworks were first introduced in Mac OS X 10.2 and expanded in 10.3 to allow control of user interface items via System Events and the Processes suite. Interlude: Contrary to Dropbox’s completely spurious “explanation”/obfuscation here, Accessibility has nothing at all to do with granting permissions to files. There’s a reason why apps in that list have to ask for permission and why it takes a password and explicit user permission to get in there: it’s a security risk. What does ‘take control’ mean here? It means to literally do what you can do in the desktop: click buttons, menus, launch apps, delete files…. It matters first and foremost because Dropbox didn’t ask for permission to take control of your computer. There’s at least three reasons why it matters. ![]() First, why does it matter, and second, is there any way to keep using Dropbox but stop it having access to control your computer? ![]()
0 Comments
Leave a Reply. |