Dropbox removed ability to opt your files out of AI training::undefined

  • @[email protected]
    link
    fedilink
    English
    15211 months ago

    Why does dropbox have the ability to see your files at all? That seems like a pretty bad security flaw in the first place.

    • @LufyCZ
      link
      English
      8611 months ago

      Because you gave them the files?

      If you don’t want dropbox to see them, encrypt them.

        • @[email protected]
          link
          fedilink
          English
          711 months ago

          If you believe in any implementation of e2ee made by apple i wish you good luck in life, cuz u will need it with your naivety.

        • @Plopp
          link
          English
          711 months ago

          Apple makes a shitload of money from the devices and ecosystem that have access to their cloud storage, they don’t have the same incentive to use the data itself for profit. In fact, keeping the data as private as they can is a selling point for the devices and ecosystem they make bank from. Dropbox doesn’t have that.

            • @Plopp
              link
              English
              511 months ago

              Yes, and? It even says right there in the article that they have to balance the ad part to not demolish their reputation for privacy. It’d be extremely foolish of them to start accessing people’s private files like that if they want to still be seen as caring about privacy, and I can promise you they are fully aware. That doesn’t mean that they will always put an emphasis on privacy, but for now they do.

              • circuscritic
                link
                fedilink
                English
                4
                edit-2
                11 months ago

                Oh, well then I’m sure Apple will be the first big tech advertising company that doesn’t violate their users privacy in search of more profits.

                Sounds like you have nothing to worry about.

                • @Plopp
                  link
                  English
                  111 months ago

                  I do have nothing to worry about because I’m not an Apple user.

                  Key words right there: “more profits”

                  Many iPhone users use that particular phone because of privacy, since the only other option is Google who has a well known track record of not caring about it. If Apple destroys their reputation for privacy they remove the biggest reason for why many users choose their phones, which often in turn leads to a buy-in to the whole ecosystem (=lots of money). They might as well choose Google then. That would be a loss of profits. For it to be worth it the data mining of people’s private files would have to on its own provide an increase in profits greater than the loss from consumers fleeing. And it might, but again, they’d lose a very unique and often times important reputation. That’s a big and risky decision for them to make - to radically change their whole public persona. My guess is they want to keep that reputation for as long as they can and use other means to make their ads effective that aren’t as blatantly privacy invading. Down the line though it will of course only get worse, because that has been the only trend in this world of enshittification.

      • kingthrillgore
        link
        fedilink
        English
        611 months ago

        The downside is I used to use Dropbox a lot for collabs with others. We’re now using something else (Google Drive 🤮) but for a while, Dropbox was king.

        • @[email protected]
          link
          fedilink
          English
          3
          edit-2
          11 months ago

          Then encrypt and share the password and/or key with your collaborators?

          You can use something like cryptomator

    • @voracitude
      link
      English
      5611 months ago

      Man wait til you hear about Gmail

      • @Tangent5280
        link
        English
        311 months ago

        Email is like the one critical part a lot of people miss when talking about taking control of your data. Imagine how much could be gleaned out of email history? Where you go, what you do, who you talk with, what you buy, what you rent, what media you consume, everything. If you dont have a lot of friends someone with your email account could pretty much just doppelganger you and go on as if nothings happened.

    • @[email protected]
      link
      fedilink
      English
      711 months ago

      There are drawbacks to end-to-end encryption (E2EE). I’m not aware of any E2EE cloud storage systems that have the features Dropbox provides. I would LOVE to know of any that…

      1. Support at least the big 5 platforms (Android/iOS/Mac/Windows/Linux).

      2. Have a functional web interface.

      3. Support sharing and collaboration.

      4. Have a search feature

      5. Sync to the local filesystem on a folder-by-folder or even file-by-file basis

      6. Integrate with other tools (e.g. android file picker)

      It’s not easy to do all that with E2EE, like a functional web interface, search, and integration.

      ProtonMail’s search, for example, is limited to subject and metadata, and that’s specifically because they DON’T use E2EE for that.

      I’m willing to compromise some of this for the sake of E2EE, but I’m not at all surprised that feature-first services are more popular than privacy-first services.

      • @asbestos
        link
        English
        311 months ago

        I think proton drive covers all but the collaboration

        • @[email protected]
          link
          fedilink
          English
          411 months ago

          I just checked to see if I missed a big update.

          There’s still no Linux client, and it cannot sync files on Android (it only supports photo backups).

          I can’t work around that limitation on Android with FolderSync, either, the way I can with Google Drive, Dropbox, Box, or any WebDAV- or S3-compatible server. Since it uses E2EE, any uploads need to go directly through the app, so integrations are difficult.

          It doesn’t seem to have a search feature, either, at least not on Android. I can’t imagine there’s any content-aware search on the web UI, since that can’t be done server-side.

          There’s been some interesting research in homomorphic encryption over the past couple years, which might someday lead to encrypted server-side search. But I think there are still major hurdles to actually implementing it securely and efficiently.

      • @[email protected]
        link
        fedilink
        English
        311 months ago

        You will probably have tradeoffs. And somehow need to script accept that at some point, you need to trust someone. At the very least with firmware. And you probably need to change workflow.

        I find cryptpadb works almost as well as Google docs did a few years ago.

      • Natanael
        link
        fedilink
        English
        2
        edit-2
        11 months ago

        1: easy to port E2EE, it’s just math

        2: browsers and E2EE is hard, you need an extension to implement it securely so the password can’t be made accessible directly to the server (you need it to remain secret even from the hosting company) or else you’re dealing with MITM risk

        3: easy by sharing encryption keys using E2EE messaging protocols on top

        4: encrypted search is a thing, but such indexes does tend to have some limitations

        5: still easy

        6: still easy, Android specifically have APIs to let apps register themselves to the file picker so they can transparently encrypt and decrypt files. But yes on other systems where 3rd party apps can’t offer such integration then it’s hard

        I’ve seen one called Skiff that’s trying to do most of these things

        https://skiff.com/pages https://skiff.com/drive

      • @[email protected]
        link
        fedilink
        English
        111 months ago

        Mega uses e2ee and is available in all platforms I use. I don’t use apple. Web interface is very functional. I think it does support sharing files via link. Should have a search feature also, never used (because I know exactly where I keep my files). It does sync with locals. I don’t know about android file picker.

        Mega is not a good choice for Lemmy users or Foss activists, probably because of its history - which is not as clean as say next cloud, but is not like google either. As long as it works :/

  • @rickdg
    link
    English
    9711 months ago

    Response from dropbox in that post: “Jumping in to clarify some confusion. The AI third-party toggle is only visible to users who have access to our AI features. If you don’t see the AI third-party toggle, then you can’t view or use Dropbox AI features. To reiterate, neither this nor any other setting automatically or passively sends any Dropbox customer data to a third-party AI service. Please see our Help Center article for a list of those with access to Dropbox AI features.”

    • @JustARegularNerd
      link
      English
      1811 months ago

      I don’t know why I find it so surprising that Dropbox apparently has a Hacker News account, but I am mindblown that’s a thing.

      I thought HN would be way too niche for that to be a thing.

        • @EnderMB
          link
          English
          411 months ago

          If you want a laugh, go back to their initial “Show HN” post. It made one person with the top comment rather infamous for being out of touch with his comment on “I could just rsync, why would I use this?”

          • Malle_Yeno
            link
            fedilink
            English
            611 months ago

            For what it’s worth, the reputation of the BrandonM comment on the Dropbox post is pretty overblown compared to what was actually written. The post highlighted some concerns that were legitimate in 2007. And the tone of the comments were supportive of dropbox – the poster acknowledged the feedback and offered use cases that still would lean towards Dropbox, and BrandonM responded that they made sense and wished them luck.

      • JackbyDev
        link
        fedilink
        English
        111 months ago

        Dropbox is pretty cool. (Don’t mistake this as some weird astroturfing.) I remember hearing about their custom hardware on an episode of se-radio. Very fascinating stuff.

        • @Telodzrum
          link
          English
          111 months ago

          Native Linux client is why I use them. That’s reasonably cool for a corporation in my book.

    • Magnor
      link
      fedilink
      English
      2011 months ago

      This is the sensible option. Fuck them.

        • @Crashumbc
          link
          English
          211 months ago

          Why bother? It’s much less work to just switch to a noon shitty service…

  • Otter
    link
    fedilink
    English
    6611 months ago

    Guess I need to find and close that account now

    • bean
      link
      English
      911 months ago

      I did this. Enjoy unsharing literally every shared file and folder and removing access etc. I thought I deleted all my files. Nope. Checked the shared area. You’ll need to undo all of that manually. Only then was I finally able to rid myself of this enshittified disaster. Goodbye forever Dropbox. The only good you ever did was scannable.

  • @[email protected]
    link
    fedilink
    English
    3611 months ago

    I HATE Dropbox.

    I tried to use them recently and their service had some problems.

    They have an option to “stream” files when you need them. The only problem is you need an internet connection to access them. I did not trust this kind of system and I actually need to access my files even without internet.

    So there is a way to make the files available offline. Great! Problem solves. NOPE! They offer an option to have your files available offline, but they might remove the files and make them only available in the cloud if you local storage gets low.

    That is really all they say about it and there is no option to turn this off. I was uncomfortable about their vagueness and my inability to disable this.

    Within 24 hours of paying for their service I learned of this and they refused to refund my purchase.

    PLEASE NEVER WORK WITH DROPBOX

    • Rolling Resistance
      link
      English
      511 months ago

      I’ve had a great experience with Dropbox (for about 10 years!), but I also used their Linux client which is old and very straightforward. Now I’m a Nextcloud user, and I wish it worked as well as Dropbox did. But with this AI thing I’m not switching back.

    • @nutsack
      link
      English
      3
      edit-2
      11 months ago

      it was painful to migrate from dropbox. their api is shit and does nothing to guarantee delivery. i had to split folders into 5gb chunks and download everything in zip files through the browser. it took a year. what an awful company.

        • @nutsack
          link
          English
          211 months ago

          I tried several third-party tools and all of them had the same problems with the API

    • @andxz
      link
      English
      3
      edit-2
      11 months ago

      I’ve used Dropbox since literally their first year of creation and I’ve never experienced a single one of these issues. I use it mostly as a portable library and all I need is 2 mins of any internet connection to download any book(s) I want to read to a local device. Mind you this is on their free plan, so I’ve never paid a cent to them either. Requires me to periodically transfer older books to another long term solution, but that is just a few mouse clicks. I’ve read hundreds if not more ebooks this way. Since I prefer .mobi (which I can even read IN dropbox if I want) I can upload straight to dropbox after converting from .epub.

      I mean, it sounds frustrating, but your experience with them sounds extremely weird to me.

      At least to me they’ve been the best cloud provider by far, for what it’s worth.

      With that said, I don’t especially like that they’re doing this even though my specific content is mostly available in any number of places anyway, given that it’s literature.

  • @[email protected]
    link
    fedilink
    English
    3111 months ago

    Wait, Dropbox can use your files to train AI? How is this acceptable? Aren’t people storing their keepass vaults there?

    • geogle
      link
      English
      1411 months ago

      Those had better be encrypted

    • @logicbomb
      link
      English
      1011 months ago

      Password manager is one of the few “free” services that I pay for. Still feeling pretty good about 1password.

      • @Plopp
        link
        English
        811 months ago

        Pff, such capitalist bull. But communists at least have LastPass, that shares our passwords with the world under the banner of no private ownership.

        But seriously, paying for a password manager is a good thing. Find a good and secure one that is properly vetted and trusted in the industry, and support them if you can.

      • @[email protected]
        link
        fedilink
        English
        011 months ago

        But what about files and documents containing PII? It’s not ok to use them for AI training.

  • @Potatos_are_not_friends
    link
    English
    3011 months ago

    I said this in another post:

    If your business is using Dropbox as cloud storage, you are so fucked!

    In 2015, I worked in a company that stored financial records. Small restaurant company with 80 employees. I emailed them last week about this and they’re already making moves to leave.

    • @[email protected]
      link
      fedilink
      English
      5
      edit-2
      11 months ago

      It’s wild that you’re still in contact with your former employers.

      Literally every single one has “fired me” and escorted me from the premises after I put in a 2 week notice.

      • @Potatos_are_not_friends
        link
        English
        611 months ago

        You can leave a company on good terms.

        I also highly recommend not burning bridges. Even if they were a shit storm, 2-3 years later you might change your mind.

        • @[email protected]
          link
          fedilink
          English
          2
          edit-2
          11 months ago

          I have. I didn’t do anything bad to any one of them. I would like to think I was a top performer but they all somehow take it personally that I want more money than they wanna pay.

          If I can get a new job by leaving after 2/3 years and increase my pay by 20%. Why would I stay for a 2% COL raise? Inflation was 18% last year…

          One got upset and said “I don’t know how to process this. I thought you were a lifer…” and then escorted me to security.

          • @[email protected]
            link
            fedilink
            English
            211 months ago

            The vast majority of employers are critically out of touch with reality.

            It’s like they cannot process what might be of critical importance to employees, and think that a foosball table and pizza parties can somehow pay our bills.

  • @RampantParanoia2365
    link
    English
    2611 months ago

    Literally the first sentence of your own source:

    Dropbox has hidden third party AI settings, not disabled them

    • Newtra
      link
      fedilink
      English
      3011 months ago

      But the comments below say they’re not able to access the new page, even with the direct URL… It seems certain tiers of customers can’t opt out. Possibly they can’t be included in the first place (e.g. EU users), but it’s a pretty big screw up to hide one’s status on such an important privacy setting.

    • wagoner
      link
      fedilink
      English
      14
      edit-2
      11 months ago

      Ok, so how do I as a user access these to change those settings please?

      • @Potatos_are_not_friends
        link
        English
        611 months ago

        If they’re hiding them, chances are it’s only going to get worse, not better.

  • @[email protected]
    link
    fedilink
    English
    2211 months ago

    Now I feel tempted to make a Dropbox account and fill it with gigabytes of noise data…

  • @[email protected]
    link
    fedilink
    English
    1811 months ago

    Time for dropbox users to upload all kinds of crap for ai to “learn” from, all within tos of course.

    I bet there are many kinds of ways to make your files poison the ai learning data. Its going to be fun for those ai guys to sort which files are probably safe and which are not. I think even if ONE user manages to slip something that corrupts the training data and its not noticed soon enough it might cause problems for them. Though someone who actually knows something about the subject might want to tell if i’m talking shit or not.

    I’m not against ai in general, but if its trained with data that was obtained from unwilling people, like this, then its makers can fuck off.

    • @[email protected]
      link
      fedilink
      English
      311 months ago

      It really depends on what the AI training is looking for. You can potentially poison an AI training model, but you’ll likely have to add enough data to be statistically relevant.

      • @[email protected]
        link
        fedilink
        English
        111 months ago

        enough data as in many different people will have to upload one or two files that contain such data or you have to upload very large file that contains a lot of data that causes problems?

        • @[email protected]
          link
          fedilink
          English
          211 months ago

          It’s honestly difficult for me to say because there are so many different ways to train AI. It really depends more on what the trainers configure to be a data point. Volume of files vs size of a single file aren’t as important as what the AI believes is a data point and how the data points are weighted.

          Just as a simple example, a data point may be considered a row on a spreadsheet without regard for how that data was split up across files. So ten files with 5 rows each might have the same weight as one file with 50 rows. But there’s also a penalty concept in some models, so the trainer can set it so that data that all comes from one file may be penalized. Or the opposite could be true if data coming from the same file is deemed to be more important in some way.

          In terms of how AIs make their decisions, that can also vary. But generally speaking, if 1000 pieces of data are used that are all similar in some way and one of them is somewhat different from the others, it is less likely that that one-off data will be used. It’s much more likely to have an effect If 100 of the 1000 pieces of data have that same information. There’s always the possibility of using that 1/1000 data, it’s just less likely to have a noticeable effect.

          AIs build confidence in responses based on how much a concept is reinforced, so you’d have to know something about the training algorithm to be able to intentionally impact the results.

    • Bilb!
      link
      fedilink
      English
      1811 months ago

      The problem, as I’m sure you know, is that a home server is not fit for purpose for the vast majority of people. Managing that is a fun project for some, but a complete non starter for most.

      • @[email protected]
        link
        fedilink
        English
        011 months ago

        Synology makes it relatively painless with synology drive. It ain’t cheap but neither is drop box long-term

        • kingthrillgore
          link
          fedilink
          English
          411 months ago

          Synology makes the best home NAS hardware you can get. And they are still actively supporting decades-old units with DSM security updates and aren’t stopping any time soon. They get it. And they get my money time and time again.

          • @[email protected]
            link
            fedilink
            English
            1
            edit-2
            11 months ago

            Correction: They make the best home NAS Software that you can get and they support it forever (so far).

            Their hardware is often dated and expensive af. But you can’t get the software without the hardware so…

    • kingthrillgore
      link
      fedilink
      English
      311 months ago

      Cost prohibitive for many, but yes, people need to get off someone else’s computer.

      • @MadBigote
        link
        English
        011 months ago

        You can easily repurpose old drives for this. I started my server scavenging drives and using my laptop. I upgraded to some WD NAS HDD and I’m about to upgrade to a better Synology NAS.

        There are options for people wanting to start hosting.

        • @candybrie
          link
          English
          411 months ago

          The idea that many people have old drives is already assuming a lot.

    • @hushable
      link
      English
      311 months ago

      I used to pay for Dropbox about a decade ago, I replaced it with a raspberry pi running syncthing with an USB drive attached to it

  • @[email protected]
    link
    fedilink
    English
    1511 months ago

    If someone has a way to poison their AI training by adding junk along my regular files I’m interested. Sadly I use it at work and I cannot decide to migrate to another cloud so I better sabotage them

      • @[email protected]
        link
        fedilink
        English
        411 months ago

        Thank you for your contribution, I was referring to a practical way (script, binary, …) to achieve this not academic literature, I don’t have much time to invest in this and my IT level is insufficient

        • Natanael
          link
          fedilink
          English
          2
          edit-2
          11 months ago

          Any specific tools will require knowledge of the system you’re targeting, so I don’t expect to see many public ML poisoning tools targeting anything but open source ML libraries, but adversarial sample tools to fool classifiers (including repainting stuff like those face transformation filters) might get more common because it’s much much easier to test

    • @[email protected]
      link
      fedilink
      English
      211 months ago

      Create a lot of text files filled with offensive and false information. Maybe 4chan and OANN transcripts :)

      It will always be a cat-and-mouse game. Once the trainers recognize the attack, they can use the attack to further improve their models. A long time ago I watched a speech from a guy who worked on Yahoo! Mail’s spam detection. They realized spammers would create email accounts, send spam to them, then have the accounts mark their spam as “not spam.” They came up with a method to automatically identify these accounts, and used them to further improve their spam detection model (if these accounts marked something as “not spam” it was likely spam).

  • @the16bitgamer
    link
    English
    1411 months ago

    Thanks I forgot I even had a dropbox account. And everything is deleted files and account.

    • @[email protected]
      link
      fedilink
      English
      311 months ago

      Check for old shares. I had EVERYTHING deleted, from files, recycled bin…For nearly a decade already. BUT. Today I just found there were old shares of those deleted files. I clicked to delete the shares too. Guess what, the files were back onto the dropbox folder as if they never were deleted a decade ago! So I had to delete them again, and then from the recycle bin. And then deleted the account.

  • @Wet
    link
    English
    1311 months ago

    Happy I moved to Syncthing a long time ago. My data is replicated on several locations and instances on cheap old raspberries+drives and syncs instantly even on my phone, where I keep Obsidian notes. No size limits, no huge hassle, 10 minutes to get a new instance set up.

    Every now and then I will rsync the encrypted version to an offline drive and store it somewhere else.

    • @Tangent5280
      link
      English
      211 months ago

      What do you use for encryption? I’m open to options for encryption. Any opinions about Veracrypt?

      • @Wet
        link
        English
        2
        edit-2
        11 months ago

        Syncthing has built-in encryption and works pretty well, it’s also really easy to use. I have been using it for some time with several instances and never had a problem, it requires more CPU though, so some old raspies had a hard time working with my big photos folder (800GB) when encrypted. On instances that are not encrypted, the full HDD is encrypted (the option you have when installing Linux).

        Not sure how secure it is, but from the docs: Encryption is XChaCha20-Poly1305 and AES-SIV with a key derived from the password and folder ID using scrypt. Considering how polished, huge user base and how much attention to detail Syncthing has, I trust it’s good enough for my needs.

        • @Tangent5280
          link
          English
          111 months ago

          Would your photos folder be handled quicker if you split it into two seperate folders of say, 400 gigs each?