Not only that, but Dropbox lets you pick any publicly visible document that's been viewed by a large number of people and easily spam them simply by writing @doc.
I may have just pissed off a lot of people with my experiment :(
I realised immediately afterwards how reckless that was, but Dropbox - WTF? Why is this even allowed?
I think the first self-described "growth hacker" worked for Dropbox way back when. Would not be surprised that the toxic "growth hacking" ethos still permeates through their growth/product teams today.
I use syncthing and it's fine but it's not bulletproof. Simple sync cases are fine, but when you start having permissions and both sources actively write data, it can lock up and end up in a weird state.
To its credit, you can always resolve the problems with some careful deleting and the occasional permissions kludge.
I have this running on my personal computer, my work laptop, and my phone. I almost never have any issues, and I can work seamlessly from any device. It's great. I will also use it to share project folders with other people, and again, no serious problems.
I agree that is the most significant barrier. There are threads like [1], but like other much-wanted features like Syncthing being able to support untrusted nodes that hold the data, but don't have encryption keys a-la Resilio Sync, progress sometimes comes in spurts and starts.
Maybe something like a self-hosted NextCloud/OwnCloud? Although integration into the operating systems is not as good as with Dropbox, I completely switched to a self-hosted NextCloud and everything works fine without bloat.
+1 on the Nextcloud. It hosts files great and completely replaced Dropbox. It also hosts my Contacts, Calendar, and with Collabra, it is a complete Google Docs replacement too. Like someone else said further down, it also does automatic picture uploads too.
Ah, good to hear that. I still have to look into that to decouple more from Google. Do you have any good resources for more information on how to move contacts and calendar? Or did this work right from the start for you?
It was pretty out of the box friendly. You have to download all of that from google (I recall they have an export function), and it was in a file that nextcloud natively accepts.
I've been using Nextcloud for a few years and it's great. The catch is that it's self-hosted so you'll have to get a VPS or have a Raspberry Pi lying around that you want to use for it. Setting up the server takes about 10 minutes if you're a technical user. It's just "sudo snap install Nextcloud" then some additional LetsEncrypt settings if you want SSL. I'll admit it's not a good solution for non-technical users who aren't familiar with the command line.
However, multiple users can use the same server, so you can set it up once and share it with family members. You (the server admin) have full control over your data, so it won't be parsed and collected by third parties. It's also FOSS. There exist sync clients for all desktop and smartphone operating systems as well as a web interface for everything else.
That could be doable, but requires setting up an always available server in my home and installing Windows on that - not exactly the best of ergonomics
The Sync apps provide end-to-end encryption, so the entire file is uploaded when it changes. Agreed differential sync can be a good thing, especially with super large files that change often.
I agree, the only "con" I can think of with Tresorit is the price. But I am trying to put my money where my mouth is and pony-up for services which respect my privacy. Quite happy with Tresorit so far.
I use Resilio Sync. It's not free, but was just a one time payment, not a subscription. Works on macOS, Linux, Windows, and they have an iOS app, too.
Sharing with others is possible, but they have to have the app installed to access the files. Resilion Sync doesn't provide any server through which you can download the files, it's all P2P.
I couldn't figure out their licensing or payment model for a team, everything led back to subscriptions and was hideously complicated. We went back to Dropbox because it just worked, no matter how much cruft its taken on.
Introduction of random features instead of things people ask for.
Random features:
- Crypto wallets that go on your public profile if you want the alert to shut up
- Git. I mean, would you trust a production repo to magic crypto remote relying on a third party service that has no SLAs?
- We're kind of Slack/Mattermost/Discord now but with none of the accessability or SLA offerings and you need one or the other to have an audience besides "tech nerds" who are already fragmented on 20+ platforms and clearly just needed one more
Things people want:
- An app that is less entitled and forces focus over everything. Games, your presentation, everything, it doesn't care.
- Dark mode? Literally the highest voted thing and it took them 2 years to start working on it.
- Seamless mobile notifications. Signal can show content while maintaining strong crypto, why does Keybase just show '<person> sent you a message'. That is super annoying if you want to use Keybase for an actual team.
- Random reliability issues and nobody seems to care about them with any sense of urgency.
It's okay to be run like a hobby, to move fast and break shit and pay no attention to polishing the experience. But then don't be surprised if nobody seriously uses your product.
I've used Keybase for file sync/backup—though not extensively.
In spite of all of those other points, I've found the sync does work pretty seamlessly if you just need 1:1 sync and limited special features. That suits me well enough.
Oh interesting. I guess I assumed too much. To be fair, my main interest was in the content so it served me fine but for more complex workflows or needs that would be debilitating.
I am having trouble finding the original "Show HN" for Dropbox but I recall people just calling it, more or less, "rsync with a web GUI."
Taking it one step further, you could use rclone (https://rclone.org/) which is like rsync but adds the functionality of syncing files with different cloud storage providers.
It has been on my TODO list to setup rclone with Nuage as the front end (https://github.com/mickael-kerjean/nuage) so I can have a Dropbox-like interface with org-mode text file rendering on the go.
I have a Synology NAS with their "Synology Drive" software. The UI polish isn't great, but the functionality has been solid in my experience. Bonus points for keeping my data entirely local aside from the dynamic DNS piece to connect in remotely.
"For teams to work across the internet, they need to be able to see who else views the document on their team."
"Got it, agreed."
"What if they make it public, and the team is anyone on the internet?"
"Same! Name, email, maybe more?!"
No. No! If something is shared publicly, who views it should not be public knowledge. Or it should be screamed in blaring, blinking, marquee high-contrast banner across the screen to everyone before viewing the document.
I'd be OK with just part of their email or something, or only first or last name (but never both, or switched). It should only be 1 bit of information that if it looks off it would alert someone that the link has been compromised.
On the other hand I feel like Google Docs does the same thing.
I believe the way Google Docs works is that if you share something publicly, people show up as "Anonymous Animal" and that's about the limit of what you can learn about them, unless they are on the same G Suite account with you.
Although I think you might have the option to "reveal your Google Account" to other users/viewers of the shared document.
> Although I think you might have the option to "reveal your Google Account" to other users/viewers of the shared document.
Is it not the default when you are logged in? It used to be the case that when you are logged in and you visit Google Docs, you (your name at the very least) show up on the list of viewers.
I had a chance to join a machine learning team at Dropbox a few years ago. Ultimately what made me decline was this feeling that everyone in the office was sort of a zombie on autopilot. Nobody was excited about anything, all the use cases being kicked around for machine learning were extremely contrived recommendation and automation features that seemed like they had no real product research or stakeholder support to pursue them.
It was like everyone was just resigned to raking in money on top of an extremely boring storage platform and clearly nobody was going to risk generous salary or equity coming in so they could rock the boat with an ambitious project.
All to say it doesn’t surprise me that there was some lapse of quality checking or oversight on some feature of Paper integrating with Dropbox.
The whole place reminded me of this quote by TS Eliot, “Oxford is very pretty, but I don’t like to be dead.”
Dropbox to me seems like a one-trick pony trying desperately to expand their market. It's a cloud storage system. Ideally for consumers, not enterprises (who already have Google Drive, or AWS if you're storing web objects). I know they acquired HelloSign awhile back, but who the heck would want to use both DropBox and HelloSign together?
I believe their goal is to expand to enterprise customers who would use Dropbox as a replacement for something like Google Drive. They seem to hypothesize that the way to win market share is through collaboration intelligence features and coordination features. I think it’s a bad hypothesis and really if they have a way to win market share it’s purely by being a cheaper / more basic option, then maybe start-ups or small businesses would choose it.
But this goes against the premium pricing and branding they have created for consumer storage plans, and I think hamstrings them from doing anything else really.
And at the end of the day, if Google is worried you’re underpricing them, they have way more levers to pull on to retain or win back customers, and more cushion to absorb losses.
Just seems like a bad business strategy by Dropbox all around. Probably should just focus on how to deliver consumer storage accounts with lower and lower prices instead.
I just created a Paper document on my Dropbox account and then viewed it on another account. As best I can tell, Dropbox saying there is a notification is a lie.
I did not get a visible notification when creating it although there may have been one buried under some links or button. Paper documents are publicly editable by default if you have the url.
I got no notification when viewing it from a different user. I used the public link to do so and could see the identities of other viewers.
To save folks a few clicks and in case those tweets are deleted, here's the content:
> We understand the concerns, and want to assure you that privacy considerations are built into how we design our features. While Paper has a setting that allows anyone with the link to access a Paper doc, we warn users who try to access a doc owned by another team or a...[1/3]
> ...user not on their team that their information will be visible in a screen that pops up before the Paper doc loads. Displaying this information is needed to enable collaboration and security features for our users. Users and admins can control who can view a Paper doc..[2/3]
This is completely reckless, but I'm not surprised. This is the company that pushed an update that allowed people to log on to any account with any password. Clearly they haven't learned anything about good security practices or responsible data governance.
I use two Chrome profile, one for work and one for personal. I keep them separate by not logging into personal account in with the work profile etc.
Whenever I open Dropbox Paper with my work Chrome profile, it shows to have access to my personal Dropbox. These two are separate Dropbox accounts with separate emails associated to them. Yet, I'm able to access them since I sync a shared folder from my personal account on the same computer as the work Dropbox account (Work Dropbox account being the account thats logged into on the computer).
Seems like UX overtook security in this aspect since I didn't explicitly want to "connect" both accounts outside of shared folder.
It definitely seems unnecessary to share the info to all users, especially full contact info.
Airtable has a somewhat worse issue, any file you upload is publicly available without login, as long as you have the attachment URL. There isn’t any way to protect file assets, even though the underlying worksheet is private and requires a login.
I do, because they are one of the few online collaboration platforms which support LaTeX. I'm not talking about Overleaf, which is great if you want to make a full LaTeX document, I'm talking about an easier markdown editor where LaTeX is only used for math equations. I don't need the full turing-completeness of LaTeX if I'm just taking some notes during a meeting, but I do want to be able to write math formulae and have them display correctly.
This was the sole reason I checked it out, however I have grown to appreciate many of their other features. Their collaboration functionality is quite unique, and the generally smooth way you can add structured information (eg. "todos" with assigned users and due dates) is great.
That being said, it often feels "half-baked" still compared to other solutions. The Paper file organization interface feels like it is just bolted on top of Dropbox's existing interface, and sometimes their formatting is too restrictive (eg. you can't change text alignment). The issue raised in this post is yet another example of the product being half-baked.
It's not a great workaround, however, since (by the way it works) it looks like it would only work locally on the user's browser assuming they install the violentmonkey browser extension, it is rather verbose (the code block + `math:` prefix), and having to press F2 to rerender all inline math.
Why is it a GDPR breach when a Dropbox screen clearly explains to the user clicking the link that other users will see your details if you proceed? (Just curious, it may well be an issue, I just don’t know how).
If I understand correctly this warning/explanation only appears for the user sharing the document, not for anyone else who opened it(and whose information is still embedded).
That’s not correct. Unless there’s been a temporary regression then the warning explicitly happens for the person opening the document (the person you have shared it with)
GDPR, as I understand, does not allow removing unrelated features if someone does not agree to have their privacy broken. For example, opting out of ad tracking cannot make the site be blocked for me. In this case, there is no opt out button other than not using the feature and the feature does not require this information sharing.
> opting out of ad tracking cannot make the site be blocked for me.
Does this apply to cookies? I am asking because lot of websites have "necessary" cookies and there is no way to opt out of them (other than by closing the tab), and if there is and you do, then you cannot proceed further. I really do not understand why some cookies would be necessary to view a page though, but I have seen this on A LOT of sites.
Then what is the reason for websites asking me to accept? Some websites also offer me the ability to select/deselect some cookies, but cannot deselect "necessary" cookies. There are websites that do not function until I accept. Some sites explicitly state this, and they do ask me to accept/consent.
On the right, you will see a down-arrow, click on that. You can clearly see the first checkbox on the left being checked and disabled, it is the "necessary" or "essential" cookies to what I am referring. You cannot deselect. On top of that, there is no way to close the popup (?), it is by design. Of course there are ways to circumvent it, but that is besides the point.
There are many other websites like this, but I cannot remember them. :/
You must click on "Continue with Recommended Cookies", or you cannot use the site (you could use uBlock to block the element, but that is besides the point).
Essentially Dropbox is arguing that, due to the way they have implemented it, the feature does require this information sharing.
While it clearly could be implemented many different ways, and I agree Dropbox should do better in this case, I think this is one of the difficulties in enforcing something like GDPR. Almost anything could be made to work in an anonymous way, so where do you draw the line? When signing up for Facebook or an email account, for example, there is no reason they need my phone number. Sure, they say it is for password reset purposes, but there are other solutions for this, or I can simply agree not to be able to reset the password for that account... etc.
My point was that no, of course the feature doesn't require it, but their particular implementation of the feature does. For example, maybe they implemented per-user sharing first, which obviously would need to know who is accessing the document. Then they realized there are some use cases for sharing the document publically, but they basically just treated this (internally, i.e. according to their implementation) as a wildcard in the authentication portion. That is to say, the public sharing works exactly the same as the per-user sharing, but with a * in the "allowed users" field.
Clearly it doesn't have to and should not be this way. My point was that:
1. They are saying that their particular implementation did require it to be this way.
2. Almost every web app could be made to require less private data from the user, however if this is something that GDPR is going to enforce then there will end up being some subjective analysis (according to non-tech lawyers?) as to whether a particular implementation was in violation.
I may have just pissed off a lot of people with my experiment :(
I realised immediately afterwards how reckless that was, but Dropbox - WTF? Why is this even allowed?