Dropbox Interview
The popular cloud hosting and syncing service Dropbox has been in the news lately. First there were reports about Dropbox being insecure because of a configuration file that could allow anyone to access a user's Dropbox storage.
Then there were news that photo galleries might be accessible on the Internet without the user's knowledge.
If that was not already enough, there was an incident with the Open Source project Dropship which used Dropbox for file sharing purposes.
The interview with Dropbox's co-founder and CTO Arash Ferdowsi is about Dropbox's perspective on said issues.
Please tell us a little bit about yourself and your position at Dropbox
A: I'm Arash and I'm the Co-founder and CTO of Dropbox.
Dropbox has seen a big surge in users over the past year, how has the company accommodated the rapid growth?
A: It's a combination of architecture and automation. We carefully think through how our infrastructure is architected to deliver a service that will scale to 50 million, 100 million, 500 million users. We’ve also hired an awesome group of support engineers that not only answer every support ticket that comes in (from free and paid users alike), but who are building automation and auto-suggest systems that allow users find answers to their questions on their own.
Can you tell us about the company’s infrastructure?
A: We store files (after first encrypting them) on Amazon's Simple Storage Service (S3). We also have database servers, web servers, and the rest of our infrastructure outside of Amazon.
Dropbox staff seems very motivated, what’s the secret of the staff’s commitment?
A: Designing a great product is a very creative job. It's amazing to be able to exercise your creativity in a way that makes the lives of millions of people better. We're really fortunate to have that opportunity. It's the best job in the world.
As more and more companies get into the file hosting / synchronization market, how do you differentiate yourselves? Who do you consider your competitors?
A: What makes Dropbox special is that it just works. Every update should make Dropbox not just more powerful but also simpler. We've spent untold hours obsessing over every tiny detail of how Dropbox works, so you don't have to. Software like this simplifies your life and gives you time back.
Any plans to increase the available storage in the near future?
A: We’re looking at offering larger storage options. Businesses and organizations can already purchase more storage with a Dropbox for Teams account.
When did you hear about the issue?
A: We heard about this issue when users wrote into support with the link to the security researcher's blog post.
The issue was controversially discussed on the Internet, was that similar in internal meetings?
A: Not really. As we stated, if your computer is compromised, all your files are already exposed, not just Dropbox. That said, there were things we could do to make Dropbox more resistant to attacks from someone with access to your computer, and we immediately began working on it.
Which steps were taken to resolve the situation?
A: Our client team immediately addressed the permissions issue so that the config.db file can’t be accessed across local user accounts. We also began investigating approaches to encrypting the config.db file and making user credentials harder to steal. We released the first build to our user forums a month later.
How long will it take before 1.2 is released as stable?
A: Probably a few more weeks. Unfortunately the encrypted config.db file breaks several third-party apps so we want to give them a chance to design workarounds.
Are photos that are uploaded to the photo folder automatically public, meaning not protected by a password initially?
A: Actually, they are semi-private. The links include a random sequence of characters and then the filename, and it is possible but unlikely that someone can guess this. Of course, if links are posted on a public site that is crawled by a search engine, it is discoverable.
What can users do who no longer want their photos to be public on the Internet?
A: Simply move them out of the Photos or Public folder. By default, Dropbox doesn’t create publicly accessible URLs for files. The exceptions are those files that are placed in the Public folder and Photos folder.
Can you comment on the Dropship situation?
A: When something pops up that encourages and enables people to use Dropbox for infringing copyright content, you can imagine how that could ruin the service for everyone. Illegal file sharing has never been permitted and we take great pains to keep it off of Dropbox. We have a variety of easy-to-use sharing mechanisms (public links, shared folders, etc.) that people have been using for a long time for legitimate uses.
To clear up any confusion about Dropbox using DMCA to kill an open source project, we never issued a DMCA takedown to anyone. One user posted the source code on Dropbox and we removed it via a support banning tool. Unfortunately, the user received a bizarrely-worded email from us saying that we had received a takedown notice from ourselves (no such notice ever existed), for which we've since apologized.
Could you describe some ingenious uses for Dropbox, for instance how users are making use of Dropbox’s capabilities?
A: Our users write in with stories every day about how Dropbox is simplifying their lives. Astronomers are collaborating across continents by setting telescope data to save directly into their Dropboxes. Disaster response workers used Dropbox to share data and coordinate the relief effort after the Haiti earthquake.
Advertisement
Doesn’t Windows 8 know that www. or http:// are passe ?
Well it is a bit difficulty to distinguish between name.com domains and files for instance.
I know a service made by google that is similar to Google bookmarks.
http://www.google.com/saved
@Ashwin–Thankful you delighted my comment; who knows how many “gamers” would have disagreed!
@Martin
The comments section under this very article (3 comments) is identical to the comments section found under the following article:
https://www.ghacks.net/2023/08/15/netflix-is-testing-game-streaming-on-tvs-and-computers/
Not sure what the issue is, but have seen this issue under some other articles recently but did not report it back then.
Omg a badge!!!
Some tangible reward lmao.
It sucks that redditors are going to love the fuck out of it too.
With the cloud, there is no such thing as unlimited storage or privacy. Stop relying on these tech scums. Purchase your own hardware and develop your own solutions.
This is a certified reddit cringe moment. Hilarious how the article’s author tries to dress it up like it’s anything more than a png for doing the reddit corporation’s moderation work for free (or for bribes from companies and political groups)
Almost al unlmited services have a real limit.
And this comment is written on the dropbox article from August 25, 2023.
First comment > @ilev said on August 4, 2012 at 7:53 pm
For the God’s sake, fix the comments soon please! :[
Yes. Please. Fix the comments.
With Google Chrome, it’s only been 1,500 for some time now.
Anyone who wants to force me in such a way into buying something that I can get elsewhere for free will certainly never see a single dime from my side. I don’t even know how stupid their marketing department is to impose these limits on users instead of offering a valuable product to the paying faction. But they don’t. Even if you pay, you get something that is also available for free elsewhere.
The algorithm has also become less and less savvy in terms of e.g. English/German translations. It used to be that the bot could sort of sense what you were trying to say and put it into different colloquialisms, which was even fun because it was like, “I know what you’re trying to say here, how about…” Now it’s in parts too stupid to translate the simplest sentences correctly, and the suggestions it makes are at times as moronic as those made by Google Translations.
If this is a deep-learning AI that learns from users’ translations and the phrases they choose most often – which, by the way, is a valuable, moneys worthwhile contribution of every free user to this project: They invest their time and texts, thereby providing the necessary data for the AI to do the thing as nicely as they brag about it in the first place – alas, the more unprofessional users discovered the translator, the worse the language of this deep-learning bot has become, the greater the aggregate of linguistically illiterate users has become, and the worse the language of this deep-learning bot has become, as it now learns the drivel of every Tom, Dick and Harry out there, which is why I now get their Mickey Mouse language as suggestions: the inane language of people who can barely spell the alphabet, it seems.
And as a thank you for our time and effort in helping them and their AI learn, they’ve lowered the limit from what was once 5,000 to now 1,500…? A big “fuck off” from here for that! Not a brass farthing from me for this attitude and behaviour, not in a hundred years.
When will you put an end to the mess in the comments?
Ghacks comments have been broken for too long. What article did you see this comment on? Reply below. If we get to 20 different articles we should all stop using the site in protest.
I posted this on [https://www.ghacks.net/2023/09/28/reddit-enforces-user-activity-tracking-on-site-to-push-advertising-revenue/] so please reply if you see it on a different article.
Comment redirected me to [https://www.ghacks.net/2012/08/04/add-search-the-internet-to-the-windows-start-menu/] which seems to be the ‘real’ article it is attached to
Comment redirected me to [https://www.ghacks.net/2012/08/04/add-search-the-internet-to-the-windows-start-menu/] which seems to be the ‘real’ article it is attached to
Article Title: Reddit enforces user activity tracking on site to push advertising revenue
Article URL: https://www.ghacks.net/2023/09/28/reddit-enforces-user-activity-tracking-on-site-to-push-advertising-revenue/
No surprises here. This is just the beginning really. I cannot see a valid reason as to why anyone would continue to use the platform anymore when there are enough alternatives fill that void.
I’m not sure if there is a point in commenting given that comments seem to appear under random posts now, but I’ll try… this comment is for https://www.ghacks.net/2023/09/28/reddit-enforces-user-activity-tracking-on-site-to-push-advertising-revenue/
My temporary “solution”, if you can call it that, is to use a VPN (Mullvad in my case) to sign up for and access Reddit via a European connection. I’m doing that with pretty much everything now, at least until the rest of the world catches up with GDPR. I don’t think GDPR is a magical privacy solution but it’s at least a first step.