Stay away from Dropbox

Discussion in 'PC' started by Hazen, May 31, 2021.

  1. twoheart

    twoheart Audiosexual

    Joined:
    Nov 21, 2015
    Messages:
    2,099
    Likes Received:
    1,304
    Location:
    Share many
    THIS is the solution for almost every problem of that kind NOT using the next cloud service. (regardless if user or software error)
    And even better if I backup my backup to another device in another location so that e.g. a fire can't destroy my valuable data.

    This is for valuable data. My shitty family vacation photos may reside in the cloud. :dunno:

    But wait! :guru:
    Be careful: A german dad - and that's really common in Germany - took pictures of his nude baby boy on the beach (perfectly ok in Germany) - and saved it to his private MS cloud storage oneDrive via his cellphone.
    A few weeks later, he received an uninvited visit from a bunch of German Federal Criminal Police Office agents in the early hours of the morning on suspicion of possessing child pornography. All computers, telephones and data carriers were confiscated for evidence. :woot:

    What happened: The company Microsoft had sent the images in an automated procedure to the American FBI, which wanted to prosecute the father as part of an administrative assistance procedure. The reason: In the U.S., the depiction and storage of photographies of naked babies is prohibited, and since the storage took place in the U.S., the father may have had committed a criminal offense there.
    IDK if charges were brought against the father. He certainly did not get the confiscated equipment back until months or years later. :suicide:

    So I think twice before I use any of those free services. It may get quite inconvenient. :rofl:

    Everything can change just because there is a new management that decides to monetize the service. I get a mile long email that I don't read because I think it's advertising and then suddenly my data is the property of the company.

    https://www.borncity.com/blog/2020/08/14/microsoft-kontensperrungen-und-die-onedrive-nacktfotos/
    https://winfuture.de/news,83058.html
     
    Last edited: Jun 3, 2021
  2. itisntreal

    itisntreal Guest

    Just fuck the cloud backup thing
    Buy an external hdd only for backup disconnect the drive after backup and only use it for backups
     
    • Like Like x 1
    • Love it! Love it! x 1
    • List
  3. jkst

    jkst Kapellmeister

    Joined:
    Oct 31, 2016
    Messages:
    55
    Likes Received:
    49
    Dropbox app has 2 main use scenarios, cloud based AND cloud & local use. So basically it can save all your files in the cloud and delete them from local drives thus saving space, in this case it will create on your pc a 1:1 folder of shortcuts to all the backup files and download them locally when requested, then after you save them it will automatically sync with the cloud. THIS IS THE DEFAULT SETTING WHEN YOU INSTALL THE APP.

    If you choose to preserve the files locally then it will do so, in this case you will have 2 copies, one locally and one in the cloud.

    I work with dropbox both for work and for personal use, no issues whatsoever.
     
    Last edited by a moderator: Jun 3, 2021
  4. Obineg

    Obineg Platinum Record

    Joined:
    Dec 7, 2020
    Messages:
    768
    Likes Received:
    275
    of course a third copy somewhere online will give you additional safety.

    because the second copy in your house will be affected by theft, water or fire the same way the original is.
     
  5. Olaf

    Olaf Platinum Record

    Joined:
    Jun 5, 2011
    Messages:
    568
    Likes Received:
    242
    I would guess that during installation you changed the default sync path (e.g. "C:\Users\Hazen\Dropbox\") to your actual user folder (e.g. "C:\Users\Hazen\"). This way your user folder and everything it contains (Desktop, Documents, etc.) is synced completely, so every file is sent to the "cloud". When you delete something there, it also gets deleted on your hard drive since it is synced. Maybe you also enabled Smart Sync, so everything in the sync path was deleted from your hard drive to save space.

    You can restore any deleted file for 30 days here: https://www.dropbox.com/deleted_files
     
  6. Roger8176

    Roger8176 Ultrasonic

    Joined:
    Nov 17, 2011
    Messages:
    52
    Likes Received:
    20
    Most importantly one must put up barriers to keep oneself intact.
     
  7. Guitarmaniac64

    Guitarmaniac64 Rock Star

    Joined:
    Jun 5, 2011
    Messages:
    1,345
    Likes Received:
    317
    I agree what a stupid idea to have everything n the system drive aswell as in the cloud if you remove the systemdrive files you remove the cloudfile aswell wow that person who came up with that idea must be a real moron..
    Well its crapple they always come up with stupid ideas
     
  8. DoubleTake

    DoubleTake Audiosexual

    Joined:
    Jul 16, 2017
    Messages:
    2,282
    Likes Received:
    1,227
    Well, if one is ill-equipped to act .. with insufficient tact, that is.


    Were you talking to me?
    If so I am highly offended and demand you pay a heavy penalty!

    If you were not talking to me..
    Well then I am highly offended that you ignore me and demand you pay a heavy penalty!

    theft, water, fire or drunken-Friday-night-computer-out-the-bedroom-window ...
     
    Last edited: Jun 4, 2021
  9. Pallaros

    Pallaros Member

    Joined:
    Feb 20, 2021
    Messages:
    15
    Likes Received:
    8
    Bad bad bad Dropbox !!
     
  10. JMOUTTON

    JMOUTTON Audiosexual

    Joined:
    Jan 10, 2016
    Messages:
    1,098
    Likes Received:
    909
    Location:
    Virginia
    E-mail.

    Use an email clients they are more versatile than web based email and it generally doesn't have the permissions or persistence in caches that web browser do. Most modern email servers use encryption to connect and transmit your messages to the server and email servers no longer transmit to each other in plain text.

    If you want to send email that only the person you sent it to can read an email client give you the option to add encryption, PGP is the most common but there are others. You and user_foo trade public_keys, which you use the encrypt messages sent to each other. A message sent to you encrypted with you public_key can only be decrypted by using your private_key which you never share with anyone.

    As far as opening message security goes, don't open email from strangers or your friends for shit you didn't ask for. If you really need to open a powerpoint presentation because it says it has pictures of funny dogs doing silly shit that you must see. Make an email VM of whatever flavor of minimal linux you can tolerate and sandbox it. You can open whatever you want in there as the possibility of exploiting a properly locked down OS and a client like Thunderbird which doesn't usually have shit for permissions is minuscule.
     
  11. BEAT16

    BEAT16 Audiosexual

    Joined:
    May 24, 2012
    Messages:
    9,081
    Likes Received:
    7,006
    Thanks for the explanations and tips.
     
  12. GabsIT

    GabsIT Producer

    Joined:
    Oct 29, 2020
    Messages:
    204
    Likes Received:
    133
    Location:
    Asia
    You can give a try tutanota, I use it only for important things, for random stuff I use gmail, tutanota uses high encryption but if you lose your password and the hash recovery key there is no way to recover your account.
    tutanota.com
    "With end-to-end encryption and 2FA, your emails have never been more secure. The built-in encryption guarantees that your mailbox belongs to you: Nobody can decrypt or read your data."

     
  13. Crinklebumps

    Crinklebumps Audiosexual

    Joined:
    Nov 1, 2017
    Messages:
    983
    Likes Received:
    713
    Location:
    UK
    A backup kept on a disconnected drive in your home isn't really an adequate backup, a true backup should be offsite. That introduces other concerns for personal information of course but not if it's well encrypted. I'm inclined to think online backup is ok with adequate encryption but who knows what technology the FEDs et. al. have at their disposal - but do you (not referring to the OP) really think your little life is of any kind of interest to the big players? If they can get around extremely tight encryption they can almost certainly hack into your computer directly and access everything anyway.

    Encrypt a hard drive, put it in a non-perishable box and bury it in your garden (also a good idea for your house key should you find yourself locked out).
     
  14. WillyA

    WillyA Producer

    Joined:
    Oct 26, 2019
    Messages:
    218
    Likes Received:
    97
    I find that the best backup for workstations is Macrium Reflect. It's a shame you can't use it to backup Mac.
    Acronis will backup a Mac, but I tried it and It doesn't do recovery! Fat lot of good that is.

    I just use Carbon Copy Cloner for my Mac, Macrium for Windows Workstations and Veeam for VMware machines on the server.

    I have a 6TB Hard Drive in the server, just for backups and a 6TB external USB for Workstation backups.

    The Cloud? I trust it as much as a coiled rattlesnake. You think the alphabet agencies don't have backdoors? If so you a very naive!

    I only use Dropbox for non-important files. the evil bastards keep hacking just about every site and forum, so I just use a password that's already been hacked because they are welcome to it!.

    I use passwords for important stuff minimum 12 characters of gobbledygook. So if they hack this site (and they probably will if they haven't already), they'll get a useless password.

    I setup a honeypot server and the silly little ********, have a go at it every night. My logfiles collect their IP addresses and I lock them out on my Firewall. IF they ever crack my 24 character password for the Firewall, they still have to get through another one with a 26 character password.

    I HATE Hackers, they should all be jailed for life with extra hard labor! There is NO excuse!
     
    Last edited: Jul 25, 2021
    • Like Like x 2
    • Funny Funny x 1
    • List
  15. GabsIT

    GabsIT Producer

    Joined:
    Oct 29, 2020
    Messages:
    204
    Likes Received:
    133
    Location:
    Asia
    All semi-professional crackers use a combined method. For checker sites however, the implementation can differ... Usually they will implement a simple client side JS based checker, which can use statistics produced (dictionary word or differs only slightly? length? char-set? -> you have the answers for all of that).

    Possibly the best way of implementation:

    1. Has the password(and hash) been on the most commonly used passwords lists or leaked already, hence been commonly tested by crackers? Also, famous xkcd 1 and 2.

    2. If not, what is the complexity(character set, special chars, etc.) and therefore the entropy of the password? Where does it end up on the category of passwords complexity and pre-estimated cracking time?
    Finally, Password cracking is cheap, there are services to rent, and the 2019 cost estimates are here using AWS and hashcat. In hashcat or john the ripper, you will see exactly the strategies they implement e.g. starting off with your dictionary of choice(e.g. use dict from a specific language - if for instance the adversary got hold of a Spanish website's hashed password database - and the tools will use typical replacements of o->0, a->4 etc., add short words, adding numbers(e.g. dates) before and after so exploiting all the human elements really). Users have been conditioned( really wrongly) to choose a word, and make it more "complex" by adding few numbers, and some special chars in the beginning/end. But it's been long known that length beats complexity.

    Here is another great explanation from a famous security expert/researcher on the exact same topic.

    For the site mentioned specifically, if you check the source of the webpage, there is currently a specific JS asset, that you can put into a beautifier.

    https://howsecureismypassword.net/app.60d36fdc.js

    It's 12k lines, here is the beatified version on pastebin.


    Table-1-2.jpg
    Table-2-2.jpg
    Source: https://stackoverflow.com/questions/60646247/estimating-password-cracking-times
     
    • Interesting Interesting x 3
    • List
  16. twoheart

    twoheart Audiosexual

    Joined:
    Nov 21, 2015
    Messages:
    2,099
    Likes Received:
    1,304
    Location:
    Share many
    @GabsIT of course longer passwords are better, theoretically but:

    Password security is not just a function of length

    The problem with very long passwords is, that people begin to write it down on paper or into their smartphones because they can't remember - even with menmonic help - their secure 15 characters long passwords. Or they are too lazy to change it completely so they start to use passwords like "h5%tg/6Aw2f§gTzg}" and change ist to "h5%tg/6Aw2f§gTzgß".
    At least, that's what I observed in our company. As a result, it is easier to crack the long passwords if only one digit is changed every once in a while.
    At the moment our password enforcement is "10 characters out of 62, no use of old passwords for a year and monthly change".
    Looks pretty safe until you look under the desk pad or in the cabinet next to it. :rofl:

    Security researchers have found that passwords become more and more secure only up to a certain length, after which silly tricks occur on the part of users, similar to the one described above.

    https://www.bbc.com/news/technology-40875534
     
    Last edited: Jul 25, 2021
  17. ArticStorm

    ArticStorm Moderator Staff Member

    Joined:
    Jun 7, 2011
    Messages:
    7,695
    Likes Received:
    3,919
    Location:
    AudioSexPro
    all this is useless if dropbox simply didnt encrypt the passwords or just had sercurity holes in their API.
    your password could have been 1MB long, if there is direct access to the user+pass database ...

    i will never ever use dropbox. (two times my password details were leaked by dropbox)
     
  18. rollerball

    rollerball Platinum Record

    Joined:
    May 27, 2020
    Messages:
    288
    Likes Received:
    229
    @GabsIT and @twoheart thanks for the informative replies.

    I just found it funny when I saw how long the password containing "D0g" would take to crack. :rofl:
     
  19. BEAT16

    BEAT16 Audiosexual

    Joined:
    May 24, 2012
    Messages:
    9,081
    Likes Received:
    7,006
    The Hasso Plattner Institute listed the most popular passwords of 2020:
    1st place: "123456", in 2nd place: "123456789", in 3rd place: "password".
    In the other places there are first names such as Alexander, Michael or Daniel and formulations such as “I love you”.

    Oh yes, the pin number belongs on the credit card (just kidding).

    A password is safe if it is, for example:

    - 20 to 25 characters long and two types of characters are used (for example a sequence of words). It is then long and less complex.

    - 8 to 12 characters long and four types of characters are used. It is then shorter and more complex.

    - 8 characters long, three types of characters are used and it is additionally secured by multi-factor authentication (for example by a fingerprint, a confirmation via app An application, or app for short, is application software. The term app is often used in connection with applications for smartphones or tablets ... or a PIN). This is generally recommended.
     
  20. GabsIT

    GabsIT Producer

    Joined:
    Oct 29, 2020
    Messages:
    204
    Likes Received:
    133
    Location:
    Asia
    I am not defending Dropbox or against it, What I stated is how hard is to crack a good password, also there is no such thing as a perfect password or perfect security, doesn't matter if is dropbox, box.net, mega or any other cloud storage provider, technology is now so complex that nothing could start from zero and everything can be subject of vulnerabilities that will be discovered in the future and still present today, for example there was a hack in a Virtual machine company that was an alternative to VMware, the owner was an Indian engineer (edit: found it) now I can't find the data but long story short, there was a hole in the virtual machine software and the hacker got access of everything running over those VMs in many datacenters in the world, I think the hacker black mailed the CEO and he thought was a bluff and finally the hacker deleted key stuff and after some days the CEO killed himself, so my point is you can't really relay on anything, and in practice is better to understand that everything will be eventually hacked, this is why I am pointing out that a good password in a compressed file is a solid base also end to end encryption as tutanota or mega (that wasnt really the case) in those cases there is no real password or hash stored, so the password simply decipher or not the file or files attached (same principle) to an account or an email, that is why there is no recover in those ways, or you have the password or lost everything.

    I think that no company store passwords in these days but what happens is that they hackers get the salted keys and the salted hashes and some of the passwords that are obviously bad could be deciphered by brute force or against dictionaries.
     
    Last edited: Jul 25, 2021
    • Like Like x 1
    • Agree Agree x 1
    • List
Loading...
Similar Threads - Stay away Dropbox Forum Date
ESI U24XL and ESI interfaces in general - STAY THE HELL AWAY ON MAC (angry post) Soundgear May 27, 2022
Staying away from viruses? PC Aug 13, 2019
Sample Company to stay away from? Working with Sound Mar 13, 2019
Stay away from the new Official Windows 7 ISO PC Feb 22, 2019
ExtaBit: Please stay away from this scam Internet for Musician Nov 20, 2013
Loading...