this post was submitted on 19 Dec 2023
666 points (97.6% liked)

Technology

59390 readers
2904 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
666
Dropbox removed ability to opt your files out of AI training (news.ycombinator.com)
submitted 11 months ago by [email protected] to c/[email protected]
98 comments fedilink hide all child comments
 

Dropbox removed ability to opt your files out of AI training::undefined

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 152 points 11 months ago (18 children)

Why does dropbox have the ability to see your files at all? That seems like a pretty bad security flaw in the first place.

[–] [email protected] 7 points 11 months ago (5 children)

There are drawbacks to end-to-end encryption (E2EE). I'm not aware of any E2EE cloud storage systems that have the features Dropbox provides. I would LOVE to know of any that...

  1. Support at least the big 5 platforms (Android/iOS/Mac/Windows/Linux).

  2. Have a functional web interface.

  3. Support sharing and collaboration.

  4. Have a search feature

  5. Sync to the local filesystem on a folder-by-folder or even file-by-file basis

  6. Integrate with other tools (e.g. android file picker)

It's not easy to do all that with E2EE, like a functional web interface, search, and integration.

ProtonMail's search, for example, is limited to subject and metadata, and that's specifically because they DON'T use E2EE for that.

I'm willing to compromise some of this for the sake of E2EE, but I'm not at all surprised that feature-first services are more popular than privacy-first services.

[–] [email protected] 2 points 11 months ago* (last edited 11 months ago)

1: easy to port E2EE, it's just math

2: browsers and E2EE is hard, you need an extension to implement it securely so the password can't be made accessible directly to the server (you need it to remain secret even from the hosting company) or else you're dealing with MITM risk

3: easy by sharing encryption keys using E2EE messaging protocols on top

4: encrypted search is a thing, but such indexes does tend to have some limitations

5: still easy

6: still easy, Android specifically have APIs to let apps register themselves to the file picker so they can transparently encrypt and decrypt files. But yes on other systems where 3rd party apps can't offer such integration then it's hard

I've seen one called Skiff that's trying to do most of these things

https://skiff.com/pages https://skiff.com/drive

load more comments (4 replies)
load more comments (16 replies)