Tell HN: Dropbox now requires access to contacts for Google login
I remember I was using Google login to login to my Dropbox and in the last year or so Dropbox started asking me to access my contacts in Google. I would always deny access and still manage to successfully login. Yesterday I tried the same but with no luck. I contacted Dropbox support and this is their reply:
> I'm afraid that is not possible at the time. I apologize for any inconvenience this may cause.
Interesting that they chose this route when users are getting more and more privacy-aware.
396 comments
[ 0.21 ms ] story [ 232 ms ] threadFYI - never use oauth to log into anything you care about.
Software isn't allowed to just be done anymore.
However, your point still stands, because exceptions are just that, exceptions.
Interesting remark. I'm not objecting but it's interesting that this goes against what can one read here very often from people who comment on new products, which goes like this: "if you offered oauth sign up, I'd sign up but won't bother with creating an account". Just an observation.
Also, the usual tracking stuff.
EDIT: I'm talking about sites that also have their own local user db of course, so you could just do a password reset.
It'd be nice to see Google offer something like that.
Makes it tough for third-party devs to debug a legit “I am not seeing Page X as an option” though.
So maybe the lesson should sound more like
- 'Don't use Dropbox for anything you care about' or
- 'Don't do business with large corporations for anything you care about'
To clarify, I am not saying it to protect oauth (in its current state I am not a particular fan of it), but to show, that the technology doesn't change by itself and that someone decided to change it. So the company who decided to execute this unethical change should take its share of the blame too.
There is no fine grained control to permissions.
Or, "Then create a password and revoke oauth permissions from the provider"
I definitely agree with this. While it's true that Google, Microsoft, Facebook, and Apple are probably better at securing accounts than most other companies, there's always the possibility that they can be compromised.
Another problem is that if your oauth provider decides to close your account for whatever reason, it may be difficult or impossible to unlink everything from it.
Not only do I create real accounts for any service I want to use, I divide them up among multiple separate email accounts, so that if one account is compromised, I limit the associated services that are vulnerable as a result.
Previous logic: They've asked for permission, been clear about what data they and presumably haven't prechecked anything (because they don't have control over that UI).
I don't think GDPR has any protection about a vendor locking you in and then asking to change the privacy policy.
“ 3.1 Free / freely given12 13. The element “free” implies real choice and control for data subjects. As a general rule, the GDPR prescribes that if the data subject has no real choice, feels compelled to consent or will endure negative consequences if they do not consent, then consent will not be valid.13 If consent is bundled up as a non-negotiable part of terms and conditions it is presumed not to have been freely given. Accordingly, consent will not be considered to be free if the data subject is unable to refuse or withdraw his or her consent without detriment.14 The notion of imbalance between the controller and the data subject is also taken into consideration by the GDPR.”
[0] https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_gui...
(please don't refute this with a link to enforcementtracker.com unless you can show me a fine that's even remotely close to being dissuasive)
This is completely unacceptable - feels like a ransom.
Is there an alternative to Dropbox that isn't iCloud or Google Drive? I would like to pay for Tarsnap but I don't understand 250 picodollars / byte-month.
[1] https://www.eejournal.com/article/onedrive-down-the-road-to-...
[0] https://syncthing.net/
It's great for serverless sync between Linux, freeBSD and Windows machines, though - it generally "just works". Didn't try it on macOS or Solaris, never had the need to.
If you don't like the self-hosting part, there are even offers which make it simple, like the one from Hetzner[1].
But there are also other providers:
https://nextcloud.com/signup/ (click 'Change Providers')
[1] https://www.hetzner.com/storage/storage-share
[1] https://www.eejournal.com/article/onedrive-down-the-road-to-...
If you want to test this yourself, Onedrive has a free tier you could try.
For Exchange/Exchange Online, Outlook uses a .ost file that lives in AppData, which is not synced by OneDrive.
Actually, I just checked and their Mac and web apps also have search.
You could also look into seedboxes.
[1] https://www.eejournal.com/article/onedrive-down-the-road-to-...
It's been so worry free that when I had to move house I had to read the docs again to make sure I do things right. And that's on top of me studying the project well enough the first time I set it up that I ended up contributing some patches.
P.S. There are hosted offerings for nextcloud but for a household with 2-5 users I think nextcloudpi has the best value proposition.
Look at the documentation for the best supported options.
If you’re not interested in self-hosting and just want a straight Dropbox replacement, I’d look into Nextcloud providers.
Their Mac app is good. It’s native and doesn’t use a ton of resources (I haven’t used it on other desktop platforms). AFAIK, it doesn’t support APFS extended attributes, so Finder tags won’t get synced. It does use the Finder sync extension API though.
It works slightly differently to Dropbox — rather than just being a single folder that syncs, it’s more like selective sync, where you have multiple folders that are optionally synced. This confused me a little during setup, but I think I prefer it now.
I tried pretty much all the other alternatives and didn’t like them. I’m already paying for iCloud Drive, so I’d love that to work, but it’s chewed up files or taken hours to sync on too many occasions, so I don’t trust it any more.
For reference, HDDs cost ~$20/TB, so you could buy a new HDD every 2.5 days for the cost of storing the data on tarsnap.
My requirements were integration with rclone and FolderSync (android app) to work natively with their APIs and it works like written on the tin. I was able to use rclone on a cloud server to transfer data out of Google Cloud (rclone can act as a local proxy to copy between services) and I'm able to use FolderSync on my mobile to keep it backed up.
The pCloud branded mobile app is OK (nothing great), the webapp works well (again, just sort of works) and so far I've found no real problems with it - no failed syncs, my backups are backing up nicely, it just sort of works without fanfare.
My actual expectation is that at some point, 500G will be "small" in provider terms and they'll offer upsells to 1TB, 2TB etc. over the life of my account trying to get me to the next level or some other features (which they already have - you can buy add-ons). Nothing wrong with that, I still get my portable 500G "for life" (of the Product) which suits my current space needs. I have enough portable space now that I can upload a hundred gigs of Music, something I wasn't able to do before (increased cost) and use that 500G space. (I had uploaded everything to Google Music over a decade...so... yeah)
(edit: typos, wrong word/replaced)
I had a paid pro account at the time.
I actually had a conversation with a product manager; I checked the yes you can contact me when I cancelled my account. They simply refused to admit that an upsell was a advertisement and that disrupting my workflow on my paid, professional account for an ad was wrong.
The other interesting thing about that conversation, they could not understand how a sole proprietor would see no benefit from collaboration tools and kept making up bizarre scenarios where I could use them.
I actually asked them if they were a product manager or a salesperson at one point.
To Dropbox's credit, that product manager didn't try to retain me, they were genuinely trying to figure out why I had quit; they just couldn't grok the reason.
It's hard to make someone understand something when their salary (and entire reputation - given that increasing engagement/retention by X% is a big selling point on a resume) depends on not understanding it.
I am sure the inability to understand that it was a dark pattern to have no [X] or [SKIP] button was intentional :-)
Similar situation with major retail chains delivering brochures to a doorstep, or a bank clerk upselling bank credit and investment funds. It's not inability to understand, they are financially rewarded by doing this to you and their supervisors are malicious sociopaths. Their attitude is "why this person doesn't let me do my job".
This is what happens when you plan your product not from user need but from company need.
Granted, the current situation is problematic, but this happened even before and since you are prime, you don't get any money back or something like that. It's just bad luck then.
Now, you might think you could rely on the services where you pay extra for same-day delivery or morning next day. But those end up missing the delivery window a good half of the times I used them - even before the pandemic.
Next day or same day delivery just isn't something that seems to work reliably here in Western Europe.
I know companies where a local driver will literally get in a car and bring me what I need right away, but that doesn't scale to Amazon levels.
Given that prime delivery rarely holds its promise, it is no surprise that Amazon needs to make non-prime delivery even less attractive.
But you know, there are other vendors! Plus, you are less likely to get a fake product if you order directly from there.
And the dark patterns on placing an order without re-upping Prime feels like the fake download buttons on download.com without an ad blocker.
(I actually tried going along with the scam, but his call centre was so noisy he couldn't hear what I was saying, ffs.)
My other bugbear are the auto playing videos on Netflix and the use of massive spoilers in episode thumbnails.
As a single consumer in a vast ocean I don't think my opinions will ever be listened to. Right now it's worth putting up with this crap as the benefits outweigh the cost but if it gets any worse I'll be unsubscribing.
You can actually turn off "Autoplay previews" now. You have to log into your account from a web browser, and then look at the Playback settings for the profile you want to change.
I bet someone has an engagement OKR anyway, though.
Goodhart's law applies. If a customer is watching more Netflix because they are binging some fantastic new context, that’s great for Netflix. If the customer watching more because the app keeps auto playing something they didn’t ask for and gradually pisses them off, not so good. Netflix might have better ways of measuring customer satisfaction that can tell if these behaviors make the customer more satisfied overall.
I fucking hate it. Yes, I’m one of those weirdos who sits through to the end when the copyright rolls past and gets pissed off when the lights come on at a theater during the credits.
It is incredibly disrespectful to the film.
This is one of those “good taste” things that I feel like Steve Jobs wouldn’t have tolerated.
It’s especially annoying on some older films with short end credits because it happens before the movie is even over.
We don't pay "respect" to delivery drivers, or to designers and engineers who brings us our gadgets and services in same way. Why should I spend my time and attention on credit rolls? It's not like anyone noticing it.
There are even credits in the loading screen of Adobe Photoshop.
Most popular gadgets with screens, smartphones, doesn’t have credits, not the most popular apps on App Store apart from couple of words “From Facebook”, “By Google” etc. It’s not considered “incredibly disrespectful” to not read credits in apps or acknowledgments in books that have it listed. It’s a personal preference to read or skip them. I’m not sure what point you’re trying to make.
I really enjoy movie watching. I use the credits to contemplate what I just watched. Sometimes to see who played specific roles, or what music was in the film, or the locations. So yes, I do watch the credits.
I know most people don't. But that decision should be mine or yours.
I found this attitude a bit confusing. The film makers are not there, who are you showing respect to? Also, do you read each crew members name? If not, what's the point of sitting through it?
I want to be in control of whether or not to watch to the very end. It should be my choice.
[0] - https://help.netflix.com/en/node/2102
Bojack Horseman; I laughed, I cried, I lived...I jumped up out of my seat after six seasons to turn off some offensive trailer when it was finally over.
This really hits it for me. It's not even the credits that I need, per se, as long as the movie stop playing when it's done, whether with a credits sequence or a simple fade to black.
I waited for Stranger Things to come out on BluRay (currently waiting for the third season), and I'm 100% convinced I had a better experience than someone watching on Netflix, because the episodes actually ended after the credits. For a show few people will get to see this way, the writers really knew how to conclude each episode in just the right spot, so you had a nice place to take a breather and contemplate.
Of course, this confused the shit out of many viewers, who thought it was part of the show and tried to find meaning in it...
The Kodi Netflix add-on might not have the best interface, but at least it doesn’t do stuff like this!
You can now disable this at the account level. They added the option a few months back.
I usually watch TV with subtitles on (it means I can have the volume a little lower), and I find that cases where pre-roll ads are inserted either don't adjust the subtitle sync or don't adjust it properly. Amazon's subtitles are generally 1-2s ahead of the video, which is just enough to let the air out of a big reveal or ruin a joke.
Netflix and Hulu and competing with easier to use and more flexible pirated media, whether they like it or not. The consistency and flexibility of the VLC interface (or whatever media player you choose) is vastly better than whatever features a Netflix PM is trying to push to juice their metrics.
(I won’t even get into unskippable screens on Blu-Ray discs which are removed on the pirate version.)
My 960 GPU in the htpc doesn't quite have the bit depth that Netflix wants, therefore it disables 4k entirely. Bought the GPU at the time as it was the first with hardware HECV, has zero issues playing back a 4k encoding by someone else..
What happens if you play the first season of Stranger Things, which was produced in 4K but not in HDR?
On a more technical related note, I'd imagine 4K SDR variants of all Netflix HDR productions are generated on the back-end as an output of the same post-production process used to produce SDR prints at lower resolutions for reasons of both creative control an delivery efficiency; HEVC is just a compression algorithm, after all, and mostly orthogonal to matters of colorspace conversion and tone mapping.
See, e.g.,
https://partnerhelp.netflixstudios.com/hc/en-us/articles/360...
and observe that the example Dolby Vision workflow yields three distinct masters,
1. Dolby Vision (HDR + SDR tone mapping metadata)
2. SDR (generated automatically from the Dolby Vision source)
3. DCI-P3 (for potential theatrical exhibition)
I therefore assume the requirements for 4K SDR playback of SDR and HDR titles are identical.
‡ If and only if said Kaby Lake iGPU is connected to a video output.
I mention this because I can only watch 4K Netflix on my Hades Canyon NUC with the help of a Pascal eGPU, because, while the Kaby Lake iGPU is present and fully functional, all video outputs connect to the NUC's discrete AMD Polaris GPU, which Netflix doesn't support.
DRM sucks.
But lets be honest, essentially all pirates just want the content for free.
Frankly, this matters less and less if 98% of your offering is "Netflix originals" pulp. After 10 minutes of watching I have a feeling they should pay me for watching this.
In anyone asked me, I'd prefer quality over perceived quantity. Quality needs time, thought, talent.
You can usually find everything you want, but sometimes it requires some time.
I don't have a large 4k tv, so maybe I'm not appreciating how bad the streaming movies look.
But Netflix, Amazon, itunes, Vudo, etc. are all way easier services to use.
Second, they are targeting the masses, who probably like a 30 second preview for another show and don't care how 4k is encoded. In my experience, about 50% of people with high def TV's didn't even set up high def cable packages.
Even if it's hard to find something on public trackers with the right dubs/subtitles, it's rarely impossible for popular content. And if the subtitles are bad, you can, for example, download a different lower quality rip and pull the subtitles off that. The point is, in this system the user has control over the data they are consuming. This is infinitely preferable to some people than the chains of DRM.
It's not a huge amount of work by any means, but for many people it's probably insurmountable. Let alone when you compare it to the work involved to use a streaming service:
1. Sign up 2. Enter CC info 3. Done
When Netflix launched in Denmark, I immedately jumped on it. It used to have endless amounts of great content, and was way more convenient than piracy. Now it's just filled with trash, and I can never find what I want to watch. Piracy has again become more convenient.
My wife wanted to watch the Borne Identity and my um friend had figure out why Radarr blacklisted a bunch of releases then wait for it to download and un-par (which took 5x longer than the download). I came back into the living room 15 minutes later and found my wife just watching it with commercials on Peacock.
During a break I convinced her to switch to plex since it didn't have commercials. But then we had to pause the movie and fumble with subtitles for the scenes in the swiss bank. First downloaded set didn't match the timestamps. Second did, but it was like 5 minutes. "Why couldn't you just let me watch in on NBC HONEY?"
Something like https://put.io/ is far easier while still providing all the control you need over files and usually makes them available instantly.
1. Horrible video compression to save bandwidth
When they offer users high definition content, they're actually talking about the resolution of the image. The quality and detail of the image will almost always be much worse if compared to another source such as Blu-Rays. Netflix somehow manages to add compression artifacts to nearly 100% black frames. Scenes with a lot of movement are actually painful to watch.
Compare that to the obssessive attention to detail you can often find in piracy communities and the winner is obvious.
2. Censorship
These services aren't afraid to cut content in order to broaden their audiences. They may even be required to do it by law. Pirates obviously don't have these problems.
3. Annoying copyright issues nobody cares about
Netflix once had Terminator 1 and 3 but not 2, as well as Spider Man 1 and 3 but not 2. Was the license for these movies too expensive for them? Who knows? Who cares?
Want to watch a classic film? An influential film? Chances are it's not on Netflix. Where is it then? Who knows... Maybe not actually available at all anywhere no matter where you look.
Piracy just ignores these issues. As a result it gives you access to almost everything humanity has ever created.
4. DRM
Netflix won't give you access to their precious 4k+ streams if it feels your device isn't locked down enough. Disney is even more aggressive with these measures. Even on my perfectly locked down PS4 system it won't let me download content ahead of time. Apparently they think network connections are reliable.
Pirates simply don't have these problems.
5. Superior technology
Netflix's video player is garbage compared to mpv. The video players of every other streaming service manage to be even worse. It's not just the basic-ness of it either: sometimes it stutters and falls out of sync with the audio, sometimes it screws up the rendering of subtitles...
The one area where streaming service technology wins is their ability to offer alternate audio streams.
For piracy, one just needs to backup. And, this is controlled by user not whatever COMPANY/POLICY.
FWIW I have 20/10 vision (twice as sharp as "perfect normal") and have never seen the appeal of retina screens or 4k.
edit: Also the file sizes are vastly larger for 4k for an incremental benefit.
Okay, I’m sure the logo has meaning to the devs, so they don’t mind it looking like an error message. That’s fair. They aren’t Instagram, they’re not going for the lowest common denominator. And, okay, the UI works, so why fuck with it?
But why doesn’t it play the next video in a directory when you’ve finished the first? Why is the playlist option so hard to find and oddly implemented? Why can’t they update the UI to look like it was at least made for win7?
This sounds like a major gripe, but really it’s not. Everything else is amazing in that app, it’s one of the best, most complete user experiences around, especially for a free app, but it just seems like it has some really obvious problems with fairly minor fixes
I use MPV which has a much more minimal UI and better performance: https://mpv.io/
My biggest goal with kids is to help them with their focus and limit exposure to "infinity pools" of content. It's not that I have a problem with the content of the ads, it's that they train kids' brains to want to switch quickly between content the moment a show has a lull.
It creates that FOMO that they might not be watching the most exciting show right now because the ad always makes the other show look way better.
Youtube is of course the epitome of this issue, although disabling the mini-player on kids content helps a little.
Or people with small kids.
- Never show ads for other shows - Always skip opening themes
Also, they should stop showing me ads for things I've watched.
They better not make them unskippable ever.
It might be the case that my DNS server (basically PiHole but something I built before PiHole was a thing) is blocking them. However it doesn’t stop inlined ads from YouTube, 4oD, Twitch and other streaming / on demand services.
And yes Amazon, they are ads.
On my samsung TV you can't even change the language from within the menu while watching, you have to close playback, go to playback settings of the movie, change the language, go back to the movie's main menu and then start the movie again.
Worst part is, prime crashes my TV's video player. Once that happens I am not able to play any video at all, even on other apps. And ads made it worse since it usually crashes as I switch videos and adds are more video switching.
First world problem, I know. But still highly annoying.
On some smart TVs, there's an explicit (or on-screen) button to skip these. If you don't see a skip button and you have a Fire TV remote, you can press the >> double arrow button to skip these.
I agree that there should be an option to disable these altogether, like how Netflix offers an option to disable video previews.
They show you ads for YouTube TV, literally while are you watching TV with your paid YouTube TV subscription.
How many ad dollars are just being flushed down the drain...
And no, it’s not an ad placeholder. Because they have that too. There is a scene that says “you’re watching YoutubeTV, your show will resume momentarily” while a yellow ad bar progresses.
They aren’t also analog ads. You can tell when YTV is playing back an ad recorded within the show, vs when they flip the stream from content to ad content because the UI changes.
Nope, from what I can tell, they definitely just show their own ads to their customers.
When I had Dish, I saw a lot of DirectTV ads. That makes sense. But I never saw Dish advertising Dish. Maybe I just never paid attention.
HBO doesn't show commercials. It DOES use the time between two shows (starting on the hour or half hour) to preview other shows on the same network but I find these slightly less annoying that paid-for ads.
Likewise with Amazon showing you an ad for a product you literally bought minutes ago as if you'd want to buy another before the first arrives or LinkedIn recruiters trying recruit you to your current role.
Specialty equipment like for photography/cycling or 3d printing is the worst. Buy a Sony camera or Peak design tripod and you'll get ads for the same thing for a year. Like accessories and complementary products I'd understand but come on. Just how many thousand dollar cameras do you expect me to buy per month/year?!
Like I understand the complexity in optimizing that query for Amazon and personalized product history, etc.
But YouTubeTV for Pete’s sake, is a static property of the network. It doesn’t change for anyone already watching YTV and therefore subscribed.
Just don’t put YTV ads on the YTV network. Simple as that. Someone legit went and added them.
“Already have it”!!!
A) Usually my VPN is active and I don't want to shut it down just that netflix/amazon allows my to watch something
B) I like setting the playback speed to ~1.1 of my media player, which is not supported by any streaming provider I'm subscribed to.
They act like a monopoly seemingly oblivious to the many viable alternatives out there today.
Dropbox Paper > Your Icon > Download docs you created.
The options I see:
Upgrade
Settings
Install Dropbox app
Sign out
Add team account
Business-wise, it was a stuck forced update that made me drop them (pun intended). At some version it did not want to open anymore before update. Fine. The problem was that you could not download update; it was downloader you download and that downloader himself pick file over the internet to download. Problem is the folder and file name was always different causing my simplewall (best firewall I know for Windows 10) to block the file each single time. Before I had chance to fiddle with firewall settings - something I never like doing - I was already registered into lifetime 2TB offer with pCloud, including their "Cyrpto" package for $299 one-time. Never looked back. And also upload speeds I found much faster than DropBox. As of syncing... I think its decent enough. Never had problem. Although their local drive logic is tad different - you are mounting a remote drive which is not equally convenient like DropBox local folder, but at least pCloud does not check folder for changes non-stop.
Disclaimer: have nothing to do with pCloud as a company, just their happy client.
I'm not in the slightest bit surprised. As product management has exploded as a role (look at the number of courses, books, etc.) there has been a huge influx of people with less experience, and most importantly perhaps, less breadth of experience. This is a good thing in the long-term, but there will be growing pains.
I feel like the usual trope for programmers is that "PMs aren't technical enough", but the bigger issue for companies is that they don't have a breadth of experience and develop a narrower set of skills than they historically have. They smart and driven, but cost is what you are seeing with the cognitive dissonance.
This is less noticeable in smaller startups. The problem is exacerbated in more mature products like Dropbox where they are trying to move an existing user base onto a higher profit line of products. You need to have the broader base that PMs at legacy companies (e.g. Microsoft) have to make this shift. Further, it's harder to appear credible with enterprise customers beyond shadow IT.
I had 16GB permanent at some point (and up to 50GB temporarily for various promotions) but at some point they cut my account to 10 for no good reason at acted dumb when I asked them about it.
Microsoft gave me 5GB extra for uploading photos and shortly afterwards reduced it, forcing me to delete them, luckily I had them backed up elsewhere.
Google Photos have started trying to monetize what they promised for free to (kind of expected, but with Google they could also have decided to shutter it).
On one hand: we cannot expect companies to give things away for free.
On the other hand: when they've given things away for free unforced it doesn't make them look good when they take away what they gave away.
I now go with hetzner.com or something similar. It is paid and while that doesn't guarantee that they won't do something stupid at least they haven't a massive history of doing stupid things unforced.
The screwdriver-manufacturing business is not very profitable, so nobody wants to be in it.
B2b enterprise “feature” apps don’t understand the b2c direct to consumer perspective.
On the other hand, I still keep a large WebDAV/OwnCloud server close for the moment iCloud turns to shit too.
It gives me cold sweat to read headlines like this since there aren't enough alternatives to Dropbox that "just work". Similar to what happens to Apple. I have no idea why Dropbox is fucking around with their shit so much. I'd happily pay a dollar more here and there (and they just increased pricing!), just don't do bullshit in the background.
They also don't state what encryption they use. They rolled their own ig.
However setting up and managing Syncthing is far from self-explanatory for a non-technical audience. It's OK in our case as we can hand-hold and onboard people in-house, but not ideal. Syncthing's usability would benefit immensely from an updated front-end UX, consistent across platforms.
Dropbox for all its recent dark patterns and upsells is still one of the most intuitive systems. Yes, the client UX has worsened, but the core service retains a very predictable behaviour. A folder is a folder. Shared with X and Y. When un-sharing or deleting a folder or file the options are clearly communicated. Compare this with Google Drive, where a "file" can become orphaned and keep existing in limbo, where it's invisible in the browser or filesystem, but it's discoverable by search. It drove us nuts multiple times making it very hard to track access to old documents without having to update settings one-by-one, etc. Google Drive feels like an afterthought to accompany the otherwise great Docs, Slides. and Sheets.
Does anyone know a solution that allows me to self-host something like this?
Regarding nextcloud - it only seems to do full syncronisation like dropbox does. How can I store large shared directories on the server side only? eg, my FreeNAS box has ~20TB in it, and I'd like to be able to access it as a shared directory, but obviously not sync it to my laptop.
It might work fine for small amounts of files, but it doesn't scale as well as Dropbox does.
This part is a better UX for the majority of users.
The problem comes when there's a data leak, or when the marketing team decide to email those contacts, or some time later that could really easily be argued as "this will never happen", and may often not, but it's possible.
It's details like this that differentiate the "good" product companies from the "great" product companies, specifically because the detail of "not collecting email addresses" would never be noticed by those users, by construction.
While they no doubt reduced their operating costs with that move, I couldn't help it feel that this meant that they were investing so many of their precious mental cycles, hiring cycles, maintenance cycles, into plumbing instead of user-centered innovation which was their original sweet spot.
What was celebrated at the time as a great example of how cloud is a big mistake for people to me is in fact the opposite and should be used in future as a good business case study.
Folks never think about the opportunity cost; they get blinded by $$$ figures which are so misleading
Their true problem regardless is staying relevant in a market where the competitors offer better value through bundling as entire IT and cloud platforms. There's no point for businesses to use Dropbox when Microsoft provides Onedrive for Windows businesses and Google provides gdrive with gsuite. Hell for consumers, Apple and Microsoft provide seamlessly integrated storage in their operating systems.
Dropbox can spend years developing their own office suite tools but they'll never be able to breach the brainshare and stability that the titans provide. There's only so many ways you can "innovate" file handling before you are flogging a dead horse or repainting a car tire for the 50th time. Dropbox's only chance was to breach heavily into cloud office suites _before_ google and microsoft jumped in full speed, which they didn't and the ship has sailed.
Does it mean they can't stay alive? Well, they are floundering and playing catch up is difficult. Even Box is eating their business lunch and carving a niche because they offer a true professional business interface for IT admins to configure everything, down to legal compliance requirements. Dropbox is a fucking toy in comparison too focused on minimal hipster UIs based on a design language they originally used for consumers and have tried to force it onto business for more years than they should have.
For example, github@mydomain.dev for github. With a password manager, I won't confused at login.
And most importantly, use fb@mydomain.dev at Facebook since I will see AD on Facebook about what I just browsed on another shopping site with the same email account.
https://www.facebook.com/business/help/170456843145568?id=24...
Container is not work in this case. But I use it too, it is useful on prevent me being tracked on random website.
- App "has" access to contacts, but the system returns that you have none.
- App "has" access to location, but the search for GPS satellites never completes.
- App "has" access to storage, but it's actually /dev/null.
Storage doesn't have a built-in failure mode like contacts and location have.
It's always been that way.
What it really needs is some kind of compartments, so that you can share storage between X and Y, and between Z and W, but not between X and W.
This asked, understandably, for storage permission. This prompted me to give access to the sdcard, however, I had the option to select a single folder (or actually directly creating it within the prompt) that the app will have access to. I.e. Signal now has access to sdcard/signalbackups/ but not to the whole sdcard. (unless this whole new permission process wasn't Android but the Signal app. I rarely download apps and have to give storage permissions).
This used to be different, but times of giving access to full internal or external sdcards are over. Unfortunately though, the UX isn't perfect. I felt like I needed to know that I only want to give it access to a part of the sdcard and actively look that this is indeed possible. But that might be my bias from previous usage talking.
Yes it does: disk full. It's perhaps a bit less reasonable to expect a program to keep working properly in such a case, but it needs to be handled somehow.
Also, a question to security experts: In many apps say we want a UX where the user would immediately be able to see their recent pics and select from them (think recent photos bar in whatsapp), but app shouldn't be able to access them. Is it safe if OS provides it as a screen overlay service which doesn't require a separate screen/window, but runs out of process (a la file picker).
I have never seen it used in a real app. Most apps request permission to your entire address book.
You get annoyed, resenting the fact that your friends are using this piece of garbage. Reluctantly you lift the measures, forget about it, and just keep using the app.
It's a cat-and-mouse game. As long as you have full control over your device, you win.
Facebook Login used to have this as an option too, but stopped years ago.
Implementation process was really easy. Took 1 day. That's really surprising for Apple where developing for their platforms is otherwise a huge chore you don't want to slog through
Haven't done in-depth Android development, but I believe there is option to fake some GPS data? Ofcourse, not that helpful if you want 1 app to have real data, the other... not so real.
Proper way would be force devs think about REQUIRED and OPTIONAL permissions you can give. REQUIRED permissions are given on launch (or maybe you just get useless app), OPTIONAL permissions for improved features and fails gracefully if not given. It currently works that way, but is up to developer to implement it that way.
Perhaps adding advantage to those apps that do not REQUIRE sensitive permissions. Say a filter in Play Store you can use to filter our apps that require X permissions to work. In some cases, devs would be incentivized to REQUIRE less permissions.
When writing this comment, I thought about another solution. User profiles on android. Like on browser, where you get your own cookies etc. Googled around and.. looks like Android has something to offer!? Doesn't solve location, but perhaps Storage/Contacts.
https://source.android.com/devices/tech/admin/multi-user
https://support.google.com/nexus/answer/2865483?hl=en
> Notifications appear for all accounts of a single user at once.
> Notifications for other users do not appear until active. Each user gets a workspace to install and place apps.
> No user has access to the app data of another user.
> Any user can affect the installed apps for all users.
> The primary user can remove apps or even the entire workspace established by secondary users.
The bigger problem, though, is that you can't trust bad actors to act good. DNT in browsers has showed that extremely clearly: it was meant as a marker for you to not be tracked, yet advertisers used it as an additional bit for fingerprinting. Policy might be a way, but it relies on humans looking at apps. It's always much more effective to have technical measures in place, if possible. As in, no mater how much you'd like, you can't track a user across the web if their browser doesn't accept third-party cookies. And many app developers are in no way better than web developers with their incentives, intentions and tactics, it's just that the web makes these issues more noticeable.
> The Personal Information Protection feature is a very clever way to bypass this situation. You can turn on protection for call logs, contacts, messages, and events. Once protection is enabled, ColorOS 11 will send apps empty information, tricking the app into accessing the blank data.
https://www.xda-developers.com/oppo-coloros11-privacy/
Or are you talking about the scenario where competitor apps use some kind of sandbox escape to jump out and steal other apps' trap addresses from the OS?
But iOS 14 let’s you do this for photos at least.
There is no way for app developers to "force" additional privileges.
They still can't exit(0), but for instance a GPS tracking app (navigation, running, whatever) that isn't allowed access to the GPS can't very well function without GPS access, so in that case your app is allowed to fail.
They cannot be excempted from asking for, and abiding by the users decision, but they can be excempted for not working "as advertised" should the user not provide the needed capabilities.
Given how things are going with big tech lately I wouldn't be shocked to see Google implement this feature, but with exception criteria that just so happens to apply to all Google apps.
I choose to use <insert name of service provider here> instead of rolling my own because I don't want to deal with the hassle.
And before you say "but it's a one-click install! what hassle?" I'll answer you: the hassle is not in launching it, the hassle is in keeping it online and operating well at all times.
People always forget about maintenance when they spout these things...
Now make the owncloud/nextcloud a reliable experience for more than one user, handle updates and occassional migrations, etc.
[1] https://news.ycombinator.com/item?id=9224
Even so, it can still easily cover 50% of use cases for Dropbox.
It is often instantaneous for files to sync from my Macbook to my iPhone. Other times it takes many hours. I haven't found a GUI option to force a sync.
Also,
"why people would use anonymous email for services like this? I always use oauth"
Problem with oauth that I can't make e-mail unique and I can't know where spam is coming from.
ex: user+dropbox@mydomain.com will be unique for that domain.
Dropbox has no reason to exists for me. Firstly, they want to force me which filesystem to use on my Linux box, secondly, I already have plenty of GBs on Google Drive and MS OneDrive, so why would I need another service is beyond me. I mean, it's not like Dropbox is a safe encrypted alternative to GDrive or OneDrive anyway...
What other reason should I have for trusting Microsoft or Google over Dropbox? (Serious question, I've been considering my cloud sync provider recently).
I have my data on my NAS and I keep on Onedrive and GDrive only what I might need while around.
1: https://github.com/nextcloud/nextcloud-snap
I thought I managed to cancel it yesterday and remove the folder from auto uploads but today it's trying to upload the contents of that folder again even though I can't find it in my auto upload setup.
I've also felt it misses instant uploads once in a while but never investigated to prove that or the circumstances so take that with a grain of salt
Seems like I'm no longer able to do that and, from what I read here, some users might be completely locked out unless they give access to Google contacts.
However it is not as easy as Dropbox to set up for non-technical peeps, which is a bit of a shame as it hinders broader adoption.
The site is still up.
https://www.drop-dropbox.com/
I'll be canceling my 10+ year subscription.
Also this is an great example of why to always create accounts under an email address you type in, not an identity service through faang.
Agreed. But it's also funny, because 'privacy-aware' and 'Google login' is a bit of a paradox.