[ale] Dropbox opinions wanted
Greg Freemyer
greg.freemyer at gmail.com
Thu Sep 16 10:23:33 EDT 2010
On Thu, Sep 16, 2010 at 10:08 AM, Geoffrey Myers
<lists at serioustechnology.com> wrote:
> On 09/15/2010 12:11 PM, Chris Fowler wrote:
>> I have found something else that I sure is exactly what I think it is.
>>
>> As I said, I store PDFs on DB. Many of them are manuals. Sometimes
>> when I download a manual to ~/Downloads then copy it to
>> ~/Dropbox/<directory> I see the icon sync but only for a second.
>>
>> Some manuals can be rather large so my thought is that they take a MD5
>> sum of the manual and look in their database for something that matches.
>> If it does then they simply copy the match to my account instead of
>> uploading what I placed in my Dropbox directory.
>
> In theory, I would have a problem with that. I don't think they should
> be snooping around in my data for the sake of someone elses. I
> perfectly understand the issue though, still, I don't like it, if in
> fact, that is what they are doing.
If they can accomplish it for unique docs I would say it is 100% unacceptable.
But, I know NIST publishes a list of well known files with 22 million
MD5 entries I believe.
That list is mostly software exe, dll, etc. files.
Any file matching one of the MD5s is assumed to be one of those well
known files and thus in my incident response role, we typically ignore
those files.
I can imagine dropbox supplementing that list with millions of other
well known files in the form of manuals, books, etc. so they could
reduce their storage requirements.
So I'm curious if these instantly available files might be from
o'reilly, etc. where dropbox may have an arrangement to maintain
plaintext versions to leverage in their process somehow.
Greg
More information about the Ale
mailing list