You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

Threlly's avatar
Threlly
Collaborator | Level 8
5 years ago

Why So Much Telemetry ?

Hi All,

 

My Pi Hole is blocking an INCREDIBLE amount of DropBox telemetry, even more than Windows telemetry, and by a large margin.

So I have a few questions.

1. What is this telemetry for ?

2. What information is in there ?

3. Who gets to see it (ie, is it shared in any way with, let's say, advertisers)

4. Why is it being blocked by my standard Pi Hole list, what threat could it be ?

5. Where do I turn it off if I wish to ?

 

Cheers,

Threlly

  • anforowicz's avatar
    anforowicz
    New member | Level 2

    Hello,

     

    I am a Chrome Engineer, working for the Chrome Security team.  In Chrome 85, a security feature called CORS-for-content-scripts has shipped - after Chrome 85 content scripts can no longer bypass CORS, even if an extension has permission to the target host.  The Chrome 85 changes have been announced in March 2020 on chromium-extensions@ discussion list, as well as in Chrome Enterprise Release notes.

     

    The "Dropbox for GMail" Chrome Extension has been identified as affected by Chrome telemetry in earlier Chrome versions.  An email notification to CWS@dropbox.com (the email registered in Chrome Web Store) was sent out in June 2020.  To avoid disruptions, the extension has been put on a temporary "allowlist" that exempts the extension from Chrome 85 changes (as we've announced earlier, the "allowlist" is being removed in Chrome 87).  Our manual testing indicates that the "Dropbox for GMail" Chrome Extension has not yet migrated to the new security model and will stop working in Chrome 87 (starting with version 87.0.4266.0, currently in the Chrome Canary channel).

     

    Please migrate the "Dropbox for GMail" Chrome Extension to the new security model as soon as possible.  The tentative Chrome 87 release schedule is to ship to the Beta channel on 2020-10-15 and to start rolling out the Stable channel on 2020-11-17.  More details about the changes and migration guidelines are available at https://www.chromium.org/Home/chromium-security/extension-content-script-fetches.

     

    Best regards,

     

    Lukasz Anforowicz

    • Walter's avatar
      Walter
      Icon for Dropbox Staff rankDropbox Staff

      Hi anforowicz; thanks for the extensive report and welcome to the Dropbox Community!

       

      As I'd like to get this under the attention of one of our experts, would it be OK if I used the email address that's connected to your profile here on our Community to further investigate? 

       

      Thanks a bunch, Lukasz. 

      • anforowicz's avatar
        anforowicz
        New member | Level 2

        RE: would it be OK if I used the email address that's connected to your profile here on our Community to further investigate

         

        Sure, that should be totally ok.  Thank you for asking.

         

        -Lukasz

    • edie828's avatar
      edie828
      Helpful | Level 5

      I read the "fix" script.  No way am I equipped to figure this out.  Is there a plain English version that I can access?  My business is being severely affected by what I think this problem is.

       

      When I try to download the attachment to the dropbox using the chrome extension (in ANY of my gmail accounts), nothing happens.  Everything was seamless and problem-free until a few days ago.

      • Walter's avatar
        Walter
        Icon for Dropbox Staff rankDropbox Staff

        Hi there edie828; thanks for joining our discussion here.

         

        May I ask which exact version of Chrome are you noticing this on and if it persists after clearing your browser's cache? 

         

        Thanks!

  • Threlly's avatar
    Threlly
    Collaborator | Level 8

    Ok,

     

    So Dropbox will not address the problem of data being siphoned from our machines & devices, the options in the client do NOT stop this.

    Their privacy statement does not address this issue and it remains seemingly illegal within GDPR regulations.

    Why has this not been addressed ?

    • Walter's avatar
      Walter
      Icon for Dropbox Staff rankDropbox Staff

      Hi Threlly; welcome to our Community!

       

      I'm not aware of this exact domain and as a matter of fact is not listed within our official domains. Can you let me know some additional information about the device you're seeing this on, such as if you're running the desktop application and/or if you're using a web browser to access a Dropbox account etc.? 

       

      Regarding your last queries, I'd suggest getting in touch with the 3rd party app you mentioned directly as they might have more information. 

       

      In any case, please let me know what you find, Threlly. 

      • Threlly's avatar
        Threlly
        Collaborator | Level 8

        Hi,

         

        I'm using the Windows 10 desktop app v106.4.368.

        I rarely access dropbox in the browser.

        Even if I quit the client the DropBox service (DbxSvc) remains active in my task list, as does "DropBox Update 32bit".

         

        Gary

         

  • Threlly's avatar
    Threlly
    Collaborator | Level 8

    Hi All,

     

    My Pi Hole is blocking an INCREDIBLE amount of DropBox telemetry, even more than Windows telemetry, and by a large margin.

    So I have a few questions.

    1. What is this telemetry for ?

    2. What information is in there ?

    3. Who gets to see it (ie, is it shared in any way with, let's say, advertisers)

    4. Why is it being blocked by my standard Pi Hole list, what threat could it be ?

    5. Where do I turn it off if I wish to ?

     

    Cheers,

    Threlly

    • Threlly's avatar
      Threlly
      Collaborator | Level 8

      Why can this NOT be turned off.

       

      • AndyBe's avatar
        AndyBe
        Helpful | Level 5
        The silence speaks for itself. Already moved all my files off of Dropbox and won’t renew my subscription.
  • Threlly's avatar
    Threlly
    Collaborator | Level 8

    So,

    Pi-Hole users, are you still seeing Dropbox siphon off enormous amounts of your personal data to their servers with no option to stop it?

    Are dropbox still refusing to address the issue correctly and to the satisfaction of their paying customers?

    Do we know who Dropbox's GDPR Data Protection Officer is in the U.K/E.U?