We Want to Hear From You! What Do You Want to See on the Community? Tell us here!
Forum Discussion
Why does the Dropbox site detect my login as a new connection?
Hello, it seems that MANY sites (including DROPBOX) are being bit lazy in their attempts to decide if I am logging in from a new device. It find it a bit irritating to get an email message telling me that I logged in from a new device, when all that has happened, is that my favourite browser (Firefox in this case) got updated from version 126.x to 127.0. OK, I might not get this for the point releases (e.g. 126.1 to 126.2 etc), but that is not the point.
Doing it this way means that at the next big version update, I will get yet another false positive.
Here is a suggestion for the developers:
1) Do NOT use the browser version at all in any scripted fingerprinting
2) Use the client IP address if possible
3) Use a "Canvas Fingerprint" instead to detect the GPU/Graphic card functionality and type (as I will NOT be changing it any time soon!) See below:
5 Replies
Replies have been turned off for this discussion
- Jay
Dropbox Community Moderator
Hi td47, thanks for bringing this to our attention.
This can generally happen when using an incognito browser or VPN where your apparent location can change.
We appreciate your feedback and we take all comments into consideration when improving the Dropbox site and services.
If you have any further queries, feel free to message back.
Hello, thanks for that feedback. I do NOT use Incognito mode, OR a VPN. The false positive for device change fingerprinting issue ALWAYS coincides with a Browser update, as I get other notifications from other sites, such as LinkedIn, Paypal and several others. Hopefully this "false fingerprint" issue will improve over time, if enough complaints are received, hence this post. Currently, using the Browser version as one of the data-points for Fingerprinting uniqueness is not safe, and not very logical.
- Rich
Super User II
td47 wrote:
Currently, using the Browser version as one of the data-points for Fingerprinting uniqueness is not safe, and not very logical.
They're likely not using the browser version. I update Firefox regularly and Dropbox never detects it as a new device. They simply use a cookie during the sign in process. If you check the Remember Me box when signing in, your device (i.e. your browser) will be remembered. If you don't use that option, it's seen as a new sign in attempt each time and you'll be notified.
It's also worth pointing out that it's not the actual device that they're remembering or recognizing; it's the browser. Sign in with Firefox and have it remember you, then sign in with a different browser. It will be seen as a different sign in attempt and you'll still be notified.
Hi Rich thanks for that useful info. I do have the "remember me" on for many sites (including Dropbox), as both my systems are on a private Home Network. It is always possible that some of the others I mentioned as examples do NOT have that ticked on, so I will experiment when I log into them next, and will be especially vigilant when the Browser had just had an update. I am fairly certain that dot updates to Firefox do NOT trigger the issue, but major updates do, so I will try to make notes next time, especially ensuring that the useful tip that you posted is ticked on.
- Rich
td47 wrote:
I am fairly certain that dot updates to Firefox do NOT trigger the issue, but major updates do ...
Dropbox doesn't look at the version of your browser. If a sign attempt isn't recognized after you update your browser, then it could be that your browser's cache was cleared so the cookie that Dropbox placed no longer exists.
