cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Integrations

Find solutions to issues with third-party integrations from the Dropbox Community. Share advice and help members with their integration questions.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

"Dropbox for GMail" Chrome Extension will stop working in Chrome 87

Why So Much Telemetry ?

Threlly
Collaborator | Level 8

Hi All,

 

My Pi Hole is blocking an INCREDIBLE amount of DropBox telemetry, even more than Windows telemetry, and by a large margin.

So I have a few questions.

1. What is this telemetry for ?

2. What information is in there ?

3. Who gets to see it (ie, is it shared in any way with, let's say, advertisers)

4. Why is it being blocked by my standard Pi Hole list, what threat could it be ?

5. Where do I turn it off if I wish to ?

 

Cheers,

Threlly

53 Replies 53

anforowicz
New member | Level 2

Hello,

 

I am a Chrome Engineer, working for the Chrome Security team.  In Chrome 85, a security feature called CORS-for-content-scripts has shipped - after Chrome 85 content scripts can no longer bypass CORS, even if an extension has permission to the target host.  The Chrome 85 changes have been announced in March 2020 on chromium-extensions@ discussion list, as well as in Chrome Enterprise Release notes.

 

The "Dropbox for GMail" Chrome Extension has been identified as affected by Chrome telemetry in earlier Chrome versions.  An email notification to CWS@dropbox.com (the email registered in Chrome Web Store) was sent out in June 2020.  To avoid disruptions, the extension has been put on a temporary "allowlist" that exempts the extension from Chrome 85 changes (as we've announced earlier, the "allowlist" is being removed in Chrome 87).  Our manual testing indicates that the "Dropbox for GMail" Chrome Extension has not yet migrated to the new security model and will stop working in Chrome 87 (starting with version 87.0.4266.0, currently in the Chrome Canary channel).

 

Please migrate the "Dropbox for GMail" Chrome Extension to the new security model as soon as possible.  The tentative Chrome 87 release schedule is to ship to the Beta channel on 2020-10-15 and to start rolling out the Stable channel on 2020-11-17.  More details about the changes and migration guidelines are available at https://www.chromium.org/Home/chromium-security/extension-content-script-fetches.

 

Best regards,

 

Lukasz Anforowicz

Walter
Dropbox Staff

Hi @anforowicz; thanks for the extensive report and welcome to the Dropbox Community!

 

As I'd like to get this under the attention of one of our experts, would it be OK if I used the email address that's connected to your profile here on our Community to further investigate? 

 

Thanks a bunch, Lukasz. 


Walter
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, give it a Like below to let us know.
:arrows_counterclockwise: Need help with something else? Ask me a question!
:pushpin: Find Tips & Tricks Discover more ways to use Dropbox here!
:arrows_counterclockwise: Interested in Community Groups? Click here to join

anforowicz
New member | Level 2

RE: would it be OK if I used the email address that's connected to your profile here on our Community to further investigate

 

Sure, that should be totally ok.  Thank you for asking.

 

-Lukasz

Walter
Dropbox Staff

Thanks for the swift response, Lukasz. 

 

I just sent you an email so we can investigate further. 

 

Whenever you get the chance, please take a look at your inbox for my message and we'll take it from there.


Walter
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, give it a Like below to let us know.
:arrows_counterclockwise: Need help with something else? Ask me a question!
:pushpin: Find Tips & Tricks Discover more ways to use Dropbox here!
:arrows_counterclockwise: Interested in Community Groups? Click here to join

Threlly
Collaborator | Level 8

Capture.JPG

Walter
Dropbox Staff

Hi @Threlly; welcome to our Community!

 

I'm not aware of this exact domain and as a matter of fact is not listed within our official domains. Can you let me know some additional information about the device you're seeing this on, such as if you're running the desktop application and/or if you're using a web browser to access a Dropbox account etc.? 

 

Regarding your last queries, I'd suggest getting in touch with the 3rd party app you mentioned directly as they might have more information. 

 

In any case, please let me know what you find, Threlly. 


Walter
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, give it a Like below to let us know.
:arrows_counterclockwise: Need help with something else? Ask me a question!
:pushpin: Find Tips & Tricks Discover more ways to use Dropbox here!
:arrows_counterclockwise: Interested in Community Groups? Click here to join

Threlly
Collaborator | Level 8

Hi,

 

I'm using the Windows 10 desktop app v106.4.368.

I rarely access dropbox in the browser.

Even if I quit the client the DropBox service (DbxSvc) remains active in my task list, as does "DropBox Update 32bit".

 

Gary

 

Capture1.JPG

Threlly
Collaborator | Level 8

The traceroute site interpreted the url as telemetry.v.dropbox.com, so I tried another site.

The final IP, 162.125.19.9, is owned by DropBox.

Capture2.JPG

Threlly
Collaborator | Level 8

Hi Walter,

 

All gone quiet.

Dropbox is still siphoning unknown amounts of data from my PC to an address that Dropbox own but have not added to the list of official addresses.

Even though I have turned off telemetry & metadata being sent back to Dropbox in my settings, this is happening in the background with no control.

I'm based in the UK, so for now, still in the EU. This looks like it circumvents GDPR rules in Europe.

Do you think anybody from DropBox will respond ?

 

Best,

Gary

Need more support?