A bit of additional material has been added to clarify why “a few hundered KB isn’t much”
There is a pretty serious allegation that Dropbox is stealing all your files making the rounds. The allegation is based on the following observations:
An unnamed DLP product noted that the Dropbox application accesses newly-created files outside the Dropbox folder
Firewall logs show the Dropbox application accessing Dropbox itself and Dropbox-controlled AWS endpoints around the same time as the above file access.
Seems pretty damning, right? Well… maybe not so much.
The Dropbox application uses a filesystem monitor to detect when changes are made by monitoring filesystem write events. This is, by necessity, a system-wide process. So DLP alerting that Dropbox is “acccessing” a new file shouldn’t be surprising.
Update: it turns out that it’s the Dropbox shell extension that’s most likely triggering these events. Thanks to @razvanh’s Medium explanation that clarifies this important point.
Likewise, the Dropbox application routinely communicates with its sync infrastructure at Dropbox and AWS endpoints, so it’s not surprising to see Dropbox communicating regularly to check whether there is a new sync point or the like.
So the provided evidence doesn’t show that Dropbox is reading or transmitting any files outside your Dropbox folder; but it doesn’t disprove it either. So how can we test?
A simple protocol can give us an idea of whether data is being sent to Dropbox:
- Create a large-ish file (1MB) outside of the Dropbox ...