Dropbox removed ability to opt your files out of AI training::undefined

  • LastYearsPumpkin@feddit.ch
    link
    fedilink
    English
    arrow-up
    47
    arrow-down
    3
    ·
    10 months ago

    Why does dropbox have the ability to see your files at all? That seems like a pretty bad security flaw in the first place.

    • hersh@literature.cafe
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      10 months ago

      There are drawbacks to end-to-end encryption (E2EE). I’m not aware of any E2EE cloud storage systems that have the features Dropbox provides. I would LOVE to know of any that…

      1. Support at least the big 5 platforms (Android/iOS/Mac/Windows/Linux).

      2. Have a functional web interface.

      3. Support sharing and collaboration.

      4. Have a search feature

      5. Sync to the local filesystem on a folder-by-folder or even file-by-file basis

      6. Integrate with other tools (e.g. android file picker)

      It’s not easy to do all that with E2EE, like a functional web interface, search, and integration.

      ProtonMail’s search, for example, is limited to subject and metadata, and that’s specifically because they DON’T use E2EE for that.

      I’m willing to compromise some of this for the sake of E2EE, but I’m not at all surprised that feature-first services are more popular than privacy-first services.

      • Ohh@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        10 months ago

        You will probably have tradeoffs. And somehow need to script accept that at some point, you need to trust someone. At the very least with firmware. And you probably need to change workflow.

        I find cryptpadb works almost as well as Google docs did a few years ago.

      • Natanael@slrpnk.net
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        10 months ago

        1: easy to port E2EE, it’s just math

        2: browsers and E2EE is hard, you need an extension to implement it securely so the password can’t be made accessible directly to the server (you need it to remain secret even from the hosting company) or else you’re dealing with MITM risk

        3: easy by sharing encryption keys using E2EE messaging protocols on top

        4: encrypted search is a thing, but such indexes does tend to have some limitations

        5: still easy

        6: still easy, Android specifically have APIs to let apps register themselves to the file picker so they can transparently encrypt and decrypt files. But yes on other systems where 3rd party apps can’t offer such integration then it’s hard

        I’ve seen one called Skiff that’s trying to do most of these things

        https://skiff.com/pages https://skiff.com/drive

      • mitrosus@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        2
        ·
        10 months ago

        Mega uses e2ee and is available in all platforms I use. I don’t use apple. Web interface is very functional. I think it does support sharing files via link. Should have a search feature also, never used (because I know exactly where I keep my files). It does sync with locals. I don’t know about android file picker.

        Mega is not a good choice for Lemmy users or Foss activists, probably because of its history - which is not as clean as say next cloud, but is not like google either. As long as it works :/

      • Tangent5280@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        Email is like the one critical part a lot of people miss when talking about taking control of your data. Imagine how much could be gleaned out of email history? Where you go, what you do, who you talk with, what you buy, what you rent, what media you consume, everything. If you dont have a lot of friends someone with your email account could pretty much just doppelganger you and go on as if nothings happened.

  • M500@lemmy.ml
    link
    fedilink
    English
    arrow-up
    36
    arrow-down
    2
    ·
    10 months ago

    I HATE Dropbox.

    I tried to use them recently and their service had some problems.

    They have an option to “stream” files when you need them. The only problem is you need an internet connection to access them. I did not trust this kind of system and I actually need to access my files even without internet.

    So there is a way to make the files available offline. Great! Problem solves. NOPE! They offer an option to have your files available offline, but they might remove the files and make them only available in the cloud if you local storage gets low.

    That is really all they say about it and there is no option to turn this off. I was uncomfortable about their vagueness and my inability to disable this.

    Within 24 hours of paying for their service I learned of this and they refused to refund my purchase.

    PLEASE NEVER WORK WITH DROPBOX

    • Rolling Resistance@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      10 months ago

      I’ve had a great experience with Dropbox (for about 10 years!), but I also used their Linux client which is old and very straightforward. Now I’m a Nextcloud user, and I wish it worked as well as Dropbox did. But with this AI thing I’m not switching back.

    • nutsack@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      edit-2
      10 months ago

      it was painful to migrate from dropbox. their api is shit and does nothing to guarantee delivery. i had to split folders into 5gb chunks and download everything in zip files through the browser. it took a year. what an awful company.

    • andxz@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      10 months ago

      I’ve used Dropbox since literally their first year of creation and I’ve never experienced a single one of these issues. I use it mostly as a portable library and all I need is 2 mins of any WiFi connection to download any book(s) I want to read to a local device. Mind you this is on their free plan, so I’ve never paid a cent to them either. Requires me to periodically transfer older books to another long term solution, but that is just a few mouse clicks. I’ve read hundreds if not more ebooks this way. Since I prefer .mobi (which I can even read IN dropbox if I want) I can upload straight to dropbox after converting from .epub.

      I mean, it sounds frustrating, but your experience with them sounds extremely weird to me.

      At least to me they’ve been the best cloud provider by far, for what it’s worth.

      With that said, I don’t especially like that they’re doing this even though my specific content is mostly available in any number of places anyway, given that it’s literature.

    • doctorcrimson@lemmy.today
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      2
      ·
      edit-2
      10 months ago

      Instructions unclear

      Uploading various types of Nightshade to DropBox.

      EDIT: I see a couple downvotes so I thought I would explain: Nightshade was developed as a way to poison or corrupt AI Generative Tools. Basically by uploading Nightshade I’m harming their results.

  • reksas@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    18
    arrow-down
    1
    ·
    10 months ago

    Time for dropbox users to upload all kinds of crap for ai to “learn” from, all within tos of course.

    I bet there are many kinds of ways to make your files poison the ai learning data. Its going to be fun for those ai guys to sort which files are probably safe and which are not. I think even if ONE user manages to slip something that corrupts the training data and its not noticed soon enough it might cause problems for them. Though someone who actually knows something about the subject might want to tell if i’m talking shit or not.

    I’m not against ai in general, but if its trained with data that was obtained from unwilling people, like this, then its makers can fuck off.

    • JonEFive@midwest.social
      link
      fedilink
      English
      arrow-up
      0
      ·
      10 months ago

      It really depends on what the AI training is looking for. You can potentially poison an AI training model, but you’ll likely have to add enough data to be statistically relevant.

      • reksas@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        0
        ·
        9 months ago

        enough data as in many different people will have to upload one or two files that contain such data or you have to upload very large file that contains a lot of data that causes problems?

        • JonEFive@midwest.social
          link
          fedilink
          English
          arrow-up
          1
          ·
          9 months ago

          It’s honestly difficult for me to say because there are so many different ways to train AI. It really depends more on what the trainers configure to be a data point. Volume of files vs size of a single file aren’t as important as what the AI believes is a data point and how the data points are weighted.

          Just as a simple example, a data point may be considered a row on a spreadsheet without regard for how that data was split up across files. So ten files with 5 rows each might have the same weight as one file with 50 rows. But there’s also a penalty concept in some models, so the trainer can set it so that data that all comes from one file may be penalized. Or the opposite could be true if data coming from the same file is deemed to be more important in some way.

          In terms of how AIs make their decisions, that can also vary. But generally speaking, if 1000 pieces of data are used that are all similar in some way and one of them is somewhat different from the others, it is less likely that that one-off data will be used. It’s much more likely to have an effect If 100 of the 1000 pieces of data have that same information. There’s always the possibility of using that 1/1000 data, it’s just less likely to have a noticeable effect.

          AIs build confidence in responses based on how much a concept is reinforced, so you’d have to know something about the training algorithm to be able to intentionally impact the results.

    • iturnedintoanewt@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      ·
      10 months ago

      Check for old shares. I had EVERYTHING deleted, from files, recycled bin…For nearly a decade already. BUT. Today I just found there were old shares of those deleted files. I clicked to delete the shares too. Guess what, the files were back onto the dropbox folder as if they never were deleted a decade ago! So I had to delete them again, and then from the recycle bin. And then deleted the account.

  • nameisnotimportant@lemmy.ml
    link
    fedilink
    English
    arrow-up
    12
    ·
    10 months ago

    If someone has a way to poison their AI training by adding junk along my regular files I’m interested. Sadly I use it at work and I cannot decide to migrate to another cloud so I better sabotage them

      • nameisnotimportant@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        10 months ago

        Thank you for your contribution, I was referring to a practical way (script, binary, …) to achieve this not academic literature, I don’t have much time to invest in this and my IT level is insufficient

        • Natanael@slrpnk.net
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          10 months ago

          Any specific tools will require knowledge of the system you’re targeting, so I don’t expect to see many public ML poisoning tools targeting anything but open source ML libraries, but adversarial sample tools to fool classifiers (including repainting stuff like those face transformation filters) might get more common because it’s much much easier to test

    • 31337@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 months ago

      Create a lot of text files filled with offensive and false information. Maybe 4chan and OANN transcripts :)

      It will always be a cat-and-mouse game. Once the trainers recognize the attack, they can use the attack to further improve their models. A long time ago I watched a speech from a guy who worked on Yahoo! Mail’s spam detection. They realized spammers would create email accounts, send spam to them, then have the accounts mark their spam as “not spam.” They came up with a method to automatically identify these accounts, and used them to further improve their spam detection model (if these accounts marked something as “not spam” it was likely spam).

  • redcalcium@lemmy.institute
    link
    fedilink
    English
    arrow-up
    5
    ·
    10 months ago

    Wait, Dropbox can use your files to train AI? How is this acceptable? Aren’t people storing their keepass vaults there?