Hacker News new | past | comments | ask | show | jobs | submit login
Dropbox requires a kernel extension to work
18 points by dikaio on March 26, 2022 | hide | past | favorite | 14 comments
I was installing dropbox via homebrew and I was prompted with the message "dropbox requires a kernel extension to work." and also a Warning "No checksum defined for cask 'dropbox', skipping verification." that there was no checksum to verify the file.

I'm weary of installing apps that require access to the kernel or administrative access... should I be concerned?




Of course you should be concerned. You're installing a kernel extension from an unknown developer on the internet. Most people here are using npm which has thousands of malicious packages. I don't think they have a clue.

https://threatpost.com/malicious-npm-packages-web-apps/17813...


Thanks for your input @flankk. Question, this isn't necessarily from a unknown developer, the download link is in fact dropbox unless Im misunderstanding the definition of an unknown developer. I suppose what Im really trying to understand is should we be trusting of dropbox? I know in the past they would circumvent apples sandbox via an exploit and they thought it was totally fine to do this gives me pause.


If the cask downloads directly from dropbox I would trust it. It's up to you who you feel comfortable trusting. If you have internal company stuff you don't want out keep it on a private intranet. This is the type of stuff Richard Stallman has talked about for years. It's a real problem but I'm afraid nobody listens.


This is why I use mega.co.nz for all the sensitive files of my business. Google and Dropbox get the files that I wouldn't mind if they were on a bulletin board. But this is not a common practice, and the risks aren't well-known by users.


This is perfect, thanks for sharing!


Check out https://maestral.app/

No kext, no Dropbox cruft, robust.


Switched a couple of months ago. The only thing I miss is the ability to quickly generate a public link. Otherwise it's excellent.


wow, nice. thanks @runjake, looking now.


I faced the same question, and decided to access Dropbox by rclone.


Super smart I hadn't thought of this. I've been using Maestral since it was mentioned in this thread and has worked great so far.


You are uploading your data to Dropbox, but you don’t trust them?


Trust is not binary, I can trust dropbox with certain files but not want them to have complete root/kernel access to my computer.


exactly, thank you SahAssar.


speedgoose speaking for myself I place files in unencrypted folders in dropobx that aren't sensitive in nature, for files that are I place in an encrypted *.sparseimage so to your point it is possible for me to trust the encryption method I use to host my files within their platform but not trust them to have access to my laptops kernal.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: