Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
AI

Dropbox Spooks Users With New AI Features That Send Data To OpenAI When Used (arstechnica.com) 20

Dropbox has enabled a default setting to share user data with OpenAI for an AI search feature, but says it's only accessed when the feature is used, not to train models, and deleted in 30 days. From a report: Even with assurances of data privacy laid out by Dropbox on an AI privacy FAQ page, the discovery that the setting had been enabled by default upset some Dropbox users. The setting was first noticed by writer Winifred Burton, who shared information about the Third-party AI setting through Bluesky on Tuesday, and frequent AI critic Karla Ortiz shared more information about it on X.

Wednesday afternoon, Drew Houston, the CEO of Dropbox, apologized for customer confusion in a post on X and wrote, "The third-party AI toggle in the settings menu enables or disables access to DBX AI features and functionality. Neither this nor any other setting automatically or passively sends any Dropbox customer data to a third-party AI service."

This discussion has been archived. No new comments can be posted.

Dropbox Spooks Users With New AI Features That Send Data To OpenAI When Used

Comments Filter:
  • by denny_deluxe ( 1693548 ) on Thursday December 14, 2023 @09:12AM (#64081187)
    Enjoy sharing your data with the universe I guess.
  • Weasel words (Score:4, Informative)

    by YuppieScum ( 1096 ) on Thursday December 14, 2023 @09:15AM (#64081195) Journal

    "Neither this nor any other setting automatically or passively sends any Dropbox customer data to a third-party AI service."

    So, it is a manually-triggered process that actively sends the data?

    • Apparently so....

      and it appears the CEO stopped short of saying that the new policy for Dropbox, would be to set the toggle OFF by default....

  • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Thursday December 14, 2023 @09:18AM (#64081199) Homepage Journal

    PAY ATTENTION [wikipedia.org]

    • Is there anything better besides rsync and a linux server? I see Google and Microsoft, who suck but won't randomly fail/disappear, and a lot of other unknown services which might not be there tomorrow.
      • by Zarhan ( 415465 )

        I prefer AWS S3 bucket with rclone (https://rclone.org/). Works both Linux & Windows. You can set the storage class depending on your needs, and there's versioning support too.

        I use Glacier-IA for my backups and it costs like few dollars a month for storing a few terabytes.

        Rclone also does client-side encryption.

      • I've had good results with Seafile so far.
      • by chrish ( 4714 )

        I bought a pCloud 500GB lifetime account a while back because I wanted something with a decent Linux client. I use Backblaze's B2 for Linux backups (via restic) and their normal product for mac/Windows backups. My cloud use case is basically "I want a folder that syncs easily between n computers". I'd try OwnCloud or similar but I don't want to muck around with dynamic DNS services and opening up something in my network to The Internet.

        I'd prefer to use Sync.com, but they don't have a Linux client, and they

    • The ironic thing is that Dropbox has a lot of press and certificates showing compliance with HIPAA, FERPA, and other items. It also is good at snapshots (which are not backups... but helpful regardless.) It also has solid iOS and Android support. The API to allow some apps to store and use Dropbox for data without needing a Dropbox client is important as well.

      Downside is that because it is used for these things, suddenly having an option set to yes about data ingested to any AI is, IMHO, a breach of trus

  • If the service is easy and (nearly) free, you are the product!

  • "AI is stealing all my cat pictures!"
  • by devslash0 ( 4203435 ) on Thursday December 14, 2023 @10:21AM (#64081331)

    I will never understand why people use cloud storage without a layer of protection and upload plaintext personal data I to the cloud. It's plainly stupid and irresponsible. Personally, I wrote my own client side encryption layer which encrypts everything client-side before sending it to the cloud. There are, however, a lot of free tools that people can use to protect their data. For example this one:
    https://cryptomator.org/ [cryptomator.org]

    • ... upload plaintext personal data ...

      Most personal data should be encrypted: Obvious is passwords and scans of identity documents but the data commonly ignored is the email spool. (It's ridiculous that email software doesn't encrypt their spool files. That's doubly important since spool files also exist on an IMAP server.) The email data (and software, for convenience) should be saved to an encrypted drive. Contrary to this, the more times data is used, the more difficult it is to hold as cipher-text. Thus, people who run their email cli

  • by larryjoe ( 135075 ) on Thursday December 14, 2023 @12:25PM (#64081745)

    "Dropbox says that user data shared with third-party AI partners isn't used to train AI models and is deleted within 30 days."

    So why does OpenAI need to store that data for 30 days? There's no need for backup, especially since it's not needed for training. Sort of makes one wonder why the data couldn't be deleted immediately by OpenAI, especially since OpenAI needs to provision additional storage for the ostensibly "useless" data.

    Maybe the data is effectively deleted almost immediately and "within 30 days" is just legalese, but then saying "immediately" would sound much better. So, there's either something fishy going on or the PR guy goofed.

    • by guruevi ( 827432 )

      Immediately means immediately (as in right now). Likely they make backups and have 30 day retention period of that backup. 30 days is better than 'some day' or 'eventually'.

  • ...are they supposed to scan all your photos and videos for kiddie porn and read your documents to ensure you're not a terrorist.

    Or a startup with a very lucrative idea.

  • I have used DropBox for years as a great backup for password app files and family PIX. I will be moving and deleting my accounts there.
    • For my KeePass file, I'll leave it on Dropbox. I use a keyfile which I copy to all my devices, and that is not on Dropbox, so it ensures that the KeePass stuff cannot be brute-forced. Let them suck it into some LLM. I also rotate the master key fairly frequently. No, this isn't 100%, but other than metadata or a break in AES-256, there isn't much that can be done for an AI.

  • ...You know some dumbass buzzword mining company is working on one.

If you think nobody cares if you're alive, try missing a couple of car payments. -- Earl Wilson

Working...