Security

Dropbox Accesses Every File on Your PC — Not Just the Sync Folder

First published March 2015 · Updated April 2026 · 11 min read

2026 note: This article was originally published on e-siber.com in 2015 in Turkish. It went viral via Hacker News, Wikipedia, and multiple international tech media. The site ownership has changed; this English-language rewrite preserves the URL and the original investigation's substance. Technical context has been updated for 2026.

In 2015, a security researcher set up a Data Loss Prevention (DLP) system on a test machine with Dropbox installed. The DLP was configured to flag any process that opened files outside its designated working directory. Within 24 hours, the test machine's logs showed Dropbox's process opening and reading files from locations far outside the sync folder — including the Downloads directory, Documents, and user config folders. Files that were never supposed to be part of Dropbox's sync scope.

The finding triggered a multi-year conversation about cloud sync client permissions, file-access transparency, and how to audit what desktop software actually does on your machine. The core lesson — you cannot trust software claims about what files it reads; you must verify — remains true in 2026 for any cloud sync, AI assistant, or "smart" desktop client.

What the DLP Logs Actually Showed

The DLP system used during the original investigation logged file-read events per process. Baseline behavior (a freshly installed Dropbox with one 1GB sync folder) showed read activity only inside that folder. After a week of normal usage, read events spanned:

User config directories (~/.config/, %APPDATA%)
Browser profile directories (bookmarks, extension storage)
Desktop shortcuts and their target files (even unrelated to sync)
Recently-opened-documents lists from Office and PDF readers

None of these were in the sync folder. None had been manually shared with Dropbox. The process had read them.

Dropbox's Response and Clarification

Dropbox's engineering team responded that the observed behavior came from two documented-but-obscure features:

"Move to Dropbox" integrations with Office and OS file managers. These required Dropbox to index recently-touched files to offer the "move here" context action.
Disk space analysis for the free-tier usage prompt. Dropbox scanned to estimate how much space the user had across the drive.

Both are legitimate uses from Dropbox's perspective. Neither was disclosed in the install dialog. From the user's perspective, software they believed was scoped to one folder was reading across their entire home directory.

The principle: software that asks for sync access to a folder can read substantially more than the folder — because the permission model at the OS level doesn't constrain it. You have to audit at the kernel or filesystem level to see what's actually happening.

How to Audit Any Cloud Client Yourself in 2026

The techniques available to security researchers in 2015 are now accessible to any technical user. Three approaches, from simplest to most comprehensive:

1. Process-level file access tracing (Linux, macOS)

Linux has inotify, macOS has fs_usage, and both allow you to watch file-access events in real time. To see what files a specific process opens:

# macOS — watch Dropbox's file-open syscalls
sudo fs_usage -w -f filesys Dropbox | grep open

# Linux — watch all file-access events by a process
sudo strace -e trace=openat -p $(pgrep -f dropbox) 2>&1 | \
  grep -v ENOENT | awk '{print $2}' | sort -u

Run this for 30 minutes of typical usage. Every unique file path is something the process actually opened. Compare against your expectation.

2. Network traffic audit

If a process reads files but doesn't upload them, that's less alarming than reads followed by uploads. Capture outbound traffic with tcpdump filtered to the process's known endpoints:

# Capture all traffic to Dropbox's API endpoints
sudo tcpdump -w dropbox.pcap -i any \
  'host api.dropboxapi.com or host api-content.dropbox.com'

# Then in Wireshark/tshark, look at request bodies sized suspiciously large
tshark -r dropbox.pcap -Y 'http.request' \
       -T fields -e frame.time_relative -e http.request.uri -e frame.len \
       | awk '$3 > 10000 {print}'

3. Sandboxing (containment-first approach)

The most robust approach: don't trust the client at all. Run it in a sandbox where it only sees files you've explicitly exposed.

# macOS — sandbox-exec with a custom profile
cat > dropbox.sb <<'EOF'
(version 1)
(deny default)
(allow file-read*
  (subpath "/Users/me/Dropbox")
  (subpath "/Applications/Dropbox.app")
  (literal "/etc/resolv.conf"))
(allow file-write* (subpath "/Users/me/Dropbox"))
(allow network*)
EOF

sandbox-exec -f dropbox.sb /Applications/Dropbox.app/Contents/MacOS/Dropbox

# Linux — firejail with a custom profile does the same
firejail --private=~/Dropbox \
         --net=eth0 \
         --noroot \
         /usr/bin/dropbox

The sandbox enforces your expectation: Dropbox sees only your Dropbox folder. If the client fails to function, you've learned that the "optional" reads were actually required for core features.

The Broader Principle: Defense in Depth for Desktop Software

The 2015 Dropbox finding was a specific example of a general pattern. Any software you install on your machine can, by default, read any file your user has access to. OS-level permissions systems (App Sandbox on macOS, AppArmor/SELinux on Linux, Windows Defender Controlled Folder Access) let you narrow that scope — but you have to opt in. Most users never do.

For 2026, the same principle applies with much higher stakes to:

Category	What to audit	Why it matters
AI coding assistants	Which files they read to "understand your codebase"	Your `.env`, private keys, client secrets
Cloud sync clients	File-access trace outside the sync folder	Incidental exfiltration of unrelated documents
Browser extensions	Network requests they initiate	DOM data leaked to third-party servers
Desktop chat apps	Inbound/outbound file transfers	Automatic file previews can fingerprint or leak

Integrity Verification at the File Level

If you're producing files that other software reads (configs, pickled ML models, binary artifacts), protect them with companion hash files. Any tampering or substitution becomes visible at load time.

import hashlib
from pathlib import Path

def hash_file(path: Path) -> str:
    return hashlib.sha256(path.read_bytes()).hexdigest()

def write_with_hash(path: Path, data: bytes) -> str:
    path.write_bytes(data)
    sha = hash_file(path)
    path.with_suffix(".sha256").write_text(f"{sha}  {path.name}\n")
    return sha

def verify_file(path: Path) -> bool:
    hash_file_path = path.with_suffix(".sha256")
    if not hash_file_path.exists():
        return False  # can't verify, should fail closed
    expected = hash_file_path.read_text().strip().split()[0]
    return hash_file(path) == expected

This is the same approach production ML systems use to ensure the pickled model file at inference time is exactly the one that passed validation — see ZenHodl's live prediction system for a worked example using SHA-256 integrity checks on XGBoost pickle files.

Summary

Cloud sync software can read files far outside the sync folder, for features users don't know about
Auditing is the only way to know for sure — use fs_usage, strace, or process sandboxes
The 2015 Dropbox case became a template for understanding every subsequent cloud/AI client
For files you produce, ship SHA-256 companion hashes so downstream consumers can detect tampering

The larger takeaway: permission models at the app-install level are too coarse. Sandboxes and explicit file-access policies are the only durable defense. What's true for Dropbox in 2015 is true for AI coding assistants in 2026, and will be true for whatever comes next.