The technosphere is a buzz this week with the news that DropBox’s security has a rather large and rather stupid hole in it. I’m only going to give a brief overview of the issue here, so if you’d like more details please check out the. What I do want to say is that this is a really infantile mistake on DropBox’s part, and the fact that they could overlook something so elementary for so long worries me a lot. Anyhow – the whole problem revolves around the Host ID which DropBox uses to identify a computer within your account.
This code acts as both an identifier and a password, and it’s a big long string of random looking gibberish. The problem is not that this ID is easy to guess, but rather that it’s not tied to any particular machine. If a bad-guy gets their hands on the file containing this ID they can effectively clone your machine in DropBox’s eyes, and see your files in perpetuity, regardless of how many times you change your password. The only way to kill the bad guy’s access would be to de-authorise the machine who’s ID they cloned in your account pages on the DropBox website. The original blog post that broke this story describes in detail where you can find this ID on Windows, but doesn’t mention any other OSes. Quite a few listeners to my various podcasts have asked me if I know where the file is located on the Mac.
![Where To Find Snych Preferences On Mac For Dropbox Where To Find Snych Preferences On Mac For Dropbox](http://i.stack.imgur.com/zl8PT.png)
You can find the Dropbox preferences by selecting the Dropbox menu item, and then clicking the gear icon in the bottom right corner of the drop-down window. Select Preferences from the pop-up menu. I recommend keeping the Finder integration option, and the option to start Dropbox whenever you start up your Mac.
I didn’t, but I figured it would be worth spending a little time finding the answer. The first place I looked was in the Library folder in my home folder, this is where Mac apps are supposed to store settings and state information, but DropBox doesn’t store it’s data there. Spotlight also didn’t find any settings files when I searched for ‘dropbox’, so I turned to the Terminal an issued the simple command.
Find / - name. drop. The first result returned had hit pay dirt!
DropBox does not do things the Mac way, but the Unix/Linux way, given that OS X is a certified Unix OS, this is not a total shock. So, on OS X, DropBox puts it’s settings and caches in a folder called.dropbox in your home folder. Because the name of this folder starts with a., it’s a hidden file, so you won’t see it in the Finder, however, once you know it’s there you can browse to it in the Finder easily. To have a look at the content of this folder, open a Finder window and either go to the go menu and select Go to Folder., or hit cmd+shift+g, this will pop up a little dialog that lets you enter the path you want to go to, into that text box enter /.dropbox and hit return. Voila, you’re in!
![For For](http://www.intego.com/mac-security-blog/wp-content/uploads/2015/05/dropbox-selective-sync2.png)
This folder contains some caches and a few other things as well as a file called dropbox.db. The file extension suggests that it’s an SQLite database, so I fired up to have a look inside. As expected, this file is indeed an SQLite DB, and it contains three tables, one of which is called config. This table has just 9 entries, one of which has the key hostid – mission accomplished! Update: different versions of DropBox on the Mac store the key in different files. The file is always in /.dropbox, but could be called config.db or dropbox.db. As DropBox auto-update also seems to be broken, there is a wild variety of versions out there in use, and the people using old versions have no idea their versions are not current.
So – in short, the file you need to worry about keeping safe on the Mac is either /.dropbox/dropbox.db or /.dropbox/config.db.
Is Dropbox using up all your hard drive space? Learn now to delete local copies of your dropbox files - on a Mac. If your hard drive is full - and you use Dropbox - the problem might be that dropbox is syncing all your files to your local disk. For me, this happens when I join someone else's shared dropbox - by default, it copies those files to each of my computers. Or if I upload a large file from one computer, it can end up stored locally in dropbox on my laptop.
My desktop has a large enough hard drive that I don't need to worry about this - but the laptop is just 250 GB. And because I work with video files, it's pretty common for me to upload 20+ gigabytes to Dropbox at a time. BTW, Dropbox calls this Selective Sync. If you're on a PC, it's probably called the same thing, but hidden in a different place.