Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Bug Data Storage Communications Privacy Security The Internet

Dropbox Kept Files Around For Years Due To 'Delete' Bug (bleepingcomputer.com) 73

Dropbox has fixed a bug that caused old, deleted data to reappear on the site. The bug was reported by multiple support threads in the last three weeks and merged into one issue here. An anonymous Slashdot reader writes: In some of the complaints users reported seeing folders they deleted in 2009 reappear on their devices overnight. After seeing mysterious folders appear in their profile, some users thought they were hacked. Last week, a Dropbox employee provided an explanation to what happened, blaming the issue on an old bug that affected the metadata of soon-to-be-deleted folders. Instead of deleting the files, as users wanted and regardless of metadata issues, Dropbox choose to keep those files around for years, and eventually restored them due to a blunder. In its File retention Policy, Dropbox says it will keep files around a maximum 60 days after users deleted them.
This discussion has been archived. No new comments can be posted.

Dropbox Kept Files Around For Years Due To 'Delete' Bug

Comments Filter:
  • Correct title (Score:4, Insightful)

    by Anonymous Coward on Wednesday January 25, 2017 @05:46PM (#53738829)

    Dropbox Kept Files Around For Years Due To Delete 'Bug'

    FTFY

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      I wonder if other cloud service providers have such 'bugs'.

      • by AmiMoJo ( 196126 )

        Probably. Most cloud services rely on duplication to secure user data. The better ones geographically distribute the copies in case the datacentre goes up in flames.

        Then you have Nearline storage, and offline storage copies.

        When a file is deleted, all the copies have to be removed. Bugs, failed and inadequately wiped failed/recycled disks, cached copies... It can easily go wrong.

        Which is why you don't store anything sensitive unencrypted in the cloud.

        • by Anonymous Coward

          I find it hard to believe that nobody noticed 8 fucking years worth of "deleted" data until now. This was done on purpose and noe Dropbox is trying to use the scapegoat of "it's a bug".

          Yeah, bullshit.

          • Re:Correct title (Score:4, Insightful)

            by Immerman ( 2627577 ) on Wednesday January 25, 2017 @07:45PM (#53739527)

            Was it 8 years worth of data, or just data from 8 years ago? Big difference, and the summary at least indicates the latter.

            • Was it 8 years worth of data, or just data from 8 years ago? Big difference, and the summary at least indicates the latter.

              I think it's awfully trusting of you to believe that they weren't saving everything deliberately.

              It seems ridiculously unlikely that this sort of thing could go on for 8 years without anyone noticing. If nothing else, the need for constantly increasing storage should have made someone wonder what was going on.

              But seriously, one of their key functions, namely "deleting a file" didn't work and no one noticed for almost a decade?

              • It seems ridiculously unlikely that this sort of thing could go on for 8 years without anyone noticing. If nothing else, the need for constantly increasing storage should have made someone wonder what was going on./quote

                Yes, exactly what I was thinking. The cat's out of the bag now. Dropbox can say whatever they want, the evidence is pretty clear: files were kept for 8 years at least (otherwise they couldn't be restored).

                I am sure there are lots of reasons for cloud providers not to delete your data. It is just too valuable a tool to delete. You can gain all kinds of insights about your users from the data they upload. Whether their motivation is benign or not, it doesn't matter, the truth is that once a file leaves your computer it is no longer yours.

              • by GuB-42 ( 2483988 )

                I think we can use Hanlon's razor here "do not attribute to malice what can be explained by stupidity".
                It is not unthinkable at all that undeleted files go unnoticed. It happens all the time where I work. And because storage needs constantly increase anyways, it isn't that noticeable.
                For example, files may be copied to A, but because of some problem, the get copied to B instead. Later, the problem is fixed and files are copied again to A, where they should be. B is left untouched. Now the users wants to del

                • It is not unthinkable at all that undeleted files go unnoticed. It happens all the time where I work.

                  Really, you guys lose track of petabytes of data and no one notices for the better part of a decade?

                  Please tell me who you work for so I can avoid them like the plague.

                  • by GuB-42 ( 2483988 )

                    I won't tell you who I'm working for but it is not an IT company, which is a good thing since the IT department is abysmal...
                    However, I think you overestimate companies in general. You know, you, as an individual, forget about things sometimes. Have you ever found something in house house you thought was lost? Have you ever forgotten to pay a bill? Have you ever missed a deadline just because you forgot about it? If you are a normal human, you probably ended up is such situations.
                    Companies are made of peopl

                    • Have you ever found something in house house you thought was lost?

                      Yes, but I've not "found something" I thought was lost 600 times.

                      -

                      Have you ever forgotten to pay a bill?

                      I have, but I haven't forgotten to pay 600 million bills.

                      -

                      Have you ever missed a deadline just because you forgot about it?

                      Sure, but I've never missed 600 million deadlines.

                      -

              • Exactly what would cause you to casually notice that the random jellybeans that *someone else* meant to take out of a jar were still there?

                If it were a systematic oversight, and jellybeans were *never* (or rarely) actually removed, then the size of the jar would need to grow continuously as new beans were added and the old ones weren't removed. Of course the jar would need to steadily grow regardless, because every year people are adding more and larger beans than the year before, but the difference in the

                • Exactly what would cause you to casually notice that the random jellybeans that *someone else* meant to take out of a jar were still there?

                  Oh gosh, I don't know...log files? Sanity checks? System audits? Function testing? The fact that the jellybean jar is now the size of my local Wal-Mart?

                  Seriously, if you don't see why this whole "oops-we-fergot-to-actually-delete-yer-file" thing is super suspicious, then there's probably nothing I can say that would make it clear.

                  • Suspicious? Absolutely.

                    I just think it's worth pointing out that when you're dealing with as much data as they do, they would have to be extremely thorough to notice that something that was supposed to be deleted is still hanging around - I mean it's not the sort of thing that any users will send in a bug report on.

      • This is a feature which allows to undelete data during grace period. Every provider must have that. This specific issue is that 1. the grace period was way too long. 2. the data was accidentally undeleted.
        • No, the specific issue is that if you put your data in "the cloud": It's out of your control. You've put your trust in people who are out of your control and who are almost certainly motivated entirely by money and power, not your well-being or security, except as that drives the first. Data storage providers can -- and will -- do things with your data without telling you that are completely out of your control. Including hand over the data to any entity that can apply enough monetary or threat pressure to

          • You are right, of course. However, the same could be said about bank safety deposit boxes as well, but those are generally accepted as "safer than your mattress" (which is entirely under your control) even though law enforcement can get access to them.

        • I don't have a problem with the 30-60 day grace period that Dropbox claims to have. I do think 6-8 years is too long! :p

      • Re:Correct title (Score:4, Insightful)

        by elrous0 ( 869638 ) on Wednesday January 25, 2017 @06:48PM (#53739227)

        I wonder if other cloud service providers have such 'bugs'.

        Only the ones on their knees sucking NSA and FBI dick. In other words, pretty much all of them.

        But kudos to Dropbox for their incompetent slip that confirmed everything we'd feared about such file sharing services archiving and sharing data with the government.

        I wonder if they're doing this for the Chinese government too. I suspect the answer is a resounding "yes."

        • by AHuxley ( 892839 )
          If it was the FBI nobody would be allowed to talk about the files left in place as part of an ongoing investigation.
          Every ip requesting that file would be logged over the years.
    • by Anonymous Coward

      A bug let users know their files haven't been deleted. The bug didn't keep the files, that was a decision by someone in a suit.

    • by stooo ( 2202012 )

      >> Dropbox has fixed a bug that caused old, deleted data to reappear on the site.

      Now, your deleted data only appears to the NSA, where it belongs.

  • Yeah sure. (Score:5, Insightful)

    by Anonymous Coward on Wednesday January 25, 2017 @05:49PM (#53738855)

    They didn't notice terabytes of data just piling up over 8 years. Mkay.

    • by Anonymous Coward

      Probably closer to multiple petabytes. So yes, they knew about this and made a mistake that showed their lies.

  • by Anonymous Coward

    Yet another cloud service provide lying about the service it provides. Whatever happened to truth in advertising laws?

    • by elrous0 ( 869638 )

      Whatever happened to truth in advertising laws?

      They got thrown out with the Patriot Act and a million other laws which have turned our government into Big Brother.

  • FTFY (Score:4, Insightful)

    by Anonymous Coward on Wednesday January 25, 2017 @05:51PM (#53738871)

    Instead of deleting the files, as users wanted and regardless of metadata issues, Dropbox choose to secretly keep those files around for years, but accidentally made this visible to the user when they restored them due to a blunder.

  • Which OS is it that is so complicated that when you ask it to delete a file, it doesn't? I wasn't aware that one even exists

    • Re:Tell me the OS (Score:4, Informative)

      by 93 Escort Wagon ( 326346 ) on Wednesday January 25, 2017 @06:13PM (#53739037)

      Which OS is it that is so complicated that when you ask it to delete a file, it doesn't? I wasn't aware that one even exists

      I strongly suspect this has nothing to do with the OS and everything to do with Dropbox Inc.

      I don't imagine they actually delete anything - they probably just set a "do not show to user" flag. It's probably still there, ad infinitum, along with any and all metadata connecting the file to you as an individual.

    • by guruevi ( 827432 )

      Pretty much any filesystem since before MSDOS only unlinks the file, not really deletes it. Windows 95 came with a Trash can feature that only moved files to the Trash until the user unlinked the files. These days cloud/flash based storage will do pretty much the same, keep the data around until it's either overwritten due to space congestion or deleted by an admin.

      • Pretty much any filesystem since before MSDOS only unlinks the file, not really deletes it.

        Yeah, nice try.

        Except that if this was the case, you would almost certainly not be able to restore 8 year old files. How many times do you think they have updated their storage systems in the last 8 years? I am guessing the answer is more than 0.

        • by guruevi ( 827432 )

          I highly doubt they up and replaced the entire system migrating all live data to new systems. The problem with "cloud" file systems is that it's not really a file system, its a database (object store whatever you call it), deleting an "object" does nothing really but leave a hole in the database and such fragmentation cannot easily be resolved unless you devise a fitting algorithm. So most systems never delete anything truly, just mark it deleted and if ever they need space, they could "vacuum" the thing bu

          • Well, there you go. You made my point better than I (obviously) did.

            This can't be a file system related thing.

    • Which OS is it that is so complicated that when you ask it to delete a file, it doesn't? I wasn't aware that one even exists

      As others pointed out, no, typical OSs don't overwrite it when you "delete" it.

      In addition to this, however- I don't know what Dropbox's setup is, and I know sod all about enterprise storage et al. However, I feel pretty confident in assuming it's *not* going to be anything as simple as an "off the shelf" hard drive or even RAID setup using the standard Windows, Linux or whatever facilities and filesystems like one would find in a desktop PC!

      The comparison is therefore pretty meaningless.

  • Alternative Facts (Score:5, Interesting)

    by Anonymous Coward on Wednesday January 25, 2017 @05:57PM (#53738927)

    Funny how for exactly 8 years, this internet company managed to accidentally not delete documents that its users asked to be deleted in confidence, and a week after a new administration takes power, they magically find out that they weren't deleting any documents and now they have to be purged.

    It's almost like someone wanted to keep these deleted documents around so they could comb through them to find patterns, or something. It's a good thing that our government isn't spying on us through our social media sharing sites, or something.

  • Remember this - NOTHING gets deleted from the cloud, its just too precious.

  • by Anonymous Coward

    You would think that Dropbox would mark data as deleted and let the storage space be recycled after some delay (to let users "undelete" files due to user error).

    Given the scale of Dropbox and the amount of storage they need to buy, this level of "bug" is a deliberate design choice.

    • by guruevi ( 827432 )

      Not necessarily, all of Dropbox is approx. 120-200PB. Distributed over thousands of storage servers it's really peanuts to save people's history (which are mostly small delta's). Running a storage system of 200TB myself, people tend not to delete stuff all that much and even so, the entire amount of people's previous storages is encapsulated every time we have to upgrade (every 3 years). 10 years ago we stored close to 10TB, now 10TB is a rounding error on the upgrade.

  • It wouldn't surprise me if the files or metadata were kept on purpose. They'll be the next Yahoo for it though. God only knows what just info could be found. I'm sure intelligence agencies love it.
  • ..to keep your data on your own machines. In that case the "delete" bug is the more usual variety, where files are accidentally lost or clobbered. These cloud providers are all upside down!
  • It sounds like the bug was that the files re-appeared. That is now fixed, so most likely we're back to only the NSA and some generous customers having access to those "deleted" files.

  • A bug to the customers, a feature to the government.
  • You think the "voice assistants" Siri, Google Assistant, Alexa, Cortana etc who continually listen to the microphone do not save what they hear? You think the companies are not saving all that audio? Recently there was an article about ultra low bit rate audio codecs, tuned to human speech, that can record 80 years of audio in a 8 GB file.
  • "Dropbox says it will keep files around a maximum 60 days after users deleted them."

    Obviously this is wrong, and to suggest that Dropbox had no idea that this was happening seems a bit naive, no?

    Deleting files is one of the primary bits of functionality that Dropbox has; to think that somehow they flubbed the code to remove a file is, to me, flatly unbelievable.

  • Lol! If you're still using Dropbox after Snowden's revelations (I never used them, FWIW), you deserve this. Seriously, network your own box and install Owncloud, or whatever other "cloud" shit interface you need -- if simply rsync'ing files to a headless box is to technical for whoever needs the data.

    Disclaimer: I don't know all the use cases of Dropbox and I know some are forced to use it...you guys are cool, I guess.

A complex system that works is invariably found to have evolved from a simple system that works.

Working...