Dropbox Kept Files Around For Years Due To 'Delete' Bug (bleepingcomputer.com) 73
Dropbox has fixed a bug that caused old, deleted data to reappear on the site. The bug was reported by multiple support threads in the last three weeks and merged into one issue here. An anonymous Slashdot reader writes: In some of the complaints users reported seeing folders they deleted in 2009 reappear on their devices overnight. After seeing mysterious folders appear in their profile, some users thought they were hacked. Last week, a Dropbox employee provided an explanation to what happened, blaming the issue on an old bug that affected the metadata of soon-to-be-deleted folders. Instead of deleting the files, as users wanted and regardless of metadata issues, Dropbox choose to keep those files around for years, and eventually restored them due to a blunder. In its File retention Policy, Dropbox says it will keep files around a maximum 60 days after users deleted them.
Correct title (Score:4, Insightful)
Dropbox Kept Files Around For Years Due To Delete 'Bug'
FTFY
Re: (Score:2, Interesting)
I wonder if other cloud service providers have such 'bugs'.
Re: (Score:1)
Probably. Most cloud services rely on duplication to secure user data. The better ones geographically distribute the copies in case the datacentre goes up in flames.
Then you have Nearline storage, and offline storage copies.
When a file is deleted, all the copies have to be removed. Bugs, failed and inadequately wiped failed/recycled disks, cached copies... It can easily go wrong.
Which is why you don't store anything sensitive unencrypted in the cloud.
Re: (Score:1)
I find it hard to believe that nobody noticed 8 fucking years worth of "deleted" data until now. This was done on purpose and noe Dropbox is trying to use the scapegoat of "it's a bug".
Yeah, bullshit.
Re:Correct title (Score:4, Insightful)
Was it 8 years worth of data, or just data from 8 years ago? Big difference, and the summary at least indicates the latter.
Re: (Score:3)
Was it 8 years worth of data, or just data from 8 years ago? Big difference, and the summary at least indicates the latter.
I think it's awfully trusting of you to believe that they weren't saving everything deliberately.
It seems ridiculously unlikely that this sort of thing could go on for 8 years without anyone noticing. If nothing else, the need for constantly increasing storage should have made someone wonder what was going on.
But seriously, one of their key functions, namely "deleting a file" didn't work and no one noticed for almost a decade?
Re: (Score:2)
It seems ridiculously unlikely that this sort of thing could go on for 8 years without anyone noticing. If nothing else, the need for constantly increasing storage should have made someone wonder what was going on./quote
Yes, exactly what I was thinking. The cat's out of the bag now. Dropbox can say whatever they want, the evidence is pretty clear: files were kept for 8 years at least (otherwise they couldn't be restored).
I am sure there are lots of reasons for cloud providers not to delete your data. It is just too valuable a tool to delete. You can gain all kinds of insights about your users from the data they upload. Whether their motivation is benign or not, it doesn't matter, the truth is that once a file leaves your computer it is no longer yours.
Re: (Score:2)
I think we can use Hanlon's razor here "do not attribute to malice what can be explained by stupidity".
It is not unthinkable at all that undeleted files go unnoticed. It happens all the time where I work. And because storage needs constantly increase anyways, it isn't that noticeable.
For example, files may be copied to A, but because of some problem, the get copied to B instead. Later, the problem is fixed and files are copied again to A, where they should be. B is left untouched. Now the users wants to del
Re: (Score:2)
It is not unthinkable at all that undeleted files go unnoticed. It happens all the time where I work.
Really, you guys lose track of petabytes of data and no one notices for the better part of a decade?
Please tell me who you work for so I can avoid them like the plague.
Re: (Score:2)
I won't tell you who I'm working for but it is not an IT company, which is a good thing since the IT department is abysmal...
However, I think you overestimate companies in general. You know, you, as an individual, forget about things sometimes. Have you ever found something in house house you thought was lost? Have you ever forgotten to pay a bill? Have you ever missed a deadline just because you forgot about it? If you are a normal human, you probably ended up is such situations.
Companies are made of peopl
Re: (Score:2)
Have you ever found something in house house you thought was lost?
Yes, but I've not "found something" I thought was lost 600 times.
-
Have you ever forgotten to pay a bill?
I have, but I haven't forgotten to pay 600 million bills.
-
Have you ever missed a deadline just because you forgot about it?
Sure, but I've never missed 600 million deadlines.
-
Re: (Score:2)
Exactly what would cause you to casually notice that the random jellybeans that *someone else* meant to take out of a jar were still there?
If it were a systematic oversight, and jellybeans were *never* (or rarely) actually removed, then the size of the jar would need to grow continuously as new beans were added and the old ones weren't removed. Of course the jar would need to steadily grow regardless, because every year people are adding more and larger beans than the year before, but the difference in the
Re: (Score:2)
Exactly what would cause you to casually notice that the random jellybeans that *someone else* meant to take out of a jar were still there?
Oh gosh, I don't know...log files? Sanity checks? System audits? Function testing? The fact that the jellybean jar is now the size of my local Wal-Mart?
Seriously, if you don't see why this whole "oops-we-fergot-to-actually-delete-yer-file" thing is super suspicious, then there's probably nothing I can say that would make it clear.
Re: (Score:2)
Suspicious? Absolutely.
I just think it's worth pointing out that when you're dealing with as much data as they do, they would have to be extremely thorough to notice that something that was supposed to be deleted is still hanging around - I mean it's not the sort of thing that any users will send in a bug report on.
Re: (Score:1)
Correct Issue (Score:2)
No, the specific issue is that if you put your data in "the cloud": It's out of your control. You've put your trust in people who are out of your control and who are almost certainly motivated entirely by money and power, not your well-being or security, except as that drives the first. Data storage providers can -- and will -- do things with your data without telling you that are completely out of your control. Including hand over the data to any entity that can apply enough monetary or threat pressure to
Re: (Score:2)
You are right, of course. However, the same could be said about bank safety deposit boxes as well, but those are generally accepted as "safer than your mattress" (which is entirely under your control) even though law enforcement can get access to them.
Re: (Score:2)
I don't have a problem with the 30-60 day grace period that Dropbox claims to have. I do think 6-8 years is too long! :p
Re:Correct title (Score:4, Insightful)
I wonder if other cloud service providers have such 'bugs'.
Only the ones on their knees sucking NSA and FBI dick. In other words, pretty much all of them.
But kudos to Dropbox for their incompetent slip that confirmed everything we'd feared about such file sharing services archiving and sharing data with the government.
I wonder if they're doing this for the Chinese government too. I suspect the answer is a resounding "yes."
Re: (Score:2)
Every ip requesting that file would be logged over the years.
Re: Correct title (Score:1)
A bug let users know their files haven't been deleted. The bug didn't keep the files, that was a decision by someone in a suit.
Re: (Score:2)
>> Dropbox has fixed a bug that caused old, deleted data to reappear on the site.
Now, your deleted data only appears to the NSA, where it belongs.
Yeah sure. (Score:5, Insightful)
They didn't notice terabytes of data just piling up over 8 years. Mkay.
Re: (Score:1)
Probably closer to multiple petabytes. So yes, they knew about this and made a mistake that showed their lies.
Re: (Score:2)
We still don't delete in case the feds want to take a peak at anything
As keeping deleted files comes at a significant cost, my guess is that malice here doesn't come from Dropbox itself.
Re: (Score:1)
This went "unnoticed" for years. Not likely. That would be like you not noticing the Olympic size pool that your neighbor dug in your back yard, after he re-routed his driveway, over your property so that his yard was larger as well as connecting his electrical box to your connection and has been getting free electricity for years.
Re: (Score:1)
Storage is cheap. If you think that Dropbox ever deletes anything you store there, then you are naive.
In general, if anything is free, then you are in some way the product. If data storage is free, then your data is the product. I highly recommend Syncthing [syncthing.net]. People need to keep ownership of their data.
Yet Another (Score:1)
Yet another cloud service provide lying about the service it provides. Whatever happened to truth in advertising laws?
Re: (Score:2)
Whatever happened to truth in advertising laws?
They got thrown out with the Patriot Act and a million other laws which have turned our government into Big Brother.
FTFY (Score:4, Insightful)
Tell me the OS (Score:2)
Which OS is it that is so complicated that when you ask it to delete a file, it doesn't? I wasn't aware that one even exists
Re:Tell me the OS (Score:4, Informative)
Which OS is it that is so complicated that when you ask it to delete a file, it doesn't? I wasn't aware that one even exists
I strongly suspect this has nothing to do with the OS and everything to do with Dropbox Inc.
I don't imagine they actually delete anything - they probably just set a "do not show to user" flag. It's probably still there, ad infinitum, along with any and all metadata connecting the file to you as an individual.
Re: (Score:3)
Pretty much any filesystem since before MSDOS only unlinks the file, not really deletes it. Windows 95 came with a Trash can feature that only moved files to the Trash until the user unlinked the files. These days cloud/flash based storage will do pretty much the same, keep the data around until it's either overwritten due to space congestion or deleted by an admin.
Re: (Score:3)
Pretty much any filesystem since before MSDOS only unlinks the file, not really deletes it.
Yeah, nice try.
Except that if this was the case, you would almost certainly not be able to restore 8 year old files. How many times do you think they have updated their storage systems in the last 8 years? I am guessing the answer is more than 0.
Re: (Score:2)
I highly doubt they up and replaced the entire system migrating all live data to new systems. The problem with "cloud" file systems is that it's not really a file system, its a database (object store whatever you call it), deleting an "object" does nothing really but leave a hole in the database and such fragmentation cannot easily be resolved unless you devise a fitting algorithm. So most systems never delete anything truly, just mark it deleted and if ever they need space, they could "vacuum" the thing bu
Re: (Score:2)
Well, there you go. You made my point better than I (obviously) did.
This can't be a file system related thing.
Re: (Score:3)
Which OS is it that is so complicated that when you ask it to delete a file, it doesn't? I wasn't aware that one even exists
As others pointed out, no, typical OSs don't overwrite it when you "delete" it.
In addition to this, however- I don't know what Dropbox's setup is, and I know sod all about enterprise storage et al. However, I feel pretty confident in assuming it's *not* going to be anything as simple as an "off the shelf" hard drive or even RAID setup using the standard Windows, Linux or whatever facilities and filesystems like one would find in a desktop PC!
The comparison is therefore pretty meaningless.
Re: (Score:2)
try S3
You mean Amazon S3? Not sure what your point is. That's not a local (or locally-controlled) storage option and Amazon aren't even open about how it's implemented.
Alternative Facts (Score:5, Interesting)
Funny how for exactly 8 years, this internet company managed to accidentally not delete documents that its users asked to be deleted in confidence, and a week after a new administration takes power, they magically find out that they weren't deleting any documents and now they have to be purged.
It's almost like someone wanted to keep these deleted documents around so they could comb through them to find patterns, or something. It's a good thing that our government isn't spying on us through our social media sharing sites, or something.
Re: (Score:2)
Re:Alternative Facts (Score:5, Insightful)
I always assume the hosts have copies even if you nuke them. :(
Re: (Score:2)
Are you using your Jump to Conclusions mat again? I thought we burned that thing...
Delete 'Bug', not 'Delete' Bug (Score:2)
Remember this - NOTHING gets deleted from the cloud, its just too precious.
Storage costs? (Score:1)
You would think that Dropbox would mark data as deleted and let the storage space be recycled after some delay (to let users "undelete" files due to user error).
Given the scale of Dropbox and the amount of storage they need to buy, this level of "bug" is a deliberate design choice.
Re: (Score:3)
Not necessarily, all of Dropbox is approx. 120-200PB. Distributed over thousands of storage servers it's really peanuts to save people's history (which are mostly small delta's). Running a storage system of 200TB myself, people tend not to delete stuff all that much and even so, the entire amount of people's previous storages is encapsulated every time we have to upgrade (every 3 years). 10 years ago we stored close to 10TB, now 10TB is a rounding error on the upgrade.
Probably kept on purpose (Score:1)
another reason.. (Score:1)
It was a real bug, now fixed. (Score:2)
It sounds like the bug was that the files re-appeared. That is now fixed, so most likely we're back to only the NSA and some generous customers having access to those "deleted" files.
A matter of point of view (Score:1)
Wait till they hear about Alexa and Cortana and .. (Score:3)
Wrong (Score:2)
"Dropbox says it will keep files around a maximum 60 days after users deleted them."
Obviously this is wrong, and to suggest that Dropbox had no idea that this was happening seems a bit naive, no?
Deleting files is one of the primary bits of functionality that Dropbox has; to think that somehow they flubbed the code to remove a file is, to me, flatly unbelievable.
People still use Dropbox? (Score:2)
Lol! If you're still using Dropbox after Snowden's revelations (I never used them, FWIW), you deserve this. Seriously, network your own box and install Owncloud, or whatever other "cloud" shit interface you need -- if simply rsync'ing files to a headless box is to technical for whoever needs the data.
Disclaimer: I don't know all the use cases of Dropbox and I know some are forced to use it...you guys are cool, I guess.