Restricting File Sharing Apps

File sharing services like Dropbox and SpiderOak are great for easily syncing files between computers. SpiderOak even offers Zero-Knowledge Privacy, where they cannot decrypt your files.

Unfortunately, the default settings increase your computer’s attack surface. Both Dropbox, SpiderOak, and I assume most cloud storage providers include a "LAN Sync" feature. This speeds synchronization of files between computers on a LAN by allowing the computers to send files directly to each other without relying on the internet connection. To do this, the synchronization applications must accept outside connections. If you go to a coffee shop or hotel networks, a malicious user could send packets to these applications. While I’m sure the developers made an effort to write good applications, I’m sure these have not been tested for vulnerabilities as extensively as OpenSSL and Windows SMB. At least in client mode, the application should only be connecting to the trusted server (unless there’s an active man-in-the middle attack). Disclaimer: I am not aware of vulnerabilities in these programs. This is just about mitigating a potential risk.

It’s easy to stop these programs from accepting connections. In Dropbox for Mac, click the Dropbox icon, click the gear, click ‘Preferences…’, click the Network tab, and uncheck ‘Enable LAN Sync’. In SpiderOak for Mac, click the SpiderOak icon, go to Application, click Preferences, click Network, and uncheck ‘Allow LAN-Sync’.