Dropbox in 2017

In January 2017 files and folders that users had deleted — in some cases as far back as 2009 — suddenly reappeared in their accounts, revealing that 'deleted' data had been retained on Dropbox's servers far longer than its own policy promised.

Dropbox has published a biannual Transparency Report since 2012, and its own figures document a steady, long-run climb in government and law-enforcement demands for user data — including reporting periods where US legal-process requests jumped by roughly a third.

Dropbox encrypts files at rest, but the encryption keys belong to Dropbox, not the user. This server-side model — chosen to enable deduplication, previews, and search — means the company can read user files, the root cause critics return to again and again.

Many third-party integrations request broad, full-Dropbox access rather than scoped, folder-limited permissions — so a single connected app, if compromised, can expose everything in an account.

The DropSmack proof-of-concept warned that synced Dropbox folders could be a covert C2 and exfiltration channel; multiple real malware families — including BoxCaon, Crutch and tooling used by Kimsuky — went on to abuse Dropbox folders and the Dropbox API exactly that way.

Dropbox's OAuth model historically let third-party apps request full account access, and tokens persist until revoked — so a single over-permissioned or compromised integration can read, write or delete a user's entire Dropbox without any further prompt.

The referral program that powered Dropbox's early viral growth — once worth substantial free storage — was steadily devalued, and some long-time users reported referral-earned space being clawed back to the bare 2GB minimum.

On the eve of Dropbox's 2018 IPO, CEO Drew Houston received a stock award reported at about $110 million for 2017 — a performance grant that could be worth up to roughly $930 million — even as the company would later cut thousands of jobs across 2021, 2023, and 2024.

Dropbox deprecated its original API v1 in 2016 and shut it off on 28 September 2017, forcing every third-party developer to rewrite for the incompatible v2 or watch their Dropbox integration stop working.

Dropbox converted the long-standing Public folder into an ordinary private folder and then disabled all of its public links on 1 September 2017, breaking countless URLs people had embedded across the web with no automatic migration.

A persistent class of complaints describes Dropbox files that sit indefinitely in a 'syncing' state and never finish, leaving users unsure whether their data was actually uploaded — in some reported cases for months, with support unable to resolve it.

Dropbox's move from the v1 Core API to API v2 was not a drop-in upgrade: error handling, authentication, permissions, and request formats all changed, forcing developers to rewrite integrations before v1 was switched off in 2017.

Synchronoss Technologies accused Dropbox of infringing three data-synchronization patents; Dropbox won summary judgment of non-infringement and invalidity in 2019, and the Federal Circuit affirmed in 2021.

Thru Inc. claimed it had used the term 'Dropbox' since 2004 and threatened the company's trademark; Dropbox sued first for declaratory relief, won summary judgment, and the Ninth Circuit affirmed — with a roughly $2.3 million attorneys'-fee award against Thru.

When Dropbox cannot reconcile two versions of a file, it preserves both — saving the loser as a duplicate stamped 'conflicted copy' — a data-safety mechanism that in practice creates lasting duplication and version confusion that users cannot turn off.

Because Dropbox mirrors a permissive server namespace onto stricter local filesystems, files with disallowed characters, over-long paths, or trailing periods can fail to sync or be silently renamed — sometimes without any clear warning to the user.

Dropbox has kept its free Basic plan at just 2GB since its early days, even as Google Drive offered 15GB, OneDrive 5GB, and rivals like Mega offered 20GB — leaving Dropbox with the stingiest free allowance among the major cloud providers.

Dropbox's 'Drop-ins' — the Chooser and Saver widgets that let any app use Dropbox as an open/save dialog — launched in 2013 with fanfare, but the iOS and Android Choosers were later deprecated and the program stagnated as Dropbox steered its platform away from third-party developers toward its own collaboration features.

Linux users found Dropbox's system-tray icon — their primary way to see sync status and open the menu — broken or missing as desktops moved away from legacy tray icons toward AppIndicator, leaving Dropbox's status menu unreliable across popular distributions.

Dropbox's Smart Sync (formerly Project Infinite) let files appear in the file manager without being downloaded — convenient, but a recurring source of confusion when 'online-only' files were unavailable offline or seemingly vanished.

Dropbox demoed 'Project Infinite' in 2016 as a way to see all cloud files on the desktop without using disk space, then shipped it in January 2017 rebranded as 'Smart Sync' — but restricted it to paying Business and Professional tiers rather than the free product its demo had implied.

Dropbox's Smart Sync feature, meant to keep files 'online-only' to free local disk space, has repeatedly failed in the opposite direction — quietly re-downloading online-only files and filling up users' drives, or reverting their carefully chosen local/online states.

Names that are distinct on Dropbox's case-sensitive, Unicode-tolerant servers but identical on Windows or macOS collide on sync, and Dropbox resolves the clash by silently appending '(Case Conflict)' or '(Unicode Encoding Conflict)' to one of the files.