I'm not sure I understand how not giving access to your Dropbox account to Boxifier makes you that more comfortable -- Boxifier will be able to read/write your Dropbox files anyways, what's the big difference?
The big difference here is the principle of least privilege[1].
We could have built Boxifier so that it requires you to login into Dropbox and get back an access token to be used by Boxifier with the Dropbox API.
If someone wanted to get access to the data in your Dropbox account, they could do that with an access token (that they received when you authorized their app to access your Dropbox). Then they could use that token from any computer to download data from your Dropbox, without you ever finding out about it.
Boxifier works completely offline so it doesn't need any network access (which could be misused). If you want to be 101% sure you can setup a firewall rule and block all network access for Boxifier. This way you can make sure it cannot get data from your Dropbox folder and upload it to a remote location.
On the other hand, with an access token you have no control on how it is used outside of your computer. You may argue that you can always revoke it, but the reality of today's attacks is that they go stealth for a long time before you find out about them.
We used to work in the antivirus industry so that's why we care so much about security and privacy. Boxifier has been designed with security in mind from its early days.
_razvan|11 years ago
We could have built Boxifier so that it requires you to login into Dropbox and get back an access token to be used by Boxifier with the Dropbox API.
If someone wanted to get access to the data in your Dropbox account, they could do that with an access token (that they received when you authorized their app to access your Dropbox). Then they could use that token from any computer to download data from your Dropbox, without you ever finding out about it.
Boxifier works completely offline so it doesn't need any network access (which could be misused). If you want to be 101% sure you can setup a firewall rule and block all network access for Boxifier. This way you can make sure it cannot get data from your Dropbox folder and upload it to a remote location.
On the other hand, with an access token you have no control on how it is used outside of your computer. You may argue that you can always revoke it, but the reality of today's attacks is that they go stealth for a long time before you find out about them.
We used to work in the antivirus industry so that's why we care so much about security and privacy. Boxifier has been designed with security in mind from its early days.
[1] http://en.wikipedia.org/wiki/Principle_of_least_privilege