Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
akersten 9 hours ago

Hooking up the Internet to my filesystem is scary. What security measures are in place to ensure a compromise of your infrastructure doesn't compromise mine?

aabhay 8 hours ago | parent | next [-]

I'm not certain what exact scenario you are referring to. Do you mean if someone is able to install malware on our backend system will that malware get sent to you?

Is there something in particular that we are vulnerable to that doesn't also affect Google Drive, Dropbox, iCloud Drive, OneDrive, etc.?

encroach 6 hours ago | parent [-]

You are correct that, from a security standpoint, your software is no different than any other software I install on my computer, since desktop computers have no sandboxing. But from a privacy standpoint, it could be uniquely concerning.

With Google Drive, I choose which files to upload. It doesn't have broad access to everything on my computer.

Dropbox, iCloud, and OneDrive are just backup services, so in theory they could just back up your files as an encrypted blob and have no way to read them. Unfortunately, they don't encrypt them (which is partly why I don't use those services). But at least I have their "promise" that they won't read or analyze my files, which would make me feel better even if its a weak promise.

On the other hand, your service, by nature, is reading an analyzing all of my files using a remote server.

aabhay 6 hours ago | parent [-]

You choose which files to use in Poly, we don't scan your hard drive either.

I don't know about the other services, but Dropbox _does_ read your files. https://help.dropbox.com/security/privacy-policy-faq

> We may build models that identify keywords and topics from a given document. These models may be trained on your documents and metadata, and power features within Dropbox such as improved search relevance, auto-sorting and organization features, and document summaries.

bigyabai 9 hours ago | parent | prev [-]

+1 for this - I don't trust proprietary software with access to my whole filesystem like this. Definitely not if a future update could change the pricing terms, introduce hidden telemetry or deprive me of the app on a whim.

This app gives me the same heebie-jeebies as the "Warp" terminal that was heavily pushed (and then rebuked) on HN. I don't want to replace my file browser or terminal with a subscription service, full-stop. The most magical featureset on the market won't move my needle, but then again maybe I'm not the ideal customer for this kind of product.