Safeguard data on sudden drive-failure to avoid accidental deletions

The following issue cannot get solved by using any setting inside Dropbox or by external precautions – such as alerts on OS-level. Staff should find a support ticket on the problem I describe.

A few months ago, we ran into a sudden mass deletion of all Dropbox data. It turned out that the reason was trivial – and that the same could happen again any day. An M2 SSD drive screwed into a Laptop didn’t sit perfectly tight in its slot and its pins had lost contact. This drive was used for Dropbox (local storage). Dropbox interpreted this loss of contact with the drive as full deletion and silently nuked all files we store on Dropbox (in Cloud + all attached machines). Technically, it's the same data loss you'll experience when you unplug an external drive with Dropbox running while the machine on.

As we work with large files, we run Dropbox in a fashion that leaves all data on local machines and cloud-syncs it. Whenever a drive fails, it will therefore erase all Dropbox data. Rollbacks via Dropbox may help recover data. Yet, nothing can protect our Dropbox volume (hundreds of GB) from getting cleared in the first place. Any app or website that references data stored on Dropbox obviously would get affected by full data removal. This could cause substantial initial damage (blank pages, due to missing data) and likely lots of clean-up-work (once data got recovered).

We already considered options to sniff out unexpected directory write operations – here's a Microsoft tool one may use on Windows. Such a tool, however, even when perfectly configured (shuts down local Dropbox when self-destruction is detected) would only rescue Dropbox data on local machines. Any 3rd party references to Dropbox data would still break – as they plug into Dropbox Cloud storage, which still gets nuked when a drive suddenly dies or disconnects.

We would therefore like to see a mechanism for paid Dropbox tiers that kicks in, as soon as a computer logged into Dropbox issues the deletion of the full Dropbox volume. Dropbox should stop executing this command on its cloud instance and all drives machines it still can access and ask Admins (via E-Mail / Push Message), how it should proceed:

A computer logged into this acount has requested to delete all files on Dropbox. The name of this machine is [“human-readable Computer Name”], Would you like to proceed? If yes, please enter your Dropbox Password.

⚠ This message may also get caused by a hardware error on the computer in question. As long as you do not confirm by entering your Dropbox password, no data will be deleted in the cloud or on connected computers.

Enter password to delete all Dropbox data | Cancel delete operation

Please consider this addition. It requires practically no GUI and would not introduce workflow changes. Yet, this little change would bring Dropbox data integrity to the next level.

Delete

Restore

Security

Third Party Integrations

Walter
Dropbox Staff
12 months ago
Status changed:
New
to
Gathering Support
This idea is open.

If you like this idea, please share how this would help you, and vote to show your support.

Our top-voted ideas are shared with our product teams to investigate in our regular reviews.
HuS
Helpful | Level 5
11 months ago
Hi Walter,

I wish you at Dropbox staff established different ways to deal with technical level feedback. What I brought forward would save every user in a comparable situation from temporary loss of all data – and all the work and damage associated with it.

Avoiding this potential data loss would make Dropbox better for everyone. Yet, it's naive to expect to collect numerous votes in an end-user forum. Someone could suggest a killer-tweak that would double your app-performance on all platforms – but that post would gather dust here.
Nancy
Dropbox Staff
11 months ago
Status changed:
Gathering Support
to
Investigating
We checked this further, and our team is actually looking into optimizing this behavior, so that the external drive unplug (in the case where the drive is storing a Dropbox root folder) isn't registered as a delete and behaves in a more user-friendly way.

We don't have a definite timeline as to when we'll implement this, but we'll keep you updated!

Besides that, if you’re on a team on Dropbox Standard / Business who have purchased the Security add-on, or on a team on Dropbox Business Plus, Advanced or Enterprise, then you should receive a security alert in the case of a mass deletion, so that you can restore the files as soon as possible.
HuS
Helpful | Level 5
11 months ago
Thanks for your reply and for the status change, @Nancy I'm looking forward to hearing from you again.

As you refer to external drives in your post, I want to clarify – we never ran Dropbox on a removable device. I am aware that Dropbox discourages doing so in its documentation.

We ran into sudden failure of an internal drive (see also my initial post). Such may happen with premium hardware and with all good practices applied. It may happen to you too, Nancy, as it might happen to anyone on earth who has Dropbox installed.

This being said – the code addition I suggested would even save those who run Dropbox on external hard drives. It would make anyone's Dropbox experience safer.

We did not receive a message from the Dropbox app that informs about unusual file writing activities. Yet, any alert that hundreds or thousands of GB already got deleted comes too late anyway. The horse at that point already left the barn.

We live in a world where petabytes of cloud data are embedded into apps, fuel websites and drive data feeds of all sorts. Dropbox promotes data embedding through its official integrations, and you also provide users with an API to build custom data connectors.

An inevitable consequence of embedding cloud data in 3rd party software is that one has to bid goodbye to the idea that temporary data loss causes no harm. As a customer service employee, you can safely remove this sentence from your repertoire.

Data recovery is the very least the service provider can do – but the promise that data is recoverable is not comforting to business customers – and it certainly does not make up for the damage caused.

***
One last and often forgotten aspect is completely pointless data transfer and its carbon footprint. We run Dropbox in full local mode and have good reasons to do so. In our setup, all files are stored on local machines. Most of our files are larger than 100 MB, and we constantly write metadata into file descriptions (without actually opening files). If we open files, we batch process them. There's no time to wait for file-downloads to complete.

When Dropbox deleted all our files on all machines, due to hardware failure on a single machine, data recovery meant having to re-download hundreds of gigabytes to a few local computers. Our non-default setup, however, does not change anything I said above. Temporary data loss from a fully remote account can cause just as much damage, as for customers with a local work-mode.

I hope you can soon offer a fix that avoids this from happening to other customers. And it would be great to see Dropbox display the same mentality, as the inventors of the safety belt. Happy Holidays!

Safeguard data on sudden drive-failure to avoid accidental deletions

Related Content

Restore external hard drive after failure

I accidentally linked two separate Business teams

I accidentally deleted my file and it's not in my deleted items folder

Accidentally enabled Backup - how can I undo this to free up my space?

Cannot permanently delete a file I accidentally uploaded to work dropbox