We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.

Forum Discussion

td47's avatar
td47
Helpful | Level 6
5 months ago

Why does the Dropbox site detect my login as a new connection?

Hello, it seems that MANY sites (including DROPBOX) are being bit lazy in their attempts to decide if I am logging in from a new device.  It find it a bit irritating to get an email message telling me that I logged in from a new device, when all that has happened, is that my favourite browser (Firefox in this case) got updated from version 126.x to 127.0. OK, I might not get this for the point releases (e.g. 126.1 to 126.2 etc), but that is not the point.

Doing it this way means that at the next big version update, I will get yet another false positive.

 

Here is a suggestion for the developers:

1) Do NOT use the browser version at all in any scripted fingerprinting

2) Use the client IP address if possible

3) Use a "Canvas Fingerprint" instead to detect the GPU/Graphic card functionality and type (as I will NOT be changing it any time soon!) See below:

 

https://fingerprint.com/blog/canvas-fingerprinting/

Security
Web
  • Jay's avatar
    Jay
    Icon for Dropbox Staff rankDropbox Staff
    5 months ago

    Hi td47, thanks for bringing this to our attention.

     

    This can generally happen when using an incognito browser or VPN where your apparent location can change. 

     

    We appreciate your feedback and we take all comments into consideration when improving the Dropbox site and services.

     

    If you have any further queries, feel free to message back.

    • td47's avatar
      td47
      Helpful | Level 6
      5 months ago

      Hello, thanks for that feedback. I do NOT use Incognito mode, OR a VPN. The false positive for device change fingerprinting issue ALWAYS coincides with a Browser update, as I get other notifications from other sites, such as LinkedIn, Paypal and several others. Hopefully this "false fingerprint" issue will improve over time, if enough complaints are received, hence this post. Currently, using the Browser version as one of the data-points for Fingerprinting uniqueness is not safe, and not very logical.

      • Rich's avatar
        Rich
        Icon for Super User II rankSuper User II
        5 months ago
        td47 wrote:

        Currently, using the Browser version as one of the data-points for Fingerprinting uniqueness is not safe, and not very logical.

        They're likely not using the browser version. I update Firefox regularly and Dropbox never detects it as a new device. They simply use a cookie during the sign in process. If you check the Remember Me box when signing in, your device (i.e. your browser) will be remembered. If you don't use that option, it's seen as a new sign in attempt each time and you'll be notified.

         

        It's also worth pointing out that it's not the actual device that they're remembering or recognizing; it's the browser. Sign in with Firefox and have it remember you, then sign in with a different browser. It will be seen as a different sign in attempt and you'll still be notified.

About Security and Permissions

Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.

Need more support

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!