I don't see this happening - each file on Dropbox must have an ACL of sorts, otherwise I could access any private file simply by knowing its URL. A takedown of a public file could therefore only apply to specific users by modifying the ACL.
It's not dropbox I'm worried about, so much as the fact that a system that has the ability to make public any file at the owners direction, could be potentially exploited to make public any file without the owners direction.
Are non-public files now accessible to third parties who have the correct url? Is there code that maps encoded url's to every file in my dropbox? If so, this is a security vulnerability that is not present currently.
On my public folders that are visible to everyone there's a button labeled "Add to my Dropbox." If someone were to click this button would they get read-only access to that folder?
Yeah unfortunately that is correct. As a quick hack I couldn't really be bothered to code up a deauth callback (in-fact I'm not even sure of Dropbox has this).
If you email me at the Contact address I'd be happy to manually remove any files you want removed!
I'm pretty sure they did it wrong then. You can share a link to any file inside of your dropbox, and anyone can download it regardless of whether they have an account.
It's a public link... I'm not sure how you want to go about fixing this. If you share with other dropbox users it forces them to have accounts and give you access control.
What you created was a public link. Not sure what you're wanting them to do. At least you can't access other files in the PrivateFiles folder by simply modifying the end of the URL. Now that, I might actually consider a "leak".
I can understand dropbox not allowing you to publicly share files on a case by case basis, or else I could simply put illegal content in my public folder and send out the link.
I understand it a little less if you are say sharing folders between friends.
And I wouldn't like it at all if they deleted something from my dropbox, but it seems we aren't there yet.
The point is that it would break features for many users in exchange for security theater.
Limiting the access of Dropbox is all well and great except that it breaks sharing, which many people use, in exchange you simply move the files to another folder on the same Dropbox which effectively does nothing.
Slightly off topic, but Who stores senstive files unencrypted in Dropbox anyways?
Yes, of course. From your previous messages it was looking like you were assuming that private files were "safe", that's why I wanted to add the detail.
I agree as well on the need for an encrypted solution. I'm surprised that Dropbox hasn't been proposing this already. Well, unless they intend to have access to the contents, themselves..
I appreciate the nice-guy approach here, but there remains two problems with it: relying on the goodwill of internet strangers not to abuse the service and exposing Dropbox to false DMCA takedown liability. "Under penalty of perjury," I think the clause goes. That auto-takedown workflow might need a little revision, but I'm sure you already realize this.
15. How public are Public links? How Private are my other files?
* Any file in your Public folder is accessible to anyone who can guess your public file link and the path to the file. No one can browse the directory, though.
* Any file in your Dropbox outside of the Public folder is by default only accessible via computers linked to your account or to you via the web interface.
* If you give out a shareable link to a portion of your Photo Gallery (from here), people who know the link will be able to browse any photos in the album you linked from and any sub-album.
reply