

Dropbox Forums: New Sharing Model - bigwill
http://forums.dropbox.com/topic.php?id=21441&replies=3

======
dpcan
I don't know why, but I all of a sudden feel like all my private dropbox data
is now vulnerable to some form of hack, bug, exploit, malicious script, etc,
that turns it all into a public web page.

Sharing with just people I know is one thing, but creating a web page of some
of my data is another.

I don't know, it just doesn't feel right.

Dropbox, remember, you're dealing with private files on our personal
computers, and one step too far and you're looking at mass exodus. Learn from
Facebook. Use caution with new features.

~~~
apowell
Yes, I have to add to this sentiment. In my mind, I imagine Dropbox to be just
as secure and private as my own hard drive. It's a bit of a fiction, I know,
but until now nothing caused me to really question it. I use it for important
files -- the sensitive ones that I really don't want to lose.

Maybe it's all perception, but this makes my private files feel dangerously
close to the wide open web.

Dropbox, don't make me feel dumb for using your service for stuff that
matters. If your service is meant for funny cat pictures and not my tax
returns, please tell me now.

~~~
toastador
Hey guys,

I helped build this feature and just wanted to say we're as concerned about
privacy and security as you are. A couple specifics that might help:

* No feature is for everyone -- this is opt-in in the strictest sense. (And, since you pick the files/directories, as fine-grained as you want.)

* You can disable a link anytime: from the the sharing tab (<https://www.dropbox.com/share>), click "Linked Items" to see all your links and disable anything.

* 3 means of sharing (shared folders, a public dir, and sharing links) gives you more control over privacy, not less.

* Similar to etherpad links, the shortened db.tt links are public but unfeasible to guess. We've heard a few concerns about the 6-digit hashes -- well, as more links are shared, don't assume the hash will stay at 6 digits :) can't get into details but we do a few more things to make link fishing near-impossible.

~~~
dpcan
The problem is how close my data is to being a web page now.

I feel like all that private data is one click away from being public. Anyone
passing by my computer can right click and change a folder to a web page, when
they get back to their PC, download everything.

At least before there was somewhat of a barrier, though narrow, it was there.

Do the "linked" files at least get a new bold icon with a globe on it or
something so I know it's public. Do I get an email when a folder is made
public? Something? What if a malicious script is run on my computer that just
makes everything public in my Dropbox folder?

~~~
saturdayplace
Anyone passing by your computer _already_ can get to your files.

------
bryanh
A natural progression. I'm glad they finally went there. I am a happy customer
of their 50 gig offering. I know there are a lot of YC companies out there
(most of which I am not interested in the least, but hey, different market),
but they hit a big market with DropBox.

I'm signing my parents up to coordinate pics, music and videos soon.

------
natrius
Bonus points to the first person to write a FUSE filesystem to mount shared
Dropbox folders so you can easily download the entire contents of a folder.

Or they could just add a "download folder" link, but that sounds boring. It
also looks like they want people to use "Copy to my Dropbox" for that, which
would lead to more signups.

~~~
ivankirigin
There is a link at the top that says "copy to my dropbox"

------
Artifex
Is this a security risk? Could someone, theoretically, enter in a random
string of characters and land on your files?

~~~
stricken
No, you still choose which files and folders to make linkable.

Anything you give a url to you should consider to be public anyway.

~~~
helium
Still a good analysis of using the security by obscurity model for URL's

~~~
bdonlan
What else would you suggest? This is equivalent to randomly generating a
username and password.

------
ptn
That is beyond cool. I bet you can put a git repo in dropbox and clone it
using the shareable link. I'd test if I didn't have a program to deliver in
4h.

~~~
ludwigvan
I don't believe you can do that. I have tried, but it failed. The interface is
primarily for viewing a folder via a web interface I suppose.

------
mgw
I bet with the public launch, they will put bandwidth restrictions in place.
Otherwise this will be misused in no time.

~~~
aero142
Yeah. It's all fun and games until someone shares an image and it goes to the
front page of Reddit.

~~~
blaix
Wouldn't this already be an issue with the Public folder?

~~~
logic
Yes: <https://www.dropbox.com/help/45>

"There are currently no hard limits on public bandwidth usage. We do, however,
have an automated system for detecting and flagging unusual amounts of
bandwidth usage. We will send an email notification whenever an account is
flagged. Once flagged, public links will be temporarily disabled and users who
use the links will see an error page instead of your file."

So, there's no bandwidth limit, but there's a bandwidth limit. :)

~~~
woid
Yes, it happened to me already. They temporarily disabled the public link
after 10GB of traffic or so.

------
Groxx
Important point:

 _Any file or folder in your Dropbox is now linkable!_

But not quite yet, presumably very soon. Apparently appears in the 0.8 beta
clients only, didn't see anything specific about the website (though I don't
see it on my account).

~~~
edanm
Another important point (mentioned in a later comment): unlike public folders,
only things you choose to make linkable can be viewed. The public folder
continues to work the same way.

------
joshwa
This sounds a lot like drop.io or mediafire etc.. file sharing services with a
web interface. Since people were already using the public links to share
individual files it makes a lot of sense to expand it to the folder level.

------
woid
I tried the feature and I like it. The only confusion was about "Copy to my
DropBox" button. It does only one-time snapshot of the shared area. I would
expect to have live access to shared area through my local folder.

------
callmeed
This is pretty awesome. Might replace senduit.com and similar services for me.

------
ryanpetrich
This feature has been available in the iPad client for some time now.

------
codemechanic
Tonido 1-click share does the same thing. Get a shareable link to a file or
folder:

<http://www.youtube.com/watch?v=NtFRqNcGIP4>

------
brown9-2
Dropbox has a music player now?

