
Security PSA: “Hidden” Content Is Readable in Shared, Readonly Google Sheets - tectonic
https://blog.andrewcantino.com/blog/2019/01/27/why-security-expectations-matter-google-sheets-hidden-content/
======
craftyguy
Um, isn't this how other spreadsheet applications work, by visually hiding --
_but not securing_ \-- 'hidden columns/sheets'?

~~~
hjk05
Read the post, it covers this.

~~~
craftyguy
I did read the post, and it construes the ability to hide things with
'security'. This is the first time I've heard this expectation that hiding ==
security, and I say this as a former project manager for ~4 yrs where I and my
colleagues lived in spreadsheets. If you want to secure things, you demand
credentials and/or encryption. Visually 'hiding' things in a document UI does
nothing, it's trivial to parse out the 'hidden' information from the file
itself.

------
rasz
Expected this to be about hiding content in Google Docs.

I know of some pirate streaming sites using Google Spreadsheet(!) to store
encrypted video chunks. JS player pretends to grab data from google docs,
decrypts and throws into decoder - user experience doesnt differ from using
any other html5 video player while pirates get free, fast and unlimited
storage.

~~~
londons_explore
There is a near unlimited number of places on the internet to store small
chunks of data like this.

You could even split them across millions of pastebin pastes.

It's only CORS headers stopping many of them being useful, but a Chrome
extension or pirate app can easily ignore such things.

------
tectonic
If anyone has any questions, please let me know.

