

Ask HN: What's With The Dropbox Link Fiasco? - joelrunyon

Is anyone else affected by this?<p>https:&#x2F;&#x2F;blog.dropbox.com&#x2F;2014&#x2F;05&#x2F;web-vulnerability-affecting-shared-links&#x2F;<p>They simply disabled all sharing of all links with no notice whatsoever - no emails - no nothing. I found out via customers emailing me telling me I have broken links everywhere.<p>This is a major issue that seems to be handled in a very cavalier fashion. Ridiculous.
======
veidr
Absolutely. It was a sudden, rash, and frankly insane response to a long-
standing and well-known issue with shared links. (All simple 'secret-URL'
implementations of shared links have the exact same problem).

As a Dropbox for Business customer, the lack of notification was completely
unacceptable. A service that costs us thousands of dollars a year cannot do
this to us -- we are re-evaluating our (my, sigh) decision to go with Dropbox.

They get partial credit for quickly offering more options -- they responded to
my infuriated email ("Subject: Are you insane? Turn my links back on!") on the
day of the clusterfuck within 16 hours with an offer to re-enable all of our
links.

But still, the damage (to their reputation, in my company's eyes) had been
done.

If I was on a free 2GB personal account, I would be like 'urrrgh, but
whatever', but on a $3600/year 'business' account, you can't just unilaterally
do shit like that with no opt-out or workaround available.

------
SuperDuperTango
Consider how this would have played out if they didn't shut down the links and
then someone hacked an "important" document? It would have been way worse
overall.

Not notifying the customers was not a good move however.

~~~
snsr
I believe some important documents were accessed via this loophole -

[http://grahamcluley.com/2014/05/dropbox-vulnerability-
privac...](http://grahamcluley.com/2014/05/dropbox-vulnerability-privacy/)

------
allthatglitters
I wonder if this had anything to do with it? Interesting application that
would carry a few links...

[http://www.droptalk.us/](http://www.droptalk.us/)

~~~
joelrunyon
What does this have to do with it at all?

