Helping people with computers... one answer at a time.

Dropbox recently announced that you could send a web-accessible public link to anything anywhere in your Dropbox. I'll look at the security implications.

Dropbox recently announced that you can now share files and folders already in your Dropbox with a public link.

Previously, you could only share those files and folders you had explicitly placed in a specific public folder within your Dropbox. Now, you can link to any file anywhere in your Dropbox.

Anywhere?

Anywhere. And I'll admit that made me nervous.

Until a friend pointed me at something that Dropbox failed to mention in their announcement.

Links don't exist until you create them

The concept that everything in my Dropbox might have a publicly accessible link was more than a little disconcerting. Even though the links are clearly very obscure - as we'll see momentarily - that would still amount to "security by obscurity" which amounts to simply hiding things in the hope that no one would find it.

Fortunately, that's apparently not what's happening here.

It appears that the process of getting a link to an item that you want to share actually creates the link - meaning that the link simply doesn't exist until you do that.

In other words, the only things that are publicly accessible are those things in your Dropbox for which you explicitly create a link.

And even then, you can later invalidate the link.

Creating a link

Browsing your Dropbox contents on the Dropbox website, you can now right-click an item and click the new "Get link" menu item:

Get link option in Dropbox

Click that and you'll actually be taken to a link for the item:

Dropbox link for an item

The link can then be copied from your browser's address bar.

In the example above, the link is to:

https://www.dropbox.com/s/mrk13zricufcb0b/2012-04-08%2008.19.49.jpg

You'll note that the generated link is very obscure - there's no easy way to guess the link. It also uses https, which I appreciate.

In most of the Dropbox applications on PCs, Macs, and mobile devices, a similar Get link option has been added so you don't even need to go to the website. In Windows, for example, just right-click the item and click the Dropbox sub-menu.

(Note: As I was testing this, the Get link option was not available for items in my Photos folder. However, if I viewed the image on the website, then a Get link item was available at the bottom of the page.)

But it gets better.

Removing a link

You can remove the links that you've created. (Big thanks to my friend Steve over at Mac Help For Mom for pointing this out.)

If you view your Dropbox on the web, you'll see a link labeled Links:

Dropbox Links link

Click that and you'll get a list of all of the links that you've created:

Dropbox list of links created

Note the Remove link.

Each link can be individually removed.

Dropbox remove link warning

Once you remove a link, the item is no longer accessible.

In my opinion, a perfect addition to the sharing solution.

Use common sense

As with all online services, uses common sense when sharing - or even choosing what it is you want to place into your Dropbox.

For example, don't share a folder (yes, you can share an entire folder) that contains a bunch of private things in addition to the one picture that you're actually interested in sharing.

Realize that, should your Dropbox account be compromised, the person with access will be able to access everything in it.

But when used sensibly, Dropbox remains a great way to share files and folders between computers, and now even share files and folders with anyone who has internet access.

References:

Share your stuff with a link! - Dropbox Blog, April 23, 2012.

Article C5243 - April 23, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

1 Comment
Bruce Trainor
April 24, 2012 11:36 AM

I've just started with Dropbox, thanks to info I read here. I have a good feeling about this company and if I was a gambler and the company was a public one, would investigate buying shares.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.