Mittwoch, 24. Februar 2010

Take Care With Dropbox

This blog is about a severe privacy problem concerning dropbox. When I posted it to the dropbox forum, some people responded that they have not been aware of this issue and appreciated my comment. Now, some months later, still nothing has happened and I do think it is time to make it public.

It's all about public file sharing. Imagine you have a bunch of photos. An easy way to share them is to pack them into a common zip file named "photos.zip" and upload them to the public folder. Then you generate a public link and send it to your colleagues. After a couple of days you delete "photos.zip" since you don't want to have it public anymore.
Now, one year later, you want to share photos again. Again, you put the files to a zip file called "photos.zip" and share the public link - this time with your family.

Now, did you know, that dropbox uses the same public link as before? That means, even though one year passed, and even though the file has a totally different content - the link is the same! That means, that your colleagues could watch your family photos if they wanted to. Of course, this is just an example... much worse things can happen!

Now, there are a bunch of guys who might say: don't put things into the public folder unless you want to make them public to everybody!

I agree that this is what you should do from now on, since you know about the issue. But, this also greatly reduces the use of public files in dropbox! I do want to be able to share things semi-publicly, that is, with a group of people - but not with everyone. I almost never want to share things with everyone.

To conclude: dropbox should allow us to manage our public links. It should give us the possibility to "unshare" a file. It should never ever reuse a public link for new files.