We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.
Forum Discussion
Security of Dropbox links
It occurred to me today when I Ducksearched to find a public Dropbox link https://www.dropbox.com/s/br7d9jigsldnvjy/ [1] that Dropbox appears to be practicing Security Through Obscurity. What prevent...
Thank you for pointing me in the right direction, Daphne. I studied more and experimented, and now I understand. I was already aware of the security features available when sharing with individuals and groups. I did not understand in particular how "Copy Dropbox link" in Windows Explorer worked. The Shared > Links tab is what concerns me. People may not understand that when they share either a file or a folder via link, they are relying on Security Through Obscurity. Bad actors can brute force guess these links. It would be nice if Dropbox reassured us that they detect malicious patterns and block requesters. At least that would slow down brute force attacks. I sleep better knowing I can simply delete the link in the web app. If I want to re-share the file or folder I can create a new link.
Therefore, with prudence, share-by-link is a convenient feature. Not a problem if the content is not sensitive. However, if one needs a long-term link to a file or folder that contains sensitive information, it is advisable to share with explicit users or groups instead. If for some reason that is not convenient, one should periodically make a new copy of the shared folder or file and should overwrite the existing content accessible from the shared link with a generic message such as, "The link to this content has expired. Reach out to the person who shared this link with you and ask them for a new link." Otherwise one may not sleep well at night trusting one's content will not be discovered with a brute force attack.
Daphne
Dropbox Staff
Dropbox StaffHey tchambers, thanks for posting!
Additional security can be added to shared links by changing the settings and permissions of the links. You can check out more info about this here.
For example, a password can be added to a shared link and Business teams can restrict access to only team members.
I hope this info helps, let me know if you have any questions!
Thank you for pointing me in the right direction, Daphne. I studied more and experimented, and now I understand. I was already aware of the security features available when sharing with individuals and groups. I did not understand in particular how "Copy Dropbox link" in Windows Explorer worked. The Shared > Links tab is what concerns me. People may not understand that when they share either a file or a folder via link, they are relying on Security Through Obscurity. Bad actors can brute force guess these links. It would be nice if Dropbox reassured us that they detect malicious patterns and block requesters. At least that would slow down brute force attacks. I sleep better knowing I can simply delete the link in the web app. If I want to re-share the file or folder I can create a new link.
Therefore, with prudence, share-by-link is a convenient feature. Not a problem if the content is not sensitive. However, if one needs a long-term link to a file or folder that contains sensitive information, it is advisable to share with explicit users or groups instead. If for some reason that is not convenient, one should periodically make a new copy of the shared folder or file and should overwrite the existing content accessible from the shared link with a generic message such as, "The link to this content has expired. Reach out to the person who shared this link with you and ask them for a new link." Otherwise one may not sleep well at night trusting one's content will not be discovered with a brute force attack.
