Default Permissions to 'only me'
complete
Youcef Es-skouri
cc Ryan See steps above that can make sure generated sharing URLs even safer!
R
Ryan
Youcef Es-skouri: thanks! I will try it out.
Youcef Es-skouri
Merged in a post:
Option to disable link sharing
R
Ryan
Capture is great for getting quick screenshots, but I don't always want a link generated, under some scenarios this can even create a security hole.
Karan Khanna
complete
Hey! Basic, Plus and Pro users are now able to set their preferred global defaults for link permissions (edit or view) and link audience (anyone with link or only people invited/only me) from the new Sharing tab in Account Settings.
If you go to Dropbox on the web, click your avatar in the top right corner, click Settings, you can follow the screenshot below to adjust to 'only me' by default. For any Captures you take, they will now follow this new default. Let me know if this satisfies your request!
Karan Khanna
in progress
Karan Khanna
Thank you for the feedback! Could you provide additional context on why you'd like to have the default changed?
JΞRICHθ ✦Ducky✦ ŦΔSΚΞR
Karan Khanna:
Security.
NIST Special Publication 800-53
A serious security approach should always start with least privileged access.
Karan Khanna
JΞRICHθ ✦Ducky✦ ŦΔSΚΞR: Understood, thanks! We're planning on adding this option in the Dropbox settings page in January. You'll be able to go in, set the default to "no one/only me" and then your Capture links will be automatically set to this.
JΞRICHθ ✦Ducky✦ ŦΔSΚΞR
Karan Khanna: No problem! Thanks for scheduling the feature!
Karan Khanna
under review
Youcef Es-skouri
Ryan Thank you so much for your feedback. Would you mind sharing what you mean by a security hole with the links? Thank you!
R
Ryan
Youcef Es-skouri: if someone manages to get the link and the screenshot has sensitive data. These can exist as public links. so it is not impossible for them to be discovered.
Youcef Es-skouri
Ryan: Got it, I understand. Totally valid concern. Do you feel like people can "guess" those URLs?
R
Ryan
Youcef Es-skouri: The average person no, but someone well versed in cryptography probably could figure out some programatically.
Youcef Es-skouri
Ryan: Understood. Just to reassure you, there are about 30 trillion possible permutations of our links so it's very difficult for someone to guess your links. But I will keep this one here so that other customers can chime in and vote. Thank you!
R
Ryan
Youcef Es-skouri: yeah, I am less concerned about me specifically being targeted and more concerned about any link across all of sharing being discovered.