Google Drive link sharing is still a privacy disaster People who are accessing it for the first time will need to make an access request, which requires the approval of the file owner.īasically, this means that if you had applied link-sharing to some old files in your Google Drive and forgot about them, the security update will prevent malicious actors from guessing their URLs and accessing them without you noticing it. It will add an extra parameter to the shared document URL called “resourcekey.” People who had previously accessed the file will still be able to access it with the old link (without the resourcekey parameter). Google Drive’s new security update applies to these files. However, if you have shared files from around early 2017, their URLs are still in the old format. Note that if the same file is shared through the “restricted sharing” feature, then the attacker will only know of its existence but won’t be able to access its contents.Ī few years ago, Google updated its address-generation scheme to make it more difficult to guess document URLs. In such cases, if an attacker discovers the URL of a Google Drive file that happens to be made public through link-sharing, they will be able to access its contents. But several experiments have shown that, in fact, many popular cloud storage services were previously vulnerable to URL-guessing attacks. So, a malicious actor should not be able to stumble on a document by randomly generating a Google Docs address. Google and other cloud storage services (Microsoft, Dropbox, etc.) generate unique URLs for each document you create.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
June 2023
Categories |