cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

View, download, and export

Need support with viewing, downloading, and exporting files and folders from your Dropbox account? Find help from the Dropbox Community.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How secure is Paper?

Labels:

How secure is Paper?

coeio
Helpful | Level 6
‎09-23-2017 09:21 AM
Go to solution

Anyone that has my url can view my notes without any credential....

 

If someone takes a picture of my screen or anotate my url can acesss my notes directly in any computer and all the links that it contains.

 

Is there any way to block my notes to avoid this?

 

thanks

 

Labels:
  • 2 Likes
  • 8 Replies
  • 7,882 Views
1 Accepted Solution

Accepted Solutions

coeio
Helpful | Level 6
‎09-25-2017 05:06 PM
Go to solution

Someone from the drobox support explained me that you need to specify that only people invited to this doc can view the link, on the document sharing properties; this blocks the default behavior of leaving the link accessible by anyone with it.

 

 

This works but is annoying since you need to specify this in all documents that you create.

 

Ideally, the system should have an option to set this as the default behavior to all documents or something in this line.

 

More information visit https://www.dropbox.com/help/paper/sharing-permissions

 

Thanks….

View solution in original post

8 Replies 8

Mark
Super User II
‎09-23-2017 09:24 AM
Go to solution
Anybody with the link cannot view it. Only people authorised to view it can.

Remember though that if you view the link on a device you've Dropbox installed on you are automatically logged in and so it will open - as it knows its you.

To test it put the link through a device without Dropbox installed at all.

 


:penguin::penguin: - :penguin: - :penguin: - :penguin:


Heart Did this post help you? If so please mark it for some Kudos below. 


:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.


:arrows_counterclockwise: Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible! 


 

coeio
Helpful | Level 6
‎09-23-2017 02:37 PM
Go to solution

OK

 

I was able to open a link to my paper inside a virtual machine where I don’t have dropbox installed and was not logged in, but as you have said dropbox  knows that is the same computer...

 

Thanks

 

0 Likes

coeio
Helpful | Level 6
‎09-23-2017 03:30 PM
Go to solution

Hello, could you do a test...

 

Try to open this link:

https://paper.dropbox.com/doc/donotopen-yrBVHQJq2S7jQDx2qBaC9

 

If what you said is truth, you should not be able to open it...

 

But looks like this link is acessible for everyone with it!!!!! I testd using a proxy...

 

 

 

 

0 Likes

Mark
Super User II
‎09-24-2017 05:00 AM
Go to solution

I stand corrected, something has changed and it is saying I can access it BUT I need an account to view the document and you are informed that I am viewing it. 

 

Screenshot at Sep 24 12-59-49.png

 

I'm going to do some digging....

 

 


 


:penguin::penguin: - :penguin: - :penguin: - :penguin:


Heart Did this post help you? If so please mark it for some Kudos below. 


:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.


:arrows_counterclockwise: Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible! 


 

0 Likes

coeio
Helpful | Level 6
‎09-24-2017 10:07 AM
Go to solution

Looks like that the URL comes with an auto-shareable code.

 

This is dangerous, is like having your password in the URL, and there are various forms to get it (taking pictures, filming, looking at it!...).

 

To you dropbox showed a button to open it “Open doc” but I think it showed this button because you have a dropbox account, if you test this link using a proxy or torbrowser where dropbox does not knows you it shows the document directly…

 

If this is a default behavior of dropbox I think it is insecure, mainly because I like to connect my papers with links (+doc1 +doc2), so if someone gets the url from my “index” they could have access to all my linked docs!

 

Thanks

 

0 Likes

coeio
Helpful | Level 6
‎09-25-2017 05:06 PM
Go to solution

Someone from the drobox support explained me that you need to specify that only people invited to this doc can view the link, on the document sharing properties; this blocks the default behavior of leaving the link accessible by anyone with it.

 

 

This works but is annoying since you need to specify this in all documents that you create.

 

Ideally, the system should have an option to set this as the default behavior to all documents or something in this line.

 

More information visit https://www.dropbox.com/help/paper/sharing-permissions

 

Thanks….

genepdx
New member | Level 2
‎09-29-2017 03:31 PM
Go to solution

I just verified that even an "invite only" folder by default will make all docs inside world-readable.

 

Nice to see people finally admit this is the case so frustrating that so many people on these forums just argued with folks with no evidence. Is Dropbox the new Apple? 🙂

 

Back to Google Docs for me...

0 Likes

genepdx
New member | Level 2
‎09-29-2017 03:42 PM
Go to solution

And another correction to Mark's disinformation; "BUT I need an account to view the document and you are informed that I am viewing it. "

 

No you don't need an account. The url pulls up a view-only version of the content for anyone on the internet unless you specify (on a PER DOCUMENT basis after adding) to limit to your team.

 

 

[This thread is now closed. If you have a similar or new question, you can ask here.]

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    genepdx New member | Level 2
  • User avatar
    coeio Helpful | Level 6
  • User avatar
    Mark Super User II
What do Dropbox user levels mean?