Owner of the folder should be able to forbid other members from creating links

Nothing. But that would be an intentional act by the other member, and they would have to repeat that act every time the shared folder was updated.  

Dropbox's lax security for shared links creates a lot more unnecessary risk than your devil's advocate scenario.

Any user (including view-only users who purportedly do not have the authority to "add people to this folder") can open up a back door to the folder (and all subsequent updates to that folder) for the world to see. And the Owner would have no idea that this happened. Nor would the Owner be able to shut it down. 

This problem is further compounded by the fact that Dropbox's interface actively encourages users to create links with a single click. If we right click in Finder and accidentally select the wrong option, a shared link is created. Or if we are online and try to click the "More" menu, but accidentally click just a few pixels to the left, the folder is shared with the world.

Worse still, the default is to create a link that is not password-protected.   

Owners should have more control over this.  

Look at Sync.com--they do not have this problem. Owners have more control.

---

@Rich wrote:

---

@DreamboxIsASieve wrote:
Owner of the folder should be able to forbid other members from creating links

---

The feature you're referring to exists, and is available on Dropbox Business accounts.

 

• https://help.dropbox.com/teams-admins/admin/manage-team-sharing

---

Those security options in Dropbox Business accounts do not address what I'm talking about. Those features would allow me to restrict whether or not folders could be shared outside the Team, but that is not my concern.

I need to share view-only folders externally.  My concern is that I don't want the view-only members of a shared folder to be able to open up an unsecured shared link to that folder without my knowledge. 

Sync.com forbids this: Users with view-only access to folders cannot invite others nor create a shared link to the folder.

Dropbox, Dropbox Professional, and Dropbox Business allow anyone invited to the folder--even users with view-only access--to generate an unsecured link to that folder which opens it up for the world to see. That is lax security.

I stand by my original post: 

"The "Manage access" setting below is misleading and offers a false sense of security. It makes little difference that the Owner of the folder can prevent others from adding members to the shared folder, because the Owner has zero control over (or even knowledge of) whether the other members create an unsecured link to the shared folder."

Dropbox should give Owners more control over the creation of shared links to their folders. 

---

@Daphne wrote:
If you don't want people to access a folder through a shared link, when they've not been invited to the shared folder, can you try applying the following setting:

1. Select the shared folder and click "Share".
2. Click the gear icon in the top right of the window.
3. Choose the tab "Link for viewing".
4. For the setting "Who has access", change this to "Only people invited".

If someone creates or copies a shared link created for this folder, they will only be able to access the folder if they've had the folder shared with them via their email address too.

---

That setting would only apply to shared links that the Owner creates. 

The issue is that other members of the folder--including View Only members--can create unsecured shared links from their accounts. And Dropbox does not give the Owner any ability to restrict those members' rights to create shared links, nor any way of knowing when other members have created any shared links. 

I stand by my original post. Dropbox needs to change this.