I work in a company that frequently has to share sensitive files with clients, and they must be able to download it. Although we use the password and expiration features, any person with a the link and password can see the files, regardless if they have a dropbox account. In the activity, we can see them as external users and location of access. However, that isn't enough to identify who accessed the folder. I believe that sharing links could also come with a feature that demands a dropbox account to exist to view them. This way, we would be able to always determine who is opening the link and prevent security leaks.