[toastador]

Hey guys,

I helped build this feature and just wanted to say we're as concerned about privacy and security as you are. A couple specifics that might help:

* No feature is for everyone -- this is opt-in in the strictest sense. (And, since you pick the files/directories, as fine-grained as you want.)

* You can disable a link anytime: from the the sharing tab (https://www.dropbox.com/share), click "Linked Items" to see all your links and disable anything.

* 3 means of sharing (shared folders, a public dir, and sharing links) gives you more control over privacy, not less.

* Similar to etherpad links, the shortened db.tt links are public but unfeasible to guess. We've heard a few concerns about the 6-digit hashes -- well, as more links are shared, don't assume the hash will stay at 6 digits :) can't get into details but we do a few more things to make link fishing near-impossible.

[dpcan]

The problem is how close my data is to being a web page now.

I feel like all that private data is one click away from being public. Anyone passing by my computer can right click and change a folder to a web page, when they get back to their PC, download everything.

At least before there was somewhat of a barrier, though narrow, it was there.

Do the "linked" files at least get a new bold icon with a globe on it or something so I know it's public. Do I get an email when a folder is made public? Something? What if a malicious script is run on my computer that just makes everything public in my Dropbox folder?

[saturdayplace]

Anyone passing by your computer already can get to your files.

[MikeCapone]

> Similar to etherpad links, the shortened db.tt links are public but unfeasible to guess

I imagine people will be searching Google for them, and later creating programs that just go through all the possibilities (if the hash isn't long enough), download whatever they can find, and then later go through whatever they got to see if there's anything of value.