[scblock]

When it comes to the internet if something like this is not protected by anything more than a random string in a URL then they aren't really private. Same story with all the internet connected web cams you can find if you go looking. I thought we knew this already. Why doesn't the "Who is responsible" section even mention this?

[AnotherGoodName]

Such links are very useful in an 'it's OK to have security match the use case' type of way. You don't need maximum security for everything. You just want a barrier to widespread sharing in some cases.

As an example i hit 'create link share' on a photo in my photo gallery and send someone the link to that photo. I don't want them to have to enter a password. I want the link to show the photo. It's ok for the link to do this. One of the examples they have here is exactly that and it's fine for that use case. In terms of privacy fears the end user could re-share a screenshot at that point anyway even if there was a login. The security matches the use case. The user now has a link to a photo, they could reshare but i trust they won't intentionally do this.

The big issue here isn't the links imho. It's the security analysis tools scanning all links a user received via email and making them available to other users in that community. That's more re-sharing than i intended when i sent someone a photo.

[nonrandomstring]

> Such links are very useful in an 'it's OK to have security match the use case'

I think you give the most sensible summary. It's about "appropriate and proportional" security for the ease of use trade-off.

> the user now has a link to a photo, they could reshare but i trust they won't intentionally do this.

Time limits are something missing from most applications to create ephemeral links. Ideally you'd want to choose from something like 1 hour, 12 hours, 24 hours, 72 hours... Just resend if they miss the message and it expires.

A good trick is to set a cron job on your VPS to clear /www/tmp/ at midnight every other day.

> The big issue here isn't the links imho. It's the security analysis tools scanning all links a user received via email

You have to consider anything sent to a recipient of Gmail, Microsoft, Apple - any of the commercial providers - to be immediately compromised. If sending between private domains on unencrypted email then it's immediately compromised by your friendly local intelligence agency. If using PGP or am E2E chat app, assume it _will_ be compromised at the end point eventually, so use an ephemeral link.

[marcosdumay]

The situation is greatly improved if you make the link short-lived and if you put the non-public data in a region of the URL that expects non-public data, like in the password, as in "https://anonymous:32_chars_hash@myphotolibrary.example.com/u...".