[ses1984]

Isn’t that basically a form of authentication?

I’m not sure if short lived temporary private links fit the model of private links as described above.

If that counts as a private link, what if I’m using a conventional session based app, I go into dev tools and “copy as curl”, does that qualify as a private link?

[anonymousDan]

Yes it is. My point was more that it's a relatively lightweight way to create a shareable link that does not require the consumers to create a new account on the service hosting the linked resource in order to access it. At the same time, merely having access to the link doesn't really gain you anything, and so it is immune to the kind of issues discussed in the article