Major privacy issue
David F
via web
There is a major privacy issue with the short urls. The first file I uploaded had a url something like cl.ly/AU. So out of curiosity, i tried /Aa, Ab, Ac....A1, A2, etc etc. And more than half of them were other people's files, which I could see and download. The short URLs are much too short without some kind of password protection, to provide any security at all or to prevent them from being, for all intents and purposes, publicly available. Is this known and intended? Seems to me to make the utility of the service almost nil.
Comments are currently closed for this discussion. You can start a new one.
2 Posted by Brad Sparks on 09 Apr, 2010 01:49 AM
This is how it works with URL shorteners. the http://cl.ly/ addresses are no different than if I uploaded a file to my website and linked to it with a http://to./ URL. People can find it regardless. Password protecting it would almost make it a real big hassle :/
3 Posted by Raj Shah on 09 Apr, 2010 03:40 AM
This is a known issue. I hope the team decides to randomize it later on.
4 Posted by Raj Shah on 09 Apr, 2010 03:41 AM
Password protection is coming too. Or so they say..
5 Posted by larry on 09 Apr, 2010 12:04 PM
The main use case for a cl.ly URL is sharing on Twitter. In that case, we want URLs to be as short as possible. It's trivial for someone to either guess short URLs or to build a script that would crawl them. We're not even going to pretend that a 3 character unique string at the end of a URL is in any way secure. If you're sharing files you don't want the internet to see, that's what we're working towards with private uploads--a truly secure way to share files.
larry resolved this discussion on 09 Apr, 2010 12:04 PM.
Support Staff 6 Posted by Maximilian Schoening on 11 May, 2010 08:55 PM
We included this update: http://cl.ly/1418