Anyone who has the link can access the file. There is no authentication. It's only as "secret" as the email you put it in, or the Zoom chat room it was dropped into, or the web page it is published in.
The shared links do not contain a secret at all. The base64-encoded part of the link is the file object's UUID! Look at it as you copy a shared link, vs. seeing it in the URL bar. It doesn't change as you edit the file, move it to another folder, or share it out. It won't go away until you've deleted the file! If you notice that someone has a link and they shouldn't have it, then you'll just have to copy-paste the content into a new document, and throw the compromised one in the Trash. Goodbye, revision history and all metadata.
Common use cases involve sharing to groups of people, you know, more than one person who might keep a "secret"? What if you've shared a link to 30 people, how do you ensure that 31 can't open it?
"Three men can keep a secret, if two of them are dead."
As opposed to passwords, which people know are secret[citation needed], links are shared. I mean, Google Drive literally calls it "Sharing", so who will stop sharing after the intended recipients have got it?
I think this is my biggest issue with the enterprise file sharing solutions; it's way too hard to manage access to files and to do simple sharing. like at face value it seems easy if you just want to drop a file to a friend or coworker, but it gets much more difficult when you want to actually enforce any controls on it.
Sharepoint and Google drive really feel like they have gone out of their way to make the permissions scheme as convoluted as possible, and it's never clear for me whether I've shared it in a way that permissions can propagate from those I shared it with or not. sometimes I can further share a received Sharepoint document without issue, other times I cannot, and I don't know what the difference is. some of my shared docs that are only shared with specific users can be shared freely apparently, other times when it gets shared further I get automated emails with access requests, even though the public access list is disabled/empty on both cases.
I really wish that the user:group:world wide model was the basis for these permission schemes and it was easier to just set people/groups and the specific actions they can take on a shared file/document. I get why the companies call it sharing, but it shouldn't be thought of as sharing, it should be Grant Access. I think it gives a better mindset for what you're actually doing, and the design should be around the idea you're giving access, not sharing, which is not the same thing to me.
At the risk of not fully slaking your thirst for orthogonality, I discovered just now that Google Drive does indeed have user:group:world access control. You can share to specific users with Google accounts. You can also share with a group: https://support.google.com/a/users/answer/13004062?ref_topic...
I was rather shocked to learn that the mechanism for creating groups, in the sense of access control, is the Google Groups product, also known as collaborative forums, or one of Usenet's modern homes. And this feature works for individual users as well as Workspaces for Business. I just created a Google Group consisting of my three personal accounts, and I shared a Doc with them!
The three levels of sharing persmissions on Drive are: "View", "Commenter", and "Editor". The second level also permits "editing suggestions" which will prompt the Doc owner to accept or reject. These also have semantics for folders.
And then, there is a little options-gear where you can twiddle additional permissions for certain levels of access. In my personal account, they're permissive by default. Meh.
Anyone who has the link can access the file. There is no authentication. It's only as "secret" as the email you put it in, or the Zoom chat room it was dropped into, or the web page it is published in.
The shared links do not contain a secret at all. The base64-encoded part of the link is the file object's UUID! Look at it as you copy a shared link, vs. seeing it in the URL bar. It doesn't change as you edit the file, move it to another folder, or share it out. It won't go away until you've deleted the file! If you notice that someone has a link and they shouldn't have it, then you'll just have to copy-paste the content into a new document, and throw the compromised one in the Trash. Goodbye, revision history and all metadata.
Common use cases involve sharing to groups of people, you know, more than one person who might keep a "secret"? What if you've shared a link to 30 people, how do you ensure that 31 can't open it?
"Three men can keep a secret, if two of them are dead."
As opposed to passwords, which people know are secret[citation needed], links are shared. I mean, Google Drive literally calls it "Sharing", so who will stop sharing after the intended recipients have got it?