If you are a veteran user of Dropbox you know that you can make use of the so-called public folder which you can use to share individual files or folders automatically with users who know the address of it. New users do not get the public folder automatically anymore but can still turn it on again to make use of it.
To use it simply open it on the Dropbox website and use the sharing options there, for instance with a right-click on a file you want to share publicly, to do so. Dropbox displays a web address that points to the file on its server. If you analyze the address, you will notice that it contains the account's user ID.
While you can't use it anymore to browse a user's public folder, it may raise concern nevertheless:
- With your user ID known, someone could try and brute force the public folder to find out if specific files are available on it. This is not very likely but the possibility is there.
- More pressing than that is that someone could link multiple shares that you make to your user account. Say you share a public file on your own website, and another on a site like Reddit or 4chan. Someone with knowledge of both, or a search on the Internet for that user ID, could link the two posts which you may not always want.
- Last but not least, it is possible to use a search to find public files on Dropbox using search engines like Google. Just search for "http://dl.dropbox.com/u/" and you will find lots of public files that users shared, even if their intention was not to share them with the "whole" Internet.
So what can you do to prevent this from happening? You can share files that are not in your public folder, but that may not always be practicable as you can only share them with select users this way.
Dropproxy is a new service that makes available an alternative. You can use it to protect one or all files that you store in your public folder. The idea here is to use the service to proxy a file before you start sharing it. For that, visit the Dropproxy website and use the single file or all file form to create the proxy.
A single file proxy returns a proxy address that you can share with the public. I talked briefly to the developer and he mentioned that when someone requests the proxy url, Dropproxy will establish a connection to Dropbox to retrieve and display the file to the user. Files are not saved by the proxy which means that you can delete it at anytime or move it to block anyone from accessing it from that moment on.
You need to consider two additional things before you start using the service. First, the url structure of the proxied files is not using large random strings. You can browse all files proxied easily. While they are all public, it is something that you may want to consider before using the service. Second, you are submitting your user ID to the site to create the proxy.