{"id":316007,"date":"2021-08-05T11:00:31","date_gmt":"2021-08-05T08:00:31","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/heres-what-google-drives-security-update-means-for-you\/"},"modified":"2021-08-05T11:00:31","modified_gmt":"2021-08-05T08:00:31","slug":"heres-what-google-drives-security-update-means-for-you","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/heres-what-google-drives-security-update-means-for-you\/","title":{"rendered":"#Here\u2019s what Google Drive\u2019s security update means for you"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a262a65b8f82\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a262a65b8f82\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/heres-what-google-drives-security-update-means-for-you\/#Link_sharing_on_Google_Drive\" >Link sharing on Google Drive<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/heres-what-google-drives-security-update-means-for-you\/#The_new_Google_Drive_security_update\" >The new Google Drive security update<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/heres-what-google-drives-security-update-means-for-you\/#Google_Drive_link_sharing_is_still_a_privacy_disaster\" >Google Drive link sharing is still a privacy disaster<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/heres-what-google-drives-security-update-means-for-you\/#More_work_to_be_done\" >More work to be done<\/a><\/li><\/ul><\/nav><\/div>\n<p>&#8220;<strong>#Here\u2019s what Google Drive\u2019s security update means for you<\/strong>&#8221;<\/p>\n<div>If you\u2019re using Google Drive, you probably received an email earlier this week about a new security update to the file storage and sharing platform. According to the email, \u201cDrive will <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ly a security update to make file sharing more secure.\u201d<\/p>\n<p>True to the promise, the change is a security upgrade for some of the Google Drive files you might have shared in the past. It will make it harder for malicious actors to find shared files that you didn\u2019t want to expose to the public.<\/p>\n<p><iframe loading=\"lazy\" src=\"https:\/\/fast.wistia.net\/embed\/iframe\/xo23fcyip6?videoFoam=true&amp;autoPlay=true\" title=\"Whats it like to be a startup founder in Barcelona? Video\" allowtransparency=\"true\" frameborder=\"0\" scrolling=\"no\" class=\"wistia_embed\" name=\"wistia_embed\" allowfullscreen=\"\" msallowfullscreen=\"\" width=\"100%\" height=\"100%\"><\/iframe><\/p>\n<p>But it doesn\u2019t change anything about the fundamental security flaws of Google Drive\u2019s link sharing feature.<\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-1362813 js-lazy\" alt=\"Google drive\" width=\"590\" height=\"355\" sizes=\"auto, (max-width: 590px) 100vw, 590px\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS1.jpeg\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS1.jpeg 696w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS1-280x169.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS1-448x270.jpeg 448w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS1-224x135.jpeg 224w\"\/><noscript><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-1362813\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS1.jpeg\" alt=\"Google drive\" width=\"590\" height=\"355\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS1.jpeg 696w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS1-280x169.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS1-448x270.jpeg 448w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS1-224x135.jpeg 224w\"\/><\/noscript><\/figure>\n<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Link_sharing_on_Google_Drive\"><\/span>Link sharing on Google Drive<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>There are basically two ways to share files on Google Drive. The first is \u201crestricted sharing.\u201d In this mode, you must provide the email of colleagues and coworkers who should have access to the file. If they have logged into their Google Account, they will be able to access the file by browsing to its URL. Thankfully, in recent years, this feature is being displayed <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/bdtechtalks.com\/2020\/05\/27\/google-drive-sharing-privacy\/\">more prominently<\/a> on the Google Drive sharing dialog.<\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-1362814 js-lazy\" alt=\"Google Drive\" width=\"518\" height=\"311\" sizes=\"auto, (max-width: 518px) 100vw, 518px\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS2.jpeg\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS2.jpeg 696w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS2-280x168.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS2-450x270.jpeg 450w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS2-225x135.jpeg 225w\"\/><noscript><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-1362814\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS2.jpeg\" alt=\"Google Drive\" width=\"518\" height=\"311\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS2.jpeg 696w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS2-280x168.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS2-450x270.jpeg 450w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS2-225x135.jpeg 225w\"\/><\/noscript><\/figure>\n<p>The second sharing mode, known as \u201clink sharing,\u201d provides access to anyone who has a link to the file. The advantage of link sharing, which makes it the go-to sharing mode for many people, is that it spares you from the pain of manually entering the email address of every single one of your colleagues. Just enable the link-sharing feature, copy-paste the link in your Slack channel, Trello, or other collaboration tools you\u2019re using at your organization, and all your colleagues will be able to access it instantly.<\/p>\n<p>But so can anyone else who has the link.<\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-1362815 js-lazy\" alt=\"Google Drive\" width=\"541\" height=\"308\" sizes=\"auto, (max-width: 541px) 100vw, 541px\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS3.jpeg\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS3.jpeg 696w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS3-280x159.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS3-475x270.jpeg 475w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS3-237x135.jpeg 237w\"\/><noscript><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-1362815\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS3.jpeg\" alt=\"Google Drive\" width=\"541\" height=\"308\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS3.jpeg 696w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS3-280x159.jpeg 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS3-475x270.jpeg 475w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDS3-237x135.jpeg 237w\"\/><\/noscript><\/figure>\n<\/p>\n<h2><span class=\"ez-toc-section\" id=\"The_new_Google_Drive_security_update\"><\/span>The new Google Drive security update<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Google and other cloud storage services (Microsoft, Dropbox, etc.) generate unique URLs for each document you create. These URLs should be hard to guess. So, a malicious actor should not be able to stumble on a document by randomly generating a Google Docs address. But <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.pcmag.com\/news\/shareable-links-expose-data-in-box-enterprise-accounts\">several<\/a> experiments have shown that, in fact, many popular cloud storage services were previously vulnerable to URL-guessing attacks.<\/p>\n<p>In such cases, if an attacker discovers the URL of a Google Drive file that happens to be made public through link-sharing, they will be able to access its contents. Note that if the same file is shared through the \u201crestricted sharing\u201d feature, then the attacker will only know of its existence but won\u2019t be able to access its contents.<\/p>\n<p>A few years ago, Google updated its address-generation scheme to make it more difficult to guess document URLs. However, if you have shared files from around early 2017, their URLs are still in the old format.<\/p>\n<p>Google Drive\u2019s new security update applies to these files. It will add an extra parameter to the shared document URL called \u201cresourcekey.\u201d People who had previously accessed the file will still be able to access it with the old link (without the resourcekey parameter). People who are accessing it for the first time will need to make an access request, which requires the approval of the file owner.<\/p>\n<p>Basically, this means that if you had applied link-sharing to some old files in your Google Drive and forgot about them, the security update will prevent malicious actors from guessing their URLs and accessing them without you noticing it.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Google_Drive_link_sharing_is_still_a_privacy_disaster\"><\/span>Google Drive link sharing is still a privacy disaster<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Google Drive\u2019s new security update makes brute-force link discovery has become harder. But there are still many other ways link-sharing can turn into a security and privacy disaster.<\/p>\n<p>Google Drive link sharing is a prime example of \u201c<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Security_through_obscurity\">security by obscurity<\/a>,\u201d which means your data is safe only because other people don\u2019t know about it, not because they don\u2019t have access to it. Here are a few examples of how a shared file can be exposed to unwanted users:<\/p>\n<ul>\n<li><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/bdtechtalks.com\/2016\/08\/08\/the-4-insider-threats-to-watch-out-for\/\">Former employees<\/a> who have the document\u2019s link will still be able to access it after they leave your organization.<\/li>\n<li>A negligent employee accidentally tweets the link, emails it to unintended recipients, or backlinks to it in another public document.<\/li>\n<li>The document is discovered <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/bdtechtalks.com\/2018\/04\/02\/google-docs-sharing-privacy-concerns\/\">through URL referrals<\/a>.<\/li>\n<\/ul>\n<p>None of the above (and the many other ways that a shared link can be discovered) require the brute-force discovery of your document\u2019s URL address.<\/p>\n<p>I\u2019m not against Google Drive link sharing. It is not a problem if you\u2019re not handling sensitive data. In fact, many people use the link-sharing feature with Google Docs to make public statements or to publish reports.<\/p>\n<p>The problem is that people often use link sharing to collaborate on confidential documents. In such cases, their data remains safe as long as the link to the shared document is not broadcasted anywhere or leaked to unwanted parties. And there\u2019s no guarantee of it not happening.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"More_work_to_be_done\"><\/span>More work to be done<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>In the past few years, the Google Drive interface has gone through <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/bdtechtalks.com\/2020\/05\/27\/google-drive-sharing-privacy\/\">some improvements<\/a> to reduce the possibility of users accidentally sharing their documents with unwanted parties. But the confusion around link sharing remains.<\/p>\n<p>There should be a clear distinction between sharing and publishing. When you share a document, it should be limited to the intended recipients and inaccessible.<\/p>\n<p>When you publish a document, you\u2019re making it available to everyone, even if you don\u2019t publicize its URL or expose it to search engines.<\/p>\n<p>Unfortunately, the link-sharing feature in Google Drive (and other platforms) is a publication feature disguised as sharing. It\u2019s misleading and insecure, and I wish Google changed its name and separated its user interface from that of the restricted sharing feature.<\/p>\n<p>But while Google is fast busy discussing and implementing my recommendations (hopefully), please don\u2019t use link sharing unless you\u2019re fine with the content of your document becoming public knowledge. (If you want to share a single document with a large group of users without entering every single one of their emails, use <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/bdtechtalks.com\/2020\/05\/18\/google-drive-security-privacy-tips\/\">Google Groups<\/a> instead.)<\/p>\n<p><i><span>This article was originally published by Ben Dickson on\u00a0<\/span><\/i><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/bdtechtalks.com\/\"><i><span>TechTalks<\/span><\/i><\/a><i><span>, a publication that examines trends in <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a>, how they affect the way we live and do business, and the problems they solve. But we also discuss the evil side of technology, the darker implications of new tech, and what we need to look out for. You can read the original article <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/bdtechtalks.com\/2021\/07\/31\/google-drive-security-update-2021\/\">here<\/a>.<\/span><\/i><\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/thenextweb.com\/news\/google-drive-security-september-syndication\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Here\u2019s what Google Drive\u2019s security update means for you&#8221; If you\u2019re using Google Drive, you probably received an email earlier this week about a new security update to the file storage and sharing platform. According to the email, \u201cDrive will apply a security update to make file sharing more secure.\u201d True to the promise, the&#8230;<\/p>\n","protected":false},"author":1,"featured_media":316008,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/img-cdn.tnwcdn.com\/image\/tnw?filter_last=1&fit=1280,640&url=https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/08\/BDhed.jpg&signature=0224755e3a4f9d5bd88fbee5d34ff19a","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-316007","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/316007","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=316007"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/316007\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/316008"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=316007"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=316007"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=316007"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}