A little over a year ago, I wrote a post with some ideas for sharing files more securely using Dropbox, and I’m glad I did because it lead to a much better and more useful post on the same topic by Merlin.

The approach in Merlin’s post has worked well for me, but recently I made some changes.

Less public

Even with the “handful of paranoid additions involving chaos and automation” in Merlin’s post, I was never completely comfortable using the Public folder.

Links to files in the Public folder look like this:

http://dl.dropbox.com/u/123456/file.txt

Each Dropbox user has their own unique numeric Public folder ID (like 123456). And so the path to my Public folder was necessarily advertised each and every time I shared it.

I have no idea if it would actually be possible to “crawl” a Dropbox Public folder, but it seems conceivable. At any rate, the image of an ill-intentioned teenager sitting in an Eastern European basement writing a shell script to ping known Public folders 24 hours a day never sat well with me.

Now that Dropbox lets me create a link to any file in any folder, I’ve abandoned the default Public folder entirely. I now use a custom public folder, which resides in a Dropbox folder containing all of my other shared folders.

Dropbox’s new link-to-any-file-anywhere option just feels more secure (to me). The new syntax looks like this:

https://www.dropbox.com/s/zahx2ghztxt5mtn/file.txt

That zahx2ghztxt5mtn bit is random and is different for each and every link you create. There is nothing specific to your account in the URL.

Better Hazel rules

I had been using Hazel to automatically delete files from my Public folder X days after I put them there, where X was constantly changing because I never could settle on the right amount of time.

It was always frustrating when Hazel would (based on my instructions) remove files before the intended recipient had a chance to download them—especially for non-sensitive files like photos or videos that I share with friends and family.

I'm totally fine with a video of my 13-month-old son slam-dunking a toy basketball goal staying in my public folder for months, but I might want a W-9 form to be publicly available for just a few days.

I finally got smart and thought to vary the lifespan of files by having multiple Hazel rules based on different durations. I now add a time indicator to the end of file names. Some examples:

  • _1d for 1 day
  • _3d for 3 days
  • _1w for 1 week
  • _6m for 6 months

If, for example, Hazel sees a file called file_3d.txt, and it’s more than 3 days old, Hazel deletes it.

This allows me to quickly and easily set the duration of a file’s availability after I’ve copied it to my custom public folder.

I still wouldn’t call this system perfect, but it’s better. Definitely better than email.