Is this an actual risk? you would need to guess a link. Serious question

thaumasiotes · on July 13, 2019

This is actually a pretty common type of report to public bug bounty programs. ("Anyone can see your private data if they can guess the GUID in the URL".)

Barring something extraordinary, it would be acknowledged as intentional behavior and classified wontfix. For most purposes, no, this is not an actual risk.

jeffk_teh_haxor · on July 14, 2019

The Earth will be swallowed by the sun before you guess that GUID.

thaumasiotes · on July 14, 2019

Ah, but if you network a bunch of cloud computing resources to guess in parallel...

Sorry, bad bug bounty memories. ;)

jeffk_teh_haxor · on July 15, 2019

What if, like, you had a quantum computer that could guess every password simultaneously? Checkmate, nerd. Give me my bounty.

rahuldottech · on July 13, 2019

Read the article?

> How could the ‘secret’ link end up in the wrong hands? Some possibilities:

    1. An email thread / document with a link to the photo or album is forwarded or shared with the wrong person, or accidentally posted somewhere public.
    2. The recipient naturally thinks the link is only works for them (as would be the case for Drive) and doesn’t take care to prevent it becoming public.
    3. Links sent by emails are semi-public because they move across the internet unencrypted and are simple to intercept. It’s only OK to link to sensitive things by email if the recipient needs to be logged in to actually view them.
    4. A database of these links is one day leaked or hacked, or people figure out a pattern in how the ‘secret’ URLs are generated.
    5. Someone’s emails or other documents are hacked or leaked, with the link in them.