the decisions on which basis the user opted out from auth was that they believed the links where obscure/private enough to be "non discoverable" (enough)
for example let's say your link is `example.invalid/documents/samcea45pwmcwwn325ewaruvon4pepwrm8euwawuvuer8u` and there is no non-authenticated index/listing available
under normal circumstances you could argue that this long id is comparable to a "simple" shared password i.e. knowing is a very weak form of authentication, except it doesn't have the same degree of protection wrt. storage, logs etc. But good enough for non-public non-secret data.
that is until you browsers without you knowing it or explicitly agreeing to it starts creating that index which shouldn't exist _and_ pushes it to a search machine...
(or a you have a virus infection which installs a link scrapper , now that I think about it edge pretty much acts like a virus in this case, lol)
Similar such links are all the time used for account setup or password reset, too.
There is nothing wrong with them, and intentional mall ware would likely be able to scrap whatever you additionally add to secure a shared link without password.
There is _a lot_ wrong with what edge is doing.
If edge would be hardware it would need to be destroyed in some countries because it counts as unauthorized spying device (but that law was never updated to the digital age).
the decisions on which basis the user opted out from auth was that they believed the links where obscure/private enough to be "non discoverable" (enough)
for example let's say your link is `example.invalid/documents/samcea45pwmcwwn325ewaruvon4pepwrm8euwawuvuer8u` and there is no non-authenticated index/listing available
under normal circumstances you could argue that this long id is comparable to a "simple" shared password i.e. knowing is a very weak form of authentication, except it doesn't have the same degree of protection wrt. storage, logs etc. But good enough for non-public non-secret data.
that is until you browsers without you knowing it or explicitly agreeing to it starts creating that index which shouldn't exist _and_ pushes it to a search machine...
(or a you have a virus infection which installs a link scrapper , now that I think about it edge pretty much acts like a virus in this case, lol)
EDIT: A example for a well known user of such links: Google. E.g. drive shear links: https://drive.google.com/drive/folders/some-ver-long-id?usp=...
Similar such links are all the time used for account setup or password reset, too.
There is nothing wrong with them, and intentional mall ware would likely be able to scrap whatever you additionally add to secure a shared link without password.
There is _a lot_ wrong with what edge is doing.
If edge would be hardware it would need to be destroyed in some countries because it counts as unauthorized spying device (but that law was never updated to the digital age).