Question Sharing files with Drive and not getting in trouble

Currently reading
Question Sharing files with Drive and not getting in trouble

11
3
NAS
DS218+
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
Hi everybody! I've got a Synology Drive question. Synology Drive doesn't appear to completely obfuscate filenames ... so if you share an MP3 file or something like that, the filename might be visible in the link. So when you first make the share link directly to a file it looks like this:
https://foobar.synology.me:5556/d/f/539914714332659263

But when you go to open the file, you get this URL:
https://foobar.synology.me:5556/d/f...9262"]&force_download=false&_dc=1584822541078

So, I wonder - if I shared a file like this (using https), would I be at any risk of having that filename exposed to my ISP? I want to be able to share certain files with friends and even access my MP3s and movies while I'm away from home. If I was at a business or at a friend's house, I would hate for the business or my friend's ISP to get a copyright notice because I accessed copyrighted content from their network.
 
Well they wouldn't be able to access that file to verify if its even a copywrited file...

Yeah, I don't know what an ISP's methods would be for flagging a file - is it just a suspicious filename? Filename plus size of the file?

Are filenames even visible to the ISP over https? What's the sequence of events, anyway? The DNS server processes the domain name lookup unencrypted ... and then once an https connection is established, is the request for a specific file done in an encrypted way?
 
So if you wanna access your content from multiple locations why not go with a media server option and use an http client to connect to it and stream?

I currently use Plex just fine - with encryption enabled. I feel safe doing that from anywhere.

However, there are several problems with this: sometimes I would rather just download the file rather than stream it from my DS218+ that doesn't do a very good job transcoding everything.

Also, I work on a variety of editing projects with other collaborators - sometimes I need to just send them different files - like MP3 files or other files. I want to make sure that when I'm doing this that I'm not getting anyone into any trouble.
 
If the URL's GET request portion (the end bit of the URL that's the instruction to retrieve content) doesn't expose the filename then the HTTPS payload will encrypt the data. To be certain that you're not having your HTTPS inspected in transit then you should not use a self-certified certificate as the endpoints cannot be 100% certain that there is not a proxy (man-in-the-middle) that is: handling the request; getting the end server's reply; decrypting it for inspection; and then re-encrypting and sending on.

If the MP3 is not copyright protected, or your copyright material, then it doesn't matter if the shared media is can be identified (from a litigation point of view). If you're sharing copyright material then you are probably breaking the terms that allowed you to get the media ... it's more a moral question until the person you share it with ...........

However, it's an interesting question of what is exposed when sharing. "Is the filename exposed?" is similar to those cleartext metadata vulnerabilities and here's the answer, even with HTTPS:

File Station uses gofile to generate the short link but eventually when downloading the file this gets converted to direct to my NAS and then the filename gets appended to the end of the URL: after downloading the file I view Safari's download list and ctrl-click the file to Copy Address ... this does show the final actual full URL with filename included.​
Likewise, I tested this with Drive with both the File Link and Advanced Protection Link ... after doing Copy Address on the downloaded file from Safari's list I see that both these methods embed the filename part way through the URL.​

It's clear that shared files should have names that you are happy to be visible to any and all on the Internet. Otherwise, change to benign names before sharing or zip a folder that has a benign name. Alternatively use a shared folder in public cloud that hosts an encrypted vault, such as using Cryptomator.

Or, within Audio Station you can permit, by user, the ability to publicly share tracks for streaming in a browser. You can also files from within Audio Station. Both these available from the Action button.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Hello . Suppose 2 Users A and B (belong the same group users) , Suppose a folder belonging to A in " My...
Replies
0
Views
883
I'm having trouble with email notifications for shared files in Drive. Testing setup (DSM7, latest...
Replies
0
Views
1,685
Using Drive Client 3.4.0 on Win 10. By default, it seems like the client is copying my entire home profile...
Replies
0
Views
527
Not too long ago, I was a beginner too. 1st, I will tell you that it is possible to copy or move files...
Replies
2
Views
1,210
There could be many reasons why this happens. Some issue with the package is usually the cause as the...
Replies
8
Views
3,104
Like the above person commented this is also partly on me for not testing this workflow out before using...
Replies
10
Views
2,203
Synology did not mentioned anything like that. It's correct. Some macOS Application create hidden folders...
Replies
11
Views
7,688

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top