Skip to Main Content

Box Keeps Shared Links Private

Box has changed how its “open-to-the-public” links are indexed and discoverable.

Box has changed how its “open-to-the-public” links are indexed and discoverable after the online security blog Threatpost wrote about a security researcher's findings. The researcher pointed out that if a user publishes an "open" link on a public web page (e.g., a website or blog), search engines like Google can index those Box URLs, potentially making a collaboration page discoverable to a wider audience than the user may have intended.

According to the Box Security Team, this was never the intent of this feature, and Box has since taken the following precautions to make this feature more secure:

  • Collaboration links are no longer indexed. Box contacted Google and the other major search engines to have them remove any public collaboration invitation links from their index. Box also proactively disabled those public links that had already been indexed. (Note: If one of your links was disabled in this process, you can simply go the the folder settings and re-set it to "open" and it will be back to normal.)
  • Box made a change to the collaboration invite pages to ensure that they will not be indexed by Google search engines in the future.
  • Box changed the default settings on folders to require folder owners to turn on the collaboration invitation feature to ensure collaboration links aren't generated inadvertently. 

Please keep in mind that links and collaboration invites can be restricted. Also, Box links can be password protected or assigned expiration dates.

For more information, please see Box’s FAQs on managing shared links and permissions in the Box Community.