Monday March 27, 2017

People Inadvertently Sharing Sensitive Files via Microsoft's Docs.com

Here's one from the RTFM file. Apparently it was, until Microsoft disabled the site-wide search function, possible to find social security numbers, health insurance ID numbers, bank records, job applications, etc. all publicly shared on Docs.com. A very large number of users apparently did not realize that by default documents stored on Docs.com are publicly shared, and that an extra step is necessary to mark documents as private.

Even though it is my strong personal opinion that proper design philosophy should always be that, no matter the intended use of the system, the default setting is to keep everything private, and sharing should always require an extra step, I still find it difficult to entirely blame Microsoft for this one. I'm not personally familiar with Docs.com, but before you use any system it would behoove you to figure out what it actually does.

News Image

The tagline for Docs.com is "Share your work with the world." It’s a way to put Office documents on the web without hosting them on your own website. As such, files are set to public by default, though you can adjust each document’s privacy settings. The majority of online document and productivity servicesآ—including Microsoft’s Office Online and Google Docsآ—default to keeping files private by default, requiring you to explicitly authorize documents you want to make public.

Discussion