The Share Link That Bankrupted the Project
A public share link is a key that never stops working. Learn how a single URL can destroy a legal defense and how to govern digital handover.
The Open Door Policy
We mistakenly believe that digital access fades with time. We assume that because a project is finished, the doors to the project room are locked. The physics of The Machine contradict this. In the digital realm, unless a specific command is issued to destroy a key, that key remains pristine, functional, and waiting.
A “Share Link” is nothing more than a key copy. When you email a public link to a contractor, you are not showing them the document. You are cutting a physical key to your front door, handing it to them, and hoping they throw it away when they are done.
They will not throw it away. They will leave it in their inbox. Their inbox will be compromised. And suddenly, a stranger holds a valid key to your safe. This is not a hack. It is negligence.
The Vulnerability: The Immortal URL.
The Machine does not understand context. It does not know that the “Q3 Financial Audit” project ended six months ago. It only knows that the URL string matches the resource ID.
Consider the consultant. You hire them for a week. To save time—because we always sacrifice security for speed—you generate a link: “Anyone with the link can view.” You send it. The consultant does the work. The consultant moves on.
Six months later, you enter litigation. Discovery begins. The opposing counsel searches the consultant’s email archives. They find the link. They click it. The Machine dutifully opens the door.
You have just handed over evidence that was not subpoenaed, simply because you left a window open in a house you thought you vacated.
The Architecture: The Sunset Policy.
To fix this, we must impose strict rules on The Machine. We cannot rely on human memory to revoke access. Humans forget. The Machine does not.
We must implement a “Sunset Policy” for all external sharing.
- Mandatory Expiration: No link shall live longer than 7 days. If the recipient needs it again, they must ask again. This friction is a security control.
- Identity Verification: “Anyone with the link” is a setting that should be disabled at the root level. Access must be tied to a specific email identity.
- The Access Log: We need to know who walked through the door. If a link is clicked, it must be recorded.
When we configure the system this way, we are essentially giving the consultant a visitor badge that dissolves after 48 hours.
Strictly speaking, convenience is the enemy of confidentiality. If it is easy to share, it is easy to leak. We must build friction back into the system. If a document is important enough to send, it is important enough to protect.
Therefore, go to your admin panel today. Look at the “External Sharing” settings. If the default is “No Expiration,” you are currently sitting in a room with no walls. Change it.
FAQs
Is a password-protected link safe?
Only if the password travels via a different channel than the link. If you email both together, you have merely sent the lock and the key in the same envelope.
Why are non-expiring links the default?
Because software vendors prioritize 'frictionless' adoption over your legal safety. They want the data to flow; you need the data to be contained.
How do I revoke a link I sent years ago?
Usually, you cannot, because you did not inventory it. This is why we must configure The Machine to revoke it automatically.