Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
IT

Google Drive Gets a Desperately Needed 'Spam' Folder for Shared Files (arstechnica.com) 9

Fifteen years after launching Google Docs and Sheets with file sharing, Google is adding what sounds like adequate safety controls to the feature. From a report: Google Drive (the file repository interface that contains your Docs, Sheets, and Slides files) is finally getting a spam folder and algorithmic spam filters, just like Gmail has. It sounds like the update will provide a way to limit Drive's unbelievably insecure behavior of allowing random people to add files to your Drive account without your consent or control. Because Google essentially turned Drive file-sharing into email, Google Drive needs every spam control that Gmail has. Anyone with your email address can "share" a file with you, and a ton of spammers already have your email address. Previously, Drive assumed that all shared files were legitimate and wanted, with the only "control" being "security by obscurity" and hoping no one else knew your email address.

Drive shows any shared files in your shared documents folder, notifies you of the share on your phone, highlights the "new recent file" at the top of the Drive interface, lists the file in searches, and sends you an email about it, all without any indication that you know the file sharer at all. For years, some people in my life have been inundated with shared Google Drive files containing porn, ads, dating site scams, and malware. For a long time, there was nothing you could do to support affected users other than disabling Drive notifications, telling them to ignore the highlighted porn ads at the top of their Drive account, and warning them to never click on the "shared files" folder.

This discussion has been archived. No new comments can be posted.

Google Drive Gets a Desperately Needed 'Spam' Folder for Shared Files

Comments Filter:
  • by ArchieBunker ( 132337 ) on Friday May 12, 2023 @03:48PM (#63517617)

    Never once had an unknown file appear in my drive.

    • by dskoll ( 99328 )

      Yes, it's happened to me. Been spammed on Google Drive.

    • by oldbox ( 415265 )

      Happens to me almost every day. Every time I report the file and block the user, but they are all just autogenerated throwaway accounts. It gets really old. I maybe saw so much drive spam because I have a 7 letter username that is a common first name (from when gmail was invite only). I haven't seen one in a day or two. Hope this is not circumvented or causes too many false positives.

          - Spambox

    • I get drive spam a couple times per week.
      And also Google photos spam.
      I did get spam calendar invites with malware links once, but luckily I found a way to disable it.

      And the worst part is, often the file / folder previews are showing explicit images.

      So as the other poster says... it's a weekly grind to report/block the spam. And to find all the hidden places it can end up... for example in the notifications announcing new shares of "susi shared hot singles in your area".

  • by dskoll ( 99328 ) on Friday May 12, 2023 @04:08PM (#63517657) Homepage

    This is a good start, but Google should also let you set a setting that only permits your contacts to share files with you and not strangers.

  • by northerner ( 651751 ) on Saturday May 13, 2023 @10:38AM (#63518721)

    This Spam folder is a good security feature for Google to add. It is dangerous to allow people to inject shared documents that could be clicked on and may be well disguised phishing attempts.

    Some other security measures needed are:

    1. When emailing a document link, Gmail presently gives the option "Allow anyone with the link to view" when emailing the link to someone that doesn't already have document access. Users accidently give worldwide access to their document if they accidentally leave this option selected, which is it's default setting.
    Drive & Gmail need a way to turn this feature off.

    I often send a document link to someone's main email who uses a different Gmail account to actually access it, and I need to turn off giving access to the world every time.

    2. Drive needs more secure defaults to allow secured documents to be locked down.
    a. "Editors can change permissions and share" should be off by default.
    b. "Viewers and commenters can see the option to download, print, and copy" should be off by default.
    c. If I turn these controls off for a folder, that choice should propagate to every sub-folder and every file in the tree, and stay off. Presently you need to manually turn them off for every single file and folder. And then still turn them off for every new one that is created.

    The design defaults are presently inherently insecure.
    People have been asking for these security fixes for years (according to what I have seen in Google support requests).

    3. dskoll mentioned above to have an option to "Only allow contacts to share documents with you", which would be another good default setting.

"Trust me. I know what I'm doing." -- Sledge Hammer

Working...