With Slack's integration of Google Drive, you can easily embed, share, and stay updated with notifications regarding new additions to your Google Drive, such as files, images, documents, and more. Unfortunately, online video editing startup Kapwing discovered that utilizing file previews through Slack's Google Drive application inadvertently revealed private documents and files to external individuals within the workspace.
The File Preview feature, which is activated by default, contributes to this issue. Normally, it simplifies the process by automatically displaying a preview of the document being shared by the user.
However, there are instances when it also applies to documents that have not been intentionally shared by the user.
Furthermore, the feature provides a preview of a document that is not yet accessible. To be specific, the preview presents an 800x1035 image showing the complete first page of the document.
The same thing happens with personal images that are uploaded to Google Drive. When the user shares a document or file via a link, the Slack app automatically creates a preview image of that file using Google's own permissions.
The problem is that the preview image is re-uploaded to the Slack CDN, is high resolution, and is shared with everyone in the Slack workspace. When using the Slack web client, you can see the full link to the image preview.
Kapwing advises keeping this factor in mind when sharing personal Google Docs in a public channel or workspace if file previews are enabled by default. Images and research courtesy of Kapwing.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:
If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!
Advertisеment
