CloudApp

As you may be aware, we had quite a day at CloudApp yesterday. A little site named CloudApp Roulette cropped up on the internet. The premise is simple: pick a random public — the operative word here is public — URL and display the image stored there.

No big deal, right? They’re public links so those images shouldn’t be confidential. The unfortunate truth is that is simply not the case. If you’re using short links, your files are immediately susceptible to scripts like CloudApp Roulette.

If you use CloudApp, take a moment right now and switch to long links. Do it. If you want to Tweet a link, simply go to your items list and click the lock button to flip it to a short, Tweetable link.

Updates

We took the opportunity yesterday to make several changes to CloudApp with regard to protecting your uploads.

• Disable image embedding. At this moment, you can’t add an image you’ve uploaded to your blog or the like. This stops CloudApp Roulette in the short term, but it is not meant as a permanent solution nor is it a silver bullet to prevent someone determined to sift through public uploads.
• Clear copy describing the difference between short and long links.
• A single button to convert all your uploads to long links preventing everything you’ve uploaded to CloudApp from appearing in attacks like CloudApp Roulette.

Myths

I’d like to take a moment to dispel a myth. There is a small thread on Lifehacker spreading the myth that guessing a long link (20 characters) isn’t any more difficult than guessing a short link (4 characters). Short links aren’t sequential, but the algorithm we use is meant to be efficient. Each letter is precious and we’re not wasting them. Because there are no “holes”, it’s trivial to guess a short link and find a public upload. This is by design and it’s what makes CloudApp Roulette possible.

Long links, on the other hand, are case-sensitive, alphanumeric, random (using Ruby’s SecureRandom API) 20-character links. 20 isn’t much more than 4 so it stands to reason that one could write a similar script to CloudApp Roulette targeted at long links and have similar success.

Enter: Math

Let’s see what the real odds are. Each of the 20 characters in the link can be one of 62 possibilities (a-z, A-Z, 0-9). This puts the total number of unique links at:

62^20 = 704,423,425,546,998,022,968,330,264,616,370,176

I’m not smart enough to know how to pronounce that number so I’ll just say 704 billion trillion trillion (I hope I counted correctly). It’s a significant number.¹ To use an absurd analogy, if this was a stack of papers, it would stretch from here to the sun.

… 503,159,589,676,427,159,263 times

To calculate the probability of picking a long URL at random and finding anything, let’s assume we have a billion uploads. We have a lot less, but it hardly matters.

1,000,000,000 / 62^20 = 0.0000000000000000000000000014196

Approximately 1 in a thousand trillion trillions.² You can see why we consider long links effectively private.

Conclusion

You may look at these numbers and feel pretty good about storing something very sensitive on CloudApp like your credit card number, legal documents or super secret Delta Force mission plans. Please don’t. It takes a lot of work to become PCI compliant and, quite honestly, CloudApp’s architecture isn’t, nor will it ever be, up to those standards.

CloudApp makes sharing data dead easy. Please use discretion.