When sharing files for anonymous activity, you may use a cloud service.
It is convenient, but cloud sharing has anonymity risks.
That is because shared links, owner names, edit history, comments, folder names, access permissions, login state, notifications, and sync history can connect to a real-name account or organization account.
Even if you clean the file contents, anonymity breaks if you share it from a cloud account tied to your real name.
This article organizes what can be visible in cloud history and file sharing, and what to check before sharing.
Owner information may be visible in cloud sharing
In cloud services, the file owner or sharer may be displayed.
If you share a file created with a real-name account, the other person may see your name, email address, or profile image.
Visible information
What happens
Caution
Owner name
A real name or organization name is visible
Do not share from a real-name cloud account
Email address
Contact information is visible
Also check recovery and notification addresses
Profile image
It connects to the person or past accounts
Check the icon too
Organization name
Workplace or school is visible
Do not use a workplace account
Even with a setting where only people who know the shared link can view the file, owner information may be visible.
Before sharing, check how it looks to the recipient.
Edit history and comments
Cloud documents can retain edit history, comments, suggestions, editors, and creation times.
Removing names from the body is meaningless if real names remain in the edit history.
Remaining information
What can be visible
Caution
Editor name
Who worked on it
Do not edit with a real-name account
Comments
Work notes or names of people involved
Delete before publishing
Change history
Old wording or information before deletion
Create a copy for publication in a form that does not carry over history
Creation time
Work time
Connects with posting time
Before sharing a cloud document, consider exporting it in a form where history does not remain.
However, metadata may remain even after converting to PDF, so check the output file too.
Shared link settings
In cloud sharing, link settings are also important.
View only or editable, login required or not, visible to anyone with the link or not, downloadable or not. The way it appears changes depending on the settings.
Setting
Risk
What to check
Editable link
Other people can change it
Make it view-only
Login required
Viewer information remains
Check what is visible to the other person
Anyone can view
Easy to spread
Limit it to the necessary scope
Download allowed
It can be redistributed
Check whether this file is safe to release
No expiration
It remains for a long time
Think about expiration and how to stop it
A shared link is not just sending a URL.
It is granting access permission.
Filenames and folder names
In cloud sharing, filenames and folder names are also visible.
Even if you check the body text and images, the filename may still contain a real name, company name, school name, project name, or date.
Place
Remaining information
Caution
Filename
Name, project name, date
Change it to a name suitable for publication
Folder name
Organization name, project name
Check the sharing scope
Files inside a zip
Old source data
Check included items
File with comments
Work notes
Delete before sharing
Look not only at the file, but at the entire folder you are sharing.
Also check whether old versions or source files are mixed in.
Do not draft in a real-name cloud account
If you create drafts for anonymous activity in a cloud account tied to your real name, the work history remains on the real-name side.
Even if you do not share them, traces may remain in cloud sync, recent files, edit history, and device notifications.
Action
What remains
Countermeasure
Drafting in a real-name cloud account
Owner, history
Separate it from anonymous use
Editing in a workplace cloud
Organization logs
Do not use it
Syncing on a smartphone
Photos and notifications
Check sync settings
Reusing a shared link
Past recipients
Check again from scratch
Files that require anonymity should be separated from the place where they are created.
Even if you become anonymous only right before posting, correlation remains if the draft stays on the real-name side.
Check from the recipient's view
In cloud sharing, looking only at your own screen is not enough.
Owner information or sharing settings that are not visible to you may be visible to the recipient. If possible, check how it looks to them from another environment or preview.
What to check
Reason
Whether the owner name is visible
A real name or organization name may appear
Whether it grants edit permission
The other person can change it
Whether it can be downloaded
It may be redistributed
Whether other files are visible
Watch the scope of folder sharing
Whether login is required
Viewer information may remain
Before sharing, check "what the other person will see if I send this link."
Copies remain even if you stop sharing
Even if you stop cloud sharing, copies remain if the other person has already downloaded the file.
Screenshots, local saves, forwarding, and reuploading to another cloud can also happen.
Action
What it can do
What remains
Disable the link
Stop future access
Existing copies
Remove permission
Stop viewing
Downloaded files
Delete the file
Remove it from the original location
The other person's saved items
Replace with the latest version
Change what will be viewed in the future
Copies of old versions
Treat a shared file as leaving your control once you send it.
For high-risk files, consider methods other than cloud sharing
For whistleblowing, sources, victim consultations, and materials related to a workplace or school, ordinary cloud sharing may be inappropriate.
That is because owner information, access logs, sharing history, notifications, and edit history remain.
When handling high-risk files, consider consulting a lawyer, support organization, trusted editor, or expert before publishing.
Before choosing a file-sharing method, decide who you need to protect what from.
To avoid panic after sharing, think before sending: "Is it acceptable if this file remains in the other person's hands?"
If it would be a problem for it to remain, you need to change the sharing scope or decide not to share at all.
Cloud sharing is not transmission, but the granting of access permission.
Use it after deciding who can see what scope, and for how long.
Also, once you send a shared link, it can be forwarded.
Even if you trust the other person, their device or account is not necessarily safe. Before sharing, check whether it would still be acceptable if the recipient reshared it.
Summary
In cloud history and file sharing, information other than the file body weakens anonymity.
Owner names, email addresses, profile images, edit history, comments, shared links, filenames, folder names, and sync history become clues.
For anonymous activity, the basic rule is not to draft or share in a real-name cloud account or workplace cloud.
Before sharing, check what is visible to the recipient, whether link settings are appropriate, whether history or comments remain, and whether filenames or included items contain information.
Related tools
Anonymous communication
Tor Project
An external resource related to this article. Open it only when it fits your situation and threat model.
Why it is listed: It can help with the article topic, but it is outside Anonymity Sense and should be checked before use.