You can upload photos, PDFs, videos, and materials, then share them with someone just by sending a link. This is also an easy method when you cannot send a large file directly through social media or email.
However, when thinking about anonymity, cloud sharing links require caution.
Not only the file contents, but also owner names, account names, edit history, sharing settings, access permissions, filenames, preview screens, notifications, and access logs may be involved.
Shared links do not necessarily pass only the file itself
In cloud sharing, the recipient may see more than the file body.
Depending on the service, the owner name, icon, part of the email address, folder name, last updater, comments, and edit history may be displayed.
Information that may be visible
Risk
Owner name
Connects to a real-name account
Profile image
Reveals the person or another account
Email address
Contact information or a real-name account is visible
Folder name
Project name, school name, or company name appears
Edit history
Who created or edited it remains
Comments
Co-editors or conversation contents are visible
Even if you intend to pass a file anonymously, if you share it from a cloud account tied to your real name, anonymity breaks at that point.
Pitfalls in sharing settings
Shared links have several sharing scopes.
Examples include "anyone with the link," "specific people only," "within the organization only," "can edit," and "view only."
If you choose the wrong setting, unintended people can view the file.
Setting
Caution
Anyone with the link
If the link is forwarded, anyone can view it
Specific people only
Notifications or history remain in the other person's account
Within the organization only
It connects to a school or company account
Can edit
The other person can rewrite the contents
View only
Downloads and copying need to be checked separately
Even if it is set to "view only," that does not necessarily stop the other person from taking screenshots or screen recordings.
Sharing settings only control the entry point for access. They do not guarantee control after the information has spread.
Information in the file itself
In cloud sharing, the file contents and metadata are also problems.
PDFs may retain creator names. Office files may retain editors, comments, and change history. Images may contain capture date/time or location information.
File
Remaining information
PDF
Creator, editing software, embedded information
Word or Excel
Creator, change history, comments, organization name
Image
GPS, capture date/time, camera model
Video
Shooting device, location, audio, background information
Archive file
Internal filenames, folder structure
Even if you handle cloud sharing link settings carefully, it is meaningless if information remains in the file body.
Detailed checks for file metadata are covered in another article.
Access logs and notifications
Cloud services may record who accessed a file, who edited it, and when it was opened.
Notifications may also be sent to recipients. If you access with a real-name account, your name may be visible to the other person.
Information that may be recorded
Effect on anonymity
Viewer
If opened with a real-name account, the name remains
Access time
The behavior timeline is visible
Editor
Co-editors or workers become known
Comment history
Conversations and people involved remain
Notifications
Viewing or sharing is communicated to the other person
Caution is needed not only for the person sharing anonymously, but also for the person receiving anonymously.
If you open the link while logged in to a real-name account, simply receiving it may leave traces.
Recipient-side behavior may also be visible to the sharer.
Services may keep histories of operations such as opening a file, commenting, downloading, editing, or sharing it with someone else. If a person who wants to review materials anonymously opens them with a real-name account, their name may appear as a viewer.
Recipient-side behavior
Possible remaining trace
Opening with a real-name account
Viewer name or email remains
Commenting
Real name or profile image is displayed
Editing
Remains in history as an editor
Downloading
May remain in history depending on the service
Forwarding
The sharing scope expands
How to think when you want to share anonymously
If you want to share files anonymously, the basic rule is not to use a real-name cloud account.
In addition, check file metadata, check the sharing scope of the shared link, and think about whose information remains after access.
Check item
Reason
Whether you are using a real-name account
Identity appears through owner names or notifications
Whether the filename contains personal information
It is visible to the other person on download
Whether you checked metadata
Creator or location information remains
Whether you checked the sharing scope
Prevent unintended spread
Whether you considered the recipient's login state
The other person's or your viewing history remains
For high-risk sharing, consider dedicated tools suited to anonymous sharing instead of ordinary cloud services.
Tools such as OnionShare and SecureDrop are covered in other articles.
What remains even if you stop sharing
Disabling a shared link does not erase everything.
If the other person has already downloaded the file, it remains on their device. If they took screenshots or screen recordings, the content remains in another form. The filename or link may remain in notification emails or chat history.
What remains after stopping sharing
Caution
Downloaded file
Remains on the other person's device or backup
Screenshot
The content remains even if the original link is deleted
Notification email
Filename or owner information remains
Chat history
Sharing time and recipient relationship remain
Access logs
Past viewing or edit history remains
You can stop the shared link from remaining public. However, you cannot bring back information that has already been seen.
Imagine the recipient's screen before sharing
In cloud sharing, looking only at your own management screen is not enough.
When the other person opens the link, which name will be displayed? When they download it, what filename will it have? How much is visible in the preview? Will the other person be asked to log in?
Imagining this screen makes it easier to notice exposure of a real-name account or folder name. For sharing that requires anonymity, always check "how it looks to the other person" before sending.
Summary
A cloud sharing link is not a mechanism that passes only the file.
Owner names, accounts, email addresses, folder names, edit history, comments, access logs, and notifications may be involved.
If you intend to share anonymously, it is important not to use a real-name account, to check sharing settings, and to check file metadata.
Also, if the recipient opens it with a real-name account, traces may remain.
In cloud sharing, do not think "I only sent a link"; check accounts, files, logs, and notifications together.
Related tools
Anonymous communication
Tor Project
An external resource related to this article. Open it only when it fits your situation and threat model.
Why it is listed: It can help with the article topic, but it is outside Anonymity Sense and should be checked before use.