Table of contents
Start for free
Jason Ginsberg / 4.07.2021Home / Tutorials
Secure Public Links
Sharing privately has never been this easyOverview
Editing via public links allows Skiff users to effortlessly collaborate on documents by sharing end-to-end encrypted links. This enables their shared collaborators - including those without Skiff accounts - to work together, view, and edit files with end-to-end encryption.Public, end-to-end encrypted link sharing allows users to collaborate on a document while maintaining complete privacy: Even users without Skiff accounts can save and edit the file. At all times, the link and file remain end-to-end encrypted, and Skiff never has access to the document or even the link itself. Furthermore, editing or viewing permissions can be revoked from the link at any time, to further protect control and the shared document.How To
Sharing a document publicly is straightforward and described below:- Create or open a document
- Click the "Share" button in the security toolbar
- Under "Public Link" select the option in the dropdown that says "Anyone with the Link"
• This allows all users with the link— including those without Skiff accounts— to access the document
• Link sharing can be turned off by the user at any time to revoke access to the document4. Toggle between "can view" and "can edit" to change the permission level you want to give to users
• These permissions can be changed at any time allowing document owners to revoke editing and/or viewing access
5. Copy the link and share it with anyone you like (note: we always recommend doing so over a secure communication channel, )
6. Based on the permission level you selected, users will be able to simply view, or directly edit the file
User Interface
Public View OnlyUsers accessing a view-only document via the link won't see other users on the document, and they won't be able to edit or share the document. If the original user disables link sharing, or unshares another shared user, the link will expire, and all users using the link will no longer see the document.Public EditingUsers who are link shared with editing permissions on will be able to edit the document in real-time and save new versions. Just like current document editing, all users— logged in and not logged in — can see edits in real time. While logged in users will show up as their username, when anonymous editors are active and/or editing, we generate a random username from a list of fruit names, preceded by 'anonymous' and a rank (Anonymous-Colonel-Elderberry).Public users will not be able to view other online or shared users, and thus cannot share or change permissions on the document. At any time if the original user changes, the permissions (turns off link sharing, upgrades users to editors, etc.), the document and original link will expire and the user will need to be sent the new link in order to download the document again.
Technical Explanation
To better understand how anonymous editing works, let's consider Alice (our Skiff user), and her friend Bob (not a Skiff user).Currently, our E2EE link sharing model already allows users without accounts to access documents shared via links. As detailed in Skiff's technical whitepaper, a secure link to share a document is generated by combining the document identifier and a client-side generated random encryption key. This random link encryption key is used to encrypt the document's session key, which is used to encrypt the document. When Alice shares the link with Bob, the server first verifies that Bob has the correct link key (without the server ever needing access to the actual link encryption key), and subsequently sends the encrypted document key to Bob (which can be decrypted with the link key). If Bob is simply listed as a viewer on the document, we simply stop here.If the shareable link is given editing permission, Bob uses a temporary authentication token to listen and send document updates and maintain real-time document state. If Bob had a Skiff account, we would create a token that cryptographically authenticates Bob's user information. Instead, because Bob is only trying to access and edit a single document without an account, we embed information about the document and Bob's access method into the token itself. This temporary access token is used while Bob listens and sends updates to the document.Every time Bob sends an update, we verify that this temporary authentication method maintains a cryptographically valid document identifier for this editing session. If so, Bob is allowed to both send and listen to updates for a given document. In order to save the publicly editable document, we verify Bob's token contains the appropriate document identifier, and proceed to save the link-shared document.Link sharing - which is widely used by Skiff users to work freely and collaborate securely - represents a critical piece of our usable, privacy-first platform.Related articles
Skiff TeamIs Notion end-to-end encrypted?Is Notion end-to-end encrypted? Are your notes, wikis, and documents safe and secure?
Skiff TeamEncrypted collaboration toolsSecurity and privacy have become necessities when collaborating online. What are the best encrypted collaboration tools?
Andrew MilichHow to recall an email in Outlook and GmailHow can you recall an email on Outlook, Gmail, or other providers?
Skiff TeamWhy you need a strong passwordLearn why having a strong password is a must to protect your online data.
Peter LuThe best encrypted note taking apps in 2023We store more private information in our note-taking apps than in our homes. What are the best encrypted notes apps with fantastic privacy and best-in-class features?
Jason GinsbergWhat is end-to-end encryption, and is it secure?End-to-end encryption has become an absolute necessity for messaging and communication today. How does it work?
Andrew MilichWhat is encrypted search?Searching over encrypted data is a unique challenge. What algorithms make it possible?
Andrew MilichHow can you do cryptography in Javascript?Almost every web application likely touches some type of encryption - whether it’s AES encryption in SSL or application level security. How can you do cryptography in JavaScript?