deepakjc

tldr; You can view a preview of private Google Docs despite not having access, as long as you have the doc's link.

Longer version: I received a link to a Google doc on slack recently, but the owner had forgotten to share permissions with me. Though I couldn't view the doc when I clicked it, I did notice that I could view the first page of the doc in the link preview. It was very high res and I could view the text clearly. Isn't this a security vulnerability worth plugging? I reported it to Google, but they responded with:

"Hi! We've decided that the issue you reported is not severe enough for us to track it as a security bug: when someone with access to a doc sends a link over slack, they express their intent to share this document, hence the preview shared independently from the sharing setup on the doc does not represent a significant risk."

I tried responding that many people have Google Drive links exposed even publicly, but they assume that only those with access can view them. But I got the same response pretty much. Am I missing something here, or is this an oversight by Google?

Just noticed it a few minutes ago, its in the "Audience" section, just below "Overview". Its pretty basic right now, but its a good start.