Secure view - Prevent your shared files from getting downloaded

Originally published at: https://nextcloud.com/blog/secure-view-prevent-your-shared-files-from-getting-downloaded/

Sometimes you want to share a file, but you don’t want the recipient to actually download it. Since Nextcloud 15, secure view (or ‘Hide download’) allows you to remove the download button so that confidential files can’t be downloaded.

How secure view works

When sharing a public link to a third party to view material on your Nextcloud there is a ‘Hide download’ option available to check. When ‘Hide download’ is enabled, PDF documents and images will appear on the viewers screen without the menu options to download the file(s) or add them to their own private cloud.

Note that this feature will prevent most normal users from downloading the content but keep in mind how the web works: If you can see something on it – it is there and it can be copied by users with more technical skills. Secure view restricts the ability to download the file but this can be worked around with screenshots and browser tricks.

Secure view not enabled
Secure view not enabled.
Secure view enabled
Secure view enabled.

Collabora online introducing support today

Collabora Online lets you view, edit and download documents. Our update of the Collabora Online integration app from last week combined with at least version 4.0 will hide the download option also from Collabora’s menu items. It also disables printing and copy/pasting out of the document, leaving screenshots and the ‘read and type in another document’ as the only possible ways of copying.

Collabora Online’s document model ensures that the document is retained on the server, under your control, while providing the pixels you see to the browser. Short of scripting your own Optical Character Recognition (OCR) on screenshots – Secure view makes it extremely hard to automatically extract data from documents.

If you want the viewer to still be able to edit a document you shared, it is up to you to combine ‘Hide download’ with the ‘Allow editing’ option.

Secure view will be even more secure

Collabora provides a way to watermark the documents with a configurable text, font and other properties. We are working on integrating that feature in Nextcloud too, along with a way to display PDF files by Collabora. This way, when ‘Hide download’ is enabled, even screenshots of shared documents will be marked with a preconfigured watermark showing the name of the user who shared the file, the IP address of the person who opens it or showing the date and time at which the document was opened.

This is an example of how we’re always working with our partners to enable you more control over your data and give you more ways to protect the confidentiality of your documents! A good reason to stay tuned, discover our newest features and always update to the latest release!

3 Likes

Pretty cool!
Although, for this feature it is more important than for others that people/customers really understand this feature and its “security”.

4 Likes

Shared pps file with download button hidden:

Clicked that little preview image:

Media-File shared with hidden button:

The most secure is a shared txt-File with hidden Download button :smiley: :
grafik
Yes, it actually contains some text :wink:

Security through obscurity? :stuck_out_tongue:

3 Likes

I’ve the same feeling… It isn’t really preventing files from getting downloaded. It has nothing to do with security. It makes it only harder to download the file for not so technical people.
I only fear that it might give users a false sense of security.

Though, this is good because it ignites these kind of discussions! :slight_smile:

4 Likes

I completely agree with @Schmu and @davidbe when it comes to security. It is the typical “Security through obscurity” thing. As a dry feature though - namely, not showing the download button - it is just an extension of use cases and options for Nextcloud, which is good! So all in all, I appreciate this additional feature, because it was surely requested by a customer or users!
BUT, it is represented and advertised in the wrong way. I’ve already realized that the Nextcloud “strategy/marketing section” was overshooting a couple of times in the last one or two years. Or at least they seem to have trouble to precisely define and explain features to the public in a broader context. Do not understand me wrong, the more technical and really important informations about features can be found somewhere and thus are almost always openly communicated! The problem are not the small letters, the problem are the big ones:
Secure view - Prevent your shared files from getting downloaded
After this, it does not even matter, what you were writing below in the text or if you find the whole thing detailed in the documentation. In a way, the name of this feature and how it is presented can be almost named as “cheap or wrong promises”. There will - for sure - be misconceptions and further misinformation (e.g. in media and in IT departments) and complains will arise, when the hacky customer/user can still download the document. And all this, can be easily prevented, if just marketing would step a little bit on the break and improves in advertising NC’s features by finding better names and words, like:
Presentation view/mode - Signal your customer, that this document is just for showing content

EDIT: typo and refinement

3 Likes

right. so who do you guys think uses nextcloud usually in the majority? only computernerds? i mean they, of course use nc as well and right, it wouldnt be any major problem for them to get the data if they want it. but for the broad majority it would cause some problem to get the file downloaded. if there is no download-button.

we had this discussion here on the forum before… and it went the same way as it’s going just now (for apparent reasons). i’d say that’s a first step into the right direction. more could come later (as this is a very simple to install trick).
having this new feature means that devs are reading the forum. even if they don’t always comment. and you kno what? i think this is ok as it is.

btw: the text itself says that it’s not preventing some nerd to get those files downloaded, though.

@JimmyKater gets it completely. We make very clear in the UI that this hides the download - hence the name. We’re expanding it, the blocking editing, copying and downloading in Collabora is new, which is what we termed Secure View - and we will take it further and further over the coming releases. Next up is the watermark, and after that we’ll probably use collabora with its watermarking for PDF’s and text files too, when this feature is enabled. And we look at how we can limit downloading the result further.

It’s an incremental process, as development always is. Help is of course welcome!

4 Likes

Hi,

I didn’t want to comment again actually, but I feel the need right now :stuck_out_tongue:
Of course I understand that this is work in progress and there is more to come, to deliver further improvements and make this feature actually work.

The thing is: this feature is massively advertised right now. Not only here in the Forum but on the blog and on Twitter/ Mastodon over and over again.
And the big issue here for me is actually the wording:

“Secure” and “prevent download” are right there in the headline and in the text. For most files this is simply not true however.

You don’t need to be an advanced user to get some of the files.
My example with the powerpoint presentation file: the presentation was not shown and there was only this preview icon. What will an inexperienced user do? Hover the mouse over the preview image (not even noticing the mouse cursor changes to a hand) and click it. Voila: Download.

PDF-File?


The download button is right there.

And the photo which is shown in the news above …
well, yeah, maybe the inexperienced user did not realize he can right-click in websites or can take screenshots with the print button on his keyboard, haven’t noticed the Snipping Tool Microsoft advertised when it was first released and that user will then only take a photo. Okay yeah, I give you that one, that’s not the same then.

But downloads which easily happen by accident are neither secure nor prevented. In many cases it only increased the required effort to download a file or rather say reduced the comfort.

In regards to Collabora it seems to be a whole different story and that should be focused on right now. That could really work right now (can’t test because I don’t use Collabora). The other things don’t work right now and are false promises.

My actual issue with that is this: I love the Nextcloud project and support wherever I can. I advertise is like crazy with friends, colleagues and everybody I get to talk about cyber security, Google software usage and stuff. I even talked out IT admin to install NC as file share in our company. What I often see though: as soon as there is a feature promise which doesn’t stand in a real-world scenario and fails in any way, the whole tool is called to be in a Beta state and not really work. That, unfortunately, happened with our File sharing server. I was so proud I got NC to be the Software we use in our company as well and after 2 months it was uninstalled again. This is just sad.
I for myself love honesty. If something doesn’t work, just tell me and I can accept and work around it. The surprises when a feature doesn’t work as everybody understood it from the adverts are the reason for arising frustration - at least I believe that.

I still love NC, the community and everything and I believe the project is open-minded enough to give room for discussions, ideas and criticism which is intended to be constructive.

4 Likes

It is all true - but I think we don’t promise in the blog that it is perfect, we point to the direction we’re going and show where we are… Watermarking comes soon, the other things will come, too, especially of course if other contributors care and contribute. The less demand from customers or the less contributions, the longer it takes, as with everything: we work based on demand of our customers and contributions from the community.

FYI, the PDF viewer was changed for 17 so that it won’t let you download when ‘hide download’ is enabled :arrow_right: as promised, we improve this feature further (more is planned for 17). I’ve also updated the text a little to be more clear about the limitations.

3 Likes

As Clint Eastwood said :
« You’re never too old to learn something new. »
Great that there is still improvement on this feature.