gistfile1.txt

---
author: lmarburger
layout: post
---

As you may be aware, we had quite a day at CloudApp yesterday. An individual
named Dustin Curtis took it upon himself to make a simple web page he called
[CloudApp Roulette]. The premise is simple: pick a random public URL and display
the image stored there.

# The operative word here is _public_. With public links, we create a very short random identifier in order to keep the URLs short. We call them public links because the compromise is that it is easier to guess shorter random identifiers. 

Think of it as a public stack of papers: in order to keep the stack of papers small, we don't allow many blank sheets in the stack--only ones people have placed there.The compromise is that if you pick a random paper, there's a good chance you'll pick out someone's random link. This makes things like CloudApp Roulette possible. 

CloudApp also provides an option for _private_ links. While we are still creating a random identifier for your URL, the difference is that we are creating a 20-character, alpha-numeric, case-sensitive identifier. Each character space has 62 possible characters. Thus, the number of possible combinations is 62^20, or *704,423,425,546,998,022,968,330,264,616,370,176* combinations.

Let's go back to our stack of papers analogy. Since CloudApp is intrinsically a *sharing* service, the stack of papers still needs to be publicly accessible. However, this time, imagine a stack of papers 704,423,425,546,998,022,968,330,264,616,370,176 sheets tall. To put that in perspective, that stack would reach from the earth to the moon... 176,105,856,000,000,000,000,000 times. Now, imagine you had your private document somewhere in that stack. Sure, someone could get lucky and find it, but by then, there's a decent chance the Sun will have died and engulfed the entire solar system, including your precious document.

It is because of probabilities like this that we consider those links effectively private.

# 

If you use CloudApp, take a moment right now and
[switch to long links][privacy]. If you want to Tweet a link, simply go to
your items list and click the lock button to flip it to a short, Tweetable link.


### Updates

We took the opportunity yesterday to make several changes to CloudApp with
regard to protecting your uploads.

 * **Disable image embedding.** At this moment, you can't take a link to an
   image and it to your blog. This isn't a permanent solution nor is it a
   silver bullet to prevent someone determined enough to sift through public
   uploads.
 * [**Clear copy**][privacy] describing the difference between short and long
   links.
 * [**A single button**][privacy] to convert all your short links to long links
   thus preventing them from ever appearing in attacks like CloudApp Roulette.


### Conclusion

Even after all this, you may feel pretty good about storing something very
sensitive on CloudApp like you're credit card number, legal documents or super
secret Delta Force mission plans. Please don't. It takes a **lot** of work to
become [PCI compliant] and, quite honestly, CloudApp's architecture isn't, nor
will it ever be, up to those standards.

CloudApp makes sharing data dead easy. Please use discretion.

[^base16]: Until yesterday we used base16 instead of base62 for long links. The total unique links are still very large: `16^20 = 1,208,925,819,614,629,174,706,176`

[^statistics]: I'm not a statistician by any means. If there is a flaw in the above logic, please [let me know][contact].

[CloudApp Roulette]: http://www.boingboing.net/2010/11/10/cloudapp-roulette.html
[privacy]: https://my.cl.ly/account#privacy
[Lifehacker]: http://lifehacker.com/comment/27334251/
[SecureRandom]: http://api.rubyonrails.org/classes/ActiveSupport/SecureRandom.html
[PCI compliant]:http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
[contact]: http://twitter.com/getcloudapp

http://davidhiggins.me/cloudapp-roulette/