Docs.com’s “public by default” setting to blame for users publishing sensitive info?
The search option on Docs.com, Microsoft’s publishing and file sharing service, has been temporarily disabled as it could be used to trawl published documents for sensitive user information (social security numbers, dates of birth, phone numbers, etc.).
What is Docs.com?
As explained by Microsoft, “Docs.com is an online showroom where you can collect and publish Word documents, Excel workbooks, PowerPoint and Office Mix presentations, OneNote notebooks, PDF files, Sway stories, and Minecraft worlds.”
Any document that’s uploaded on the service can be set to be visible either to the wider public (and will appear in search engine results and can be shared by anyone on social media sites), just to specific individual users (the document will not appear in search engine results, and can be viewed only by people with whom a direct link to the content has been given), or just members of an organization (which must sign in with an account associated with it).
What’s the problem?
Unfortunately, and unlike in Microsoft’s online Office suite, documents uploaded to Docs.com have their visibility set by default to Public. It is on users to change it to something else if they don’t want them to be shared widely.
Microsoft’s choice to opt for this default setting is not strange, given that this service is geared more towards content publishing than simple file sharing. Nevertheless, the company should have predicted that the service will be used to disseminate documents containing sensitive information.
Anyways, Microsoft has reacted to the situation by temporarily disabling the document search feature, advising users to revise their document settings, and has, according to ZDNet, been “taking steps to help those who may have inadvertently published documents with sensitive information.”
As can be seen on the website, the search option is now back online. By opening an account with the service and uploading a Word document, I found that Microsoft did not change the default visibility option (Public on the web) but pops up a final warning to users before they upload a document, urging them to make sure that it doesn’t contain private information they don’t want to share (as seen in the screenshot above).