Why Expiring Links Are Essential for File Sharing

A permanent file link is essentially a key with no lock. Anyone who has it, forever, can access whatever was behind it. We have normalized this through fifteen years of Dropbox, Drive, and Box links — and the consequences are starting to show.

The hidden cost of forever

In 2024 a security researcher discovered that more than 18,000 active Google Drive links indexed by search engines pointed to internal company documents that were never meant to be public. The links had simply been pasted into a public forum at some point, indexed, and then forgotten. The owners assumed the link was private because they had sent it to a single person.

Permanent links also outlive the human relationships that produced them. The contractor you fired two years ago still has every link you sent them. So does the journalist who wrote a one-off piece for you. So does the recruiter you ghosted.

Expiry as a forcing function

When links expire by default, the tool removes a class of mistakes that no amount of training can eliminate. You cannot accidentally leak a link that no longer works. You cannot be socially engineered into resending a link that does not exist anymore. The blast radius of any single screw-up shrinks to a few hours.

• →An expired link cannot be forwarded into a leak.
• →An expired link cannot be indexed by a search engine that crawls it tomorrow.
• →An expired link removes the need to maintain a manual revocation list.

Choosing the right window

Counterintuitively, the shorter the expiry the safer your transfer. A one-hour window for a passport photo is dramatically safer than a 30-day window, even though both feel 'temporary'.

If your tool lets you choose, default to the shortest window that you can still afford to re-send if the recipient missed it. Re-uploading is annoying; re-cleaning up a leak is impossible.

What about backups?

People often resist expiring transfers because they want a record. That is a category mistake. Backups live in your storage system. Transfers live in your transport system. Separating the two means your archives can be encrypted, indexed, and access-controlled at rest, while your transfers stay ephemeral on the wire.

Treat transfers like a conversation, not a filing cabinet.

The default that should have always been

Every file you have ever sent that did not need to live forever, should have expired. Expiry is not a feature you opt into for sensitive files — it is the correct default, with permanence being the opt-in for genuinely archival material.

Once you switch to expiring-by-default, you will not go back. The mental relief of knowing yesterday's link no longer works is, frankly, addictive.