Is uploading to a client's server safer than sending a Dropbox download link?
Thread poster: CafeTran Training (X)

CafeTran Training (X)
Netherlands
Local time: 20:58
Apr 26, 2016

Is uploading a translation to the server of your client safer than sending him a Dropbox download link (like: https://db.tt/DBHzCbDE) via e-mail?

Your comments please.


 

Endre Both  Identity Verified
Germany
Local time: 20:58
Member (2002)
English to German
The question should be: Which option gives the client more control over security? Apr 26, 2016

Your hypothetical scenario lacks information necessary to judge which option is safer. We don't know for instance how well secured the client's server is, nor how Dropbox responds to someone bruteforcing their way through db.tt links.

What is clear however that the Dropbox way gives the client little control over security. Whatever little control there is when you are dealing with short http links, it resides mainly with Dropbox. An additional factor is the means of communicating th
... See more
Your hypothetical scenario lacks information necessary to judge which option is safer. We don't know for instance how well secured the client's server is, nor how Dropbox responds to someone bruteforcing their way through db.tt links.

What is clear however that the Dropbox way gives the client little control over security. Whatever little control there is when you are dealing with short http links, it resides mainly with Dropbox. An additional factor is the means of communicating the link to the client, which is again mainly outside the client's control.

Conversely, the client has total control over the security of an upload server. Even if you as a user of the server are less than careful with your access credentials, the client has the option of preventing download access and even file listing, which means the worst thing that can happen to them is that undesirable (and potentially dangerous) material is uploaded to their server – but no one from outside is able to access any of the uploaded files.

So, if your client goes to the considerable trouble of setting up an upload server, there is no question which method they expect you to choose.
Collapse


 

Dan Lucas  Identity Verified
United Kingdom
Local time: 19:58
Member (2014)
Japanese to English
Pragmatically speaking Apr 26, 2016

CafeTran Training wrote:
Is uploading a translation to the server of your client safer than sending him a Dropbox download link (like: https://db.tt/DBHzCbDE) via e-mail? Your comments please.

I'm not sure we can tell which is safer but, practically speaking, if you use the client server then it immediately shifts the entire burden for security to the client once the file(s) leave your system.

They can't say they didn't get it, or the link didn't work or whatever. That's why I quite like vendor portals like this.

I am a bit wary of uploading client data to most cloud services. Currently any client-related data I put in my Dropbox folder is encrypted with non-cloud tools before it is copied over. I am looking into using SpiderOak or, more likely, Tresorit in future.

Dan


 

Samuel Murray  Identity Verified
Netherlands
Local time: 20:58
Member (2006)
English to Afrikaans
+ ...
Yes Apr 26, 2016

CafeTran Training wrote:
Is uploading a translation to the server of your client safer than sending him a Dropbox download link via e-mail?


Yes. If you use Dropbox, the file is uploaded to a third party (i.e. the Dropbox company's servers), and then your client has to download it from there.

In addition, a Dropbox download link does not require the user to identify himself (by logging in) -- the link allows users to download files if they only know what the link URL is. This means that if the client's e-mail is seen or accidentally forwarded to someone else (by the client or by someone else), then someone else besides the client would also be able to download the file, even if the client didn't want them to.

The same applies to upload services such as WeTransfer -- these files can often be accessed by anyone who has the URL, without identifying themselves. If you're going to use such a service, then I suggest that you zip your file and put a small password on it, and send the password to your client in a separate mail or via another means of communication (e.g. Skype or phone).

If you upload the file to your client's server, the upload goes directly from your computer to the client's computer. And if the upload method uses a secure connection, then it's even safer.


 

Joakim Braun  Identity Verified
Sweden
Local time: 20:58
German to Swedish
+ ...
Encrypt locally Apr 26, 2016

Encrypt the file locally, then you can upload it in whatever way you want.
All you need is a safe way of getting the password to the client. (By phone, SMS or by reference to some piece of information that you both have access to.)


 

José Henrique Lamensdorf  Identity Verified
Brazil
Local time: 17:58
English to Portuguese
+ ...
In memoriam
One vote for WeTransfer's free account Apr 26, 2016

Samuel Murray wrote:

The same applies to upload services such as WeTransfer -- these files can often be accessed by anyone who has the URL, without identifying themselves. If you're going to use such a service, then I suggest that you zip your file and put a small password on it, and send the password to your client in a separate mail or via another means of communication (e.g. Skype or phone).


WeTransfer is free for file transfers up to 2 GB. The file will stay there for a week, and then disappear forever.

A paid account on WeTransfer is like Dropbox, you can keep files there forever. I guess that even if you delete them, there is the possibility of undeleting "if you are lucky", like any hard drive.

The fact is that a hacker must know two things:
a) that there is something worth hacking; and
b) the URL (and login/password, if used) where the stuff worth hacking is stored.

I guess both take either a while or some insider info to get.

A while ago I had a case that put it to the test. I did a large subtitling job for a most distinguished global electronics company via an agency. I uploaded all those videos to WeTransfer, and sent their link to the agency. The agency relayed the link to their client. It's a long story, anyway, bottom line is that I had to upload them THREE times, because the link expired before the end-client's always-traveling liaison had a good connection to download them.

As that end-client is heavily into IT, I can see three of their products while typing on my computer, it should be easy for them to have someone hack into WeTransfer - if that were at all possible - to get those files after they had expired. They didn't.


 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Is uploading to a client's server safer than sending a Dropbox download link?

Advanced search






CafeTran Espresso
You've never met a CAT tool this clever!

Translate faster & easier, using a sophisticated CAT tool built by a translator / developer. Accept jobs from clients who use SDL Trados, MemoQ, Wordfast & major CAT tools. Download and start using CafeTran Espresso -- for free

More info »
PerfectIt consistency checker
Faster Checking, Greater Accuracy

PerfectIt helps deliver error-free documents. It improves consistency, ensures quality and helps to enforce style guides. It’s a powerful tool for pro users, and comes with the assurance of a 30-day money back guarantee.

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search