Share links dangerously default to view and edit
File sharing currently defaults to creating a link with both view AND edit permissions. This link is retained, without any indication to the user, even when the user deselects the allow edit permissions box.
This is a VERY dangerous security flaw because some search engines are capable of discovering these links by brute force. I had one of my excel files completely *nuked* by an anonymous rando that had found the view+edit link that I never knew had been created (even though I only ever explicitly shared a view-only link for the file). They nuked the file by reverting it back to the very first version of it that I had uploaded, and there was no way for me to be able to un-revert it. It was only my habit of keeping offline copies of *everything* that I was able to replace the file.
This needs to be fixed ASAP. Onedrive.com should NEVER default to view+edit like this if it is going to invisibly retain the links without the user being immediately aware of it. This is a MAJOR security flaw.
Since this vote has been archived, I have recreated wholesale here:
Truly. OneDrive now has syncing to your desktop and documents. One accidental right-click will give the entire world access to said resources but allow them to delete every file found within there.
Matthew Doucette commented
This needs more votes. Share links should be READ ONLY!
One Drive User commented
Not sure how old this post is but this is ongoing. I agree with OP and am equally concerned.