Dropbox: Righteous Links

Discovery

A company restructuring had dropped me, a PM and a squad of engineers into a problem space only a few of us had intimate knowledge of. This space had two components:

  1. Migrating from a legacy link sharing model to a more modern one

  2. Building reliable privacy controls for shared links to prevent data leaks

The migration was a top priority for Dropbox but was projected to be a year-long investment for the engineers. In the meantime, the PM and I took ownership of thinking through the user facing component of privacy/security. Since we had time and space to work ahead of eng, our goal for the year was to build out a roadmap of solutions that had been designed and tested with users by the time eng was ready to scope the work.

Methodology

As a designer, I understood that securing company data was important to our enterprise users. Less clear to me, was how this highly technical migration related to the user problem of protecting data. First, I needed to develop a foundational understanding of the legacy link model and its limitations. Second, I needed an understanding of the proposed model and how it would solve issues introduced by the legacy model. As this was a large multi-year effort I was able to connect with previous designers/engineers on the project to gain context.

Armed with this foundational understanding of the technical side, I needed to immerse myself in the user problem by first auditing the link sharing experience for enterprise users across our ecosystem. This audit included documenting all of the different ways a team admin could grant or restrict link sharing rights to members of a team; from there, I would simulate and document each scenario, making notations about any pains I experienced along the way. Going through these scenarios myself was the single most helpful exercise, both in terms of putting myself in the shoes of the user and in terms of understanding the limitations of the legacy link sharing model.

audit1.png
audit2.png
audit3.png

Solution & Outcomes

View full map in Figjam

Existing documentation written by past engineers on the migration had been helpful to those with a technical background. My goal was to create new documentation that would be approachable to stakeholders across the org. To accompany the audit above, I needed a visual representation of these two link models— something that would take the characteristics of each and visualize them in a way that was instantly accessible:

Legacy link sharing model
In the legacy model, each new link is tied to the creator of the link rather than the content being shared. The content owner has no visibility or control over how many legacy links are out there in the world, because a new unique link is being created each time the content is shared. It becomes clear how this could become a security risk for large enterprises who rely on Dropbox’s link sharing model to keep their content safe.

Righteous link sharing model
Righteous links are links that grant rights. The concept here is that for a single piece of content, there would only exist one link for viewing rights and one link for editing rights at any one time. As the content owner, a user would have complete control over who receives which set of rights. If a link recipient shares a view link with a third party without the content owner’s knowledge, the content owner would have complete visibility as to who has access to which link and could lock down access to the link if they choose.

Getting clearer on the goals of the migration and viewing it through a lens of data security helped align us all to a shared understanding of our team’s charter, despite eng having separate priorities from PM/design. We were each able to execute against our own parts of the problem space, and knew how to move forward on product improvements when the migration was due to be complete.

Legacy link sharing model

Righteous link sharing model