Offer option to block data export when using Secret map sharing
The Caltopo blog highlights reasons for using Secret map sharing (copied below) but undercuts its own argument. A Secret sharing link is just as easily copied and shared as the actual map URL, while sensitive data on the map can be exported or even just copied over to a new (potentially public) map by the recipient. This is an ongoing request that Caltopo will hopefully address at some point by removing (or offering the option to remove) the Export function for Secret map sharing with a Read-level permission, just as the Import function is disabled for this setting. The Caltopo platform is based around sharing, true, but a higher level of protection for map data would encourage a much greater level of sharing of sensitive maps with select third parties where trust cannot be fully determined, exposing many more new users to Caltopo in the process and increasing participation and membership.
From the Caltopo blog:
Secret maps require a special code, which we call a shareable link, for anyone besides the map owner to view the map. That link will look like this: https://caltopo.com/m/Q2F0K/14N6CNM9L5B1MS80, which is much longer and harder to share than the URL alone. Use secret when you have sensitive data on the map, or you want a higher level of control over who can access the map. Avoid using secret when you need to more easily and broadly share the map.
Comments
5 comments
Update: Someone pointed out the fact that OnX Hunt currently offers this feature, wherein a user can share features and folders with another user via SMS or email sharing link. The features then populate in the recipient's account but cannot be edited *nor reshared.* This is obviously a vital feature appreciated by hunters who covet their hard-won data (hunting locations, wildlife guzzlers, etc) but who wish to share it in a safe and responsible manner with a select number of other sportsmen. Let's bring this type of functionality to the wider world of mapping, Caltopo!
Yes, that would be great. Especially since the password protected maps are gone.
So my comment got rejected for using an external image from the caltopo user guide. ¯\_(ツ)_/¯
I went into the UI and tried to find the access code for "secret" and couldn't. The user manual for "map sharing" mentions secret and access codes, but has no examples of actually setting them.
I guess Secret just doesn't do anything? Why even have it as an option? This image from the manual is named additional-access-code.png, but it's obviously just an url and uses the url privacy setting. Does secret just mean only the long urls work and the short url doesn't?
Carl, the way Secret maps currently works is you create the shareable link and share it with a specific person directly. The user then bookmarks the shared map and gains access. The "access code" is just the Shareable Link, and you're correct that the standard short URL won't work for others when the map is Secret. You can give different people different shareable links and then decide to remove one or more of them in the future to deny access to specific individuals, without having to make the map private. So in theory Secret maps allows the owner more control, but since the Secret shareable links can themselves be reshared by the recipient and since it is always possible to export data or copy to a new map (and then share it publicly if it turns out they're a jerk), it's more an illusion of limiting the use of one's data than not.
Thanks, that makes more sense. It’s odd they have a ‘secret’ url for read access for the url permission model in their documentation.
Someone can share a password as well, but a unique url + password is more secure and can’t be scraped by a crawler.
Secret implies something that is actually private, this is just ‘ obscure but publicly available’.
Please sign in to leave a comment.