Editing via public links allows Skiff users to effortlessly collaborate on documents by sharing end-to-end encrypted links. This enables their shared collaborators - including those without Skiff accounts - to work together, view, and edit files with end-to-end encryption.
Public, end-to-end encrypted link sharing allows users to collaborate on a document while maintaining complete privacy: Even users without Skiff accounts can save and edit the file. At all times, the link and file remain end-to-end encrypted, and Skiff never has access to the document or even the link itself. Furthermore, editing or viewing permissions can be revoked from the link at any time, to further protect control and the shared document.
Sharing a document publicly is straightforward and described below:
• This allows all users with the link— including those without Skiff accounts— to access the document
• Link sharing can be turned off by the user at any time to revoke access to the document
4. Toggle between "can view" and "can edit" to change the permission level you want to give to users
• These permissions can be changed at any time allowing document owners to revoke editing and/or viewing access
5. Copy the link and share it with anyone you like (note: we always recommend doing so over a secure communication channel, )
6. Based on the permission level you selected, users will be able to simply view, or directly edit the file
Users accessing a view-only document via the link won't see other users on the document, and they won't be able to edit or share the document. If the original user disables link sharing, or unshares another shared user, the link will expire, and all users using the link will no longer see the document.
Users who are link shared with editing permissions on will be able to edit the document in real-time and save new versions. Just like current document editing, all users— logged in and not logged in — can see edits in real time. While logged in users will show up as their username, when anonymous editors are active and/or editing, we generate a random username from a list of fruit names, preceded by 'anonymous' and a rank (Anonymous-Colonel-Elderberry).
Public users will not be able to view other online or shared users, and thus cannot share or change permissions on the document. At any time if the original user changes, the permissions (turns off link sharing, upgrades users to editors, etc.), the document and original link will expire and the user will need to be sent the new link in order to download the document again.
To better understand how anonymous editing works, let's consider Alice (our Skiff user), and her friend Bob (not a Skiff user).
Currently, our E2EE link sharing model already allows users without accounts to access documents shared via links. As detailed in Skiff's technical whitepaper, a secure link to share a document is generated by combining the document identifier and a client-side generated random encryption key. This random link encryption key is used to encrypt the document's session key, which is used to encrypt the document. When Alice shares the link with Bob, the server first verifies that Bob has the correct link key (without the server ever needing access to the actual link encryption key), and subsequently sends the encrypted document key to Bob (which can be decrypted with the link key). If Bob is simply listed as a viewer on the document, we simply stop here.
If the shareable link is given editing permission, Bob uses a temporary authentication token to listen and send document updates and maintain real-time document state. If Bob had a Skiff account, we would create a token that cryptographically authenticates Bob's user information. Instead, because Bob is only trying to access and edit a single document without an account, we embed information about the document and Bob's access method into the token itself. This temporary access token is used while Bob listens and sends updates to the document.
Every time Bob sends an update, we verify that this temporary authentication method maintains a cryptographically valid document identifier for this editing session. If so, Bob is allowed to both send and listen to updates for a given document. In order to save the publicly editable document, we verify Bob's token contains the appropriate document identifier, and proceed to save the link-shared document.
Link sharing - which is widely used by Skiff users to work freely and collaborate securely - represents a critical piece of our usable, privacy-first platform.