Help

This Product Ideas board is currently undergoing updates, but please continue to submit your ideas.

MAJOR SECURITY HOLE IN AIRTABLE: Any collaborator (even read-only collaborators) can steal 100% of your data with one click

cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
ScottWorld
18 - Pluto
18 - Pluto

This thread made me realize that we should probably have an option to PREVENT collaborators (particularly read-only collaborators) from being able to easily duplicate an entire base.

When we share read-only links to bases or views, we have that option that we can uncheck that says: โ€œAllow viewers to copy the data in this baseโ€ or โ€œAllow viewers to copy data out of this viewโ€.

But it would be nice if we had that same feature for collaborators.

48 Comments
Andron_Ocean
5 - Automation Enthusiast
5 - Automation Enthusiast

The suggestions in this thread are a feel-better bandaid, but donโ€™t actually plug the hole that worries you. And, I wouldnโ€™t call this a security flaw. This is the way read-only access works. If someone can access data, they can copy it โ€” thatโ€™s true in any database system. Some systems might add some hoops to jump through so it isnโ€™t as easy to do, but at the end of the day itโ€™s always possible for a determined viewer.

(Go to one of those shared no-copy-allowed views, right click somewhere and choose โ€œSave Asโ€ to download your own, local copy of the entire pageโ€ฆ in just two clicks. There is absolutely no way Airtable can stop anyone from doing that, or a number of other technical tricks.)

Never let someone view data when copying that data is an unacceptable risk.

A far better solution would be granting individual collaborators access to some, but not all bases/tables/views. The best way to do this now is to use multiple workspaces, and keep sensitive data in one with only โ€œtrustedโ€ collaborators.

Iโ€™d love to see a โ€œcollaborator groupsโ€ feature within a workspace, so we could choose between allowing all collaborators to access a base, or only allowing group A/B/C to do soโ€ฆ even better if read/edit permissions could be assigned similarly. That would open up a lot more use cases for Airtable.

ScottWorld
18 - Pluto
18 - Pluto

Go to one of those shared no-copy-allowed views, right click somewhere and choose โ€œSave Asโ€ to download your own, local copy of the entire pageโ€ฆ in just two clicks

The read-only shared link pages arenโ€™t really a part of this security problem, because those read-only shared link pages can already be restricted to only showing certain records. And doing โ€œSave Asโ€ from those read-only shared link pages doesnโ€™t save any data. Although you can โ€œPrintโ€ those pages and save as PDF. But again, those pages can already be restricted to certain records.

If someone can access data, they can copy it โ€” thatโ€™s true in any database system.

Yes, this is technically true. But as I mentioned above, there is a huge difference between:

  1. Instant theft of an entire companyโ€™s data. (With 3 different ways of performing this instant theft.)
    vs.
  2. Forcing someone to scroll through 5,000 records and individually taking screenshots of each recordโ€ฆ or forcing someone to manually scroll through 5,000 records to manually copy data out of each field one field at a time โ€” and then having them manually repeat that process for every record in every table.

Deterring theft is the best way to prevent the majority of thefts. You donโ€™t want to hang the key on the doorknob. Right now, theyโ€™re hanging the key on the doorknob.

So while all the other solutions you outlined are absolutely the correct long-term approach to solving this problem, the dangling key needs to be removed first.

Then, we can start getting into the other solutions that you outlined. The other solutions that you outlined are absolutely necessary for any secure database system, and would be very much welcomed in Airtable, but โ€” letโ€™s remove the key hanging on the doorknob first!

Then, after the dangling key is gone, we can start adding in all of the excellent security measures that you are talking about! :slightly_smiling_face:

But yes, what you suggested as the solution is how all other database systems have solved this problem. We need Airtable to take this same approach.

Bill_French
17 - Neptune
17 - Neptune

No one can argue this point; as @Andron_Ocean indicates, itโ€™s the vast nature of systems that put data in front of eyeballs and along side a variety of copy tools that create risks. But I think itโ€™s also wise to ponder the subtle difference between copying, replicating, and replication awareness.

Letโ€™s all agree that copying should be set aside in this conversation because there are so many ways to make copies that weโ€™d be wasting energy and time debating the undebatable. Copying is a risk that is virtually unavoidable.

Replicating

Almost without exception, the vast majority - perhaps north of 90% - of the database systems available as modern SaaS solutions make it almost impossible to replicate a database or to do so without someone knowing about it. This is not the case with Airtable - they are (unfortunately) in the top 90+ percentile of this category; clearly not something you want to be good at.

Replication Awareness

If youโ€™re going to make it really easy for read-only users to swipe a fully functioning copy of a database app, you might want to at least let the creator/administrator of that database know that it has been replicated and access automatically extended to that original creator.

Far Worse than Copy Risks

Replication is in a vastly different class from copying. The ability to make a โ€œcopyโ€ of a fully functioning base represents an outcome unlike any definition or notion of simply copying the data. It is fundamentally different because it comes pre-installed with a completely new security context that the replicator can use to inflict harm, cause misleading conclusions, modify, and misrepresent as an authoritative version of the original base.

Replicated Airtable bases are virtually indiscernible replicas that can be used for nefarious purposes both inside and external to an organization without so much as more than a few clicks. It is no different than printing counterfeit currency without the need for paper, ink, or design templates.

ScottWorld
18 - Pluto
18 - Pluto

The absolutely amazing thing is that Stacker has fixed every single security issue that is broken in Airtable. Every single issue. All fixed with Stacker.

In my opinion, Stacker is actually what people are hoping to get when they sign up for Airtableโ€ฆ until they realize that they donโ€™t get ANY of it with Airtable. None of it available in Airtable.

If I ran Airtable, I would purchase the entire Stacker team & Stacker product todayโ€ฆ and I would integrate it natively into Airtable by tomorrow morning.

Nimesh
5 - Automation Enthusiast
5 - Automation Enthusiast

Personally, I find it scary to collaborate in Airtable. Airtable should really take these securities stuff seriously. They should also add the ability to make specific tables, custom fields, and even specific records private. ClickUp is not a fully-featured database like Airtable but the permission features there are pretty good. Airtable should really copy its permission features.

ScottWorld
18 - Pluto
18 - Pluto

Yes. Luckily, we have all of these permissions built into Stacker, but itโ€™s a VERY expensive add-on. Itโ€™s a minimum of $120 per month, and thatโ€™s if you pay for a year in advance.

Bill_French
17 - Neptune
17 - Neptune

Indeed.

Um, yeah - notwithstanding the massive legal risks of doing so.

As consumers, we tend to assume that everything anyone else has implemented is available for the taking. This is simply not the case and companies that fail to innovate along the pathway to meeting specific customer requirements often get sideswiped with costly litigation. We should be careful what we encourage any vendor to do. :slightly_smiling_face: And this is why acquisitions sometimes occur the likes of which @ScottWorld has suggested.

Iโ€™m not suggesting Airtable is constrained by any specific IP high-ground to improve its security and on the flip side, Airtable has likely been a target of flagrant intellectual property infringement. Does anyone see the resemblance?

image

Nimesh
5 - Automation Enthusiast
5 - Automation Enthusiast

Yes, I have checked Stacker and the permissions are very good. As you have mentioned, itโ€™s very expensive and we donโ€™t get all the good things that Airtable provides. Hope Airtable purchase them right away and implement the features right into Airtable.

Nimesh
5 - Automation Enthusiast
5 - Automation Enthusiast

Yeah, what I meant was be inspired by it. :yum:

Is Microsoft even allowed to do this? They totally copied everything and are not shy about it as well.

Bill_French
17 - Neptune
17 - Neptune

I donโ€™t have a clue. But Microsoft is really good at this and they - more than any technology company - can withstand and likely prevail in lengthy legal battles; even the ones they shouldnโ€™t win. Perhaps Airtable has been damaged by this, or perhaps thereโ€™s another explanation.

Engineers at Microsoft - and most tech R&D labs - are intentionally kept away from products and services on the competitive compass heading as they pursue new solutions. At a former employer where I led the R&D team, we required our team to have zero contact with competing solutions prior to and during design sessions. It was carefully documented that our teams were not influenced by other systems nor did they have any access to images, examples, or other external influences as they crafted a new product.

Anyone is allowed to innovate. The pathway chosen to get from zero to innovation may create risks and open the door to litigation.