It is absolutely crazy that a product that offers [client-side] encryption to protect user privacy, then sets uploaded GooDrive files to be world-readable by anyone that happens to have the corresponding URL. "Hashes as URLs" cannot be considered a privacy mechanism.

I'm not even sure what it would break on the client side if you did set files to restricted. Right now if I go into GooDrive and set the uploaded file to restricted, its still perfectly accessible by clicking on it in Moo.do. However it (setting to restricted) does break image inlining - I'm not sure why, as the moo.do app must already have a token for uploading, so a client-side fetch+inline shouldn't be an issue..

NB. While evaluating another competitor in the hierarchical outliner space, I noticed they were doing the same (though backed with S3), and I gave them **** for it. So this is apparently a non-unique anti-pattern. They were pretty sheepish about it and admitted the need to fix it. But they don't have client-side encryption -.-