Why draft can be viewable by anyone?

When I save to draft, it will generate a link like https://example.com/d/asdf123456gh. Why is this viewable?

I think this should be controllable, the user can choose if it’s viewable or not.

Hi @misaka00251! Great question. The draft workflow for Write.as/WriteFreely is a bit different than for other platforms.

The draft is an unguessable link, so it is private by default. You are free to share the link or move it to your blog when it’s ready. Otherwise the draft will remain hidden. You are in control with whether it is viewable or not.

It does take some getting used to though. This resource along with this forum post helped clarify things for me. Hope that helps!

I do have a question, though, out of sheer coding ignorance: are these “secret” URLs technically discoverable through a brute force of generating strings using whatever method Write.as uses to generate the strings, or are the potential combinations of characters so enormous that it would be a fluke to find one that way?

@cjeller1592 my anonymous posts have 0 views, but one of them got 4 views in a few hours. I shared it with one person who didn’t share it and it went up to 8 views. It’s the first time it happens, though, but it concerns me a bit.

@bix you can find some randomly if you google “site:write.as”.

For example:

But in theory those are ones that were linked from somewhere.

@bix ah, good call! Didn’t think of that.

Technically yes, if someone generates random strings of the correct length and characters to match post IDs they could try each one and record what links return a status 200.

But they would not know who wrote it, as it would not appear in any way associated with the writers account until published.

This is the same as Medium for example, at least if I remember correctly, the ‘private’ link is just a random string.

I had a link to an external site in one of my drafts and, of course, checked it by clicking it. Which, in turn, generates a hit on the external site, referrer and all. And that is how the external site found the draft.

Maybe that solves the riddle of incoming traffic?