security – Dropbox URL gives access to file content

I am very surprised that I linked on a Dropbox URL stored in my web browser’s history and, without being logged in, I could see the content of the file.

I have created a new file to test it and, just with the URL that is accessed by the web browser, anyone can see this file which theoretically has never been shared with anyone: https://www.dropbox.com/scl/fi/eprarh4pibp39mrrgsqw6/Document.docx?dl=0&new=1&rlkey=ghlowj8k67bf5vljtr6jkv42b

I know that you will say that the URL is “secret”, but URLs can be seen:

  • By other users even if I have logged out from Dropbox.
  • The ISP.
  • Anyone who guesses a URL (probably this is impossible in practice).

Do you know if this is normal? Isn’t it a big security concern?