Suggestion about the "It's not safe to downlo...

ahmed-abdulhamid · ‎05-08-2019

So, I'm sure you all have seen this message before. It started as files uploaded by clients (either on a job posting or in messages) being blocked and >90% of the time, the file isn't at all dangerous (but just because the format of the file can contain malware, even if it doesn't).

This is, of course, frustrating for freelancers (especially when the file is on a job posting and you actually need to check the file in order to decide whether or not you would submit a proposal). Well, now you're stuck having to contact UpWork support to ask for "permission" to download the file and then wait for up to 24 hours hoping that the job posting is even still available.

I had contacted UpWork several times about this issue and suggested the following:

You can display all the warnings you want, let us go through extra steps if you have to, but for crying out loud, please add an option that allows me to download the file AT MY OWN RISK!!

It has been over a year and nothing new has happened since then. But it gets worse...

Recently (relatively speaking), they started blocking (more?) files that are uploaded by freelancers too. They block at least almost every file that is (or contains) an executable whether it's sent via messages or using "Submit work" for a milestone. Well, I'm a software developer who writes desktop (executable) software; what am I supposed to do?! Usually, my clients trust me but even if they don't, they can scan the files on their own. So, as I workaround, I started uploading the files to a cloud (e.g., Google Drive) and sharing the link with my client. Well, there's more...

More recently, they started blocking these links as well. How are we supposed to work like this? It's getting very frustrating for both freelancers and clients.

I'm not against having a security layer but there has to be an option for the freelancer/client to take control and override whatever action it decides to do, especially when that "security layer" is (seemingly) blocking more false-positives than actual threats. In other words, please do not treat us like children. Any decent web browser has a feature that blocks "suspicious" files but, at the same time, allows the user to download the file at their own risk, should they need/want to.

I'm pretty sure I'm not the only one who feels frustrated about this issue so I came to Community hoping we can make a change.

The topic is open for discussion and/or official replies from UpWork support team.

AveryO · ‎05-08-2019

Hi Ahmed,

Thank you for sharing your feedback about downloading files on Upwork, I'll be sure to share this with the team.

I'm also sorry to learn that this has inconvenienced you in any way. These security measures are in place to ensure that we stay ahead malicious attacks on Upwork and its users. I hope you understand that security will remain our top priority.

~ Avery

ahmed-abdulhamid · ‎05-08-2019

Hi Avery, thanks for your reply!

@AveryO wrote:
These security measures are in place to ensure that we stay ahead malicious attacks on Upwork and its users. I hope you understand that security will remain our top priority.

Like I said in the post: "I'm not against having a security layer". Making security one's top priority hardly equals (or justifies) making an essential feature almost completely unusable in certain (yet vital) situations. Again, as I said in the post:

..but there has to be an option for the freelancer/client to take control and override whatever action it decides to do, especially when that "security layer" is (seemingly) blocking more false-positives than actual threats.

Keep the security measures, display all the warnings and disclaimers you like, even force the user to use a checkbox stating that it'll be entirely their responsibility but please provide an option to download the files at one's own risk. I honestly don't understand how that has not been common sense to you (the concerned team, not you personally)!

jackson_whitney · ‎09-06-2019

I just wanted to say that I really appreciate that Upwork understands how easily this platform and its UI structure could be used for malicious activity. That was my first thought when I submitted work for payment - was that it would be a goldmine for hackers to embed executables into linked files/documents - which is a sometimes a necessary function for both parties involved, at the posting, proposal, and contract work submission stages.
Thanks for addressing the very real and persistent threat with the measures it merits, even if it causes a bit of friction for the customers of your platform. It’s nice to see organizations that understand the risks and proactively attempt to counter them, while keeping in mind the impact to operational efficiency and the customer experience.
Good on y’all - Cheers!

Suggestion about the "It's not safe to download this file" msg - Can you not treat us like children?