Files transferred on Upwork are being scanned for potentially malicious content. Malware scanning will remove embedded macros, formulas, or active content that is deemed potentially malicious. Please see this page for more information about Upwork's Trust & Safety processes.
If you want the original unmodified attachment, you can contact Customer Support. Upwork is not responsible for any damage that may be caused by opening unmodified files transferred on Upwork.
re: "how secure is downloading files from clients on upwork?"
Upwork is not a file transfer tool.
There are many problems with Upwork file transfers, including the fact that Upwork file transfers silently alter many types of files in ways that damage them or render them unusable.
If transferring files in a way that is:
...is important for you as a client or freelancer, then you are not using Upwork to transfer your files. You are using other methods.
Note that the Forum Moderator provided accurate information, in stating that Upwork may indeed modify files that are transferred via Upwork. The moderator further stated that Upwork can assist users in transferring files without altering them if you contact Upwork Customer Support and arrange to have them help you transfer files.
This is one of the things I am referring to when I point out that user who desire to utilize more "efficient" file transfer processes could choose to use methods such as Dropbox, FTP, email, Google Drive, WeTransfer, etc. which are ways to transfer files securely, without altering the files, and which can be done without contacting people and making special arrangements.
I think that you didn't understand me, what I mean, that the client may be a hacker and integrating keylogger or any viruses in their PDF or Word file they're sending for the freelancer.
The original poster asked a few different questions.
One of those questions was whether Upwork would be legally responsible if the freelancer downloaded a harmful file.
Upwork's forum moderator answered: No.
("Upwork is not responsible for any damage that may be caused by opening unmodified files transferred on Upwork.")
re: "I think that you didn't understand me. What I mean, That the client maybe a hacker and integrating keylogger or any kind of viruses in their PDF or Word file they're sending for the freelancer."
You're right. I didn't understand what your primary concern was.
I thought you were worried about YOUR files being altered. Or you were worried about problems downloading files from a TRUSTED and KNOWN client...
You are concerned about whether or not files you download from a client - a stranger - could potentially cause damage. You are worried if files you download from job postings or receive directly from a client could cause harmful marlware.
The answer is:
Upwork scans files for such malware, and intentionally tries to remove anything along those lines.
Are Upwork's scans perfect?
Are Upwork's scans able to find EVERYTHING that might be harmful?
Even if the files are compressed and then de-compressed on your end? Even using an unfamiliar compression algorithm?
What if a client bypasses Upwork's scans?
What if a client or fraudulent job poster manages to post a LINK that lets you download a file directly, thus bypassing Upwork's scans?
Is it possible that a nefarious person posing as a client could get a BAD file or program onto your computer?
What if you start working for a client, and he sends you files directly via email? Can Upwork do anything about that?
These are legitimate questions.
Noureldin N wrote:
Do they bear the responsibility or not. Thanks.
They obviously do not. They would be stark raving bonkers if they did. NOBODY does that, and to expect that a company like Upwork does is at best incredibly naive.
Ultimately you are responsible for your own safety.
Noureldin N wrote:
I think that you didn't understand me. What I mean, That the client maybe a hacker and integrating keylogger or any kind of viruses in their PDF or Word file they're sending for the freelancer.
Indeed. That's why you have to be careful, use advanced (and likely paid for) protection (AV programs, firewall etc) and additionally you may consider using a sandbox / virtual machine etc to open files you are not sure about.
This is the Internet.
There is no such thing as "safe."