mettarefuge wrote:I'm petrified that I accidently upload to the world personal files.
Well, it's really weird, because I use Growl, and when I tested out sending a file via the CM plugin, SD itself reported nothing at all — there wasn't even anything in the log. But Growl popped up shortly after I tried to send the file to tell me that the upload to RapidShare was complete. Without Growl, I'd never have known anything had actually happened — so it is possible that some of your files have been uploaded.
To be sure that Growl was correct, I installed Little Snitch, which reports on all network connection attempts by application. I tried a small file, and observed several connections to RapidShare taking place briefly. (Oddly, the first connection was not to RapidShare but to Yazsoft.) Again, Growl reported success, while SD itself gave zero indication that anything had taken place. I then chose a much larger file to upload — and, sure enough, I saw that SD was sending a correspondingly large amount of information to RapidShare. (This time, there was no initial connection made to YazSoft.)
The good news for you is that, every time RapidShare receives a file, it puts a random eight-digit "File ID" in the file's URL so that no one can guess what the URL is: people have to be told by the user. Now, people who have Collector and Premium are provided with a list on the RapidShare site of all the files they've uploaded and their URLs. In this case, I think it's inconvenient that SD doesn't report the URL itself, forcing these people to go to the webpage (from where they could have done the upload, making the CM plugin sort of pointless). Needless to say, for people who don't have those kind of accounts, this lack of functionality is not inconvenient but simply insane, because they have no way to know how to get at their files after uploading them!
After ninety days, RapidShare deletes files that have never been accessed, and I don't think anyone is going to find your files by chance. As their FAQ puts it:
The file ID has 8 digits. It offers 108 = 100 million possible character combinations. If your filename is 10 characters long, there are 3910 = 8.140.406.085.191.601 or 8 quadrillion possible character combinations.
If a person wants to guess the download links, he/she has to find out both combinations. In our example, he/she would have to choose the correct filename from 108 * 3910 =8,140,406,085,191,601 or around 8 quadrillion possible character combinations.
I suppose you could write RapidShare with the time of day it happened and your IP, explaining what happened and asking them to delete anything that was actually uploaded. But it seems to me that, even if something was uploaded, the general public basically has no chance of ever seeing it.
For my part, I've made a rule in Little Snitch to prevent SD from ever contacting RapidShare; and I'll be complaining to Yazsoft support directly (at <firstname.lastname@example.org>) and giving them a link to this post.
The shoddy and, as you said, dangerous implementation of this feature is perplexing coming from YazSoft, who seem to be very attentive to the quality and feature-set of their product. It must have slipped under the radar, but — if enough people draw it to their attention — I think they'll deal with it.