Looks interesting. I'm curious about why there's a 32bit cookie added to the volume,filename -- it seems like a rather weak protection -- and as such, it becomes an unnecessary complication? As have been shown with facebook, relying on (permanent) secret urls to grant/deny access is a bad idea.<p>So, why not just use volume,id, and then deploy a proxy that handless access based on tokens in front -- if access control is wanted? (Not all uses of files will need/want access control).<p>I suppose one reason for a "cookie" would be cache invalidation in case of volume,id reuse.