Nearly 3 month later any update on this issue @Jovana ?
Hello @InfiGhost! I believe I also replied to you on Facebook regarding this.
Sorry about no updates, there are a few topics regarding this so I forgot to update this one, but a discussion is going on here.
As I mentioned on this other topic and on Facebook, we have made significant progress with this and the attachments are already much more secure than before. But we still have a few things to cover for the fix to be complete.
Thanks for the patience! 
@Jovana Thumbnails for images still loading directly from public S3 buckets on AWS (startinfinity.s3.us-east-2.amazonaws.com). So everybody can see what kind of images I store inside any of my boards. Full size png and pdf are still accessible in private window without any problem for an attacker (https://app.startinfinity.com/attachments/get?path=item-files/xxxxx/yyyyy.png). Sorry, but for me there is no improvement at all!? Do I miss something?
Hi @InfiGhost!
Not sure how we could limit the thumbnails and previews since those are intended to be visible by your whole team - and for the people you share the board with.
When clicking on a link to an image, you can no longer see it - you should get an error if you follow a certain link to an image stored in Infinity. So basically the biggest improvement that people outside Infinity can no longer open files to Infinity just because they have a link.
But I will need to check with the devs the exact list of improvements. And as @micck suggested, we do have some loopholes to cover still.
Hi @Jovana,
Not sure how we could limit the thumbnails and previews since those are intended to be visible by your whole team - and for the people you share the board with.
Currently the thumbnails are visible to the whole world! There is no protection because the AWS S3 bucket used by Infinity is completely visible to anyone. So anyone can run a script and let it guess filenames and download all thumbnails and previews. This is not what we want, right?
When clicking on a link to an image, you can no longer see it - you should get an error if you follow a certain link to an image stored in Infinity.
I can access pdfs and pngs in my private Infinity board without any protection or without the need to login from a private browser window and also from another browser. I have sent you two links via FB messenger so you can verify it yourself - I donāt want to post them here.
So basically the biggest improvement that people outside Infinity can no longer open files to Infinity just because they have a link.
They still can - at least in my case.
When I use a link from the structure https://app.startinfinity.com/### I get a message that this is not authorized and am forwarded to login:
So this is already much more secure than what Trello offers. So itĀ“s true that people can not open files with the provided link.
Try this link: https://app.startinfinity.com/attachments/get?download=1&expires=1609924673&path=item-files%2F10967%2FQLQyx6MRlgEbYj97P7tH9YTfeBHCNftcXGHVOlr1.png&signature=5d0a90258550882f00e23728271590d1c1757f1bcf140905ffa70cf6813a7f57
If itĀ“s not working for you be sure that the board you use is not public and you are not logged in.
I donāt know about the thumbnails issue though, but with my (limited) knowledge I cannot retrieve a S3 bucket link anymore. You may have saved one from previous infinity versions.