I'm guessing the password is tacked onto the URL as a fragment, which browsers do not send to the server. But this means that it relies on the trust that browsers follow this requirement.
It looks like you are correct, but only if you let them generate the password. If you define your own password, then you would have to share it via another channel-
>> While the Proton server will know the URL, it will never receive the password.
>> When creating a new shareable URL for a file, the web client will first confirm that a share directing to the file exists. The passphrase of this share must then be encrypted with the new password associated with the URL. This new password is either randomly generated by the ProtonDrive client, or is specified by the user.
>> In the case of randomly generated passwords, the user can choose whether they want to include it at the end of the URL, equivalent to sharing the content publicly. This section of the URL isn’t shared with Proton servers, making the password and the content inaccessible to Proton. Alternatively, the user can choose to share the password separately.
>> In the case of user-defined passwords, this option isn’t available and the password must always be communicated separately.
It is exactly same as mega.nz does now. Unfortunatelly it is prone to leak of full URL by malcious or buggy browser extensions. And does anyone know what is sent with Chrome URL check?
