diff --git a/src/applications/files/conduit/FileInfoConduitAPIMethod.php b/src/applications/files/conduit/FileInfoConduitAPIMethod.php
--- a/src/applications/files/conduit/FileInfoConduitAPIMethod.php
+++ b/src/applications/files/conduit/FileInfoConduitAPIMethod.php
@@ -45,7 +45,7 @@
       throw new ConduitException('ERR-NOT-FOUND');
     }
 
-    $uri = $file->getBestURI();
+    $uri = $file->getInfoURI();
 
     return array(
       'id'            => $file->getID(),
diff --git a/src/applications/files/conduit/FileUploadConduitAPIMethod.php b/src/applications/files/conduit/FileUploadConduitAPIMethod.php
--- a/src/applications/files/conduit/FileUploadConduitAPIMethod.php
+++ b/src/applications/files/conduit/FileUploadConduitAPIMethod.php
@@ -29,23 +29,20 @@
   }
 
   protected function execute(ConduitAPIRequest $request) {
-    $data = $request->getValue('data_base64');
+    $viewer = $request->getUser();
+
     $name = $request->getValue('name');
     $can_cdn = $request->getValue('canCDN');
     $view_policy = $request->getValue('viewPolicy');
 
-    $user = $request->getUser();
-    $data = base64_decode($data, $strict = true);
-
-    if (!$view_policy) {
-      $view_policy = PhabricatorPolicies::getMostOpenPolicy();
-    }
+    $data = $request->getValue('data_base64');
+    $data = $this->decodeBase64($data);
 
     $file = PhabricatorFile::newFromFileData(
       $data,
       array(
         'name' => $name,
-        'authorPHID' => $user->getPHID(),
+        'authorPHID' => $viewer->getPHID(),
         'viewPolicy' => $view_policy,
         'canCDN' => $can_cdn,
         'isExplicitUpload' => true,
diff --git a/src/applications/files/view/PhabricatorGlobalUploadTargetView.php b/src/applications/files/view/PhabricatorGlobalUploadTargetView.php
--- a/src/applications/files/view/PhabricatorGlobalUploadTargetView.php
+++ b/src/applications/files/view/PhabricatorGlobalUploadTargetView.php
@@ -23,12 +23,19 @@
 
     require_celerity_resource('global-drag-and-drop-css');
 
+    // Use the configured default view policy. Drag and drop uploads use
+    // a more restrictive view policy if we don't specify a policy explicitly,
+    // as the more restrictive policy is correct for most drop targets (like
+    // Pholio uploads and Remarkup text areas).
+
+    $view_policy = PhabricatorFile::initializeNewFile()->getViewPolicy();
+
     Javelin::initBehavior('global-drag-and-drop', array(
       'ifSupported' => $this->showIfSupportedID,
       'instructions' => $instructions_id,
       'uploadURI' => '/file/dropupload/',
       'browseURI' => '/file/query/authored/',
-      'viewPolicy' => PhabricatorPolicies::getMostOpenPolicy(),
+      'viewPolicy' => $view_policy,
       'chunkThreshold' => PhabricatorFileStorageEngine::getChunkThreshold(),
     ));