New bucket objects seem to be public

After I created the bucket and uploaded some files I tried sending the link to an object to another computer and I was able to view the object. I was running in a new Incognito window on a different computer. Should this work like this?

On the Object details page it gave me a link URL of

https://storage.cloud.google.com/storage-lab-55387/README-cloudshell.txt?organizationId=0

When use that link on a different computer in a new Incognito window It does prompt me for a Google ID before showing me the file.

However, if I try the link on the computer where I uploaded the file with an authorized browser window I see that it translates the link into this:

https://00e9e64bac2391c552250617451fe0d4d657dc27962329398b-apidata.googleusercontent.com/download/storage/v1/b/storage-lab-55387/o/README-cloudshell.txt?qk=AD5uMEsCylWEL_w-CeHyAwjOnGDlvcw6q7Lj-KxiCaIwZynSyiQWfY7VKqqfr_AxqJOMb-R9lxbhKGuf_5jt0fR_52jdA4eVfoofk6wAxwJaPdaf5_R4TBRABcsr856akDWtcZVD8KMtmaDgWlEqtXISWvgJcIT8p2dEOL5gz19nZIf4POAFQPW_Pp4nHdQEurEciRrgbtNy5euLEfRvc_ioYQv0BRqAh1h59NQ1giwTA3lwI2XA2KpDv6T7kgpLesU3c8GdyeYRDSKNiKJx0w8P2CRo9M_5XB4BY4W9pUXo9U8AC0Z_VRAFnFK5SwXF9XYp3gBbQRNXpG6qhl4qkUbwGMaqljXyqd9TW7t25v-rd4djfpWthyJ6ZLEwwHb8qTyURbB2uYK5xPfpx0491ArpvJ83p6hxKcZ-X6QEA9BQopJr_z4VeznNh-LbbncxMbyLjVOPlE8moT_fesf5xWVOp8g1cc7ihdbrHuhAwDAEjbWlsYqRg_4esTWZ1tylPuhfn3r27aNltP7zMZZXCSM_3msSDd75-A_hG2VwVmQHGjlOTiqvvt_iuSgtzzzqgNpZ9-W6RfrkTyO_mSgtgi0Y49aHf92OXybzVzEmAaAIfVPvHjJP7lr0MySo8ub70a4mxHjaK2EJ6bl4j_0OFiF6V2-FNZWkLVGpi7rZtVoldX83CVCZgn3JXPA5XNqjX3GG8nDF_uHBHTRsN-ZAi0W2Me9e_3GEY7Ym2CWHNufru6Upn-LwoTjW2uqfE9hjFKnnIC66ZMARzMFFAaVfGXcy7B6auRB2-Yj2fl_qrNG2k0_1ztOWoQUsM7ugaKn3l5y0kOLwiLx1&isca=1

If I send this link to another computer, I am able to view the object without being prompted for authorization.

is this how it is supposed to work?