[ad_1]
Searcher Robert Wiblin over 80,000 hours have recently spotted something interesting about Google Photos. He noted that privately shared links have become accessible to the public. He told friends who use Google Photos and they did not believe him. After all, why would Google allow such an oversight? If you share information privately with a specific person, only that person can see it, is not it?
Apparently not. After digging a bit, Robert was able to demonstrate that these privately shared links were publicly accessible from any Google account, or even if you were not connected to Google at all – as indicated when it was able to access a shared "private" account. link from an Incognito browser window.
Robert details the full number in a post on Medium. About the video above, he says …
What have you just watched? If I share a photo with another specific Google Account, I can use this link to post it in:
- another Google account with which it was not shared (25 seconds), and;
- a private browser window in which I'm not connected to any Google account (39 seconds)!
If this "secret" link is revealed, everyone will be able to see it until I delete that specific share instance. And I would have no way of knowing they were watching him!
People are constantly telling me that I can not be right about it – it will happen in the comments below, I promise – because the interface never says it happens. Nowhere "Create Shared URL" or something similar appears in the video.
In addition, the interface is very similar to Google Drive, which only allows to see a file by default when it is connected to the specific account with which it was shared.
Drive also lists the people with whom a file is shared when you click the share icon. Thus, Photos users naturally assume that their photos are private when they see that no one is in the list when they click on the "share" icon.
Google Photos would be expected to work the same way as Google Drive, since until recently, both were intrinsically linked. But this is not the case. The expected behavior and behavior displayed in Google Drive is not the same in Google Photos. As soon as you share your private photo with anyone, anyone else who can access the URL can see it.
For example, while Google Drive uses private shares in the same way as "private" videos on YouTube, Google Photos looks more like YouTube's "unlisted" videos, which are accessible to anyone with the link.
This mode of operation is not intrinsically bad, but the problem is that Google Photos does not warn users that anyone with this link will be able to view the images. The recipient of the link does not know that everyone can see it. They assume that it is a private action reserved for them and do not hesitate to censor the link if they convey the conversation to someone else.
And by default, these links remain forever until you explicitly delete the share.
Although, for photographers, sending what we think is a private link to a customer may be a source of some embarrassment, depending on the content of these images, it might be illegal to expose images of private customers in the world.
So, if you really want to share private images with your customers, even your friends and colleagues, photographers do not use Google Photos.
You can read more about the problem on Robert's Medium's post.
Extract cited used with permission.
[ad_2]
Source link