
All shared Google Photos are open to the public - akras14
https://www.alexkras.com/do-not-share-your-google-photos/
======
whack
_" The only security measure is that the album link is hard to guess. It was
pointed out that this link is really HARD to guess. It does not need to be
guessed. All it would take for some strangers to get access to my private
photos, is for one of my relatives to share this link by mistake."_

FWIW, whenever I share sensitive documents on drive, I do so via a shareable
link. I figured if I trust someone not to download the file and share it as an
attachment, then I trust that person to not share the url publicly as well.

One distinction though, is that URLs are much easier to steal, as compared to
login info. People often don't make an effort to hide their browser URL when
using their laptop in a public location, nor do they clear their history when
using a shared computer. In theory, someone determined can use these
vulnerabilities to steal a URL address.

In practice, the above threat-model seems obscure and unlikely enough, that
for a social service like Google photos, what Google has seems reasonable
enough. I can understand the author's surprise, but I can also understand
Google's policy here.

~~~
hidenotslide
It reminds me of the old way Chrome didn't hide saved passwords. It made sense
under the threat model they had for the feature, but it wasn't the security
model end users expected would be the default.

A simple UI fix would be to explicitly call the sharing mode "unlisted" like
some other sites do including Youtube, with a similar warning about linking to
the content.

------
fatjokes
I think what's going on, and may no be well communicated, is that by default
when you share, you get sharing via the link. The benefit is that anyone who
wants to see the photos can do so without having to have a Google account, let
alone be signed in.

It's trying to achieve privacy by obscurity, and I'm assuming that Google has
robots / etc configured so that no search engine could crawl the shared album
URLs.

That said, I do agree that this should be communicated better. Personally, I
like this feature because some of my friends are fiercely anti-Google and this
still allows me to share photos with them seamlessly. The alternative
suggested by the author (i.e., upload to Drive then share) is less seamless
and for me, not worth the additional privacy gain. (The photos I truly want
private are not shared at all, and I try to delete them from the cloud asap).

~~~
morganvachon
> _" Personally, I like this feature because some of my friends are fiercely
> anti-Google and this still allows me to share photos with them seamlessly."_

I am fiercely anti-Google and I wouldn't touch a Google link for any reason,
even if a friend sent it. If it's so important you need me to see it right
away, send it via Telegram or MMS.

That said, I don't think this is malicious on Google's part, it's just lazy.
Allowing sharing of private content is difficult to get right, but if Dropbox
can do it I know Google can. Hell, they are smart enough to do it _better_ ,
which is why this screams laziness or just a plain "we don't care" attitude.

~~~
aaomidi
Send it via a third party who can read your messages or MMS where everyone can
read your messages?

Nice alternatives...

~~~
morganvachon
First, either is more secure than clicking a random HTTP link from Google.

Second, the author was speaking of sharing a random photo with a friend, not
national security secrets. I don't want Google seeing what I see, and using a
third party messenger or a carrier service like MMS accomplishes this. If I
need it to be encrypted, I'll use an encrypted service, but I wasn't talking
about that and you're moving the goalposts to make what point exactly?

------
gonyea
This seems like a lot of scaremongering. You have to balance a good UX with
good security, and Google has done just that. If shared photos require a
10-step process for Grandpa to see them, he’ll never see them and you’ll be
angry that Google photos let you down.

~~~
akras14
I am advocating for a better UI that is clearly communicates what will happen
when post is shared.

Sort of like Google Drive does it. Make it easy, sure, but let me know the
trade offs.

------
myrandomcomment
It says “Via Sharable Link – Anyone with a link will be able to view or edit
the files”.

Not sure how much clearer Google could make this.

Why is this the top story? It is a non story. PEBKAC.

~~~
akras14
Where does it say it in Google Photos?

I only see email, with no warning that album will be public.

The Via Sharable link screenshot is from Google drive, which works as
expected.

~~~
akras14
Correction, it does show this warning in some flows:
[https://www.alexkras.com/wp-
content/uploads/share-4.png](https://www.alexkras.com/wp-
content/uploads/share-4.png)

Unfortunately for me, I was using the other flows to share my photos.

------
boysabr3
I think this is a fairly standard practice. This is exactly how shared links
on Dropbox, Box, Mega, Imgur, etc. work. You can think of the URL as one long,
and extremely hard to guess password.

Completely agree that Google Photos (and the other data hosting services)
could provide warnings to those new to this method of sharing — I wouldn't
expect my grandma to simply know this.

~~~
akras14
Google Drive creates a proxy link that makes sure that user actually has the
proper privileges to access the content, before doing the redirect.

This can be seen by inspecting image link in Google Drive.

I was simply expecting to see the same behavior with Google Photos. As you
said, at the very least it would be nice to see a warning, which turns out
they provide in some, but not all flows.

------
NightlyDev
All photos on Google Photos is publicly accessible, if you know the URL. It
doesn't matter if it's shared or not.

~~~
mathw
I just tested this with the image link for a non-shared photo in a private
window. It loaded without incident.

Not okay, Google.

Getting hold of one of those URLs is not going to be easy, but still this is
not at all what I would expect.

~~~
mathw
Okay I've thought about it some more.

The size of the URL for the image resource is utterly huge. If that is truly
random in its generation, there's no way anybody's ever going to guess it or
enumerate it. It's all SSL, so you'd need a serious network breach for anybody
to sniff it, and then you have bigger problems.

So yeah. Not that bothered upon further thought.

~~~
akras14
Agreed, I am mostly bothered by UI that allows me to share these sacred
private URL without alerting me that there is no additional security in place
to insure that only user's I've shared the link with will be able to access my
data.

I still think it's OK to use Google Photos. People just should be very careful
with what they chose to share.

------
givehimagun
I'm not following - the author asked Google Photos to give them a generic link
not connected to anyone. If Google required you to login for a regular old
link, I think people would be more upset. If you want to share to a specific
person, you have to click share and then select that person.

All of this seems to be working as I expected.

~~~
akras14
That is not what is happening though, sharing with one person, opens up the
folder for all people with a link.

~~~
dmitrygr
How else would you share with someone who has no @gmail account, exactly?

~~~
Fa773NM0nK
OAuth or OTP to email comes to mind for now.

~~~
dmitrygr
I cannot wait to see how you'd explain that to your 93-year-old great-
grandfather.

------
rumdz
Thank you for bringing this to my attention. I've just gone and deleted a
couple very private albums myself.

~~~
akras14
You are welcome! I figured I wasn’t alone.

------
jeffjose
The article is riddled with typos. Coupled with the exaggerated claims that
"All shared photos are public" leads me to believe this was written purely to
get internet points.

~~~
akras14
My apologies. Father of two little kids here and didn't know if it was going
to get any attention. I just had my wife proof read it, but if you find some
other typos, please let me know.

~~~
brokensegue
after reading this i assumed english was your second language. there are still
more obvious typos.

also yeah the hyperbolic language combined with the coinbase link read as
"attention seeking" to me.

~~~
akras14
English is my second language. Re attention seeking, I though it was a big
deal. Both my wife and I were shocked by it, so I wanted to share.

Coinbase link, is my experiment of trying to monetize my blog. Like I said, 2
kids...

~~~
mobilemidget
If I need to make a post every time my wife was shocked by something on the
internet, the internet would be twice as big.

I still use email if I want to share a picture with somebody? I must be old
school.

~~~
jaclaz
>If I need to make a post every time my wife was shocked by something on the
internet, the internet would be twice as big.

JFYI, in case of need:

[http://www.marriedtothesea.com/030306/gracious.jpg](http://www.marriedtothesea.com/030306/gracious.jpg)

------
exikyut
> Google Photos is NOT Google Drive

> ...

> ... I think that this is a lazy design. ...

No, it's absolutely deliberate.

My take (not sure why nobody else is saying this):

Google is contractually required to not inspect or analyze the _ _private_ _
data it stores beyond technical purposes such as deduplication.

\- Google Drive is used for corporate environments where privacy is the be-all
end-all. Can't really do anything there.

\- But by using UX antipatterns to get away with making Photos public by
default, Google can say "well the photo was publicly accessible so we've ...".

Hmm. I wonder what the legal ramifications are of making a photo private. Does
that constitute a licensing change on the part of the copyright holder (you)?
Can Google argue _for_ holding on to "the copy of the photo that was public"?
(Yes there's no bit difference but the legal flavor is different.) If that's
the case, that could explain why everything's public by default; just grab a
copy of the photo before the user makes it private a second later.

Remember how the Pixel has unlimited online Photos storage?

This is clearly a tracking move. I was reading about how YouTube analyzes the
content of videos (AI content recognition), etc. If Google has the infra to
analyze _video_ they can easily do images.

Related: [https://medium.com/insurge-intelligence/how-the-cia-made-
goo...](https://medium.com/insurge-intelligence/how-the-cia-made-
google-e836451a959e) (REALLY long - I started going crosseyed ~60% through -
but probably the most relevant thing you'll find all week if you're interested
in how Google is tracking you and what their motivations are)

~~~
exikyut
For reference, this is now at -2. I am very fascinated by this.

