

Why doesn't FB to implement restriction/ACL for accessing uploaded photo? - hrasyid

Facebook claims to allow restrict sharing to friends, certain network, or even custom when I upload photos.&lt;p&gt;http:&#x2F;&#x2F;i.stack.imgur.com&#x2F;673Bu.jpg&lt;p&gt;But it appears that this security is only in effect for the page where the photo is hosted. One can use the &quot;Copy image URL&quot; or the equivalent in one&#x27;s browser, and you can forward this URL to anyone, who will be able to see it without even logging in to Facebook.&lt;p&gt;This looks weird, because I&#x27;ve seen companies without a superstar IT security team be able to restrict their images&#x2F;resources with LDAP or something similar. Why can&#x27;t Facebook do this?
======
patio11
This is a product decision.

It may be partly informed by 1) If anyone sees a photo, they can redistribute
it regardless of what our restrictions are serverside, so might as well not
give users unreasonable expectations. 2) We really WANT people to share
photos. That's basically what Facebook's core interaction is. 3) Implementing
this additional security does not increase any metric which Facebook cares
about. 4) Users occasionally rely on this feature to post pictures which they
host on Facebook to other sites on the Internet, which we want to support,
because it means they post photos on Facebook.

~~~
grinich
Additionally, it means serving photo assets can be _way_ faster. The
authentication step is done at page generation (essentially inserting an
obscure URL), so the photo can be moved to a CDN or non-application code
server.

It's pretty standard practice. For example, Gmail does something very similar
for attachments.

~~~
spacemanmatt
Yup, it's the CDN that precludes auth for images. This was one of the bigger
nails in my account's coffin.

~~~
bmm6o
> _This was one of the bigger nails in my account 's coffin._

What are you referring to here?

------
buro9
It's hard to do when you have users counted in billions, and photos counted in
trillions, and then have those photos stored across multiple datacenters and
served globally through many CDN endpoints.

It is undeniably possible, but the cost (money, performance) is so extreme and
the benefits so small (the edge case of people sharing confidential things by
copying file URLs when they are always going to be able to take a screenshot
in an undetectable and sharable way)... that it just does not come out as a
thing worth doing.

Then when one considers that the faster you can make file serving and the UX
of the web site and app, the more responsive and higher the engagement...
which means increased likelihood to click adverts too.

So you have a huge cost, with little benefit, vs a drop in speed and potential
impact to advert revenue.

No reasonable company is going to say that this should be done unless there is
an overwhelming business reason to do so (i.e. you are Box and storing company
secrets and the liability of leaking them is extreme).

~~~
the_jackal
What are the costs, though, exactly? Just how worthwhile would it be?

------
wslh
I always thought that configuring Facebook permissions is more complex than
administering Windows Advanced Server.

~~~
spacemanmatt
More complex, yes, but less reliable.

------
patmcc
Anyone able to view an image can share it with other people if they really
want to - maybe they need to save it and host it themselves, or take a
screenshot, or even use their phone to take a picture of the screen. Facebook
has simply opted not to put any effort beyond the trivial into this.

------
ohsnap
They can, but once you have access to the image you can just copy it from the
browser and email it to anyone... not much different from sharing a url. So
it's not a huge security benefit, especially for the costs involved (as some
of the other comments mentioned)

