{"id":25975,"date":"2019-07-16T15:48:49","date_gmt":"2019-07-16T19:48:49","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=25975"},"modified":"2019-07-17T15:30:03","modified_gmt":"2019-07-17T19:30:03","slug":"google-photos-is-making-photos-semi-public","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2019\/07\/16\/google-photos-is-making-photos-semi-public\/","title":{"rendered":"Google Photos Is Making Photos Semi-public"},"content":{"rendered":"<p><a href=\"https:\/\/medium.com\/@robertwiblin\/google-photo-is-making-your-photos-semi-public-and-you-probably-dont-realise-6fcc74e40ac6\">Robert Wiblin<\/a> (via <a href=\"https:\/\/news.ycombinator.com\/item?id=20428266\">Hacker News<\/a>):<\/p>\n<blockquote cite=\"https:\/\/medium.com\/@robertwiblin\/google-photo-is-making-your-photos-semi-public-and-you-probably-dont-realise-6fcc74e40ac6\"><p>Whenever you share a photo with a specific person or account on Google Photos, it creates a link that will allow anyone in the world to view those photos, forever, until you go and manually deactivate that link in an obscure part of the interface.<\/p>\n<p>[&#8230;]<\/p>\n<p>If that &lsquo;secret&rsquo;&rsquo; link is ever revealed, anyone anywhere will be able to see it until I go and delete that specific sharing instance. And I&rsquo;d have no way to find out that they were viewing it!<\/p><\/blockquote>\n<p>This is perhaps not surprising if you&rsquo;ve used Flickr, which works the same way, and even has a way to track visits to the link. But it is surprising from the perspective of Facebook or Google&rsquo;s own Drive, where sharing with a particular user makes a link only for that user.<\/p>\n\n<p id=\"google-photos-is-making-photos-semi-public-update-2019-07-17\">Update (2019-07-17): <a href=\"https:\/\/www.theverge.com\/2015\/6\/23\/8830977\/google-photos-security-public-url-privacy-protected\">Russell Brandom<\/a> (via <a href=\"https:\/\/twitter.com\/sciwizam\/status\/1151221431071412228\">sciwizam<\/a>):<\/p>\n<blockquote cite=\"https:\/\/www.theverge.com\/2015\/6\/23\/8830977\/google-photos-security-public-url-privacy-protected\"><p>So why is that public URL more secure than it looks? The short answer is that the URL is working as a password. Photos URLs are typically around 40 characters long, so if you wanted to scan all the possible combinations, you&rsquo;d have to work through 10^70 different combinations to get the right one, a problem on an astronomical scale. &ldquo;There are enough combinations that it&rsquo;s considered unguessable,&rdquo; says Aravind Krishnaswamy, an engineering lead on Google Photos. &ldquo;It&rsquo;s much harder to guess than your password.&rdquo; Because web traffic for Photos is encrypted with SSL, it&rsquo;s also kept secret from anyone on the network who might be listening in.<\/p><\/blockquote>\n<p>However, it would be easy for people to listen in if you send the URL to anyone via an unencrypted service such as e-mail.<\/p>","protected":false},"excerpt":{"rendered":"<p>Robert Wiblin (via Hacker News): Whenever you share a photo with a specific person or account on Google Photos, it creates a link that will allow anyone in the world to view those photos, forever, until you go and manually deactivate that link in an obscure part of the interface. [&#8230;] If that &lsquo;secret&rsquo;&rsquo; link [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2019-07-16T19:48:51Z","apple_news_api_id":"afdf2f73-ec2c-4cab-a66e-1aec95ef506d","apple_news_api_modified_at":"2019-07-17T19:30:08Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAQ==","apple_news_api_share_url":"https:\/\/apple.news\/Ar98vc-wsTKumbhrsle9QbQ","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[25,116,1208,153,355,489,96],"class_list":["post-25975","post","type-post","status-publish","format-standard","hentry","category-technology","tag-facebook","tag-flickr","tag-google-photos","tag-photography","tag-privacy","tag-url","tag-web"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/25975","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=25975"}],"version-history":[{"count":2,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/25975\/revisions"}],"predecessor-version":[{"id":25985,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/25975\/revisions\/25985"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=25975"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=25975"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=25975"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}