Google Blogoscoped


Picasa Privacy Oddity  (View post)

Monk [PersonRank 1]

Saturday, February 28, 2009
12 years ago2,564 views

so it is unclear: is the problem still in place or not? are protected images accessible or not?

what is the post about exactly?

Philipp Lenssen [PersonRank 10]

12 years ago #

> so it is unclear: is the problem still in place or
> not? are protected images accessible or not?

I'd like to know too but as I mentioned, while that particular album wasn't available anymore through the approach, Google didn't tell me if they fixed the underlying issue, though you will find it easy to reproduce that individual images of "sign-in required to view" albums are still technically hosted on no-sign-in-needed URLs. What the danger of such hosting is, if any, your analysis may vary; it's relatively safe on the surface as the URL is "meant" to act as a sort of password, but it's not quite a password, due to odd side effects potentially appearing... for instance, if you change your album status from public or perhaps unlisted to sign-in then that "password" isn't changed, and Googlebot may still have it cached. (Also, a real password is technically but also socially less ambiguous than a pseudo-URL-"password".) So as this is a gray area, there is no simple answer to "are protected images accessible"... there are different answers depending on how you approach this (e.g. by checking the http header of the image you'll get a different answer than by trying to view the album by entering through the album front door). About the only conclusion I provided as mentioned in the post is that Google Picasa's approach is still "not as utterly-security-obsessive as could be".

This thread is locked as it's old... but you can create a new thread in the forum. 

Forum home


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!