Did you know that your data on any product is available globally with a public URL? No password, no security, anything. Go to your google dashboard and request to download your data, after that you will see a JSON file for each photo you have, each message you sent or for anything you use inside google ecosystem from purchasing products to YouTube search history. You will see that public URL in that JSON file

@ggnoredo You can't even download your data as a JSON file... I can only get a zipfile containing the data slammed in something like my GDrive or Dropbox (or mailed to me or w/e)

@pedro @ggnoredo downloaded it, looked in the JSON file... aaaaand nothing (tested with locationhistory).
So unless it has to be a specific one and/or there is a major difference between the exported for Country A and Country B, I'ma have to call bs on this one...

@finlaydag33k @pedro sorry but no. Please have a look at the screenshot that belongs to 1 of my photos in google photos. That url is public

@ggnoredo @finlaydag33k @pedro @coy this is not an issue at all, most of the big sites do this to make sharing easier. The URLs are public but the length of the string acts as a sort of password. Calculate how many different combinations you can have with those characters and I assure you it would be a number too big to do anything with. Theres a reason why this discovery isnt big news that everybody knows

@teko @pedro @finlaydag33k @ggnoredo >security by obscurity
It isn't big news because everyone expects this sort of behavior now, as if it were normal, which it is the new norm but it is not normal. I 100% guarantee you that those URLs are being scraped in large quantities just for the hell of it, for sensitive data, for blackmail, etc., to presume google or whoever has your best interests in mind is essentially suicide.

@coy Tbf... I'm literally writing a scraper/bruteforcer rn XD

Sign in to participate in the conversation

A instance dedicated - but not limited - to people with an interest in the GNU+Linux ecosystem and/or general tech. Sysadmins to enthusiasts, creators to movielovers - welcome