@ggnoredo @finlaydag33k @pedro @coy this is not an issue at all, most of the big sites do this to make sharing easier. The URLs are public but the length of the string acts as a sort of password. Calculate how many different combinations you can have with those characters and I assure you it would be a number too big to do anything with. Theres a reason why this discovery isnt big news that everybody knows

@teko @pedro @finlaydag33k @ggnoredo >security by obscurity
It isn't big news because everyone expects this sort of behavior now, as if it were normal, which it is the new norm but it is not normal. I 100% guarantee you that those URLs are being scraped in large quantities just for the hell of it, for sensitive data, for blackmail, etc., to presume google or whoever has your best interests in mind is essentially suicide.

@coy @finlaydag33k @ggnoredo @pedro you are not smarter than Google engineers, there's plenty of battles to easily win on privacy and this is not one of them. If you think those URLs are being scraped then you do not know enough about what you're talking about to comment. I'm really disheartened from trying to make points on and challenge people on here because it just falls on death ears. My points are ignored.


@teko I think you underestimate the issue here.
The issue is not about Google scraping the images but "malicious" people scraping the images.
It'll take a tremendous amount of resources to do so but the fact that it's actually possible like this is just mind boggling.

If those Google engineers really where that smart as you claim, they'd probably have this link only in there if it was a public image to begin with.

@finlaydag33k passwords can be cracked even though it would take 100 years, lets get rid of passwords

Their service is not made for you, its made for the mass amounts of people who like to share things and they get to benefit off using it for advertising and using it to train for ML

@finlaydag33k I was always fully aware that malicious actors were the point being raised and I've never given any indication that I misunderstood that

@teko There's a difference between passwords, which are fairly insecure by design and what's going on here.

Google as made the conscious choice of putting your image available publically, even if I didn't give consent to it.
If I clicked an image and set it to "public" or "unlisted" then I understand this url is available.
If I did not, however, it shouldn't.
Simple as that.

Sign in to participate in the conversation

A instance dedicated - but not limited - to people with an interest in the GNU+Linux ecosystem and/or general tech. Sysadmins to enthusiasts, creators to movielovers - Welcome! Just give a reason why we should approve your application into this instance, and our team will review it. Please include the word "excited" in the application, otherwise your application will be rejected.