Two things in this story that are not new, but still amazing to me.<p>1) A significant portion of people love taking pictures of themselves naked. This portion seems to be growing.<p>2) Another significant potion of people love publishing and making fun of people for whatever reason they can find. These people will dig through your trash, hack your servers, socially-engineer your passwords, etc. The more they can publicly debase you the happier they are. This portion of the population is also growing.<p>Yes, I understand the technical angle to this story is whacked security. I'm just amazed at the comments over on reddit (I don't visit reddit very often) From reddit I surfed over to a couple of other links (drama-a-pedia or something?) and the festival of public debasement continues. Somebody even mentioned hacking some girl's senior picture and uploading her naked pics. Man that has to make you feel really special to do something like that.
Seems they had no security at all (just a random 5 character hash)..<p>Reddit users are seemingly busy sharing nsfw pictures and linking them to facebook accounts, will probably result in a couple of suicides when all is said and done :(
It's interesting how quickly the wolves jump on an easy target. Some of the comments on reddit and elsewhere I've read are talking about making throw-away Facebook accounts to confront/embarrass people with their private pictures. I've already seen a few names posted. I'm willing to cut people some slack for looking at the pictures (a harmless crime, human nature) but doing the leg work to connect anonymous pictures to a real identity to simply embarrass them is taking it way too far.
The founder of the company responded on the Reddit thread: <a href="http://www.reddit.com/r/pics/comments/bjezp/massive_privacy_fail_quiptxtcom_is_a_site_that/c0n3f48" rel="nofollow">http://www.reddit.com/r/pics/comments/bjezp/massive_privacy_...</a><p>The application is described in the iTunes store: <a href="http://itunes.apple.com/app/quip-free-photo-texting/id291358190?mt=8#" rel="nofollow">http://itunes.apple.com/app/quip-free-photo-texting/id291358...</a>
Lesson:<p>If you launch something like QuipTxt, make it obvious to people that their images are public, so that the idiots who harbour the impression that stuff uploaded on a public URL on a free website don't come running at you with pitchforks.<p>Additional benefit: more network effects.<p>I don't really see the difference between this service and Twitpic (hard to tell since the site is down, though).
I did a similar service (pktpix) about two years ago, but I used MD5 hashes. Easily guessable URLs were the <i>first</i> thing I thought about.<p>I figured since these messages were being passed around via txt, forwarded e-mails, etc., there was no real benefit in shortening them.
A thought experiment for the large minds here: how long a string _would_ be sufficient? I wonder if any string is long enough if you don't also implement some sort of access control lockdown to prevent people poking your system endlessly, but what do you think?
This is why you shouldn't sent or say over the internet anything that you wouldn't show your mother and why you should try to keep your private life separate from your internet live. If I was a user I would never again use this service. This wasn't even a security flaw it was plain incompetence as some redditors mentioned.
It seems like we should be careful here - depending on the age of those involved (which we cannot determine for sure) these photos might legally be child pornography.