<i>"The only security measure is that the album link is hard to guess. It was pointed out that this link is really HARD to guess. It does not need to be guessed. All it would take for some strangers to get access to my private photos, is for one of my relatives to share this link by mistake."</i><p>FWIW, whenever I share sensitive documents on drive, I do so via a shareable link. I figured if I trust someone not to download the file and share it as an attachment, then I trust that person to not share the url publicly as well.<p>One distinction though, is that URLs are much easier to steal, as compared to login info. People often don't make an effort to hide their browser URL when using their laptop in a public location, nor do they clear their history when using a shared computer. In theory, someone determined can use these vulnerabilities to steal a URL address.<p>In practice, the above threat-model seems obscure and unlikely enough, that for a social service like Google photos, what Google has seems reasonable enough. I can understand the author's surprise, but I can also understand Google's policy here.
I think what's going on, and may no be well communicated, is that by default when you share, you get sharing via the link. The benefit is that anyone who wants to see the photos can do so without having to have a Google account, let alone be signed in.<p>It's trying to achieve privacy by obscurity, and I'm assuming that Google has robots / etc configured so that no search engine could crawl the shared album URLs.<p>That said, I do agree that this should be communicated better. Personally, I like this feature because some of my friends are fiercely anti-Google and this still allows me to share photos with them seamlessly. The alternative suggested by the author (i.e., upload to Drive then share) is less seamless and for me, not worth the additional privacy gain. (The photos I truly want private are not shared at all, and I try to delete them from the cloud asap).
This seems like a lot of scaremongering. You have to balance a good UX with good security, and Google has done just that. If shared photos require a 10-step process for Grandpa to see them, he’ll never see them and you’ll be angry that Google photos let you down.
It says “Via Sharable Link – Anyone with a link will be able to view or edit the files”.<p>Not sure how much clearer Google could make this.<p>Why is this the top story? It is a non story. PEBKAC.
I think this is a fairly standard practice. This is exactly how shared links on Dropbox, Box, Mega, Imgur, etc. work. You can think of the URL as one long, and extremely hard to guess password.<p>Completely agree that Google Photos (and the other data hosting services) could provide warnings to those new to this method of sharing — I wouldn't expect my grandma to simply know this.
I'm not following - the author asked Google Photos to give them a generic link not connected to anyone. If Google required you to login for a regular old link, I think people would be more upset. If you want to share to a specific person, you have to click share and then select that person.<p>All of this seems to be working as I expected.
The article is riddled with typos. Coupled with the exaggerated claims that "All shared photos are public" leads me to believe this was written purely to get internet points.
> Google Photos is NOT Google Drive<p>> ...<p>> ... I think that this is a lazy design. ...<p>No, it's absolutely deliberate.<p>My take (not sure why nobody else is saying this):<p>Google is contractually required to not inspect or analyze the _<i>private</i>_ data it stores beyond technical purposes such as deduplication.<p>- Google Drive is used for corporate environments where privacy is the be-all end-all. Can't really do anything there.<p>- But by using UX antipatterns to get away with making Photos public by default, Google can say "well the photo was publicly accessible so we've ...".<p>Hmm. I wonder what the legal ramifications are of making a photo private. Does that constitute a licensing change on the part of the copyright holder (you)? Can Google argue _for_ holding on to "the copy of the photo that was public"? (Yes there's no bit difference but the legal flavor is different.) If that's the case, that could explain why everything's public by default; just grab a copy of the photo before the user makes it private a second later.<p>Remember how the Pixel has unlimited online Photos storage?<p>This is clearly a tracking move. I was reading about how YouTube analyzes the content of videos (AI content recognition), etc. If Google has the infra to analyze _video_ they can easily do images.<p>Related: <a href="https://medium.com/insurge-intelligence/how-the-cia-made-google-e836451a959e" rel="nofollow">https://medium.com/insurge-intelligence/how-the-cia-made-goo...</a> (REALLY long - I started going crosseyed ~60% through - but probably the most relevant thing you'll find all week if you're interested in how Google is tracking you and what their motivations are)