The usual argument for using "cloud" over managing your own files/data is that it's very hard to safely manage your own data without making mistakes (data loss, etc). However, this is an example of how companies like Google also make mistakes. Furthermore, when Google/FB makes a mistake (like leaking your private data) they do it at a global scale.<p>I offboarded myself from all of Google's services a while ago, but I also think "cloud" is dead, at least in the cases where the cloud service holds the encryption keys on my behalf. I don't trust, and never will trust, any company to hold on to my data without either selling it to a third party or accidentally leaking it.
So far it seems that Google is notifying the people who received videos that weren't theirs, not yet the people what had their video leaked.<p>> Google has been sending emails to affected Takeout users. In the email, which was first spotted by 9to5Google, Google writes, "Some videos in Google Photos were incorrectly exported to unrelated user's archives. One or more videos in your Google Photos account was affected by this issue. If you downloaded your data, it may be incomplete, and it may contain videos that are not yours."<p>> While this message is directed to Google Takeout users who tried to download their own data and accidentally got someone else's, we've yet to see a message directed to the "unrelated users" whose videos ended up in the archive. We've asked Google if it plans to notify users who have had their private videos exposed, and we'll update this article if the company responds.<p>From <a href="https://arstechnica.com/gadgets/2020/02/google-photos-bug-let-strangers-download-your-private-videos/" rel="nofollow">https://arstechnica.com/gadgets/2020/02/google-photos-bug-le...</a>
How does this happen? I realize it's a small percentage, but this is one of the first tests you build. Even 1 photo (not to mention this is regarding videos) should never make it to another non-authenticated user. This is a massive mistake.
Considering this is 4 months later... This can't have been very widespread. If I saw someone else's video in my takeout archive, I'd have totally contacted the tech media...
Does anyone have suggestions for a self hosted photo service with - importantly - a solid iOS companion app to do photo sync and possibly browse photos?<p>I would prefer using a simple S3 backend. It seems that finding a reliable photo sync'ing app for iOS (outside of Google Photos or Dropbox) is difficult.<p>I've been manually using Image Capture and uploading to S3 but that's quite inefficient. Thanks!
Interesting that the bug was in Takeout, which might have a fair amount of privacy concerned users that were trying to leave Google. Guessing some caching or <i>"generate a unique url"</i> type bug.
Url changed from <a href="https://www.theverge.com/2020/2/4/21122044/google-photos-privacy-breach-takeout-data-video-strangers" rel="nofollow">https://www.theverge.com/2020/2/4/21122044/google-photos-pri...</a>, which copies from this.
I've seen services (Google Photos, Dropbox, OneDrive) try to opt in the user to having data automatically uploaded when they take a not really related action (like logging into the google account on their phone, connecting a USB device, or misclicking on an icon in their file list). I do wonder if there's any penalty that'd apply to them if they then lost data that users hadn't realised was being uploaded?
I posted this here a while back, some super-weird compilation of what appeared to be a random video showed up in my Assistant.<p><a href="https://news.ycombinator.com/item?id=20373112" rel="nofollow">https://news.ycombinator.com/item?id=20373112</a><p>Seems like something similar. Ie, someone else's weird crap was used by my account's Assitant to make a compilation/summary.
This is big, and has GDPR fine written all over it. And I'm sure this will not be the last time we hear about this.<p>Also, very curious to learn more of the technical details down the road?
Somewhat relevant: host your own web applications easily<p><a href="https://news.ycombinator.com/item?id=22231922" rel="nofollow">https://news.ycombinator.com/item?id=22231922</a> Reviving Sandstorm (sandstorm.io)