I recently discovered that Rover profiles, which typically have many photos of your pet in your home taken by the sitter for daily check-in, are protected from the public by only an easy-to-guess URL.<p><pre><code> Ex. https://rover.com/members/name-location/dogs
</code></pre>
Anyone with a rover account can sign in to rover and scrape those photos. Those photos are highly likely to contain information about your home location (delivered packages, photos out a window of your neighborhood, etc.), home entry (physical key rack, garage-pin on the fridge, etc.), and what dates/times you are out of town (picture timestamps, etc.).<p>Worse, the photos can only be deleted by the sitter.<p>--<p>Recommend fixes for Rover:<p>1. Photos taken by the sitter, of your pet, at your home should:<p>1.a. Be private by default<p>1.b. Only have expanded access (on the sitters profile, or to the public) if you grant it via a standard request-accept flow.<p>1.c. Should be able to be deleted by you from the platform.<p>2. Sitters should be trained to not take or upload any photos on the platform with any personal, location, entry, or date/time information. If they do, there should be course correction and or removal from the platform.