DIY Photography

Your one stop shop for everything photo-video

  • News
  • Inspiration
  • Reviews
  • Tutorials
  • DIY
  • Gear
Search

Submit A Story

Google Photos is sending your private shares public and you don’t even know it

Jul 15, 2019 by John Aldred 86 Comments

  • Share
  • Tweet
  • Flipboard
  • WhatsApp

Researcher Robert Wiblin over at 80,000 Hours spotted something quite interesting about Google Photos recently. He noticed that privately shared links became publicly accessible. He told some friends who use Google Photos and they didn’t believe him. After all, why would Google allow such an oversight? Surely if you’re sharing privately with a specific person, then only that person can see it, right?

Apparently not. After doing a little digging, Robert was able to demonstrate that these privately shared links are publicly accessible from any Google account, or even if you’re not logged into Google at all – as shown when he was able to access a “private” shared link from an Incognito browser window.

Robert details the complete issue in a post over on Medium. About the video above, he says…

What have you just watched? If I go and share a photo with a specific other Google Account, I can use that link to view it in:

  1. another Google Account it wasn’t shared with (25 seconds in), and;
  2. an incognito window where I’m not logged into any Google Account at all (39 seconds in)!

If that ‘secret’’ link is ever revealed, anyone anywhere will be able to see it until I go and delete that specific sharing instance. And I’d have no way to find out that they were viewing it!

People constantly tell me I can’t be right about this — it’ll happen in the comments below, I promise — because the interface never indicates that this is going on. Nowhere did “Create shared URL” or anything similar appear in the video.

Furthermore, the interface looks very similar to Google Drive, which by default only lets people see a file when logged into the specific account it was shared with.

Drive also lists who a file is shared with when you click the share icon — so people using Photos naturally assume their photos are private when they see that nobody is listed when they click the ‘share’ icon.

One would expect that Google Photos would work the same way as Google Drive, given that until recently, the two were intrinsically linked. But that is not so. The behaviour we expect and the behaviour shown in Google Drive is not the same in Google Photos. The instant you share your private photo with anybody, then anybody else who can get hold of the URL is able to view it.

So, whereas Google Drive operates private shares in a similar fashion to “Private” videos on YouTube, Google Photos appears to be more like YouTube’s “Unlisted” videos, which are accessible to anybody with the link.

This method of operation isn’t inherently bad, but the problem is that Google Photos does not warn people that anybody with this link will be able to view the images. The intended recipient of the link also doesn’t know that anybody can view it. They assume it’s a private share for their eyes only, and don’t think twice about censoring the link if they forward the conversation to somebody else.

And by default, these links stick around forever until you explicitly go and delete the share.

While for photographers it might cause for a few embarrassing moments sending what we think is a private link to a client, depending on what those images contain, potentially exposing private client images to the world might be illegal.

So, photographers, if you really want to share private images with your clients, or even your friends and colleagues, don’t use Google Photos.

You can read more about the problem over on Robert’s Medium post.

Quoted excerpt used with permission.

FIND THIS INTERESTING? SHARE IT WITH YOUR FRIENDS!

  • Share
  • Tweet
  • Flipboard
  • WhatsApp

Related posts:

Google Photos may have sent your private videos to random strangers Default Thumbnail14 Years Old Shares Amazing Conceptual Portraits, Shares BTS and Setups Photographer shooting on public road almost being run over for shooting on “private driveway” Google Drive is separating from Google Photos – Here’s how to keep your photos synced

Filed Under: news Tagged With: google, Google Drive, Google Photos, Robert Wiblin

John Aldred: from diyphotography.net

About John Aldred

John Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter - and occasional beta tester - of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

« Here are this year’s best Amazon Prime deals for photographers and filmmakers
This is how food and drink commercials can fool you with their trickery »

Submit A Story

Get our FREE Lighting Book

DIYP lighting book cover

* download requires newsletter signup
DIYPhotography

Recent Comments

Free Resources

Advanced lighting book

Recent Posts

  • Here’s a bullet time video booth you can build yourself
  • Ricoh has discontinued the HD PENTAX-DA 21mm F3.2AL Limited silver lens
  • This “stellar flower” unravels the twilight’s evolution in 360 degrees
  • Strobes vs Continuous LEDs – Which is right for you?
  • Wave goodbye to Apple’s My Photo Stream next month

Udi Tirosh: from diyphotography.netUdi Tirosh is an entrepreneur, photography inventor, journalist, educator, and writer based in Israel. With over 25 years of experience in the photo-video industry, Udi has built and sold several photography-related brands. Udi has a double degree in mass media communications and computer science.

Alex Baker: from diyphotography.netAlex Baker is a portrait and lifestyle driven photographer based in Valencia, Spain. She works on a range of projects from commercial to fine art and has had work featured in publications such as The Daily Mail, Conde Nast Traveller and El Mundo, and has exhibited work across Europe

David Williams: from diyphotography.netDave Williams is an accomplished travel photographer, writer, and best-selling author from the UK. He is also a photography educator and published Aurora expert. Dave has traveled extensively in recent years, capturing stunning images from around the world in a modified van. His work has been featured in various publications and he has worked with notable brands such as Skoda, EE, Boeing, Huawei, Microsoft, BMW, Conde Nast, Electronic Arts, Discovery, BBC, The Guardian, ESPN, NBC, and many others.

John Aldred: from diyphotography.netJohn Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter - and occasional beta tester - of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

Dunja Djudjic: from diyphotography.netDunja Djudjic is a multi-talented artist based in Novi Sad, Serbia. With 15 years of experience as a photographer, she specializes in capturing the beauty of nature, travel, and fine art. In addition to her photography, Dunja also expresses her creativity through writing, embroidery, and jewelry making.

Copyright © DIYPhotography 2006 - 2023 | About | Contact | Advertise | Write for DIYP | Full Disclosure | Privacy Policy