Did you know that your data on any #google product is available globally with a public URL? No password, no security, anything. Go to your google dashboard and request to download your data, after that you will see a JSON file for each photo you have, each message you sent or for anything you use inside google ecosystem from purchasing products to YouTube search history. You will see that public URL in that JSON file

@ggnoredo You can't even download your data as a JSON file... I can only get a zipfile containing the data slammed in something like my GDrive or Dropbox (or mailed to me or w/e)

@pedro @ggnoredo downloaded it, looked in the JSON file... aaaaand nothing (tested with locationhistory).
So unless it has to be a specific one and/or there is a major difference between the exported for Country A and Country B, I'ma have to call bs on this one...

@finlaydag33k @pedro sorry but no. Please have a look at the screenshot that belongs to 1 of my photos in google photos. That url is public

@ggnoredo @finlaydag33k @pedro @coy this is not an issue at all, most of the big sites do this to make sharing easier. The URLs are public but the length of the string acts as a sort of password. Calculate how many different combinations you can have with those characters and I assure you it would be a number too big to do anything with. Theres a reason why this discovery isnt big news that everybody knows

@teko @pedro @finlaydag33k @ggnoredo >security by obscurity
It isn't big news because everyone expects this sort of behavior now, as if it were normal, which it is the new norm but it is not normal. I 100% guarantee you that those URLs are being scraped in large quantities just for the hell of it, for sensitive data, for blackmail, etc., to presume google or whoever has your best interests in mind is essentially suicide.

@coy @finlaydag33k @ggnoredo @pedro you are not smarter than Google engineers, there's plenty of battles to easily win on privacy and this is not one of them. If you think those URLs are being scraped then you do not know enough about what you're talking about to comment. I'm really disheartened from trying to make points on and challenge people on here because it just falls on death ears. My points are ignored.

@teko I think you underestimate the issue here.
The issue is not about Google scraping the images but "malicious" people scraping the images.
It'll take a tremendous amount of resources to do so but the fact that it's actually possible like this is just mind boggling.

If those Google engineers really where that smart as you claim, they'd probably have this link only in there if it was a public image to begin with.

@finlaydag33k passwords can be cracked even though it would take 100 years, lets get rid of passwords

Their service is not made for you, its made for the mass amounts of people who like to share things and they get to benefit off using it for advertising and using it to train for ML

@finlaydag33k I was always fully aware that malicious actors were the point being raised and I've never given any indication that I misunderstood that

@teko There's a difference between passwords, which are fairly insecure by design and what's going on here.

Google as made the conscious choice of putting your image available publically, even if I didn't give consent to it.
If I clicked an image and set it to "public" or "unlisted" then I understand this url is available.
If I did not, however, it shouldn't.
Simple as that.

@teko Okay? Insult my intelligence more please and thank. The links are public and can be accessed by anyone, it contains all sorts of data, and you’re telling me smart people decided to do this? The existence of the urls is now a known unknown, not an unknown unknown (the url), which is why I mentioned security by obscurity, and Google is really known for this, in multiple ways back to their beginnings. I hear and read what you are saying, but this is 100% going to be abused if not already. The link is not a “password” and that is ridiculous. That’s the definition of security by obscurity.

The reason I mention this as a privacy issue is because it is 100% consistent with their other day to day operations, and how they handle data even internally. I have read that one google engineer decided to look through google data (the private stuff) to find info on another google engineer they liked and their kinks and sexual preference. That is their company ethic, and when the one who was being stalked wrote about this event she essentially said it was common and that she had done it too.

But you’re right, we should be talking about known connections to US intelligence services, CIA money being pumped into google very early on, we should be talking about analytics built into every app and of course the operating systems, and the absurd reach just two companies have. We should be talking about the blatant propagandism coming from these companies. We should be talking about google phoning home near constantly on every single device they run software on, and with chrome, android, and their web presence, that’s… pretty much everyone! Oh, and don’t think Firefox is any safer, for every connection made, there are ~4 tracker connections made by firefox. The thing that should happen now is legislation… The problem is now we’re dealing with the military industrial complex changing its methods to spying not killing, and using companies to do it, blending their culture into our daily lives. I wonder what the effect of that will be?

@coy im insulting your intelligence because hearing (or seeing) very opinionated talk no matter the intent when there's a misunderstanding of whats gone wrong is very frustrating and im sure you've seen it too in your lifetime. I will say it again, they know what they're doing and this one single point is not an issue for reasons I've already said. Seeing heated talk on how its something that professionals have completely missed, both inside and out Google, is frankly absurd.

@coy I've noticed you add in facts at the end of some of your posts that have nothing to do with whats being said. I completely agree with the last paragraph and im not complaining you've included it as you clearly care about it. I just really want these issues that I care about so much, privacy and security, to be understood on my "side" so that its easier to win people over with ACTUAL things that are affecting THEM specifically. This is not one of them unfortunately.

@coy on Firefox now and I could mention also how its a security nightmare and the fact its being used for Tor is insane. Its a massive, massive shame they cant decide on being a good competitor or a privacy focused browser because they accomplish neither and are diving headfirst into failure.

@coy on a personal note im not good at all with any kind of confrontation, it takes a lot for me to do this but I care so much about it im willing to reach out to strangers to try and help add in things that I know that maybe they don't. I just hope it gets taken better but I have no way to control that apart from being as simple and clear as possible.

@teko you should have better manners friendo, you have misunderstood yourself
Sign in to participate in the conversation

Welcome to your niu world ! We are a cute and loving international community O(≧▽≦)O !