Comments on: Your private photos are still private.

By: mod converter

mod converter — Fri, 06 Nov 2009 15:56:44 +0000

Love it! You got me so excited to get one and start shooting video!

By: su çiçeği

su çiçeği — Sun, 09 Aug 2009 10:31:41 +0000

I found this informative and interesting blog so i think so its very useful and knowledge able.I would like to thank you for the efforts you have made in writing this article. I am hoping the same best work from you in the future as well. In fact your creative writing abilities has inspired me.

By: donna

donna — Sat, 25 Apr 2009 20:42:10 +0000

grrrrrrrrrrrrrrrrr

By: FocalPower…the blog » Blog Archive » Who Controls Your Photos Online?

Wed, 09 Jul 2008 16:43:27 +0000

[...] sake of their customers rather than ignore it for the sake of their API development community. SmugMug had a similar security issue be raised in the recent past which they quickly fixed…this is how a responsible company [...]

By: You don’t need to be secure to be successful | PHP kitchen

You don’t need to be secure to be successful | PHP kitchen — Mon, 14 Apr 2008 13:51:10 +0000

[...] from Don MacAskill, the CEO of smugmug, in response to this article via Chris [...]

By: Fotofimmel » 2008 » April » 11

Fotofimmel » 2008 » April » 11 — Fri, 11 Apr 2008 14:32:54 +0000

[...] Die Sicherheit von Smugmug wird derzeit kontrovers diskutiert. Wer über einen Smugmug Account nachdenkt, sollte beide Seiten zur Kenntnis nehmen. Hier und hier. [...]

By: SmugBlog: Don MacAskill » Blog Archive » Big privacy changes at SmugMug

Fri, 08 Feb 2008 10:03:37 +0000

[...] I told you we’d listen. [...]

By: Scott

Scott — Fri, 01 Feb 2008 23:55:10 +0000

@Jeff Dean

“The fact that private pictures can be found simply by iterating over URLs points to a weak implementation”

Disagree — the problem is not the implementation, it’s the name. If they called them unlisted, it would be clear what they meant. For example, “unlisted” phone numbers can be found simply by iterating over phone numbers. This is not a weak implementation, it’s just what unlisted means — not listed in a directory.

By: Privacy, Security and Elastic Computing « Evil Fish

Privacy, Security and Elastic Computing « Evil Fish — Fri, 01 Feb 2008 12:21:09 +0000

[...] is the result of an an interesting debate if security and privacy are separated and how privacy and probability are [...]

By: Jeff Dean

Jeff Dean — Fri, 01 Feb 2008 04:41:03 +0000

I complained about this problem almost a year ago and got the same basic response: we don’t think this is a problem. I thought it was problem then and I still do now. The fact that private pictures can be found simply by iterating over URLs points to a weak implementation; there is no good reason for allowing this.

I ask again, SmugMug, that you please fix this.

(BTW, I also reported the problem about being able to determine the owner of an account. By iterating over URLs, I found a set of private pictures from a January 2003 vacation in Tenerife and I gave SmugMug the names of the owners. I am glad that you finally fixed this but I am disappointed that it took you so long.)

– Jeff