Comments on: Big privacy changes at SmugMug

By: mod converter

mod converter — Fri, 06 Nov 2009 15:59:21 +0000

Love it! You got me so excited to get one and start shooting video!

By: alsanan.info » 576000 fotos robadas de cuentas privadas de MySpace

alsanan.info » 576000 fotos robadas de cuentas privadas de MySpace — Wed, 24 Dec 2008 23:17:36 +0000

[...] La gente de SmugMug ha corregido finalmente el problema de privacidad. Este post fue escrito por alsanan y publicado en Thu 24 Jan [...]

By: Introducing SmugURL • Evan Sims

Introducing SmugURL • Evan Sims — Sun, 13 Jul 2008 04:54:05 +0000

[...] Flickr in a future post. That said, one aspect I didn’t like was their URL scheme. They have good reasons for doing it, and I can’t fault them for trying to maintain the privacy and security of their [...]

By: pysmug version 0.4 coming soon « I’m not here.

pysmug version 0.4 coming soon « I’m not here. — Sun, 11 May 2008 05:19:46 +0000

[...] the biggest changes are compatibility with new security changes required for version 1.2.2 of the SmugMug API. It’s now also possible to register function [...]

By: Mark

Mark — Sat, 08 Mar 2008 04:04:34 +0000

It would be very nice if you would start issuing API keys again…

By: SmugBlog: Don MacAskill » Blog Archive » On so-called ‘holes’ in our new privacy scheme

Tue, 19 Feb 2008 18:29:04 +0000

[...] clear: If you try their so-called exploit on a ‘new’ photo or video (one uploaded after our privacy changes on February 8th), it just won’t work. If you try it on an ‘old’ photo or video, [...]

By: Matt Johnson

Matt Johnson — Fri, 08 Feb 2008 22:16:46 +0000

I just checked the holes I found last week. The bugs that allowed me to view an image where external linking was even disabled have now been fixed, even on the old images. With the addition of the imagekey on the images it locks images down even tighter so that it will be harder for hackers to even find such holes in the future, and it prevents the ability to just iterate through images.

If you want the images protected, then they need to be password protected, and external linking disabled. Password protecting essentially locks the front door, while disabling external linking locks the back door, all windows, and covers the windows.

By: Kevin Forbes

Kevin Forbes — Fri, 08 Feb 2008 21:57:49 +0000

Wow, that was quick! Personally, I have no problem with the way it worked before. It worked the way I was expecting, having read through the options. But you’ve definitely done your customers (and future customers) a good turn by making these changes.

By: Luis Feinzaig

Luis Feinzaig — Fri, 08 Feb 2008 19:44:49 +0000

This is a good fix for the problem. However, if technically possible, you should add the possibility of opting out of this feature (the new alphanumerical key). In my case I am not that concerned about privacy as I am about ease of use ( I handle a very large quantity of galleries). Good job!

By: Philipp Lenssen

Philipp Lenssen — Fri, 08 Feb 2008 16:49:44 +0000

> I wasn’t completely happy that it was so easy
> to guess an album but I don’t really have
> anything that needs to be hidden that well
> and still be accessible without a password,
> so I wasn’t concerned.

Mark, just to clarify in case you missed this: photos set to password-protection also showed up publicly when iterating image IDs. So even if you set your old album to password protection and private, its pics were publicly crawlable — only disabling external linking stopped the pics from showing when iterating IDs. Not sure what the current status is as we didn’t test the site for some time now, but if old galleries remain unfixed, all that would still be the case — maybe Don can clarify if that’s the case or not.