Probably true, I shouldn't have bothered picking up the thread again. How foolish of me.
ReedSavory
@ReedSavory
Best posts made by ReedSavory
Latest posts made by ReedSavory
-
RE: "Security" of Snapfish photo sharing site
-
RE: "Security" of Snapfish photo sharing site
If you read my original post, Snapfish claims that the site is secure to anyone except those you specifically provide access.
Whereas anyone who knows your Album URL can hand it out to anyone they like, and you'll never know who's accessing them.
I'm not in any way saying that the level of security isn't acceptable for most family photos (including mine), I'm simply raising the issue that Snapfish isn't nearly as secure as they claim.
-
RE: "Security" of Snapfish photo sharing site
I'm not terribly concerned with the pictures themselves - just raising the issue about Snapfish claiming security when they have none.
-
RE: "Security" of Snapfish photo sharing site
I totally agree with that on a personal basis. Unfortunately I found-out my mother-in-law had uploaded some pictures I had given her so she could have prints made.
Which then made me put on my "network security guy" hat and wonder how secure Snapfish was, now that there were pictures of my kids sitting out there.
-
"Security" of Snapfish photo sharing site
I've found what I would consider a serious and easily reproducible security issue with HP's Snapfish photo sharing service.
I've raised the issue with their Tech Support, but needless to say, they can't even be bothered to return my messages.
The problem involves the "security" on your online albums. The exact text on their web site in regards to security reads (if you want to see it for yourself, the URL for this FAQ is http://www2.snapfish.com/helpsharing#questions):
"Can the public see my pictures?
No. The only people who see your photo(s) are those people who receive an email invitation from you to see the photo(s). If you've given permission for your friends to re-share your album, they can also share it with others."
Which turns out, as you've no doubt guessed by now, to be a total load of crap. The fact is, all someone needs to know is the URL for the album, and they can get into it. The only security is the obscurity of the URLs, and goodness knows, no one can figure out a URL, right?To try this yourself: I created this test album. I have obviously not sent any of you an invite to it, all you have is this URL: http://www2.snapfish.com/thumbnailshare/AlbumID=178533621/a=110322638_110322638/t_=110322638
All you need to do is "register" for their site (with any fake email address), and you can see any photos anywhere on Snapfish for which you know the URL. Personally I didn't even bother to register, I just used "BugMeNot" to provide a username/password login to Snapfish, and needless to say you can get in without a single issue, and access any photo album URL you can work-out.The other lovely part is that as the owner of the photos, you can't get any information about who's using them.
Excellent security there HP, I'm glad my family photos are safe.