2018.11.27; Do NOT Share Your Google Photos
Published by DB,
Do NOT Share Your Google Photos
January 1, 2018 by Alex Kras —65 Comments
All shared Google Photos are open to the public, even if they were only shared with specific people. This is different from Google Drive, where only people granted permission via the "Share with others" drop-down are able to view the content.
Below is a screenshot of my private album (that I shared with one person) open in Private Tab (Incognito Mode) in Firefox. I was not asked to login.
You can test it yourself by visiting this link.
Google Drive is Different
If I share the same image with the same person in Google Drive, I will have to sign in to prove my identity. If I sign in with a different account, I will get the following error:
You can test Google Drive behavior by visiting this link.
Backstory
This morning my mother asked me: "Can you make sure my Google Photos are not public?" I thought she was wrong (come on, mom) and that they were all private. I copied a link to a random photo and opened it in a Private Tab to investigate. To my horror, it loaded just fine…
Turns out EVERY photo shared in Google Photos becomes Public by default. The only security measure is that the photo or album link is hard to guess. The long link acts as a password. Sharing Google Photo album, is like sharing a password with other users. It should only be done with content that you would not mind being accessible to the public.
In comparison, when user email is specified in Google Drive, only logged-in users with matching emails will be able to access the data.
It was pointed out that this link is REALLY HARD to guess. It does not need to be guessed though. All it would take for some strangers to get access to my private photos, is for one of my relatives to share this link by mistake.
Google Photos is NOT Google Drive
I am a big fan of Google Drive and Google Photos. I got all my family members to switch to Google Photos to back up and organize their ever growing digital collections.
I never realized that the sharing behavior was so different between Google Drive and Google Photos.
Google Drive – What I Expected
In Google Driver there are two options to share:
- By email: ONLY people with this email will be able to view or edit the files
- Via Sharable Link: Anyone with a link will be able to view or edit the files
Note: This is a screenshot from Google Drive, Google Photos screenshot is in the next section.
As can be seen, these two options are clearly described in Google Drive. There are valid use cases for getting a sharable link. But if the email option is chosen, only users who are signed in to Google with their email will get access to the data.
Google Photos – Not What I Expected
Since Google Photos only had the email option, I assumed that the behavior will be similar to the email option in Google Drive. Here is a screenshot from Google Photos. Nothing in the UI indicated that a sharable link will be created.
It looks like photos will only be shared with selected users.
Google Photos app on iPhone looks similar, but "create a link" button appears as a separate option. This led me to believe that I will get similar behavior to Google Drive.
In reality what takes place is:
- Create an album if photo is not in an album yet.
- Create a sharable link for the album. Anyone with a link can view the photos.
- Email people whose emails was specified via share form, with a sharable link.
In other words, sharing an album on Google Photos, makes it accessible to anyone with a link. This is definitely NOT what I expected.
What to do next
First, I would like to raise awareness about this issue. I know some people might have very private photos stored on Google Photos (I do).
Second, I think that this is a lazy design. I hope that Google will address it. If you are not happy about it, please make sure to let Google know. I did not see any option to change this default behavior. If such option exists, please let me know in the comment area and I will update the post. So far, it looks like it’s a known "issue" that was there for at least one year.
Last but not least, I would encourage everyone who uses Google Photos to check their shared albums and to un-share anything that they would like to keep private.
To un-share an album:
- Navigate to Google Photos
- Select a "Sharing" tab on the left
- Open the shared album in a new browser tab
- Select "More Options" (3 vertical dots) menu
- Select "Sharing Options"
- Switch the "Share" toggle to OFF
- Repeat steps above for all public albums
I would suggest using Google Drive (or other 3rd party services) to privately share photos instead, until this issue is resolved.
Update 1: A user on Hacker News pointed out the following ( click here to read all comments):
"All photos on Google Photos is publicly accessible, if you know the URL. It doesn’t matter if it’s shared or not.
This appears to be true and another key distinction between Google Drive and Google Photos. The article was updated to reflect this fact.
Google Photos uses direct link to image in their Web UI. This means that if I right-click on a Google Photo image, select "Copy Link Location", and share this link on the Internet, anyone with the link will be able to see the photo.
I ran an experiment, by saving a URL last night and checking it this morning. Last night it worked in Private mode, but this morning the link has expired and prompted me to log in. So some good news there. The comment in Hacker News appears to be wrong.
Even if we assume that URLs will not expire, Google Drive adds an extra level of protection. The URL exposed in Google Drive Web UI is actually a redirect to the real image location. That redirect makes sure that the user is authenticated and has permissions to access the image. After the check is complete, however, Google Drive will redirect to the physical location of the image. Copying and pasting that URL will have similar security implications, until it expires.
That being said, given that those URLs are extremely hard to guess, I would not be as concerned with their expiration. My biggest complain with Google Photos is that it offers me a UI to email private links (think passwords) to other people, without alerting me about potential security risk.
Update 2: It was pointed out that there is a clear description of album sharing behavior when changing album sharing options.
It is accessible by clicking on the album and selecting the "Sharing Options" from "More Options" (3 vertical dots) menu. This message, however, is not visible when sharing via the "Sharing" tab in Google Photos nor in Google Photos app on iPhone.
Conclusion
My point is NOT that sharing by URL is bad, there are a lot of good use-cases for it. My point is that sharing by email looks very similar in Google Photos and Google Drive, but produces two completely different outcomes. The conflicting user experience probably caused a lot of people to feel a false sense of security, when sharing their private photos.
Filed Under: Tools