« Comments on Next Gen Broadband consultation paper | Main | Web Services and Data lock in »

July 05, 2008

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

**Writing this with my WordPress.com hat placed firmly on my head**

We noticed this very problem on WordPress.com ages ago too but we fixed it soon after it was brought to our attention.

If you make a blog there private all images will be private too and only logged in members of that blog will be able to see those images.

Feel free to set up a test blog and try it out for yourself!

While this private photo preference is certainly a significant issue, I think it's stepping towards hyperbole to characterise it as a "security flaw" because when you set up your preferences in Tyepad's photo albums, there is currently no toggle or check-box to make images private. You have to assume it's public unless there's a selectable privacy level.

I still my private images and videos on Flickr and have been well-served by their levels of protection.

Thanks for dropping by Bernie. You are making an assumption here - that I set up photo albums in Typepad.

It is possible (as I did) to just upload individual photos into individual posts without any preferences whatsoever. And then to expect that all content in a password protected blog is indeed just that.

The selectable privacy policy in this instance is on the blog :-)

keith

Hi Keith. First, I apologize you've been frustrated by this part of our service. I wanted to offer some additional background and explanation, just for clarity and for the sake of anybody who comes across your post without context.

As I understand it, the behavior you desire is for photos uploaded to a password-protected blog to be inaccessible under any circumstances to anyone without that password. Totally reasonable, and something that can be achieved (albeit not as easily as we'd both prefer) by uploading the photo as a file in your blog using the file manager, and then including it in a post.

The behavior you're seeing that's not ideal is that someone who has the exact web address (URL) of a photo can view it on a password-protected blog if you've uploaded it using the uploading tool built in to the compose screen in TypePad. This is something we would like to change, and the fact that it hasn't changed yet does not mean we don't intend to do so.

More important, describing it as a "security" issue has connotations you may not have intended: Your account information, billing data, private information such as your password, and other sensitive data are all *completely secure*. In those important ways, this is not a security issue as most people would understand it.

My intent here is not to split hairs; You've been a member of TypePad since the beginning and that's something we all value at Six Apart, and something I appreciate personally. I just want to make that distinction clear as this type of concern has come up before for other services. For example, two popular photo services have the same configuration:

* Smugmug saw this described as a privacy issue, but again a user would have had to have a specific URL in order to access photos that were marked private. See: http://blogs.smugmug.com/don/2008/01/28/your-private-photos-are-still-private/
* Similarly, in Flickr, photos that are marked private can be accessed if the user has the exact URL where those images would appear. (n.b. This Digg link leads to an image that may not be safe for work.) See: http://digg.com/tech_news/Flickr_Private_Photos_Exposed_Major_Security_Flaw

We do want to give you the control over your photos that you expect, and I will try to get you more specific information on those options as we make them available. In the meantime, we have a system that can perform exactly as you desire, though admittedly with a little bit more work. In addition, it's exceedingly unlikely that a third party could correctly guess the exact address of those images. In general, I'm not a personal advocate of this sort of secrecy as a method of protection (often called "security through obscurity"), but for all but the most sensitive photos, it is very effective in actual practice.

Finally, we'd be happy to help with backing up your data if you're interested in preserving it or migrating it. Given your concern over security, your best option for other blogging platforms might well be Movable Type; It is made by our team at Six Apart, just as TypePad is, supports importing your TypePad content, and has a significantly better security record than other platforms. ( http://www.movabletype.com/blog/2008/06/movable-type-a-history-of-secu.html )

Please don't hesitate to get in touch if there's more we can do to help, and again, my apologies for your frustration.

Hi Anil

As you will have seen in the other comments Wordpress recognised this as a serious issue and fixed it promptly. The time to do this was in the system rebuild, being rolled out nearly a year after this issue was reported to you. You missed them in your paragraph of "look how bad the others are as well"!

When I move it will not be to a platform from the same business that is treating this issue with such contempt - that would not make much sense would it?

keith

The comments to this entry are closed.