We at Digital Phablet noticed something crazy enough that Robert Wiblin told everyone but none of them believed it. So, here we decided to show it to them how Google Photos is making their photos semi-public without their knowledge.
Whenever we share any photo on Google Photos, it creates a link that will allow anyone to view those photo as long as they can, until you go and manually deactivate that link in an obscure part of the user interface.
You can see the evidence in this video;
Did you see? If we go and try sharing a photo with another specific google account we can use the link to view it:
- Another google account, which it wasn’t shared with and
- An incognito window where we are not even logged into any Google account can see all of it!
Google calls it a “Secret link” but it can be viewed by anyone even if they’re logged into their Google accounts or not. Most importantly, you will never know who viewed your photos!
Similar to Google Drive, you get a “Secret link” which is typically “Public” to share with the one you want to have a look at your file. But unlike Google Photos, in Google Drive, you get notified with the number of users are on that document.
We can only find it out when you create a permanent link by going into the “Sharing” tab in your Google photos. Nothing in the interface is linked to this specific picture will show us. Even sharing the page gives no indication that a user has made a public link than just sharing the photo with an individual.
Same with Albums, if you create a link for a specific person to see it, Google makes it public for millions of people, to see your album without even logging into their Google account.
Why is it dangerous?
This is dangerous because it is a clear privacy violation from Google, as a user is trusting Google with their personal data and yet they end up making it public.
How can Google’s “Secret Link” gets leaked so easily?
- An email containing your link can be given to anyone.
- The user can even share it on social media, where lots of people can see it.
- It can be seen by almost anyone if you had created a secret link for any picture.
The basic solution to solve this problem is to never make a “Secret link” for your Photos, Albums, and Documents. So you end up every possibility for Google to show it to anyone.
Never ever share your photos with anyone using a Google Photos link, it is better to download and send it via email. And if you fear it being leaked, then never send it.