Help me understand the fundamentals in security

alaiosalaios Registered Users Posts: 668 Major grins
edited November 16, 2013 in SmugMug Support
Hi I am still confused, and I think that the smugmug has a very weird security system that I do not understand


a. I want to have my photos not visible by anyone that is the way I select private galleries.. Sometimes though I want to have selection of those to be shareable. People from smugmug are telling me that this is not done with the private galleries (even with smart galleries) but the files should be unlisted

b. How safe is that? If I understand it right an unlisted gallery might be, even theoretically, accessed from the outside world. One nice "software-tool" might construct the link needed to access my gallery. I do not feel safe having my source files of cameras unlisted

c. If one photo takes the "black sheep" tag that is private. ... what is the way still to share it? If I copy it to a new unlisted gallery it looks like that the "black sheep" tag will still follow the picture to the very end

e. What is the search option there? Do I need to enable it for having smart galleries? I just want to damn share my photos with friends, by giving them the links. I do not want google and anyone else to be able to search for my tags and my shots. How tough is that?

I would like to thank you in advance for your help

Regards
Alex
P.S Getting very tired with smugmugh security options

Comments

  • thenickdudethenickdude Registered Users Posts: 1,302 Major grins
    edited November 14, 2013
    "Private" means that you can only see the images when you are logged on. They're not visible to anybody else, even if you give somebody a direct link to the image. If you collect the photo into another gallery, it retains its private setting and nobody will be able to see it. This is not a very useful option.

    "Unlisted" means that a link to the gallery won't appear on your site, and the gallery/photos won't appear in SmugMug or Google search results, so only people who you've given a link to the gallery can access it. Unlisted galleries get a randomly-generated ID appended to their link, which people can't guess, which prevents access to the gallery if you don't know the link. You don't need to change the search settings, setting the gallery to unlisted implies that it won't be searchable.

    If there is a bug in SmugMug's code, a link to an unlisted gallery could end up on search engines, where it'll basically stay forever. However, I'm not aware of any remaining bugs which leak that information (there certainly used to be some around the time when New SmugMug first launched).

    There are two things I can think of to enhance your privacy. You can set a maximum display size that's as large as you want people to be able to see (e.g. X-Large or something) instead of Original. This makes it impossible for anybody to see the full size image, even if you give them a direct link to it. Do that in the gallery where the photo is actually stored.

    You can set a password on the gallery in which your image will be displayed, in which case the images are better protected. Even if a link to the gallery accidentally gets indexed by Google, people won't be able to visit it to see the photos, since they won't have the password.
  • alaiosalaios Registered Users Posts: 668 Major grins
    edited November 14, 2013
    Hi thanks for the answer. See answers inline
    Lamah wrote: »
    "Private" means that you can only see the images when you are logged on. They're not visible to anybody else, even if you give somebody a direct link to the image. If you collect the photo into another gallery, it retains its private setting and nobody will be able to see it. This is not a very useful option.
    Well if private works like that we should be able to collect the image, there is no warning appearing !anywhere! and it very very confusing.
    I also do not get the idea of fully private the way is implemented. Which are the photos that noone ever wants to see? We capture photos to share and print at least to some point


    "
    You can set a password on the gallery in which your image will be displayed, in which case the images are better protected. Even if a link to the gallery accidentally gets indexed by Google, people won't be able to visit it to see the photos, since they won't have the password.
    Well passwords tend to change over time. If I wanted to lock a gallery back I feel safer to be able to turn it back to private, but then all my images will take the "black-sheep" tag and I wont be able to share again in the future.

    If I understand it right private has almost no use for me and everything should be unlisted or public. I know have to find a way to remove the "black-sheep" tag for the galleries I had private and want to select some of those.

    Regards
    Alex
  • thenickdudethenickdude Registered Users Posts: 1,302 Major grins
    edited November 14, 2013
    I also do not get the idea of fully private the way is implemented. Which are the photos that noone ever wants to see? We capture photos to share and print at least to some point

    Sometimes you might have galleries that you've previously uploaded that you don't want to display to the public any more. You might use SmugMug as a backup site for your photos. You can set your gallery to private while you work on the images and get them perfect, before unveiling them as public. You can show people the photos on private galleries on your iPad as a portfolio by using the SmugMug app which you log on to.
    I know have to find a way to remove the "black-sheep" tag for the galleries I had private and want to select some of those.

    Just change the privacy on those galleries to Unlisted, it's in the gallery settings.
  • alaiosalaios Registered Users Posts: 668 Major grins
    edited November 14, 2013
    Lamah wrote: »
    Sometimes you might have galleries that you've previously uploaded that you don't want to display to the public any more. You might use SmugMug as a backup site for your photos. You can set your gallery to private while you work on the images and get them perfect, before unveiling them as public. You can show people the photos on private galleries on your iPad as a portfolio by using the SmugMug app which you log on to.



    Just change the privacy on those galleries to Unlisted, it's in the gallery settings.

    Hi and what happens

    1. if I want to unveil only a part of those that are private but not make them public .. but share them through unlisted galleries?

    2. Photos that have been collected from private galleris to unlisted ones do not show up when I give link to friend. This is NOWHERE written and it caused a bit mess


    Regards
    Alex
  • denisegoldbergdenisegoldberg Administrators Posts: 14,339 moderator
    edited November 14, 2013
    alaios wrote: »
    2. Photos that have been collected from private galleris to unlisted ones do not show up when I give link to friend. This is NOWHERE written and it caused a bit mess
    It would be helpful if a message was displayed if you collect from private galleries - but the meaning of private is quite clear on the help page at http://help.smugmug.com/customer/portal/articles/1229910-new-smugmug-what-are-the-gallery-level-privacy-settings-:
    Private Galleries/Pages/Folders are TOTALLY private. They can ONLY be accessed by the logged in owner of the site. There is not a way to share a Private gallery.
    --- Denise
  • zacHer0zacHer0 Registered Users Posts: 655 Major grins
    edited November 14, 2013
    Regarding collected photos - collected photos will inherit the settings from the gallery that they came from.

    http://help.smugmug.com/customer/portal/articles/93310-how-can-i-display-photos-in-more-than-one-gallery---collecting-photos

    All photos that are collected into other galleries will honor the settings from the original gallery.
    Zac Williams
    Support Hero
  • FergusonFerguson Registered Users Posts: 1,345 Major grins
    edited November 14, 2013
    alaios wrote: »
    Hi and what happens

    1. if I want to unveil only a part of those that are private but not make them public .. but share them through unlisted galleries?

    I suspect it's not the answer you want but you can COPY from a private gallery to a public one (I haven't tried it but I assume that becomes public then).

    One thing that might help is to ask what it is you are really trying to accomplish beyond the technology. I.e. instead of specifically how private works, what business goal you have. Then probably someone here can suggest a way to accomplish it, that may be totally different than the current approach. Or maybe not. But can't hurt to try.
  • alaiosalaios Registered Users Posts: 668 Major grins
    edited November 14, 2013
    Lamah wrote: »
    Sometimes you might have galleries that you've previously uploaded that you don't want to display to the public any more. You might use SmugMug as a backup site for your photos. You can set your gallery to private while you work on the images and get them perfect, before unveiling them as public. You can show people the photos on private galleries on your iPad as a portfolio by using the SmugMug app which you log on to.



    Just change the privacy on those galleries to Unlisted, it's in the gallery settings.
    zacHer0 wrote: »
    Regarding collected photos - collected photos will inherit the settings from the gallery that they came from.

    http://help.smugmug.com/customer/portal/articles/93310-how-can-i-display-photos-in-more-than-one-gallery---collecting-photos

    and it should be added that it will update or not based on changes one does to the gallery photos came from.

    I still feel the unlisted is not safe enough to have there all my sources... I have the feeling that one might access my source files just by using random link generators. So If I want to share any of the private libraries I need to turn all those to unlisted and perhaps lock them with password. Then I can "pull" what I need with smart galleries to the gallery I want to share

    Regards
    A
  • thenickdudethenickdude Registered Users Posts: 1,302 Major grins
    edited November 14, 2013
    alaios wrote: »
    I have the feeling that one might access my source files just by using random link generators

    Unlikely, because there are 1 billion possible keys you need to guess (500 million on average) in order to see into a gallery like that, assuming that you first know what the name of the gallery is. Even if you could guess 10 URLs a second, it would take on average 1.6 years to enter an unlisted gallery by guessing URLs. I think SmugMug would notice such an attack.

    It's a lot more likely that a SmugMug bug would reveal the link to your unlisted source gallery, so your idea of putting a password on your Unlisted source gallery sounds like a good one.
  • FergusonFerguson Registered Users Posts: 1,345 Major grins
    edited November 14, 2013
    alaios wrote: »
    and it should be added that it will update or not based on changes one does to the gallery photos came from.

    I still feel the unlisted is not safe enough to have there all my sources... I have the feeling that one might access my source files just by using random link generators. So If I want to share any of the private libraries I need to turn all those to unlisted and perhaps lock them with password. Then I can "pull" what I need with smart galleries to the gallery I want to share

    Regards
    A

    This may be a language issue and if so I apologize, but it sounds like you are using Smugmug galleries as a backup for your master images. I know some people do that, but it's not really what it was designed for (in my opinion). They offer a Smugvault service (I know nothing about it other than that it exists). So I think you'll find most of the designed in features are more aimed at displaying, rather than hiding, photos. I do not mean to imply they don't have security, just that it's more in line with a store front than a safe deposit box.
  • alaiosalaios Registered Users Posts: 668 Major grins
    edited November 14, 2013
    1)and something more that is not clear... if I want to select some images through the smart galleries that I will share with friend e.t.c What if I want to edit one of the shots in the smart gallery and do not want to lose the initial one I had in the original gallery? What options do I have here?

    2)when I hide an image that is now visible through a smart gallery will this also be hidden on the source gallery? Can someone explain me how smart galleries work? Are these soft links like in linux? are these virtual copies?

    Regards
    A
  • denisegoldbergdenisegoldberg Administrators Posts: 14,339 moderator
    edited November 14, 2013
    alaios wrote: »
    and something more that is not clear... if I want to select some images through the smart galleries that I will share with friend e.t.c What if I want to edit one of the shots in the smart gallery and do not want to lose the initial one I had in the original gallery? What options do I have here?

    Regards
    A
    If you want to maintain the original image but edit it to show in the smart gallery you would need to make a copy of the image, edit the copy, and expose the copy rather than the original in the smart gallery.

    --- Denise
  • AllenAllen Registered Users Posts: 10,013 Major grins
    edited November 14, 2013
    alaios wrote: »
    ... What if I want to edit one of the shots in the smart gallery and do not want to lose the initial one I had in the original gallery? What options do I have here?
    ...
    I click download and edit photo then upload to smart gallery with different fiilename. You can add photos
    to a smart gallery not connected to anything.
    Al - Just a volunteer here having fun
    My Website index | My Blog
  • alaiosalaios Registered Users Posts: 668 Major grins
    edited November 14, 2013
    If you want to maintain the original image but edit it to show in the smart gallery you would need to make a copy of the image, edit the copy, and expose the copy rather than the original in the smart gallery.

    --- Denise


    where do you think I should do that? Typically lets say I upload 100 files to the sources directory. From there I select 40 that I want to share through a smart/virtual gallery but all the 40 of those should be edited without altering the 100 initial files. It would be far easier when editing a file that shows in the smart gallery to give me an ice pop up

    "Hey you are editing a file in thevirtual gallery. Do you want me to keep save also at the source files, or as I am start enough from nature to edit the changes only in what is shown in virtual gallery". That way I would not need to handle copies at all.

    Regards
    Alex
  • denisegoldbergdenisegoldberg Administrators Posts: 14,339 moderator
    edited November 14, 2013
    alaios wrote: »
    where do you think I should do that? Typically lets say I upload 100 files to the sources directory. From there I select 40 that I want to share through a smart/virtual gallery but all the 40 of those should be edited without altering the 100 initial files. It would be far easier when editing a file that shows in the smart gallery to give me an ice pop up

    "Hey you are editing a file in thevirtual gallery. Do you want me to keep save also at the source files, or as I am start enough from nature to edit the changes only in what is shown in virtual gallery". That way I would not need to handle copies at all.
    You can add a request to the SmugMug Feature Requests forum if you'd like.

    For now I'd suggest that you upload the 40 that you want to alter into a second gallery since there isn't currently a way to edit a photo in a virtual gallery without also changing the original.

    --- Denise
  • alaiosalaios Registered Users Posts: 668 Major grins
    edited November 15, 2013
    If you want to maintain the original image but edit it to show in the smart gallery you would need to make a copy of the image, edit the copy, and expose the copy rather than the original in the smart gallery.

    --- Denise


    Hi,
    thanks for the answer. One more way I guess is through picmonkey and when saving do not save the file. But still I believe this feature is missing, If I want to upload those 40 to a new gallery that would mean doing it at the same time as I upload all the source files. It sounds easy but is not always.. As I have a newborn at house I have less than 10 minutes every night to do this kind of work.

    Once are uploaded though it is easier to filter shots and select those 40. I do not need to keep taking the photo cameras memory card out each time (not to say to have the camera with me any time). Filtering photos online and make duplicate copies (nothing virtual like collect photos) is something needed.

    Regards
    Alex
  • alaiosalaios Registered Users Posts: 668 Major grins
    edited November 16, 2013
    The more I learn the smugmug the most annoyed I become.
    I just received an answer from the support

    http://glui.me/?i=87w7csgwy1ynj9m/2013-11-16_at_08.28.png/


    saying that I have to set those two values to yes
    if I want my smart gallery work.

    What if I want to have a smart gallery that the images are not searchable from google and other smugmug users
    ?

    Regards
    Alex
  • thenickdudethenickdude Registered Users Posts: 1,302 Major grins
    edited November 16, 2013
    Public means Public, everybody can see your photos.

    If your gallery is Unlisted, it's not searchable by either SmugMug or Google users. If it's public, it's searchable unless you explicitly turn it off with the two options you've shown.
Sign In or Register to comment.