Sorry John, I fail to understand the significance of the job titles.
Are you trying to say that these people are smart cuz of what they do ?
As Mike guessed, I'm just trying to point out that there's a wide variety of people on Smugmug, most of which are not that tech saavy, a high percentage of which have no idea what "external linking" is or how it relates to password security. I used their job titles to try to shine a light on the fact that they are not as tech saavy as many of us and come from varied backgrounds and likely will never read a line here at dgrin. If they even thought to read the various options on the gallery customization page they wouldn't know what some of them meant and wouldn't be motivated to click on the question marks to try to learn. It's not because they are smart or stupid (heck they're smarter than me about lots of other things), it's just because they haven't been exposed to a lot of the terminology or issues and don't choose to try to learn or understand anymore than they need to. They just want to share their pictures with whatever security they think is needed and learn as little as possible about the infrastructure.
Through self selection, we here at dgrin are not the average cross section of Smugmug's actual or potential customer base. We're the power users, we're the ones investing extra time to really learn how this stuff works, we're the ones who don't give up when it doesn't do exactly what we want, we're the ones who want to know what more we can do with it, we're the ones who want to learn how it all works. We're also the minority.
So ... the is just the long way of saying that my main concern is that these non-tech-saavy, non-dgrin users will set up a password on their gallery and assume that it's protected more than it is. That bothers me because the #1 design principle in security is to meet the expectations you set and I think the gallery password sets an expectation that isn't quite being met.
In the end, it's really up to Smugmug to decide if they think this matters. I started this thread to try to find out what Smugmug thought and shine a light on the issue. I'm not asking for an immediate answer. I've seen other issues that I've pressed on and seen that the first few days of the debate are important and then over time it soaks into Smugmug's thinking and then, in some future release, the functionality appears to be influenced by the debate. That would mean these forums are working and gives me a reason to keep making points like this.
Once I discovered that I could solve the problem for myself by turning off external linking on password protected galleries, this was no longer a debate about what I needed to secure my password protected galleries. It was just a fun debate about how would be the best way for it to work.
I'm passionate about making products work great and delighting customers - it's what I do in my day job. I find it fun so I try to influence some of the things I use outside of work. Thanks to dgrin, it's fairly efficient to contribute ideas for Smugmug.
As Mike guessed, I'm just trying to point out that there's a wide variety of people on Smugmug, most of which are not that tech saavy, a high percentage of which have no idea what "external linking" is or how it relates to password security. I used their job titles to try to shine a light on the fact that they are not as tech saavy as many of us and come from varied backgrounds and likely will never read a line here at dgrin. If they even thought to read the various options on the gallery customization page they wouldn't know what some of them meant and wouldn't be motivated to click on the question marks to try to learn. It's not because they are smart or stupid (heck they're smarter than me about lots of other things), it's just because they haven't been exposed to a lot of the terminology or issues and don't choose to try to learn or understand anymore than they need to. They just want to share their pictures with whatever security they think is needed and learn as little as possible about the infrastructure.
Through self selection, we here at dgrin are not the average cross section of Smugmug's actual or potential customer base. We're the power users, we're the ones investing extra time to really learn how this stuff works, we're the ones who don't give up when it doesn't do exactly what we want, we're the ones who want to know what more we can do with it, we're the ones who want to learn how it all works. We're also the minority.
So ... the is just the long way of saying that my main concern is that these non-tech-saavy, non-dgrin users will set up a password on their gallery and assume that it's protected more than it is. That bothers me because the #1 design principle in security is to meet the expectations you set and I think the gallery password sets an expectation that isn't quite being met.
In the end, it's really up to Smugmug to decide if they think this matters. I started this thread to try to find out what Smugmug thought and shine a light on the issue. I'm not asking for an immediate answer. I've seen other issues that I've pressed on and seen that the first few days of the debate are important and then over time it soaks into Smugmug's thinking and then, in some future release, the functionality appears to be influenced by the debate. That would mean these forums are working and gives me a reason to keep making points like this.
Once I discovered that I could solve the problem for myself by turning off external linking on password protected galleries, this was no longer a debate about what I needed to secure my password protected galleries. It was just a fun debate about how would be the best way for it to work.
I'm passionate about making products work great and delighting customers - it's what I do in my day job. I find it fun so I try to influence some of the things I use outside of work. Thanks to dgrin, it's fairly efficient to contribute ideas for Smugmug.
Very well put John. Reading this thread is very interesting. I am glad everyone can stay friends when the debate is over. I do believe a better explanation would be useful for the non-techies out there.
I would also say, no very technical person would ever say there is a "secure" place to put something on the Internet. There are just varying degrees of security. I do agree with you though, that people have a false sense of security when they enable the password protection feature.
I really love that you push us on these issues and bring them to the surface with so much clarity.
I have to say, however, that I've got a lot of scars on my back from our first year when setting a password also turned off external links. We had a lot of cancellations, help emails and forum flames over that. People would try SmugMug and then get publicly embarrassed when they linked to forums and red X's would appear.
Either way you configure it, you have to notify them somehow and explain the issue, and we weren't successful doing that 100% of the time when we turned off the links automatically for them. It's just so common for them to link externally and they forget even if told so it becomes a very big frustration.
I think we'd be more successful at warning them of the potential security issues but in so doing you're also creating a security issue, especially for people who have private galleries, because you're notifying a whole group of people who wouldn't have thought about a way to get into private galleries, no?
I know this is an extreme example, but for the sake of illustration, we could also warn them that people can use keystroke loggers to intercept passwords, or any number of other known hacking techniques that they wouldn't otherwise be aware of, no? And in so doing we could teach them how to hack into lots of things.
I understand the problem you have now. You have users with password protected galleries that are using external linking. Unless you want to run your support calls through the roof and lose some customers, you are stuck with supporting that configuration, probably forever.
IMO, fixing the UI way back when this was a problem to show users that private galleries was a better way to let users use Smugmug images in blogs without making the gallery easily available to the public would have been a better solution, but we are were we are, can't change history.
So ... I'm not suggesting that you force external linking off on existing password protected galleries. After all this debate, I think all I'm suggesting is that it needs to be easier and more obvious for non-tech-saavy users to password protect a gallery and not inadvertently be open to external link guessing.
At this point, it's purely a UI presentation challenge. How can the existing UI be modified to make it so non-tech-saavy users get what they expected and users who want external linking on a password protected gallery know how to make sure they get that?
So since we're stuck with supporting both kinds of password protection, conceptually, I think you just need to present two types of password protection, one I'll call "Full" which prevents all access to any image in the gallery without a password and one I'll call "Gallery" which prevents access to browsing the gallery itself without a password, but still allows direct linking without a password if someone has the full URL to the image (e.g. blog postings, forum postings, images linked in an email, etc...). I'm not suggesting that I've thought about the best way to do the actual presentation for more than 5 minutes (so I'm sure something better can be designed), but I tried to describe it here just to give you an idea of what I mean.
These should be self-explanatory enough that even a non-tech-saavy user will pick the one that matches their expectations.
Well I must admit that I had no idea that what I selected in "External Links" had any bearing on passwords, meaning I assumed any photo in a password protected gallery would be password protected, regardless of whether it was accessed via my gallery or via links. To this point, I simply left my "External Links" to "on" since my photos were protected anyway. Right? Equally, I assume "Easy Share" works the same way.
I would never think to use a password protected gallery to host a picture I wanted to make public in blogs, eBay, etc!? I use private galleries for that, and should someone find their way to my website, the passwords protect my photos from sickos out there. Right?
I guess I prove John's point, since no, my photos are not protected, since I have "External Links" ON in all my galleries. Guess I need to go thru the mind numbing process for customizing them all.
Oh and by the way, I am a computer industry professional, with IT credentials and everything. Does that matter? Not really, though, embarrassingly, Ishould understand this stuff....but I could never have guessed this behavior.
Baldy, I understand your situation 3 yrs ago, but perhaps the answer may have been to educate users in the differnces in private and protected galleries? But having been in the startup game myself, I understand your business risk here.
Um, I'm still failing to see why this is such an issue to be hyped up like it is.
1. Protect photos? From who? From what. It's a photo sharing website. Don't put any Top Secret stuff here OK? Common sense 101. Watermark it if you want to really prevent unwamted comnmercial use.
2. If the gallery is private and password protected, who knows about it? You can't browse to the photos because private prevents public browsing and password prevents gallery access.
3. This isn't giving out credit card numbers, social security numbers, or medical information. They're photos for crying out loud.
4. If you are a professional and want to make sure your work is protected, you read and understand completely before trusting a site to house your work. A lawyer or investor, or whoever comes here is doing so to share photos which probably 99% of the rest the world could care less about.
Serioulsy, your mountain is a molehill and you are really uptight.
Oh, even if you have a firewall, antivirus protection and stay away from suspect sites, you can still get hacked while connected to the internet. They call it a drive by shooting on the information highway. No one singled you out, it just was the unlucky day a sniffer found you at the wrong time.
Bottom line, nothing is completely secure or safe. You can do the best you can to avoid something bad happening, but you can't guarantee it. You can drive as safe as you want but statistics say everyone will be in at least one car wreck in their life.
And you also hit on a pet peeve of mine. Its a tech world. Either you get on the bus and learn or you stay blissfully happy being left behind and bitching about things not being easier. America is falling behind quickly because everyone wants everything done automatically or they "will take their business elsewhere." Convenience is more important to people than personal responsibility. Do you know what the biggest security threat is in the corporate world? It isn't windows security flaws, or browser secuirty holes or even viruses. The biggest security risk is the employee, because the employee can't be bothered to deal with any "tech" stuff.
Very fair post, John. One question that keeps coming to mind is, don't we have the same issue with private galleries? I'm not sure I'm understanding why the customer would be less surprised when they've chosen private if someone were able to get an URL to a photo without them giving it out.
Very fair post, John. One question that keeps coming to mind is, don't we have the same issue with private galleries? I'm not sure I'm understanding why the customer would be less surprised when they've chosen private if someone were able to get an URL to a photo without them giving it out.
In my opinion, private galleries live up to their expectations. People know that they are out there sitting on the web with no authentication required. They know that if they wanted to require authentication, they could have made that choice. When they made it private, they were just saying that they didn't want to publicly list the gallery. It's exactly like an unlisted phone number. It's not in the directory, but it's still sitting out there on the phone network. Anyone who knows it or who guesses it or who dials it by accident is going to connect to the unlisted phone number. Private galleries are exactly the same way and I think they deliver what people expect.
Now, if private galleries accidentally get in keyword indexes or Google searches or most popular image pages or other ways that people can find them besides just knowing the URL, then people will NOT feel like their expectations were met. They will feel like their unlisted phone number is not really unlisted.
Would it be better if image URLs were a lot harder to guess (e.g. more random and sparser and probably more digits). Absolutely. But, for some reason, that only bothers me with password protected galleries, not private galleries. I'm open to what other's think on this one.
Nice thread. I was actually searching dgrin here specifically to find out just what "Private" and "Secure" means with regard to galleries here at SmuMug.
As someone who found out after the fact just how much Flickr lacks in security, SmugMug looked great to me based on reading the Help pages before I subscribed. Now that I have galleries of my own up in SmugMug, I was reading the Help file on privacy abd security a little more carefully, but there is really not much to read there - it's pretty sparse.
And to be perfectly honest, I hadn't considered external linking when I password-protected some of my galleries. I don't use the linking feature at all, and I foolishly thought that such a feature as external linking would be something that I had to enable - not the other way around. That seems more like a Flickr trick! External linking is commonplace for photographers and others who want to display their photos for a large audience. However it is not as common with people who are not photographers - people who just want to make their family photos easily and immediately available to other family members and friends across the country, but not have photos of their grandchildren in the bathtub suddenly show up on in a gallery that reeks of kiddie porn. (Actually happened to me on Flickr). I don't have a website or blog - just my galleries here for family.
Still, I was looking here to see just what issues there are with private and password-protected galleries - I knew there would be some... there always are. We're all so different.
I would have discovered that external linking was on by default very shortly, but to be honest I decided to set up the galleries and get them all uploaded first; as long as they were all protected when I set them up, what's the harm? (I'm now turning off external linking for all of them as quickly as I can!)
I think at this point that the best - and hopefully easiest for SmugMug staff - would be a simple note in the Gallery Configuration screen that offers to turn off external linking for password-protected galleries. I agree with some posters that I would never have suspected users here to link to password-protected images. It kind of defeats the purpose of passwords. But the fact is, it's way too late to change that, and I would be happy with much clearer direction in both the Help file and the Configure Gallery pages.
Nice thread. I was actually searching dgrin here specifically to find out just what "Private" and "Secure" means with regard to galleries here at SmuMug.
As someone who found out after the fact just how much Flickr lacks in security, SmugMug looked great to me based on reading the Help pages before I subscribed. Now that I have galleries of my own up in SmugMug, I was reading the Help file on privacy abd security a little more carefully, but there is really not much to read there - it's pretty sparse.
And to be perfectly honest, I hadn't considered external linking when I password-protected some of my galleries. I don't use the linking feature at all, and I foolishly thought that such a feature as external linking would be something that I had to enable - not the other way around. That seems more like a Flickr trick! External linking is commonplace for photographers and others who want to display their photos for a large audience. However it is not as common with people who are not photographers - people who just want to make their family photos easily and immediately available to other family members and friends across the country, but not have photos of their grandchildren in the bathtub suddenly show up on in a gallery that reeks of kiddie porn. (Actually happened to me on Flickr). I don't have a website or blog - just my galleries here for family.
Still, I was looking here to see just what issues there are with private and password-protected galleries - I knew there would be some... there always are. We're all so different.
I would have discovered that external linking was on by default very shortly, but to be honest I decided to set up the galleries and get them all uploaded first; as long as they were all protected when I set them up, what's the harm? (I'm now turning off external linking for all of them as quickly as I can!)
I think at this point that the best - and hopefully easiest for SmugMug staff - would be a simple note in the Gallery Configuration screen that offers to turn off external linking for password-protected galleries. I agree with some posters that I would never have suspected users here to link to password-protected images. It kind of defeats the purpose of passwords. But the fact is, it's way too late to change that, and I would be happy with much clearer direction in both the Help file and the Configure Gallery pages.
Yes. PLEASE make the default SM security settings to secure my photos.
Alternatively could you separate security settings from the other customization "features" (e.g. allow original, printing, etc.)?
or create a new default security level which would allow me to create my own personal default once (with all the settings). This was I would know that any galleries I create will have the same settings. Meaning that the "smugmug default" template won't be the default option.
I would like my DEFAULT setting to be private, password protected, NO external links for ALL my galleries.
J-Mac,
You understand that private is not really private, right? Its just not linked from your "home page". That is one area that really needs better documentation and frankly should really be fixed ASAP.
Have you tried using the bulk gallery setting? You can fix all your galleries at once.
1) Create a template with the settings you would like to use
2) Select customize a gallery
3) At the top of the page select bulk settings
4) Select all of your galleries (or the ones you want to change)
5) Select the template with the settings from #1
6) Select Apply
I edit any "over-exposed" photos of my girl (even the cute bath photos) and delete the original. Can never be too careful considering the creeps in the world.
stop helping the creeps
this topic drives me crazy, I just had one puke today using Smugmug's search to find "Kids in Water" ... real nice... let me opt out of Smugmug's Public Search and Browse.
I know people can use google, but I only see a fraction of these kind of searchs coming from google.
also, be aware that "Smugmug search" allows the public to search your real name from your account settings screen, regardless of which option you choose as your display name.... google doesn't even have access to this! ds.jpg
this topic drives me crazy, I just had one puke today using Smugmug's search to find "Kids in Water" ... real nice... let me opt out of Smugmug's Public Search and Browse.
I know people can use google, but I only see a fraction of these kind of searchs coming from google.
also, be aware that "Smugmug search" allows the public to search your real name from your account settings screen, regardless of which option you choose as your display name.... google doesn't even have access to this! ds.jpg
Wow. Pretty bad, though I guess you have to expect that on the web. Even so, it never ceases to amaze me when I see stuff like that.
On Flickr I had my galleries up for less than four hours when I found the links from my granddaughters' pics to other users who already had them on their obscee pages. I used to have a family website up on its own domain and had to remove all the photo galleries - better security notwithstanding, my daughters were really upset when they found out what some people do with child photos on the web.
Thus far I have found SM's security to be better than any other online photo site. Sure, we're picking about this and that here, but it does allow for much better security than any other one I've tried. I can actually manage to secure my photos, if I wish, about as well as is possible on the Internet at this time. Everything else is just icing on this cake.
my daughters were really upset when they found out what some people do with child photos on the web.
. . .
Anyway, back on-topic here for a sec.
I liked the fact that if I make my Gallery password protected, but still enable external linking, it works just like that. The gallery is password protected, but I can still select an image or two and link to it, as I've done in this forum actually.
I liked the fact that if I make my Gallery password protected, but still enable external linking, it works just like that. The gallery is password protected, but I can still select an image or two and link to it, as I've done in this forum actually.
And still on topic, I don't believe that anyone has suggested that this change.
I liked the fact that if I make my Gallery password protected, but still enable external linking, it works just like that. The gallery is password protected, but I can still select an image or two and link to it, as I've done in this forum actually.
The problem with that is that someone can access ALL your images in that gallery not just the one or two you want the world to see. This is remarkably easy since 1) SM uses continous numbers for photos and 2) most people load a gallery at the same time.
My personal solution is to have a "Public" gallery and copy photos I want to share into that gallery. All my other galleries are locked down.
Hmm, I hadn't considered that.
Maybe they should change and use GUIDs? No one every types in those numbers by hand, right? (Unless they're trying to probe around in your linked-but-private photos.
The problem with that is that someone can access ALL your images in that gallery not just the one or two you want the world to see. This is remarkably easy since 1) SM uses continous numbers for photos and 2) most people load a gallery at the same time.
My personal solution is to have a "Public" gallery and copy photos I want to share into that gallery. All my other galleries are locked down.
How about this: (this is actually what i do) Have one separate gallery for the photos you like to post on blogs, forums etc. Usually you only post one or two at a time, so the numbering problem is solved. Also if you delete photos or galleries from your 'normal' galleries, you don't have to worry about your links braking. It also gives me a gallery in which i can put up examples i used for demonstrating people on things, or giving screenshots, things that i don't really need in any of my viewable galleries. (this last one was actually a major reason for me to go this way, since i keep most of my pictures public and not-passworded anyway)
This will keep your 'normal' galleries totally separate from your linked, and allows you to do whatever you want to do with them.
How about this: (this is actually what i do) Have one separate gallery for the photos you like to post on blogs, forums etc. Usually you only post one or two at a time, so the numbering problem is solved. Also if you delete photos or galleries from your 'normal' galleries, you don't have to worry about your links braking. It also gives me a gallery in which i can put up examples i used for demonstrating people on things, or giving screenshots, things that i don't really need in any of my viewable galleries. (this last one was actually a major reason for me to go this way, since i keep most of my pictures public and not-passworded anyway)
This will keep your 'normal' galleries totally separate from your linked, and allows you to do whatever you want to do with them.
yep. That is basically what I do. I leave it public so I can see if things like maps and sorting by date work (If I protect photos I lose all these features).
Of course you could also make another gallery which is private but not password protected (I assume is what you are suggesting?).
I was pointing out to Nimai possible loopholes in his photo sharing.
yep. That is basically what I do. I leave it public so I can see if things like maps and sorting by date work (If I protect photos I lose all these features).
Of course you could also make another gallery which is private but not password protected (I assume is what you are suggesting?).
I was pointing out to Nimai possible loopholes in his photo sharing.
It wasn't really specifically addressed to you, i just hit a reply button
Yes, a private gallery is what i meant. Password protected or not, it doesn't really matter for me, since i will always be viewing the gallery when logged in, so i don't need a password for specific galleries anyway. Also, when linked as www.smugmug.com/photos/XXXXXX-X.jpg i don't think it is possible for anyone to go into the gallery that way. And even if they would, i don't mind, i made the photos public anyway.
Also, what i meant to say with my previous post, is that you could set all galleries to 'no-external-linking' by use of a template, so you wouldn't have to worry about what galleries you couldn't set because you want to link one or more photos. This in relation to how the thread started
How about this: (this is actually what i do) Have one separate gallery for the photos you like to post on blogs, forums etc.
This is actually what I do too. Only I use a pbase account for my blog/forum posts. It's like $20 a year and perfect for this kind of thing. Those galleries could get wiped out and it wouldn't be too brutal since I have most everything backed up and posted in different places-- like smugmug. And best of all, my pbase and smugmug sites are completely different accounts that don't point to each other at all... a person snooping one is very unlikely to snoop the other.
This is actually what I do too. Only I use a pbase account for my blog/forum posts. It's like $20 a year and perfect for this kind of thing. Those galleries could get wiped out and it wouldn't be too brutal since I have most everything backed up and posted in different places-- like smugmug. And best of all, my pbase and smugmug sites are completely different accounts that don't point to each other at all... a person snooping one is very unlikely to snoop the other.
I'm not sure why you need two different accounts for this. I just put all my blog/forum linked images into one of two private galleries on SmugMug. One gallery is where I put things that it's OK for people to get to originals. The other has originals locked down. Since SmugMug has unlimited storage and nobody gets to browse this gallery from my home page, I never have to worry about cleaning up either of these galleries. I just add images to them over time and pass out those links. I never have to clean anything up.
Meanwhile, I'm free to manage my publicly available images however I see fit because they don't contain any images I did external linking to.
I'm not sure why you need two different accounts for this. I just put all my blog/forum linkied images into one of two private galleries on SmugMug. One gallery is where I put things that it's OK for people to get to originals. The other has originals locked down. Since SmugMug has unlimited storage and nobody gets to browse this gallery from my home page, I never have to worry about cleaning up either of these galleries. I just add images to them over time and pass out those links. I never have to clean anything up.
Meanwhile, I'm free to manage my publicly available images however I see fit because they don't contain any images I did external linking to.
Why do you need a separate account to do this?
this is what i do too...seems to be the consensus.
Comments
As Mike guessed, I'm just trying to point out that there's a wide variety of people on Smugmug, most of which are not that tech saavy, a high percentage of which have no idea what "external linking" is or how it relates to password security. I used their job titles to try to shine a light on the fact that they are not as tech saavy as many of us and come from varied backgrounds and likely will never read a line here at dgrin. If they even thought to read the various options on the gallery customization page they wouldn't know what some of them meant and wouldn't be motivated to click on the question marks to try to learn. It's not because they are smart or stupid (heck they're smarter than me about lots of other things), it's just because they haven't been exposed to a lot of the terminology or issues and don't choose to try to learn or understand anymore than they need to. They just want to share their pictures with whatever security they think is needed and learn as little as possible about the infrastructure.
Through self selection, we here at dgrin are not the average cross section of Smugmug's actual or potential customer base. We're the power users, we're the ones investing extra time to really learn how this stuff works, we're the ones who don't give up when it doesn't do exactly what we want, we're the ones who want to know what more we can do with it, we're the ones who want to learn how it all works. We're also the minority.
So ... the is just the long way of saying that my main concern is that these non-tech-saavy, non-dgrin users will set up a password on their gallery and assume that it's protected more than it is. That bothers me because the #1 design principle in security is to meet the expectations you set and I think the gallery password sets an expectation that isn't quite being met.
In the end, it's really up to Smugmug to decide if they think this matters. I started this thread to try to find out what Smugmug thought and shine a light on the issue. I'm not asking for an immediate answer. I've seen other issues that I've pressed on and seen that the first few days of the debate are important and then over time it soaks into Smugmug's thinking and then, in some future release, the functionality appears to be influenced by the debate. That would mean these forums are working and gives me a reason to keep making points like this.
Once I discovered that I could solve the problem for myself by turning off external linking on password protected galleries, this was no longer a debate about what I needed to secure my password protected galleries. It was just a fun debate about how would be the best way for it to work.
I'm passionate about making products work great and delighting customers - it's what I do in my day job. I find it fun so I try to influence some of the things I use outside of work. Thanks to dgrin, it's fairly efficient to contribute ideas for Smugmug.
Homepage • Popular
JFriend's javascript customizations • Secrets for getting fast answers on Dgrin
Always include a link to your site when posting a question
Very well put John. Reading this thread is very interesting. I am glad everyone can stay friends when the debate is over. I do believe a better explanation would be useful for the non-techies out there.
I would also say, no very technical person would ever say there is a "secure" place to put something on the Internet. There are just varying degrees of security. I do agree with you though, that people have a false sense of security when they enable the password protection feature.
Glass: >Sigma 17-35mm,f2.8-4 DG >Tamron 28-75mm,f2.8 >Canon 100mm 2.8 Macro >Canon 70-200mm,f2.8L IS >Canon 200mm,f2.8L
Flash: >550EX >Sigma EF-500 DG Super >studio strobes
Sites: Jim Mitte Photography - Livingston Sports Photos - Brighton Football Photos
I understand the problem you have now. You have users with password protected galleries that are using external linking. Unless you want to run your support calls through the roof and lose some customers, you are stuck with supporting that configuration, probably forever.
IMO, fixing the UI way back when this was a problem to show users that private galleries was a better way to let users use Smugmug images in blogs without making the gallery easily available to the public would have been a better solution, but we are were we are, can't change history.
So ... I'm not suggesting that you force external linking off on existing password protected galleries. After all this debate, I think all I'm suggesting is that it needs to be easier and more obvious for non-tech-saavy users to password protect a gallery and not inadvertently be open to external link guessing.
At this point, it's purely a UI presentation challenge. How can the existing UI be modified to make it so non-tech-saavy users get what they expected and users who want external linking on a password protected gallery know how to make sure they get that?
So since we're stuck with supporting both kinds of password protection, conceptually, I think you just need to present two types of password protection, one I'll call "Full" which prevents all access to any image in the gallery without a password and one I'll call "Gallery" which prevents access to browsing the gallery itself without a password, but still allows direct linking without a password if someone has the full URL to the image (e.g. blog postings, forum postings, images linked in an email, etc...). I'm not suggesting that I've thought about the best way to do the actual presentation for more than 5 minutes (so I'm sure something better can be designed), but I tried to describe it here just to give you an idea of what I mean.
These should be self-explanatory enough that even a non-tech-saavy user will pick the one that matches their expectations.
Homepage • Popular
JFriend's javascript customizations • Secrets for getting fast answers on Dgrin
Always include a link to your site when posting a question
I would never think to use a password protected gallery to host a picture I wanted to make public in blogs, eBay, etc!? I use private galleries for that, and should someone find their way to my website, the passwords protect my photos from sickos out there. Right?
I guess I prove John's point, since no, my photos are not protected, since I have "External Links" ON in all my galleries. Guess I need to go thru the mind numbing process for customizing them all.
Oh and by the way, I am a computer industry professional, with IT credentials and everything. Does that matter? Not really, though, embarrassingly, I should understand this stuff....but I could never have guessed this behavior.
Baldy, I understand your situation 3 yrs ago, but perhaps the answer may have been to educate users in the differnces in private and protected galleries? But having been in the startup game myself, I understand your business risk here.
1. Protect photos? From who? From what. It's a photo sharing website. Don't put any Top Secret stuff here OK? Common sense 101. Watermark it if you want to really prevent unwamted comnmercial use.
2. If the gallery is private and password protected, who knows about it? You can't browse to the photos because private prevents public browsing and password prevents gallery access.
3. This isn't giving out credit card numbers, social security numbers, or medical information. They're photos for crying out loud.
4. If you are a professional and want to make sure your work is protected, you read and understand completely before trusting a site to house your work. A lawyer or investor, or whoever comes here is doing so to share photos which probably 99% of the rest the world could care less about.
Serioulsy, your mountain is a molehill and you are really uptight.
Oh, even if you have a firewall, antivirus protection and stay away from suspect sites, you can still get hacked while connected to the internet. They call it a drive by shooting on the information highway. No one singled you out, it just was the unlucky day a sniffer found you at the wrong time.
Bottom line, nothing is completely secure or safe. You can do the best you can to avoid something bad happening, but you can't guarantee it. You can drive as safe as you want but statistics say everyone will be in at least one car wreck in their life.
And you also hit on a pet peeve of mine. Its a tech world. Either you get on the bus and learn or you stay blissfully happy being left behind and bitching about things not being easier. America is falling behind quickly because everyone wants everything done automatically or they "will take their business elsewhere." Convenience is more important to people than personal responsibility. Do you know what the biggest security threat is in the corporate world? It isn't windows security flaws, or browser secuirty holes or even viruses. The biggest security risk is the employee, because the employee can't be bothered to deal with any "tech" stuff.
<img src="https://us.v-cdn.net/6029383/emoji/clap.gif" border="0" alt="" >clap<img src="https://us.v-cdn.net/6029383/emoji/clap.gif" border="0" alt="" >
The voice of reason...and sanity
SmugMug API Developer
My Photos
In my opinion, private galleries live up to their expectations. People know that they are out there sitting on the web with no authentication required. They know that if they wanted to require authentication, they could have made that choice. When they made it private, they were just saying that they didn't want to publicly list the gallery. It's exactly like an unlisted phone number. It's not in the directory, but it's still sitting out there on the phone network. Anyone who knows it or who guesses it or who dials it by accident is going to connect to the unlisted phone number. Private galleries are exactly the same way and I think they deliver what people expect.
Now, if private galleries accidentally get in keyword indexes or Google searches or most popular image pages or other ways that people can find them besides just knowing the URL, then people will NOT feel like their expectations were met. They will feel like their unlisted phone number is not really unlisted.
Would it be better if image URLs were a lot harder to guess (e.g. more random and sparser and probably more digits). Absolutely. But, for some reason, that only bothers me with password protected galleries, not private galleries. I'm open to what other's think on this one.
Homepage • Popular
JFriend's javascript customizations • Secrets for getting fast answers on Dgrin
Always include a link to your site when posting a question
As someone who found out after the fact just how much Flickr lacks in security, SmugMug looked great to me based on reading the Help pages before I subscribed. Now that I have galleries of my own up in SmugMug, I was reading the Help file on privacy abd security a little more carefully, but there is really not much to read there - it's pretty sparse.
And to be perfectly honest, I hadn't considered external linking when I password-protected some of my galleries. I don't use the linking feature at all, and I foolishly thought that such a feature as external linking would be something that I had to enable - not the other way around. That seems more like a Flickr trick! External linking is commonplace for photographers and others who want to display their photos for a large audience. However it is not as common with people who are not photographers - people who just want to make their family photos easily and immediately available to other family members and friends across the country, but not have photos of their grandchildren in the bathtub suddenly show up on in a gallery that reeks of kiddie porn. (Actually happened to me on Flickr). I don't have a website or blog - just my galleries here for family.
Still, I was looking here to see just what issues there are with private and password-protected galleries - I knew there would be some... there always are. We're all so different.
I would have discovered that external linking was on by default very shortly, but to be honest I decided to set up the galleries and get them all uploaded first; as long as they were all protected when I set them up, what's the harm? (I'm now turning off external linking for all of them as quickly as I can!)
I think at this point that the best - and hopefully easiest for SmugMug staff - would be a simple note in the Gallery Configuration screen that offers to turn off external linking for password-protected galleries. I agree with some posters that I would never have suspected users here to link to password-protected images. It kind of defeats the purpose of passwords. But the fact is, it's way too late to change that, and I would be happy with much clearer direction in both the Help file and the Configure Gallery pages.
Yes. PLEASE make the default SM security settings to secure my photos.
Alternatively could you separate security settings from the other customization "features" (e.g. allow original, printing, etc.)?
or create a new default security level which would allow me to create my own personal default once (with all the settings). This was I would know that any galleries I create will have the same settings. Meaning that the "smugmug default" template won't be the default option.
I would like my DEFAULT setting to be private, password protected, NO external links for ALL my galleries.
J-Mac,
You understand that private is not really private, right? Its just not linked from your "home page". That is one area that really needs better documentation and frankly should really be fixed ASAP.
Have you tried using the bulk gallery setting? You can fix all your galleries at once.
1) Create a template with the settings you would like to use
2) Select customize a gallery
3) At the top of the page select bulk settings
4) Select all of your galleries (or the ones you want to change)
5) Select the template with the settings from #1
6) Select Apply
I edit any "over-exposed" photos of my girl (even the cute bath photos) and delete the original. Can never be too careful considering the creeps in the world.
smugmug nickname: mpmcleod
http://www.michaelmcleod.com/
this topic drives me crazy, I just had one puke today using Smugmug's search to find "Kids in Water" ... real nice... let me opt out of Smugmug's Public Search and Browse.
I know people can use google, but I only see a fraction of these kind of searchs coming from google.
also, be aware that "Smugmug search" allows the public to search your real name from your account settings screen, regardless of which option you choose as your display name.... google doesn't even have access to this!
ds.jpg
On Flickr I had my galleries up for less than four hours when I found the links from my granddaughters' pics to other users who already had them on their obscee pages. I used to have a family website up on its own domain and had to remove all the photo galleries - better security notwithstanding, my daughters were really upset when they found out what some people do with child photos on the web.
Thus far I have found SM's security to be better than any other online photo site. Sure, we're picking about this and that here, but it does allow for much better security than any other one I've tried. I can actually manage to secure my photos, if I wish, about as well as is possible on the Internet at this time. Everything else is just icing on this cake.
Anyway, back on-topic here for a sec.
I liked the fact that if I make my Gallery password protected, but still enable external linking, it works just like that. The gallery is password protected, but I can still select an image or two and link to it, as I've done in this forum actually.
The problem with that is that someone can access ALL your images in that gallery not just the one or two you want the world to see. This is remarkably easy since 1) SM uses continous numbers for photos and 2) most people load a gallery at the same time.
My personal solution is to have a "Public" gallery and copy photos I want to share into that gallery. All my other galleries are locked down.
smugmug nickname: mpmcleod
http://www.michaelmcleod.com/
Maybe they should change and use GUIDs? No one every types in those numbers by hand, right? (Unless they're trying to probe around in your linked-but-private photos.
How about this: (this is actually what i do) Have one separate gallery for the photos you like to post on blogs, forums etc. Usually you only post one or two at a time, so the numbering problem is solved. Also if you delete photos or galleries from your 'normal' galleries, you don't have to worry about your links braking. It also gives me a gallery in which i can put up examples i used for demonstrating people on things, or giving screenshots, things that i don't really need in any of my viewable galleries. (this last one was actually a major reason for me to go this way, since i keep most of my pictures public and not-passworded anyway)
This will keep your 'normal' galleries totally separate from your linked, and allows you to do whatever you want to do with them.
www.ivarborst.nl & smugmug
yep. That is basically what I do. I leave it public so I can see if things like maps and sorting by date work (If I protect photos I lose all these features).
Of course you could also make another gallery which is private but not password protected (I assume is what you are suggesting?).
I was pointing out to Nimai possible loopholes in his photo sharing.
smugmug nickname: mpmcleod
http://www.michaelmcleod.com/
Yes, a private gallery is what i meant. Password protected or not, it doesn't really matter for me, since i will always be viewing the gallery when logged in, so i don't need a password for specific galleries anyway. Also, when linked as www.smugmug.com/photos/XXXXXX-X.jpg i don't think it is possible for anyone to go into the gallery that way. And even if they would, i don't mind, i made the photos public anyway.
Also, what i meant to say with my previous post, is that you could set all galleries to 'no-external-linking' by use of a template, so you wouldn't have to worry about what galleries you couldn't set because you want to link one or more photos. This in relation to how the thread started
www.ivarborst.nl & smugmug
This is actually what I do too. Only I use a pbase account for my blog/forum posts. It's like $20 a year and perfect for this kind of thing. Those galleries could get wiped out and it wouldn't be too brutal since I have most everything backed up and posted in different places-- like smugmug. And best of all, my pbase and smugmug sites are completely different accounts that don't point to each other at all... a person snooping one is very unlikely to snoop the other.
Portland, Oregon Photographer Pete Springer
website blog instagram facebook g+
I'm not sure why you need two different accounts for this. I just put all my blog/forum linked images into one of two private galleries on SmugMug. One gallery is where I put things that it's OK for people to get to originals. The other has originals locked down. Since SmugMug has unlimited storage and nobody gets to browse this gallery from my home page, I never have to worry about cleaning up either of these galleries. I just add images to them over time and pass out those links. I never have to clean anything up.
Meanwhile, I'm free to manage my publicly available images however I see fit because they don't contain any images I did external linking to.
Why do you need a separate account to do this?
Homepage • Popular
JFriend's javascript customizations • Secrets for getting fast answers on Dgrin
Always include a link to your site when posting a question