Any way you can set up a quick "for it" or "against it" poll so we can see which way people are leaning without having to read 7 pages here? That might be pretty useful....thanks!
Any way you can set up a quick "for it" or "against it" poll so we can see which way people are leaning without having to read 7 pages here? That might be pretty useful....thanks!
I also think this would be a great idea if you could create a poll. Also, can't wait to hear your newest ideas, Don, but I'm definitely all for any speed improvement - I definitely feel it from time to time in NYC (and STL as well). Thanks and great work!
Polls are a problem for smugmug decion making as these forums are highly biased for the pro side. Pro´s usually have public galleires and very diferent needs from private "family photo" clients. Smugmug should consider the argumets and make decisions based on their own company strategy towards the different markets they serve. Smugmug is an extremely open and participative business but unfortunately there are situations where democracy just doesn´t work (especially biased democracy). Businesses are one of them.
Ummm..may not be good for me
I have,or at least I am in the process of setting up a Pro site.
My site also contains a password protected gallery which contains photos of just my friends and family members.
My friends & family members are thr only ones that have the password to this gallery and if it were to be 'open' instead of password protected I would have to remove all the photos there as I certainly don't want these photos available to anyone but the above groups of the photos.
I have,or at least I am in the process of setting up a Pro site.
My site also contains a password protected gallery which contains photos of just my friends and family members.
My friends & family members are thr only ones that have the password to this gallery and if it were to be 'open' instead of password protected I would have to remove all the photos there as I certainly don't want these photos available to anyone but the above groups of the photos.
Thanks,
Art Guertin
Can you not put these photos in an unlisted gallery, and send the URL to your friends and family? So because it is unlisted, theoretically, none of your "clients" would be able to view the photos....unless of course they can figure out the unlisted gallery URL....however, many have said that would be more difficult than figuring out your password for your password protected galleries.
I have,or at least I am in the process of setting up a Pro site.
My site also contains a password protected gallery which contains photos of just my friends and family members.
My friends & family members are thr only ones that have the password to this gallery and if it were to be 'open' instead of password protected I would have to remove all the photos there as I certainly don't want these photos available to anyone but the above groups of the photos.
Thanks,
Art Guertin
The only discussion going on here is not password-protecting thumbnails. And even if they're not password protected, as was said just above, figuring out the URLs to each and every thumbnail is near-impossible.
The only discussion going on here is not password-protecting thumbnails. And even if they're not password protected, as was said just above, figuring out the URLs to each and every thumbnail is near-impossible.
Plus, thumbnails from galleries with external links set to off, are also affected. They would be accessible as well.
Thought from another land...
I personally vote yes on this change.
I know first hand the cost of "permissions" checking done on each and every request. I work for a company which does Electronic Medical Records - and there is a noticeable performance impact that we incur resulting from all the permissions checking that we have to do, but I digress...
I suppose this is one way of looking at it, but in your scenario, the "bad person" who had your old password would have had to be very diligent at copying down each and every URL in your gallery.
The "bad person" could get this information from the browser history/cache (at least for some browsers). I don't think this would be very tedious.
Sounds like a go maybe?
Well, I do use passworded galleries. And I DON'T want folks accessing passworded thumbs without authorization. But (though I'm not 100% clear on the technical) it seems to me the proposed scheme may work better than the current one simply because it will be just as secure while improving access speeds.
vote no
Like micki and acquadicvideographer previously, I'd like the ability to lock down a gallery from "all" viewers - no thumbs runnin' around out there.
That's the reason I just joined - and if I cannot lock them totally, I'll probably
cancel. I'd like to assure people their contact sheets are totally secure.
Not every image is for sale or for public consumption.
Also, in the past, I've had stuff stolen and offered for sale. A thumb is
enough for someone to grab and falsely copyright.
Personally, I agree with whoever said that the URL's that SM uses for all these images, including thumbs, are probably more difficult for someone to guess than the passwords that most people use.
And even if some malicious soul tried and tried and tried and tried and tried and FINALLY hit pay dirt and actually guessed one of your URL's, their prize for all of their hard work is some random thumbnail image. Seems unlikely that anyone would even bother.
Like micki and acquadicvideographer previously, I'd like the ability to lock down a gallery from "all" viewers - no thumbs runnin' around out there.
That's the reason I just joined - and if I cannot lock them totally, I'll probably
cancel. I'd like to assure people their contact sheets are totally secure.
Not every image is for sale or for public consumption.
Also, in the past, I've had stuff stolen and offered for sale. A thumb is
enough for someone to grab and falsely copyright.
Do you understand the change that is being discussed? Do you realize that anybody that has access to your thumbnails now can save them and do anything they want with them? Do you understand that your unlisted and password protected galleries will continue to be unlisted and password protected? For any of your thumbnails to become visible, somebody would need to have access to them to begin with. That person could share the URL to a thumbnail with somebody that does not have access to the gallery that thumbnail is in. But right now, that person could either download the thumbnail and share it directly, or they could share the password to the gallery.
I honestly don't understand the opposition to this change. Nothing that you share on the internet is "secure." If you never share the URL to an unlisted gallery or never share the password to a password protected gallery (and use something hard to guess), the gallery is secure. This change doesn't affect any of that.
Personally, I agree with whoever said that the URL's that SM uses for all these images, including thumbs, are probably more difficult for someone to guess than the passwords that most people use.
And even if some malicious soul tried and tried and tried and tried and tried and FINALLY hit pay dirt and actually guessed one of your URL's, their prize for all of their hard work is some random thumbnail image. Seems unlikely that anyone would even bother.
Do you understand the change that is being discussed? Do you realize that anybody that has access to your thumbnails now can save them and do anything they want with them?
I trust the people who have access to my galleries. That´s why they have the password to the galleries. I don´t trust people who don´t have access to my galleires, that is, don´t have the passwords. I don´t want them accessing my thumbnails.
Do you understand that your unlisted and password protected galleries will continue to be unlisted and password protected? For any of your thumbnails to become visible, somebody would need to have access to them to begin with.
Not true. Thumbails today are URL protected AND password protected. With the change they become only URL protected. Even though URL protection prevents users and even robots guessing addresses, they don´t prevent caches from storing / manipulating your images. Do you know/trust everyone who runs internet caches? I don´t. I trust smugmug, not the rest of the internet.
That person could share the URL to a thumbnail with somebody that does not have access to the gallery that thumbnail is in. But right now, that person could either download the thumbnail and share it directly, or they could share the password to the gallery.
Again, I trust the people who have access to my images/thumbnails today. That will change if this modification comes into production.
I honestly don't understand the opposition to this change. Nothing that you share on the internet is "secure." If you never share the URL to an unlisted gallery or never share the password to a password protected gallery (and use something hard to guess), the gallery is secure. This change doesn't affect any of that.
It does affect that. It makes thumbnails publically accessible. Hard to find but publically accessible. That is a change and precisely the change that is being discussed.
I suppose this is one way of looking at it, but in your scenario, the "bad person" who had your old password would have had to be very diligent at copying down each and every URL in your gallery.
It's far more likely he would have just saved your photos instead, since that's both simpler and fool-proof.
You're desire to forgo security needs / concerns of your customers is unfortunate. I understand your technical issues on this matter, but in this case you may really want to seek legal council over your proposed idea. In particular how this may impact people who have pictures of minors (sports, school events etc.) on their site.
My challenge still stands. FB uses the same methods as is being proposed here. If anyone or anyone they know can find the other image that is in the same album your point will be proven. Though I will tell you finding out my password will be easier.
What is the point? Right now images may be transmitted http headers that say "no caching" but this does not stop anyone from doing it. Browsers can choose not to follow the rules, proxies can be broken and cache when they should not. For those not trusting the "internet" these things are real - real concerns for you and you have no control over them.
From a different side. How it stands now: Alice has the password, she can see the images. Anyone between Alice and SM can capture and cache the image, or the image will be saved to the disk of the computer. Bob could get the image anywhere along the lines. Alice looking to share an image with Charley instead sends him a link to the original sized image (not the page). He cannot see it b/c the image is passworded. He tells Alice this and she sends him the password really wanting him to see the picture. The photographer has lost control again.
Proposed: Bob can still sniff something out like before - nothing has changed. Charley would still have to be sent the password - the image is the original. Control is lost again. But, now Alice gets clever...she sends him the url of the thumbnail instead of the password to the gallery (assuming that a common person knows this change has happened) and now he can see only the thumbnail - instead of the whole gallery...whew disaster was averted there.
Recourse to current implementation: There is noting you can do about Bob. But there is something you can do about Charley (assuming you know Charley can see - which is a big assumption). Change the password. But now if Alice wants to see the pictures again - and you want her to - you have to give her the new password , but with a strict warning about sharing. People are people - they will do as they please and there is nothing stopping Alice other then you changing the password again and not gving it to her (apart from some legal thing you could possibly cook up).
Recourse to the proposal: Bob is still in the clear as there is nothing you can do. Charley can be locked out (if he has the password) by changing the password like before. But this time he is smart, he has all the thumbnail urls saved (wrote a program ) so he can still see them (really if he were this good he should just download all the images). So you are worried about the thumbnails - well SM could provide a "Scramble Keys" option (hint hint) which would - well you guessed it - make the thumbnails secure from Charley again - hey it could even be apart of the "Change gallery password" option.
To be honest - Charley - download the images and save them if you are going to be locked out (turning JS off is not too hard and any $0.02 programmer can download them no matter how hard you "protect" them from drive bys). the feasibility that Bob cares - well the word does not center around your pictures and if it does SM is not the place to put them - The New York Times or something similar is.
Ok so now it is your turn - Bob find my image . Don't care most don't about your images either. The people who do are the people who can use social engineering to get to them faster then guessing the password or guessing the url to a single image.
Please don't get me started on cookie capturing over wi-fi - which is trivial. People you gain nothing from the way things are now other then a slower experience for your customers - and this makes a big difference. If print sales are what you are after then experience is almost everything - not the availability of thumbnail sized images to Jane, Bob or Jim.
Hiagh~ You don't have the password to my FB account. I challenge you to get that second image - I have given you a bread crumb to get you started. You have the advantage caching is playing in your favor over what SM is going to do. I will accept any publications (blog posts, forum posts, I don't care) which show a feasible approach to finding that image to - other then brute forcing the numbers (which is infeasible). I help more, here is the album: http://www.facebook.com/album.php?aid=2035324
Skedee~ The security concerns are the same - share the password or share the *thumbnail* url. The password is shorter, likely easier to remember and well - it allow you to see the whole gallery. You are still subject to Bob's attacks in the current scheme (see above) - to which you currently cannot protect against. Knowing that can you keep going - you now know these risks and now knowing them is a passworded gallery sufficient with what you are trying to give people/saying you are giving people? With or without this change the parents should be informed of the security risks involved - especially with sharing that password with others (sorry grandma).
Everyone~ Right now what you believe is safe is only as safe as you are willing ot believe it is and it seems may thing it is "safe". This change does not affect many of the security holes that are present *now*. I would argue that the problems now are much greater and more real (sharin that password) then the possible problems that might happen with this change.
Looking back I have been a jerk in some of this post - I am sorry. In security analysis you start with majors and work down. The level we are fighting over is much farther down then the other problems I have talked about. We can geep going over this but i want to point out the other flaws while we are at it.
You're desire to forgo security needs / concerns of your customers is unfortunate.
Whoa, there. Not to harsh on you, but if Don wanted to forego anything, he would have made the change a month ago without consulting his customers and been done with it. I believe his willingness to open the idea up for discussion points to his respect for us.
I never would have guessed that a discussion about nearly-impossible-to-locate THUMBNAILS would draw so much ire. If someone can take the time to guess the URLs of your thumbnails (nearly impossible)... they deserve to have them.
Even if they do get them.... blowing them up and using them in print is just not feasible:
Thumbnail (1in x 1in):
Stolen and blown up to (3in x 3in) (saved at max quality):
And, the fact is, if anyone is out looking to steal images, they won't be randomly typing letters and numbers into their address bar, hoping to hit paydirt. They are going to go to http://images.google.com and do a search for whatever they need and steal it from there, watermarked or not.
Whoa, there. Not to harsh on you, but if Don wanted to forego anything, he would have made the change a month ago without consulting his customers and been done with it. I believe his willingness to open the idea up for discussion points to his respect for us.
I got your attention. Smugmug apparently has over 300,000 customers. This proposed change will impact a large number of those customers not to mention future customers. If I was a competitor (ie Zenfolio) to Smugmug. I would make sure that customers with trial accounts understood how our security policy differs from our competitors.
Why can't Smugmug provide this proposed change as an option? I want to use Smugmug for storing pictures of my children's sporting events and would like to make those pictures available to the other parents. I know there will be request that I not include pictures of their kids on the web because they have heard Smugmug is not secure.
I know there will be request that I not include pictures of their kids on the web because they have heard Smugmug is not secure.
This will be the same group which believes that internet banking is secure. I am sorry but every time you type your username/password in on the net it is liable to be stolen. Https or not. All it takes to commandeer your password is access to *one* of the ssl certs on one of their mis-configured servers. All https/ssl says is that you are talking to someone who has the correct cert - not the correct someone. I understand your concerns, but in reality half of the bettle is the public image of something. Changed or not the security of SmugMug is a public relations issue to your parents and something else entirely to a true security analysis.
This will be the same group which believes that internet banking is secure. I am sorry but every time you type your username/password in on the net it is liable to be stolen. Https or not. All it takes to commandeer your password is access to *one* of the ssl certs on one of their mis-configured servers. All https/ssl says is that you are talking to someone who has the correct cert - not the correct someone. I understand your concerns, but in reality half of the bettle is the public image of something. Changed or not the security of SmugMug is a public relations issue to your parents and something else entirely to a true security analysis.
Legal issues need to be considered. Laws are always changing. In the case you provided above. At least a company using the protocol https has done their "due diligence" to sure that they have reasonably secured their clients data.
Why should this be an all or none approach. I simple think they should provide both solutions to their customers. From a business prospective why would you not want to? Customers wanting more speedy pages win and customers wanting to error on the side of "more" security win.
Legal issues need to be considered. Laws are always changing. In the case you provided above. At least a company using the protocol https has done their "due diligence" to sure that they have reasonably secured their clients data.
Why should this be an all or none approach. I simple think they should provide both solutions to their customers. From a business prospective why would you not want to? Customers wanting more speedy pages win and customers wanting to error on the side of "more" security win.
It seemed very much so from Don's first post that this must be an all-or-none approach, as technically it can only be done in whole or skipped altogether. And as stated before, I am wholly for this approach.
What everyone keeps saying is that, so what if someone finds one thumb (no pun intended ;-)). Well, from what Don said, the chance that those interested in wasting their time can even find a single thumbnail is slim to none since SmugMug watched as people fail with various image keys and will likely disallow access to that user as the guessing continues.
Why should this be an all or none approach. I simple think they should provide both solutions to their customers. From a business prospective why would you not want to? Customers wanting more speedy pages win and customers wanting to error on the side of "more" security win.
Given the image number 139338932_uaiIs, is that suposed to be in the fast or slow lane/checked or not? Well the way to know is to ask the database. Right there and then you are just as slow as having the full security, because instead of asking for fast/slow you just need to ask password or not. This is why it is an all or nothing game.
It seemed very much so from Don's first post that this must be an all-or-none approach, as technically it can only be done in whole or skipped altogether. And as stated before, I am wholly for this approach.
What everyone keeps saying is that, so what if someone finds one thumb (no pun intended ;-)). Well, from what Don said, the chance that those interested in wasting their time can even find a single thumbnail is slim to none since SmugMug watched as people fail with various image keys and will likely disallow access to that user as the guessing continues.
I would be happy if Smugmug at least provided the option to not display pictures for categories (groups). Plus, if I have security enabled on a gallery to not display the featured thumb unless the user has been authenticated.
I would be happy if Smugmug at least provided the option to not display pictures for categories (groups). Plus, if I have security enabled on a gallery to not display the featured thumb unless the user has been authenticated.
Given this: http://dgrin.smugmug.com/photos/118013680_JYSjk-Ti-1.jpg
What album/category/subcategory is this image in? You can put the information in the url - then you would have to validate the information the user is giving you - slow as authentication checks.
I would still like to see someone explain a feasable way that someone might commondeer an image key.
I would be happy if Smugmug at least provided the option to not display pictures for categories (groups).
I think you could do this with Javascript right now. Granted you'd be replacing an image but who would bother looking in the source code to see the original image if they never knew it was replaced in the first place.
Comments
Any way you can set up a quick "for it" or "against it" poll so we can see which way people are leaning without having to read 7 pages here? That might be pretty useful....thanks!
I am a pro subscriber and vote emphatically "YES" on these proposed changes.
Anything that makes our sites faster makes for a much better user experience.
Robert
I have,or at least I am in the process of setting up a Pro site.
My site also contains a password protected gallery which contains photos of just my friends and family members.
My friends & family members are thr only ones that have the password to this gallery and if it were to be 'open' instead of password protected I would have to remove all the photos there as I certainly don't want these photos available to anyone but the above groups of the photos.
Thanks,
Art Guertin
"There is no limit to what a man can do so long as he does not care who gets the credit."
- Philip Hyde (1922-2006)
Can you not put these photos in an unlisted gallery, and send the URL to your friends and family? So because it is unlisted, theoretically, none of your "clients" would be able to view the photos....unless of course they can figure out the unlisted gallery URL....however, many have said that would be more difficult than figuring out your password for your password protected galleries.
Sebastian
SmugMug Support Hero
I personally vote yes on this change.
I know first hand the cost of "permissions" checking done on each and every request. I work for a company which does Electronic Medical Records - and there is a noticeable performance impact that we incur resulting from all the permissions checking that we have to do, but I digress...
The other land that I speak of is the land fo facebook... basically all of FB's images are protected by the concept of an image key in much the same way that they are proposing to change the thumbnails to. For example: http://photos-h.ak.facebook.com/photos-ak-sf2p/v125/9/64/32506128/n32506128_31233407_3520.jpg
And I have that limited to my "friends" - welcome friends. I challenge you to find the other image in that gallery/album.
For those interested in FB and how they do it (plus info into how the security is implemented there): http://beta.flowgram.com/f/p.html#2qi3k8eicrfgkv
Enough about inferior image services.
Go For the Right Thing!
I support the thumbnail proposal.
I'd love to see this change, FYI.
I'm just curious as to when it'll happen.
◇ Photos | Blogs | Twitter | MySpace | Facebook ◇
Well, I do use passworded galleries. And I DON'T want folks accessing passworded thumbs without authorization. But (though I'm not 100% clear on the technical) it seems to me the proposed scheme may work better than the current one simply because it will be just as secure while improving access speeds.
Like micki and acquadicvideographer previously, I'd like the ability to lock down a gallery from "all" viewers - no thumbs runnin' around out there.
That's the reason I just joined - and if I cannot lock them totally, I'll probably
cancel. I'd like to assure people their contact sheets are totally secure.
Not every image is for sale or for public consumption.
Also, in the past, I've had stuff stolen and offered for sale. A thumb is
enough for someone to grab and falsely copyright.
Yes, yes, yes, yes!!
Personally, I agree with whoever said that the URL's that SM uses for all these images, including thumbs, are probably more difficult for someone to guess than the passwords that most people use.
And even if some malicious soul tried and tried and tried and tried and tried and FINALLY hit pay dirt and actually guessed one of your URL's, their prize for all of their hard work is some random thumbnail image. Seems unlikely that anyone would even bother.
Do you understand the change that is being discussed? Do you realize that anybody that has access to your thumbnails now can save them and do anything they want with them? Do you understand that your unlisted and password protected galleries will continue to be unlisted and password protected? For any of your thumbnails to become visible, somebody would need to have access to them to begin with. That person could share the URL to a thumbnail with somebody that does not have access to the gallery that thumbnail is in. But right now, that person could either download the thumbnail and share it directly, or they could share the password to the gallery.
I honestly don't understand the opposition to this change. Nothing that you share on the internet is "secure." If you never share the URL to an unlisted gallery or never share the password to a password protected gallery (and use something hard to guess), the gallery is secure. This change doesn't affect any of that.
Dave
I trust the people who have access to my galleries. That´s why they have the password to the galleries. I don´t trust people who don´t have access to my galleires, that is, don´t have the passwords. I don´t want them accessing my thumbnails.
Not true. Thumbails today are URL protected AND password protected. With the change they become only URL protected. Even though URL protection prevents users and even robots guessing addresses, they don´t prevent caches from storing / manipulating your images. Do you know/trust everyone who runs internet caches? I don´t. I trust smugmug, not the rest of the internet.
Again, I trust the people who have access to my images/thumbnails today. That will change if this modification comes into production.
It does affect that. It makes thumbnails publically accessible. Hard to find but publically accessible. That is a change and precisely the change that is being discussed.
Robert
You're desire to forgo security needs / concerns of your customers is unfortunate. I understand your technical issues on this matter, but in this case you may really want to seek legal council over your proposed idea. In particular how this may impact people who have pictures of minors (sports, school events etc.) on their site.
What is the point? Right now images may be transmitted http headers that say "no caching" but this does not stop anyone from doing it. Browsers can choose not to follow the rules, proxies can be broken and cache when they should not. For those not trusting the "internet" these things are real - real concerns for you and you have no control over them.
From a different side. How it stands now: Alice has the password, she can see the images. Anyone between Alice and SM can capture and cache the image, or the image will be saved to the disk of the computer. Bob could get the image anywhere along the lines. Alice looking to share an image with Charley instead sends him a link to the original sized image (not the page). He cannot see it b/c the image is passworded. He tells Alice this and she sends him the password really wanting him to see the picture. The photographer has lost control again.
Proposed: Bob can still sniff something out like before - nothing has changed. Charley would still have to be sent the password - the image is the original. Control is lost again. But, now Alice gets clever...she sends him the url of the thumbnail instead of the password to the gallery (assuming that a common person knows this change has happened) and now he can see only the thumbnail - instead of the whole gallery...whew disaster was averted there.
Recourse to current implementation: There is noting you can do about Bob. But there is something you can do about Charley (assuming you know Charley can see - which is a big assumption). Change the password. But now if Alice wants to see the pictures again - and you want her to - you have to give her the new password , but with a strict warning about sharing. People are people - they will do as they please and there is nothing stopping Alice other then you changing the password again and not gving it to her (apart from some legal thing you could possibly cook up).
Recourse to the proposal: Bob is still in the clear as there is nothing you can do. Charley can be locked out (if he has the password) by changing the password like before. But this time he is smart, he has all the thumbnail urls saved (wrote a program
To be honest - Charley - download the images and save them if you are going to be locked out (turning JS off is not too hard
Ok so now it is your turn - Bob find my image
Please don't get me started on cookie capturing over wi-fi - which is trivial. People you gain nothing from the way things are now other then a slower experience for your customers - and this makes a big difference. If print sales are what you are after then experience is almost everything - not the availability of thumbnail sized images to Jane, Bob or Jim.
Hiagh~ You don't have the password to my FB account. I challenge you to get that second image - I have given you a bread crumb to get you started. You have the advantage caching is playing in your favor over what SM is going to do. I will accept any publications (blog posts, forum posts, I don't care) which show a feasible approach to finding that image to - other then brute forcing the numbers (which is infeasible). I help more, here is the album: http://www.facebook.com/album.php?aid=2035324
Skedee~ The security concerns are the same - share the password or share the *thumbnail* url. The password is shorter, likely easier to remember and well - it allow you to see the whole gallery.
Everyone~ Right now what you believe is safe is only as safe as you are willing ot believe it is and it seems may thing it is "safe". This change does not affect many of the security holes that are present *now*. I would argue that the problems now are much greater and more real (sharin that password) then the possible problems that might happen with this change.
Looking back I have been a jerk in some of this post - I am sorry. In security analysis you start with majors and work down. The level we are fighting over is much farther down then the other problems I have talked about. We can geep going over this but i want to point out the other flaws while we are at it.
Whoa, there. Not to harsh on you, but if Don wanted to forego anything, he would have made the change a month ago without consulting his customers and been done with it. I believe his willingness to open the idea up for discussion points to his respect for us.
Swim for Them | WellmanHouse.net | AlbumFetcher | SmugShowBuilder
Even if they do get them.... blowing them up and using them in print is just not feasible:
Thumbnail (1in x 1in):
Stolen and blown up to (3in x 3in) (saved at max quality):
And, the fact is, if anyone is out looking to steal images, they won't be randomly typing letters and numbers into their address bar, hoping to hit paydirt. They are going to go to http://images.google.com and do a search for whatever they need and steal it from there, watermarked or not.
◇ Photos | Blogs | Twitter | MySpace | Facebook ◇
I got your attention. Smugmug apparently has over 300,000 customers. This proposed change will impact a large number of those customers not to mention future customers. If I was a competitor (ie Zenfolio) to Smugmug. I would make sure that customers with trial accounts understood how our security policy differs from our competitors.
Why can't Smugmug provide this proposed change as an option? I want to use Smugmug for storing pictures of my children's sporting events and would like to make those pictures available to the other parents. I know there will be request that I not include pictures of their kids on the web because they have heard Smugmug is not secure.
This will be the same group which believes that internet banking is secure. I am sorry but every time you type your username/password in on the net it is liable to be stolen. Https or not. All it takes to commandeer your password is access to *one* of the ssl certs on one of their mis-configured servers. All https/ssl says is that you are talking to someone who has the correct cert - not the correct someone. I understand your concerns, but in reality half of the bettle is the public image of something. Changed or not the security of SmugMug is a public relations issue to your parents and something else entirely to a true security analysis.
Legal issues need to be considered. Laws are always changing. In the case you provided above. At least a company using the protocol https has done their "due diligence" to sure that they have reasonably secured their clients data.
Why should this be an all or none approach. I simple think they should provide both solutions to their customers. From a business prospective why would you not want to? Customers wanting more speedy pages win and customers wanting to error on the side of "more" security win.
What everyone keeps saying is that, so what if someone finds one thumb (no pun intended ;-)). Well, from what Don said, the chance that those interested in wasting their time can even find a single thumbnail is slim to none since SmugMug watched as people fail with various image keys and will likely disallow access to that user as the guessing continues.
Given the image number 139338932_uaiIs, is that suposed to be in the fast or slow lane/checked or not? Well the way to know is to ask the database. Right there and then you are just as slow as having the full security, because instead of asking for fast/slow you just need to ask password or not. This is why it is an all or nothing game.
I would be happy if Smugmug at least provided the option to not display pictures for categories (groups). Plus, if I have security enabled on a gallery to not display the featured thumb unless the user has been authenticated.
Given this:
http://dgrin.smugmug.com/photos/118013680_JYSjk-Ti-1.jpg
What album/category/subcategory is this image in? You can put the information in the url - then you would have to validate the information the user is giving you - slow as authentication checks.
I would still like to see someone explain a feasable way that someone might commondeer an image key.