Google Photos, the photo-sharing and storage service from Google, is indeed an easy-to-use platform to share images with peers, friends, and family. The platform has incorporated various intuitive features like cloud backup, shared libraries, and an assistant that plays around with your photos and comes up with interesting outputs. However, it apparently has a privacy issue which is not explicitly mentioned.
We are talking about the platform’s photo-sharing feature. First noticed by Robert Wilbin, the image sharing protocol’s approach is not quite straightforward. He claimed in the post that the files shared to people are public and anyone can gain access to it. This honestly sounded absurd and I decided to try it out myself and got shocked by the results.
Generally, when we share an image or video with a particular person by entering his/her email, the service is supposed to allow access only to the specified person. If not, it should explicitly mention the same — something like Google Drive’s sharing options which very clearly specify these things.
On the contrary, there is no transparency on what happens after a photo is shared with a person on Google Photos. To make things sure, I uploaded an image from the account created from my work e-mail address and shared it to my personal e-mail address. While I could access the image when I’m logged into my personal e-mail as I should, I tried opening the file from the link in the mail in an incognito tab and I was shocked to see the image without the need of logging in.
I’m not blaming Google Photos for providing public links, which are indeed useful for sharing files in bulk, a collection of wallpapers for instance without going through the hassle of adding all the participants individually which is a time-consuming process. However, the app should clearly communicate to the user that the links will be publicly accessible, so the user can make an informed choice about sharing with Google Photos.
This lack of clarity can cause serious threats to privacy in case a person shares sensitive documents over Google Photos without knowing that the file can be accessed by anybody from the link shared to the recipient. Yeah, I do realize for that to happen, the recipient should have willingly or unknowingly shared the link to the third-party. If Google had taken the efforts to mention it at least as a pop-up while sharing the file with a person, it’d help him/her to choose the file-sharing platform accordingly as per the confidentiality of the file. We expect Google to make it clear that all the files shared from Google Photos are accessible to anyone with the link. If not, sophisticated privacy controls like Google Drive will be massively appreciated.