OT question about photo websites and private photos

Page 1 of 4  
I do surveillance video/photo editing for a friend of mine. Often, they want many photos taken from captured videos and/or photos cleaned up then resubmitted to them. The main problem is getting the photos back to them. They usually ask me to email them, but without reducing their size/resolution, that's difficult to do when sending many photos. I like to keep them in high resolution for obvious reasons. Therefore, I'm stuck with copying them to a disk or USB drive then getting it to them. A disk is no big deal but the likelihood of not receiving my USB drive back becomes a problem and then there's an issue if they want them ASAP. Therefore, I thought of a photo website and the possibility of making a "private" section with the photos they need. For obvious reasons again, it's imperative they don't fall onto the eyes of others and thus, they would be the only one to gain access.
I use Flickr but haven't checked to see if that's possible, but I'm also very concerned about photos on a website period, being seen by others and overall, apprehensive to even put them up there.
Anyone know of a good photo website to allow what I need or have a better solution for my dilemma?
Thanks
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 8/27/2012 6:12 PM, Meanie wrote:

For a business need like that I would host a server myself. Nothing beats that for controlling access.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Thus far, I'm thinking about it, but considering all other options.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Meanie wrote:

Set yourself up with a free account with fileden.com.
When you upload files to it, you'll get a URL for the file that you can give to anyone that will let them download the file from their browser. They won't need to enter any sort of user-name or password to access the file.
People can't simply browse fileden to see what others have uploaded and then access them. You need to have the URL in order to access the file, and only the uploader (who is also usually the account owner) will know the URL.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

That sounds real secure. Clueless as usual.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
" snipped-for-privacy@optonline.net" wrote:

And trader4coward doesn't want to explain why that wouldn't be secure?
Hey - tell you what.
I've got some files on fileden. I dare you to post the links. Or are *you* clueless - as usual.?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Show us a computer security expert that says that just using a URL that you then share with someone and rely on that alone is in any way a safe, secure and sufficient security protocol.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Exactly. This is why FTP is really the only way to go.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 8/28/2012 4:05 AM, David Kaye wrote:

Lots of choices. But for FTP you want sFTP not FTP.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
David Kaye wrote:

You bunch of dumb shmucks.
You delete the files from the locker once the recipient has downloaded them.
And unless you publically advertise the coded links to the files as stored on the file-lockers, the only other way that some third-party is going to have the ability to access the files is if they have hacked either the sender's or the recipient's computer.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Home Guy,
The owner of the web-site probably backs up his servers on a regular basis. Anyone with "master user" access would be able to view these files.Your idea is not very secure, though it's not apparent what level of security the OP needs.
Dave M.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
"Dave M." wrote:

File lockers might or might not have good backup strategies. Many of them exist only to serve people that up and down-load music, movies, books, etc, which can (and would be) re-uploaded by uploaders in the case of a drive failure (or, far more likely, DMCA takedown request).
The point being that even if a file-locker has a good backup strategy, I doubt they would devote much hardare and expense to archiving files that are deleted by users - the only reason for doing so would be to privately look at them later. With thousands or millions of files passing through their systems - do you really think they have the time or inclination to do that?

Files can be stored in password-protected .zip and .rar formats and placed on free accounts on some file lockers for retrieval by specific clients. The OP questions the operational ergonomics of his clients having the necessary computer skills to deal with this additional level of complication. And I quite rightly agree that there are many people out there that would be incapable of unpacking such an archive, even if many or most of us reading this could do it in our sleep.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 8/28/2012 2:49 AM, snipped-for-privacy@optonline.net wrote:

It isn't. That is the marketing folks speaking.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
" snipped-for-privacy@optonline.net" wrote:

You really are stupid, aren't you?
The OP wants to put some files in the hands of a third party. He doesn't want to burn them to a floppy or send a USB thumb drive in the mail.
I said -> USE A FREE FILE-LOCKER SERVICE. The recipient can simply click on the coded URL sent to them via e-mail to access (download) the files.
And what do we do with the files once the recipient has them?
---> We delete them from the file locker <---
Now what does ANY of that have to do with safety, security, and protocals?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

You don't need an expert to know an unpublished random url is secure enough for a few hours for data few know exist.
I invite everyone to crack my current private Google Photo account files, but especially those I deleted last week... -----
- gpsman
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

From the description of the usage and requirements there is nothing to conclude that the photos will only be up there for a few hours. And any security process that relies on one human accessing them immediately and another human taking them down in a timely fashion to make it secure is a very poor one. Not a very convenient one for your clients either. Or one that I would want to explain. "Well, I'm to cheap and lazy to have decent security, so, here's how I'm going to go about dealing with YOUR confidential videos...."
He can do what he pleases. But he did say that they were surveilance photos and videos and that he was very concerned that they be secure. The above procedure doesn't meet my definition of secure. For example, a URL is tracked, stored and visible in plain sight in your browser. Anyone sitting down at one of the PC's that accesses it a day later can go right back there. In the latest version of Explorer, when you open a new tab, it comes up with a whole page of suggestions of the last dozen or so visited URLs. Just click on that tab and bingo, you're there.
And if someone gained unauthorized access, put those surveillance videos up all over the web and the party being surveilled sued, I doubt a court would consider relying on the parties knowing and sharing a URL, taking the videos down in some timely fashion as a sufficiently secure method. Not when there are other far more secure methods available.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

It seems safe to assume.

That puts the anal in analysis.

Fascinating.
Straw man. Free ≠ insecure.

Couldn't they just access the files...?

If your machine isn't secure, your machine isn't secure.

I think you're venturing into exhaustive hypotheses.
No outside party is aware of the existence of the files.
You seem to assume surveillance videos contain something worth watching. I imagine they'd have a hard time getting any hits posted to YouTube or Panoramio.
Surveillance photo/video is most often people coming and going or just being together, eating at a restaurant, meeting at a motel, etc.

Perfect solution fallacy. There are always going to be more secure methods.
Hosting a secure server invites attack, doesn't it?
I don't think hosting a server and/or creating a website is practical. Hiding photo/video files with a private url among millions if not billions of other photo/video files can be very secure with little effort of any party and convenient for all concerned. -----
- gpsman
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

It doesn't seem at all reasonable to me. You'd have to tell your client "I'm going to put your files up for 2 hours starting at 2PM....." Not the way I'd deal with customers.

IDK what your point is here.

So, you don't care about the clients, how convenient it is for them, what message it sends to them about how you do business. Figures.

I never said that free is the same as insecure. I just said relying on a URL as your security is insecure. And it's not unusual for a solution that provides real security to take some time to find, perhaps some work to implement and it may not be free.

Not necessarily, no. The OP might have the actual files he's uploading on his camera or a USB drive and not on the PC. The client might download them to a USB, portable drive, DVD, etc. Or he might just look at them online, conclude they are of no interest to go further and leave them there.

BS. I can access my bank account, credit card accounts, stock accounts, etc from my PC. If someone comes by after I've logged off, they cannot gain access without the username and password. If I forget to log off, in about 5 mins, the websites automatically log me off and no one can get back in again without the username and password.
Under the proposed URL scenario, all someone sitting down a half hour later would have to do is open the browser and it presents them with an array of the last dozen or so websites visited. Click on the tab offered for the videos and they have the surveillance video.

And how do you know that? Clairvoyant?

We don't know exactly what the security videos do or don't have. We do know that the OP clearly stated:
"Therefore, I thought of a photo website and the possibility of making a "private" section with the photos they need. For obvious reasons again, it's imperative they don't fall onto the eyes of others and thus, they would be the only one to gain access.
I use Flickr but haven't checked to see if that's possible, but I'm also very concerned about photos on a website period, being seen by others and overall, apprehensive to even put them up there. "

You have no way of knowing what any surveilance video does or does not have. The very fact that the OP is doing the surveilling for someone would suggest to me that it's probably not just a 24/7 video running at a convenience story.

Uh huh, so why start at the bottom of the barrel?

Like I said, he can do what he wants. But given his expressed concern for security, I think using nothing more than a URL is a poor solution.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

Straw man. The OP is not dealing with "customers", it's one guy, a "friend"... then the friend splits into "they" later in the OP's original post...

Ditto. The human factor is always going to be the weak link.

How is clicking a link and downloading the material inconvenient?

Straw man. We're not relying solely on the url. There is no one dimensional aspect of security.

False premise. There is no such thing as "real security".

And someone might steal his camera or drive!

There is no such "client".

Where do you keep your machine that that someone has access to it?

In this instance, there's no logging in or username or password to protect.
Or, there could be and shared between "friend" and "editor". Editor ups the files, friend accesses, downloads, then deletes.

If your machine isn't physically secure, and if the files are still available... and if someone was so inclined...

It is a reasonable assumption the existence of confidential files is confidential.

Now you purport to know things you have no method of having learned.

What does it suggest to you they probably are...?

An unpublished url is not the bottom, obviously. The friend has been content with all the security email offers.

Your opinion is based on nothing more than ignorance and paranoia regarding protecting data of which few have any interest. -----
- gpsman
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Well since he uses the terms "they" and "them" through his description of the process, how do you know there isn't more than one person involved? Clairvoyant? Also, unless the OP is doing it for free, which he did not say and which seems unlikely, I'd say he is dealing with a customer, even if it happens to be a friend.

Which is why you don't want a system that relies on a human taking actions hours later to secure the videos. Does you bank or credit card company website work that way?

Because per YOUR protocol, you said the videos would only be up there for a couple of hours. Hence the client has to be notified and then access it within a few hours so that the videos are only up there for a few hours. And then the OP has to also remember and then take action a few hours later to remove the photos. That was your protocol, remember?

OK relying on a URL, plus the inconvenience of having to deal with and remember a window of a couple of hours for both parties is insecure and inconvenient. Feel better now?

Show us a computer security expert that says relying on a URL as the means to protect confidential videos, where it is "imperative" that no one else see them, is a good security solution.

The OP wasn't asking how to secure his camera or USB drive. He was asking how to secure his videos and at the same time make them available to the client.

Yes there is, it's the person receiving the videos. Geez....

It's not where I keep anything. It's unknown what the clients environment is. It's unknow what the OP's environment is. And it's not at all unusual for a PC that's in a home or business to have access available to it by more than one person. Why do you think all those websites that try to enforce some reasonable security automatically log you out after 5 mins of inactivity? For that matter, why don't they just give you your personal URL and be done with it?

I think you're finally starting to get it. Except that the username and password is not what these measures protect. They protect against someone else coming by the PC 30 mins later and proceeding to take over where you left off. Which is exactly what they can do when you rely on a URL. A URL that with Explorer shows up for the last dozen or so websites when you open a new tabl A URL that is in the browser history too.

Well, that's the whole point of having a secure system and why relying on a URL is a poor system.

I'm not the one claiming that no one else knows about the confidential videos. I'm not the one claiming that the videos are likely just of some people walking around, etc so they are of no interest to anyone. I'm not the one claiming that if someone came across them and put them out on the web there would be no consequence.

I don't have to speculate. I just go by what the OP stated:
"For obvious reasons again, it's imperative they don't fall onto the eyes of others and thus, they would be the only one to gain access. "
He says there are obvious reasons and it's imperative they don't fall onto the eyes of others. That's enough for me to conclude relying on a URL for security doesn't meet that requirement.

Not true. In his own words:
"They usually ask me to email them, but without reducing their size/ resolution, that's difficult to do when sending many photos. Therefore, I'm stuck with copying them to a disk or USB drive then getting it to them. "
So, we don't know what the delivery method is. It could be handing them off in person. Also note again that the "they" and "usually" would seem to imply that there is more than one person as a client.

Your opinion is based on assuming all kinds of things and not reading what the OP wrote:
"For obvious reasons again, it's imperative they don't fall onto the eyes of others and thus, they would be the only one to gain access. "
Now who's the ignorant one, fool?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Related Threads

HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.