A better solution IMO is to set up a domain name and server just for you. It is not expensive, hosting at JustHost is only $3.75/month for new accounts, one year refundable in advance. They can also set up a domain name (meanie.net for example). You can then create folders - password protected or not - and individual files within those folders, also password protected or not.
In your case, I could see individual folders for individual clients; each client would have their own password and could access all files in their folder at any time. If they were just occasional clients, you could put all files in one folder and password protect the file; you could change the password and send them the new one whenever you wish.
Or, get 100 of them private-labeled with your business name by one of those places that sells promotional items. Then it becomes a frequent reminder for your customers, to come on back and spend more money with you.
From the description of the usage and requirements there is nothing to conclude that the photos will only be up there for a few hours. And any security process that relies on one human accessing them immediately and another human taking them down in a timely fashion to make it secure is a very poor one. Not a very convenient one for your clients either. Or one that I would want to explain. "Well, I'm to cheap and lazy to have decent security, so, here's how I'm going to go about dealing with YOUR confidential videos...."
He can do what he pleases. But he did say that they were surveilance photos and videos and that he was very concerned that they be secure. The above procedure doesn't meet my definition of secure. For example, a URL is tracked, stored and visible in plain sight in your browser. Anyone sitting down at one of the PC's that accesses it a day later can go right back there. In the latest version of Explorer, when you open a new tab, it comes up with a whole page of suggestions of the last dozen or so visited URLs. Just click on that tab and bingo, you're there.
And if someone gained unauthorized access, put those surveillance videos up all over the web and the party being surveilled sued, I doubt a court would consider relying on the parties knowing and sharing a URL, taking the videos down in some timely fashion as a sufficiently secure method. Not when there are other far more secure methods available.
If your machine isn't secure, your machine isn't secure.
I think you're venturing into exhaustive hypotheses.
No outside party is aware of the existence of the files.
You seem to assume surveillance videos contain something worth watching. I imagine they'd have a hard time getting any hits posted to YouTube or Panoramio.
Surveillance photo/video is most often people coming and going or just being together, eating at a restaurant, meeting at a motel, etc.
Perfect solution fallacy. There are always going to be more secure methods.
Hosting a secure server invites attack, doesn't it?
I don't think hosting a server and/or creating a website is practical. Hiding photo/video files with a private url among millions if not billions of other photo/video files can be very secure with little effort of any party and convenient for all concerned. -----
It doesn't seem at all reasonable to me. You'd have to tell your client "I'm going to put your files up for 2 hours starting at 2PM....." Not the way I'd deal with customers.
IDK what your point is here.
So, you don't care about the clients, how convenient it is for them, what message it sends to them about how you do business. Figures.
I never said that free is the same as insecure. I just said relying on a URL as your security is insecure. And it's not unusual for a solution that provides real security to take some time to find, perhaps some work to implement and it may not be free.
Not necessarily, no. The OP might have the actual files he's uploading on his camera or a USB drive and not on the PC. The client might download them to a USB, portable drive, DVD, etc. Or he might just look at them online, conclude they are of no interest to go further and leave them there.
BS. I can access my bank account, credit card accounts, stock accounts, etc from my PC. If someone comes by after I've logged off, they cannot gain access without the username and password. If I forget to log off, in about 5 mins, the websites automatically log me off and no one can get back in again without the username and password.
Under the proposed URL scenario, all someone sitting down a half hour later would have to do is open the browser and it presents them with an array of the last dozen or so websites visited. Click on the tab offered for the videos and they have the surveillance video.
And how do you know that? Clairvoyant?
We don't know exactly what the security videos do or don't have. We do know that the OP clearly stated:
"Therefore, I thought of a photo website and the possibility of making a "private" section with the photos they need. For obvious reasons again, it's imperative they don't fall onto the eyes of others and thus, they would be the only one to gain access.
I use Flickr but haven't checked to see if that's possible, but I'm also very concerned about photos on a website period, being seen by others and overall, apprehensive to even put them up there. "
You have no way of knowing what any surveilance video does or does not have. The very fact that the OP is doing the surveilling for someone would suggest to me that it's probably not just a 24/7 video running at a convenience story.
Uh huh, so why start at the bottom of the barrel?
Like I said, he can do what he wants. But given his expressed concern for security, I think using nothing more than a URL is a poor solution.
Well since he uses the terms "they" and "them" through his description of the process, how do you know there isn't more than one person involved? Clairvoyant? Also, unless the OP is doing it for free, which he did not say and which seems unlikely, I'd say he is dealing with a customer, even if it happens to be a friend.
Which is why you don't want a system that relies on a human taking actions hours later to secure the videos. Does you bank or credit card company website work that way?
Because per YOUR protocol, you said the videos would only be up there for a couple of hours. Hence the client has to be notified and then access it within a few hours so that the videos are only up there for a few hours. And then the OP has to also remember and then take action a few hours later to remove the photos. That was your protocol, remember?
OK relying on a URL, plus the inconvenience of having to deal with and remember a window of a couple of hours for both parties is insecure and inconvenient. Feel better now?
Show us a computer security expert that says relying on a URL as the means to protect confidential videos, where it is "imperative" that no one else see them, is a good security solution.
The OP wasn't asking how to secure his camera or USB drive. He was asking how to secure his videos and at the same time make them available to the client.
Yes there is, it's the person receiving the videos. Geez....
It's not where I keep anything. It's unknown what the clients environment is. It's unknow what the OP's environment is. And it's not at all unusual for a PC that's in a home or business to have access available to it by more than one person. Why do you think all those websites that try to enforce some reasonable security automatically log you out after
5 mins of inactivity? For that matter, why don't they just give you your personal URL and be done with it?
I think you're finally starting to get it. Except that the username and password is not what these measures protect. They protect against someone else coming by the PC 30 mins later and proceeding to take over where you left off. Which is exactly what they can do when you rely on a URL. A URL that with Explorer shows up for the last dozen or so websites when you open a new tabl A URL that is in the browser history too.
Well, that's the whole point of having a secure system and why relying on a URL is a poor system.
I'm not the one claiming that no one else knows about the confidential videos. I'm not the one claiming that the videos are likely just of some people walking around, etc so they are of no interest to anyone. I'm not the one claiming that if someone came across them and put them out on the web there would be no consequence.
I don't have to speculate. I just go by what the OP stated:
"For obvious reasons again, it's imperative they don't fall onto the eyes of others and thus, they would be the only one to gain access. "
He says there are obvious reasons and it's imperative they don't fall onto the eyes of others. That's enough for me to conclude relying on a URL for security doesn't meet that requirement.
Not true. In his own words:
"They usually ask me to email them, but without reducing their size/ resolution, that's difficult to do when sending many photos. Therefore, I'm stuck with copying them to a disk or USB drive then getting it to them. "
So, we don't know what the delivery method is. It could be handing them off in person. Also note again that the "they" and "usually" would seem to imply that there is more than one person as a client.
Your "For obvious reasons again, it's imperative they don't fall onto the eyes of others and thus, they would be the only one to gain access. "
Well since he uses the terms "they" and "them" through his description of the process, how do you know there isn't more than one person involved? Clairvoyant? Also, unless the OP is doing it for free, which he did not say and which seems unlikely, I'd say he is dealing with a customer, even if it happens to be a friend.
To help clarify, they and them are other private investigators who I work with. They are mostly out in the field collecting their surveillance then brinking the video and/or photos back to me for editing. Then I return the finished tasks to them, usually on DVD disk for videos and the same can be for photos, but I also email some photos as well. As cases increase, the need for a quick turn around is required along with larger batches of photos and thus, emailing is not much of an otpion without sending 50 emails of two photos each and sending a disk via mail and/or picking up can't always be accomplished in a timely manner.
Once again, security is an utmost concern due to these being legal cases.
I like this idea, unfortunately, if my colleagues want to open a file on their smartphone, they wouldn't be able to unzip them.
One of my main focus is to make it as easy as possible for the other guys to view. If I can eliminate them requiring the need to download anything onto a computer or smartphone, the better. Opening an email or clicking a link is probably the best option.
Open a free account on fileden.com and upload your shit there.
You'll be given a coded URL for each file that you can e-mail to who-ever you want. They click on the link and they'll be able to download the file.
If the file is a jpg, then when they click the link their browswer should automatically download render the image - no questions asked. They can then use what-ever file-saving options are in their browser to "save as file".
Hardly. You can imagine all sorts of happiness Once you upload them and loose control who knows?
A similar story. Friend had their business website which was used for ecommerce at a hosting site. They moved on to another hosting company. A mega hosting company bought their original hosting company and one day all of a sudden anyone going to their site saw a three year old website. Turns out the new megacompany mindlessly loaded old backups for some reason and restored lots of sites including updating DNS records.
Its just basic security practice.
Why? If you had a secure system the files could be available as needed. If you cheepout and go with "OK, I just uploaded them to an unknown site and it is 10AM. I will delete them at 11..."
Not really, if you want something that is reasonable to use and has actual definable security it would cost something.
Non sequitur. Uploading =E2=89=A0 loss of control.
Appeal to probability.
Right. It does not seem unreasonable to assume highly confidential files will be adequately attended.
Irrelevant. Overlooking your undefined "secure system" the files seem too sensitive to remain available to electronic interception.
Straw man. "Unknown site".
It could go like this, if the parties are not the morons you seem to assume: "Call me when the Smith file is ready. I will download, delete it, check it, then call you to confirm you can delete your copy."
Non sequitur. HTTPS is actual definable security, is effortless to use, and it costs Google users nothing. -----
Yeah, gps has his weenie in the wringer. He bought into just using a URL as a sufficient security measure. Then he went on to do everything he could to assume one thing after another to try to claim that for surveillance videos security isn't much of a deal. Among other ridiculous reasons, he claimed they usually are just some people walking around. So, no big deal. Really. Maybe the ones from the 7-11, but when you have someone actually taking them for you, then delivering them to you to look at, then I think it's a big leap to make assumptions as to what the videos and photos contain. This despite the OP having clearly stated in the original post that:
"For obvious reasons again, it's imperative they don't fall onto the eyes of others and thus, they would be the only one to gain access. I use Flickr but haven't checked to see if that's possible, but I'm also very concerned about photos on a website period, being seen by others and overall, apprehensive to even put them up there. "
Now that the OP has reaffirmed his legitimate concern for security, that more than one other party is involved, etc. instead of fessing up, gps goes on the attack, against me and the OP.
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.