Flickr Shared My Private Photos With Everyone

Feb 11, 2013 • 8:22 am | comments (19) by twitter Google+ | Filed Under Other Yahoo Topics

Flickr LogoSaturday, I received an incredibly disturbing email from the Vice President of Flickr Brett Wayn. He informed me that my private photos on Flickr were available for anyone in the world to see.

All my family photos that were set to private, some how, due to some bug, was visible to anyone in the world - anyone who wanted to see them. This is despite my privacy settings.

How many photos to be exact? Well, 688 photos and videos. For how long was this an issue? Between January 18th and February 7th, 2013.

They apologized and did respond to my questions throughout the night, on a Saturday night.

I did post a more news-like post about this on MarketingLand. But this impacted me personally.

Flickr won't say how many users this impacted but there are a bunch complaining in the Flickr help forums.

I should note, the images, although visibile to the public, were not accessible via Flickr Search or available to be indexed by search engines. At least that is what Flickr told me.

Another issue, any images set to limited share that were embedded on third-party sites were all reset to private. So those images would display a broken image on those third-party web sites.

Here is a picture of the email I received:

Flickr Privacy Breach Email

Clearly, I am not happy about this. I am a Pro user and I've been a paid customer for several years.

Forum discussion at Flickr Help & Google+.

Previous story: Daily Search Forum Recap: February 8, 2013


John MacDowell

02/11/2013 04:08 pm

You should read the email again. It does NOT say what you said at all. It says MAY have. I'm a Pro user too, and I know how to read. At least they gave you warning. Better than others.

Mike Kalil

02/11/2013 04:49 pm

Yeah, that's not what the letter says at all.


02/11/2013 07:45 pm

Congrats on being an adult. Is all that wit difficult to carry around?


02/11/2013 10:54 pm

This is why I don't share things that aren't related to work on sites that I don't own. I really don't see the point nor the benefit of sharing personal photos on Flickr. Heck I even carefully choose which sites I register accounts with.

Thomas Hawk

02/12/2013 03:30 am

This is not a big deal. It apparently affected a very small number of accounts. This is one of those things that sounds a lot worse than it probably was. It is a good reminder though that anything you upload to the web is potentially at risk for public exposure regardless of any settings. Someone could hack into your account, a friend/family that you *did* give access to could reshare that image or download it -- lots of things could happen. It is admirable and notable that Flickr VP and GM Brett Wayn personally issued a message under his own signature to the accounts affected. This sort of message could have easily been covered under a more generic "to whom it may concern" sort of response. While this sort of thing makes salacious headline material, to me it's really not that big of deal. The bigger story is that Flickr is in the midst of an amazing renaissance rebuilding itself as a serious photo contender on the web. The recent iPhone app, the new justified mosaic layout, the staffing up and hiring of designers and engineers -- the future feels bright for Flickr for the first time in many years. Marissa Mayer may be the first Yahoo CEO ever to publicly have a Flickr account. These are the things that I think are more important and what people should be focused on.

Barry Schwartz

02/12/2013 10:56 am

It isn't a big that 688 of my personal private photos were available to anyone to see?

Thomas Hawk

02/12/2013 01:26 pm

Barry as I understand the issue, it's not that photos that were private were turned public. It's that photos that were tagged friends/family only were turned public. When you post something on the internet there is always the expectation that it can be made public. What if someone hacked into your account. What if someone you had labeled friend/family downloaded the image and shared it someplace else publicly. What if someone hacked into one of your friends/family account and saw the image. What if a friend/family left their browser open on their screen while they were distracted and someone else looked? What if someone who worked for Yahoo and had operational clearance looked at your photo? Having a privacy level for friends/family only is a nice thing for some people. I don't use it personally as all of my images are public. But if your images were so incredibly personal and private that this would be a big deal to you, I'd wonder if Flickr was ever the best place for those images in the first place. Heck I'd wonder if ANYWHERE on the web was the best place for those photos in the first place. Maybe I'm wrong. I don't know the nature of your friends/family photos. Flickr does have a big amateur porn community and I could see where someone who was posting photos of kittens and landscapes and nudes to a select few friends in the same account would be upset by this. On the other hand, for someone like that I'd probably suggest better segregating that content anyways. Maybe have 2 flickr accounts, one with your regular photography and a troll account with the porn. In your case, if you don't mind saying, what about these 688 photos is upsetting to you that they were made public? What is in the nature of the content in these images? I think a lot of people are just private people and so they set this setting as default for all their images and really if someone saw a photo of their golden gate bridge shot it's really not a big deal at all. Do you have a flickr pro account? Did you look at the stats on your photos for the days they were public? Did they jump dramatically? Most people's private photos just aren't that interesting and I doubt many of them were ever seen by anyone anyways. They weren't in search and so someone would have to know to go to your stream to see them.

Thomas Hawk

02/12/2013 01:33 pm

actually it may also be that photos that were marked entirely "private" were turned public as well now that I reread Brett's email. Here's a simple thing you can do to see if anyone saw these photos. I just checked and you are a Pro account so you have stats turned on. Go to any of those photos that you had made completely and totally private and look at the view count on the photos. You should be able to see how many people saw those photos by looking at the view count. Since you're views don't count on your own stream, only a view by another person would add a view count. Did you have any totally 100% private photos and if so did any of them get any view counts on them?

Barry Schwartz

02/12/2013 01:35 pm

I have a pretty big public face out there. I am read by lots of people. My wife is very strict about me keeping my family matters and especially images of my family private to family only. I am a Pro user, have been for a long long time. So for this to happen, it is very upsetting. The images are of my family. There are no public images of my kids on the internet. Why? Because my wife said so. :)

Thomas Hawk

02/12/2013 01:53 pm

Barry, were those images shared with friends/family or marked entirely private?

Barry Schwartz

02/12/2013 02:06 pm

I believe many were shared with family, not friends.

Thomas Hawk

02/12/2013 02:26 pm

hmmm... ok. so they should have some view counts. If you have a pro account you should be able to look at the views on those photos during the time in question. go to any of those photos that then add /stats/ after the url and you'll see the view graph for that photo for the past 28 days. I suspect that you'll find that many of these photos of your kids got very few views during the time period in question. Maybe test a few out. On the other hand if you see view spikes during the time in question then maybe a lot of other people did see photos of your kids during this time. If you find very little additional views on these photos I'd suspect that the impact on your account was minimal. Which is what I'd suspect and which is why I sort of think of this as not that big of a deal. I could be wrong though but your experience with measuring the actual impact on some of these photos might be reassuring. Privacy is important for sure, but the impact of this particular privacy bug I think is very small in scope.

Barry Schwartz

02/12/2013 02:29 pm

The issue with that is two fold: (1) Hard to go through 688 photos to check them all. (2) Many were private but had "guest passes" and thus the view count can show views even on private photos.

Thomas Hawk

02/12/2013 02:47 pm

well I wouldn't go through all 688 of them, but you could spot check a few. The total view and guest pass view won't be important. What would indicate strangers actually viewing these photos would be a spike in the view count above normal. If you add stats to the end of the url you'll actually see a graph that measures usage. You're not looking for views so much as a spike in that graph. So, if for example, one of these photos gets on average 5 views a day (from family and guest pass users under normal conditions), and all of a sudden between Jan 18- Feb7 the view counts jumped to 50 views a day on these photos then probably a lot of people saw those photos. If on the other hand these photos had zero views from Jan 18-Feb7 then at least you'd know by spot checking them that this had minimal impact on your photos. Spot checking a handful of them might provide a probable indication that many of the others were not viewed also.

Thomas Hawk

02/12/2013 02:48 pm

by the way, this graph only covers the last 28 days (which includes all of the days in question) but won't in the future.

Barry Schwartz

02/12/2013 03:06 pm

Spot checking is hard with 688 photos. I don't see why Flickr can't just tell me this by running some SQL.

Barry Schwartz

02/12/2013 03:46 pm

Some have a few views, some have zero. I checked 10. I just wish Flickr would tell me, how many people viewed these photos that shouldn't have.

Thomas Hawk

02/12/2013 04:56 pm

ok so on the zero one's obviously nobody saw those. On the ones with a few views, if this is the norm for those photos on the graph then it's likely these views could have come from someone with a guest pass or who was marked family. If these other photos mostly got zero views except during the window, then yes maybe a few people saw some photos of your kids. Like you I've got a large public following and photos of my kids have been viewed hundreds of thousands of times. Unless you have a specific reason to worry about a specific individual that you wouldn't want to see photos of your kids I probably wouldn't lose much sleep over it. The thing is that this sort of a snafu (or hacking, or accidental sharing by family, or even company staff) could happen with your photos on any site you post them to. This potential always exists for any photo you post to the web. It's unfortunate for sure, but I suspect not a great amount of damage was done in your case. It would be nice if Flickr could show you which photos, if any, were seen by non family/guest pass members, but would this information really be helpful to you if you knew that 5 of your photos had been seen by unauthorized individuals?

Barry Schwartz

02/12/2013 07:48 pm

peace of mind.

blog comments powered by Disqus