Security and Privatecy not given

[epbbpics]

Website URL
<private>

Chevereto version
3.10.1

Description of the issue
Hello,

all content is - regardless what is set in the settings, accessible because you use hotlinking. So even private family pictures would show up in the search engines and can be accessed by strangers. That's making the script useless und undermines all the content settings you advertised on the feature page. This should have been said before.

So for me, the script is useless and I want to refund it.

 

[Focker]

So even private family pictures would show up in the search engines and can be accessed by strangers.

Go into the Dashboard and turn off Search, Explore and Random.

 

[Focker]

To be exact...It's:

Dashboard/Settings/Website

 

[Rodolfo]

Everybody does that. In fact, you shouldn't be able to see this picture:

https://lh3.googleusercontent.com/JPQe2bTvmQceGLqkG5gby65XeCBE484AO9ePeWoWoRyFjZwbsJr5P-SFdC4Ae6Hd8zULou-u1OmV_j10XEHKZJ-2_BmqfhCnu-nsVvhUx85ozV-v5EwEn7EP7MjfYecHfETDIYj3gvjjnNnvOiG4l_4to5-XdLgUpkOdgQPoTmHPnSDcgkzdZwdfgQycmGCoO2Fk_J7Z968BqdSmx46GaxYa8_pMrTVNvUk12E5YxBgOSVBtsaB3I81tRcv3HkN_MYbBZfJpwkSebF1AayVmB8GmYf_fIBg_KkkaNAvymxbW40xZo4UzN9NMzsGCUzditZiskQ085uslBmmiB9ISfSNYt16jIDoZPHUghZlW9SAhw9nRcco8h61qeQvC7Av8VO1n8IxH5h1jMsV4SSlK0HdYXCUu9wfc699CwdT7iCNtbcJfy27_Vd-rt4t5qvn4RSTXBWNvAG6K53Ls5bBjBphMgTa3149Pvs6khfD_MbUEdUhs9P0fo3U6UYgzkRJoPZu5cRzwZZ4f42PQvTaX5xAum2XLeyntf5KIBTh3lOZ7IfP7OWzri7JMSDOit9qcOwJRvWqw=w3840-h2002

But you, me and everybody else can see it. Is just that the link is way longer than the ones created by Chevereto by default. Longer the link, the less likely to be indexed.

When you use some privacy setting, Chevereto will append random chars to make it less indexable. If you use "mixed" filenaming it will replace 5 chars with random values, when you use "random" it will use a 32 random string. It is not likely that someone could guess those links.

So, use "random" filenaming and you should be good.

 

[epbbpics]

That's not the same. You can not easily revoke the link. You can search the website for hotlinked files and index them. You CAN access all files without being logged out. Even if you didn't share nor made it "public" as all is public then.

 

[Rodolfo]

Chevereto and Google use the same concept to hide the content URI and they don't revoke URIs quite often anyway (I moved that image to another folder and the link is still alive). Thing is that Google has a delivery server for its content so they don't serve resources in the same way as Chevereto which relies on other tricks to try to achieve the same stuff (random chars in files, auto add random chars for private content regardless of the global setting, etc).

Is just that we use a cheaper way of doing it because it takes more system resources to deliver content based on application restrictions. Imagine that every image request will fire PHP and MySQL just to check if the access is granted. A cache will be nice and it will improve the performance of such application, an auth server will be even better. But as you may be aware, we have to use cheap solutions (as possible) so you don't have to pay that much for setting up and to keep it running.

I will love to add more advanced features for Chevereto (and I'm working to get there) but the demographic is not yet ready for it. We will get there.

Anyway, I will add file renaming when the privacy changes so that at least will revoke the old URIs. Unfortunately, at this time I can't add an auth system for those.

 

[epbbpics]

Thanks for your reply. Still, this is not secure, especially for private family content. Can you please refund the purchase as I can not use it in this state of development. Nevertheless, the server settings would allow having a dynamic link and proper user management on the follower/following basis; shouldn't be a problem in 2017.

 

[Rodolfo]

Usually, I don't accept refunds in cases like this because the system doesn't advise that privacy layer is built in that way. But since you won't use it I will refund your money.

As a general advice, double check what you buy and hope that in the future the system could fit your needs.

Cheers,
Rodolfo.

 

[epbbpics]

Thank you a lot. The script is de-installed and I really can't use it for my personal approach.

Regards, Tobi

 

[Rodolfo]

I believe that several points are not being addressed here and I will just like to illustrate why we don't use an auth server and how your concerns lack some facts.

When you use any private setting, the only way in which images could get indexed by search engines if is the person with access to that content submit those URIs somewhere. A search engine won't index those unless someone provides access to such content.

2. When you share something like a photo, you can't truly avoid that peers won't make a copy of that image. The only way of achieving that is using an enclosed application (like Netflix does) so peers don't have the ability to easily grab the content. Regardless if the links revoke, the actual content is already being delivered and most likely cached in their local browser folder. Take Google, for example, if someone sends me a file and I can only "see", I can always hard copy that content and make it available to someone else. In my opinion, that's the main failure of a private system like those because it doesn't address how the peer access to the content and what they can do with that content.

If you want to share private content and being able to do it without anyone being capable of stealing it, you will find that is impossible for a web application. The only way of achieving that is using an enclosed application and doing client side decryption in every interaction and disabling any possibility of screen capture or something like that. Utterly you make it harder to steal, but in a web application, you can't make it safer