Club409
Google+
I haven't signed up for google+ yet but this is reassuring:
Matt and I were messing around with the picasa and g+ integration today and found a few interesting things. When you share an album with someone who has g+ the album shows up in their stream. From their they have the ability to view/share/comment the album. Unfortunately if you unshare the album from them the stream functionality isn't disabled so the person can still comment and still share the album. I even changed the album to private (me only) and matt added a +Rachel Watkins comment from his stream and it changed the album privacy level to limited with rachel being granted access.
This is a pretty obvious security hole that we found but it doesn't exist for items created within g+. If you share a comment with someone it shows up in their stream. If you later unshare that comment the Share button no longer functions and if you refresh the stream the share button is removed. So once they implement that same logic with picasa albums the security should be a lot tighter. But for now be weary of who you share albums with and realize that you can't revoke those permissions from someone who has g+. In short fear the stream!
Another thing we found is that you can send the URL of an image to anyone and they can view it even if the security of the album is set to limited (not limited with link). Although I think we need to try that one again because the album may have been set to limited with link initially.
When someone is tagged in an picture the whole album is automatically shared. However you can unshare the album and then they only have access to pictures they've been tagged in. I wish you could configure this option so that by default only images that have been tagged are shared but you can grant access to the whole album if you want.
I think your caution is warranted drew but I hope to help make the system better by providing feedback of all the awful things people can do to hack the system. For example if someone had added you to an album but later revoked those privileges all you need is a partner in crime (or two g+ accounts for all you lonewolf hackers) and you can gain access by adding a comment about person B in the stream then have person B add a comment about you. Adding a comment about yourself doesn't reshare the album.
In the end I don't really care because I don't mind the world seeing my pictures. But after all the flack I got from family for the picture of me and that chick from flip flops I want the ability to censor more racy pics. Also my sister is more protective of pictures of my niece after she got harassed by some dumb bitch on facebook so I want to respect her decision to be very conservative about what gets posted online.
edit: omg that was a long post. here's a treat for those of you who actually read the whole thing:
Did you share this feedback with Google?
Also it'd be nice if the "treat" didn't automatically show up in the RSS feed. It was fun explaining that one.
LOL sorry brian I guess an unfortunate result of stripping some tags and not others was having that gif not hidden by a nice safe button
Haha I wish I could've been there for that conversation.
Matt said he provided some feedback when we were testing but I'm going to send some more today.
fyi i'm not ignoring your add requests. i can't sign into my account anymore because they "exceeded their capacity"
Yeah right you big jerk. More like you exceeded your capacity for internet friendship.
I'm gonna go blog about it on my LiveJournal. Mood: dejected
i figured out what was up. i signed up using my hotmail account so when i was signed into my google account it wouldn't let me access google+. therefore i created a new plus account
yeah for a while i had two Scott Wellses in my circles.. but I was unable to see the profile of one of them so I removed him. Hopefully that was the now-defunct Hotmail one :)