This question is not answered.


Permlink Replies: 16 - Pages: 2 [ 1 2 | Next ] - Last Post: 18-Jan-2019 00:02 Last Post By: JerryM Threads: [ Previous | Next ]
JerryM

Posts: 106
Registered: 19-Apr-2004
HUGE security leak ! (automatic albums publishing in jalbum.net/user)
Posted: 29-Nov-2018 18:31
 
  Click to reply to this thread Reply
Hi !

How can I control which of my albums will be uploaded to jalbum.net/users ?
I don't see any such possibility, either in jA app settings, nor in user page at jalbum.net.

By me, some of my albums are there, some not. Some are set to hidden, some not. Just randomly. ?!?

I do not use any jA widgets.

---

Most of my albums are visibly published, so I have no problem with that, that my albums are published without my permission to jalbum.net/users.

But shortly I've got some VIP customers who explicitly told me that they don't want their private photos be seen in internet, and then they suddenly googled them out in jalbum.net/users/. :(((

Thank You, sinc., Jerry
jGromit

Posts: 8,631
Registered: 31-Jan-2006
Re: HUGE security leak ! (automatic albums publishing in jalbum.net/user)
Posted: 29-Nov-2018 18:45   in response to: JerryM in response to: JerryM
 
  Click to reply to this thread Reply
Attachment privacy.png (6.1 KB)
Attachment visible.png (3.7 KB)
If the albums are visible on your profile page, they are there for all the world to see. They get indexed by Google (and other search engines).

If the albums are not visible on your profile page, the fact that there's a link to your profile page from jalbum.net/users doesn't change anything - no one else can see the albums.

You can set the privacy options for your account. When you hit Upload, don't just click through to the upload. Click the Privacy button, uncheck Visible on profile page, and click Save as default. See screenshots.

If you're not hosting the albums on jalbum.net, you can avoid having them listed on your profile page in the first place. Just sign out of the desktop application before you do the upload.
JerryM

Posts: 106
Registered: 19-Apr-2004
Re: HUGE security leak ! (automatic albums publishing in jalbum.net/user)
Posted: 29-Nov-2018 21:44   in response to: jGromit in response to: jGromit
 
  Click to reply to this thread Reply
Attachment UpoadManager.jpg (66.2 KB)
Thank You very much, dear JeyGee ! :)

"If the albums are visible on your profile page, they are there for all the world to see. They get indexed by Google (and other search engines).

If the albums are not visible on your profile page, the fact that there's a link to your profile page from jalbum.net/users doesn't change anything - no one else can see the albums."

This is obviously clear. :)

      • "You can set the privacy options for your account. When you hit Upload, don't just click through to the upload. Click the Privacy button, uncheck Visible on profile page, and click Save as default. See screenshots."

Don't have "Privacy button", my upload manger looks different (see attach).

      • "If you're not hosting the albums on jalbum.net, you can avoid having them listed on your profile page in the first place. Just sign out of the desktop application before you do the upload."

No, I don't host albums on jalbum.net. Signing out each time when I do upload doesn't sound to me to be ordinary solution.
jGromit

Posts: 8,631
Registered: 31-Jan-2006
Re: HUGE security leak ! (automatic albums publishing in jalbum.net/user)
Posted: 29-Nov-2018 21:59   in response to: JerryM in response to: JerryM
 
  Click to reply to this thread Reply
The privacy button is not present on Upload/Manage. It shows up only when you actually try to upload an album. Create a dummy album with a couple of images, make the album, then click Upload. That will get you to the Privacy options. Once you've set your default, you can cancel out of the upload and delete the album project.

When it comes to signing out, you don't actually need to be signed in, ever. Once your license has been validated, you can sign out and stay signed out.

Of course, you can always use your own FTP client to do the uploading, which avoids the problem entirely. I use the built-in uploader when I'm putting something on jalbum.net, but I use FileZilla for things destined for my own web host.
JerryM

Posts: 106
Registered: 19-Apr-2004
Re: HUGE security leak ! (automatic albums publishing in jalbum.net/user)
Posted: 29-Nov-2018 22:17   in response to: jGromit in response to: jGromit
 
  Click to reply to this thread Reply
"The privacy button is not present on Upload/Manage. It shows up only when you actually try to upload an album. Create a dummy album with a couple of images, make the album, then click Upload. That will get you to the Privacy options. Once you've set your default, you can cancel out of the upload and delete the album project."

Thank You, JeyGee, for this funny workarround to set default privacy setting.

But I still don't know how to change privacy settings for already existing projects.
jGromit

Posts: 8,631
Registered: 31-Jan-2006
Re: HUGE security leak ! (automatic albums publishing in jalbum.net/user)
Posted: 29-Nov-2018 22:23   in response to: JerryM in response to: JerryM
 
  Click to reply to this thread Reply
JerryM wrote:
But I still don't know how to change privacy settings for already existing project.

If an album project is already visible on your profile page, just go to your profile page, hover on the down-arrow on the thumbnail, and choose Edit album. Then on the right, you can make it hidden from others. Don't forget to Save before returning to the profile page.

ETA: In fact, if you're not hosting the album on jalbum.net, and you don't want it to appear on your profile page, just choose Delete album. That will delete the listing on your profile page, but of course it can't actually go to your own web host and delete the album.
JerryM

Posts: 106
Registered: 19-Apr-2004
Re: HUGE security leak ! (automatic albums publishing in jalbum.net/user)
Posted: 29-Nov-2018 22:56   in response to: jGromit in response to: jGromit
 
  Click to reply to this thread Reply
"... just choose Delete album."

I did. First I set it hidden, but then I deleted it, because I thought it's safer. Next time I recreated/uploaded album it appeared on jalbum.net/users again, and that: VISIBLE.

As I say, it seem that jAlbum creates albums on my user profile page coincidently, they are also coincidently visible or hidden ...
jGromit

Posts: 8,631
Registered: 31-Jan-2006
Re: HUGE security leak ! (automatic albums publishing in jalbum.net/user)
Posted: 29-Nov-2018 23:07   in response to: JerryM in response to: JerryM
 
  Click to reply to this thread Reply
If you've properly set your uploading settings not to make things visible, and saved that as your default (make sure you click that box, even if the setting already looks correct), newly-created albums won't be visible. I do this all the time, and it seems to work very consistently.

But the setting also gets saved in the album project's settings file, so if the album was set to be visible the last time you uploaded it, another upload will, I believe, make it visible again. So, when dealing with an existing project, hit that Privacy button before you upload the album, just to check the current setting for that album.
jGromit

Posts: 8,631
Registered: 31-Jan-2006
Re: HUGE security leak ! (automatic albums publishing in jalbum.net/user)
Posted: 29-Nov-2018 23:09   in response to: jGromit in response to: jGromit
Correct
  Click to reply to this thread Reply
BTW, I agree that this is needlessly complicated. There should be a "preferences" setting that says, "I never want albums to be added to my profile page," and another that says, "I do want albums to be added to my profile page, but I want them to be hidden."
JerryM

Posts: 106
Registered: 19-Apr-2004
Re: HUGE security leak ! (automatic albums publishing in jalbum.net/user)
Posted: 30-Nov-2018 01:44   in response to: jGromit in response to: jGromit
 
  Click to reply to this thread Reply
I would say:

Album Settings / General

Instead of "Collaborative album":
"Publishing album on your user page at jalbum.net"

X publish album (default value: "yes")
X publish visible (default value: "no" - to protect privacy!)

And then "Collaboration"
"Attach inbox ...", "Invite", etc.

____________________

And in Album Settings/Widgets a pivacy warning (if it is correct):
"If you use widgets, your album will be published on your user page at jalbum.net"
JerryM

Posts: 106
Registered: 19-Apr-2004
Re: HUGE security leak ! (automatic albums publishing in jalbum.net/user)
Posted: 30-Nov-2018 01:52   in response to: JerryM in response to: JerryM
 
  Click to reply to this thread Reply
The thread title should actually be: "PRIVACY leak", not "security".

Although privacy leak could endanger your security ...
davidekholm

Posts: 3,859
Registered: 18-Oct-2002
Re: HUGE security leak ! (automatic albums publishing in jalbum.net/user)
Posted: 30-Nov-2018 09:25   in response to: JerryM in response to: JerryM
 
  Click to reply to this thread Reply
I listen, but signing out from the jAlbum application (top-right corner) should be a safe way to disconnect jAlbum from the profile page.
JerryM

Posts: 106
Registered: 19-Apr-2004
Re: HUGE security leak ! (automatic albums publishing in jalbum.net/user)
Posted: 16-Jan-2019 08:39   in response to: davidekholm in response to: davidekholm
 
  Click to reply to this thread Reply
"I listen, but signing out from the jAlbum application (top-right corner) should be a safe way to disconnect jAlbum from the profile page."

Dear David, I don't have a reason to disconnect jAlbum from profile page generally, because I just trust You & jA. :)

But for a sake of my costumers and their privacy I would like to have more easy control over album privacy and especially more VISIBLE control over albums visibility.

Application:
The simplest way could be to add a button in bar over the main window next to "Upload" button, with name "Privacy" which text (or background) colour switches between green and red, with tooltip "Change the visibility of this album on your jAlbum profile page". (see attachment)

Profile page:
If you have dozens of albums it can drive you crazy to have to get into edit page for each album to change privacy. A mini-button in a corner of album preview image that switches between green eye and red slashed eye, perhaps also with state dependant tooltip "Make album visible" / "Make album hidden", would be quite time saving. (see attachment)

It would be also important, that jAlbum and profile page exchange their privacy settings information. Means: when you change setting "Who can see this album" on webpage, the application should change settings (after next log in) in Upload/Manage -> Upload album -> Privacy -> "Visible on profile page". And vice versa.

I think, such more SIMPLE and VISIBLE privacy management could improve PRIVACY SECURITY of jA a lot !

And I'm sure, in now days users would LOVE to read in the announcement and in change log of new jAlbum version: "We have significantly improved privacy management and security of your privacy". :)

jGromit

Posts: 8,631
Registered: 31-Jan-2006
Re: HUGE security leak ! (automatic albums publishing in jalbum.net/user)
Posted: 16-Jan-2019 14:37   in response to: JerryM in response to: JerryM
 
  Click to reply to this thread Reply
I've always thought these options were buried a bit deep, particularly the ones that you can access only during the upload process.

But it hasn't come up all that often over the years, so I wouldn't want to see the main jAlbum interface cluttered up with options that most users, it would seem, don't care about very much.

In the application, I'd like to see two simple checkboxes under Tools, Preferences, Publishing - one labeled, Add to profile page, and the other, Make visible on profile page. As preferences, these would apply to all albums you upload. I think that would take care of it for most users. Obviously, you'd have to be logged in to the application when you do the upload for those options to have any effect.

For per-album variations, perhaps something similar, maybe under Advanced > General?

Then, of course, remove the "privacy" options from the upload routine. Otherwise, you've got two different routines trying to modify the same things.

This would probably require some rethinking on the question of profile page listing when the albums are hosted on jalbum.net. That's semi-automatic now. Maybe it shouldn't be.

On the profile page itself, a quick way to make all of the items hidden with one click would be nice. Beyond that, I think we're once again wandering into the realm of "cluttering up the interface for the sake of a handful of users." Some other users would want some sort of "hover" toggle to control the mobile version. Others would want "hover" toggles to control the widgets. Eventually, the thumbnails would be completely obscured by a collection of mysterious icons.
davidekholm

Posts: 3,859
Registered: 18-Oct-2002
Re: HUGE security leak ! (automatic albums publishing in jalbum.net/user)
Posted: 16-Jan-2019 16:47   in response to: JerryM in response to: JerryM
 
  Click to reply to this thread Reply
Thank you for your suggestions guys. Well worth thinking of.
Legend
Forum admins
Helpful Answer
Correct Answer

Point your RSS reader here for a feed of the latest messages in all forums