Google Photos has shared some users' private videos with strangers
Google has sent notices to some of its Google Photos users, telling them that that some of the videos stored in the service may have been exported to random users' archives.
Those who used Google's "Download your data" service for Google Photos between November 21 and November 25 of 2019 may find that their data export is incomplete -- and could contain videos from other users. Google is informing impacted users now, and it is unclear how many users are a victim of the problem.
The notice was screen capped by Twitter user Jon Oberheide, co-founder of Duo Security, on February 3. It is not known how many users were affected at this time.
Google states that for a five day period, a technical issue made it possible for users' videos to be exported to unrelated users archives. They assure users that the issue has been fixed, but notes that users should delete prior exports and perform a new export at this time.
It is possible that a user's videos have been shared with an unknown amount of other users, and it isn't being made clear which videos may have been shared. Google only mentions videos, so it can be assumed that exported photos are likely unaffected.
Google had recently been the subject of other security scandals. In late 2019, a security research organization in Germany placed eight 'smart spies' in both the Amazon Alexa and Google Home app stores to demonstrate how easily eavesdropping and phishing can be done over smart speakers.
It was also recently discovered that Avast, a popular antivirus tool for both PC and Mac, had been harvesting user data and selling it directly to Google and Microsoft.
@jonoberheide" height="368" />
Image credit: @jonoberheide
Image credit: @jonoberheide
Those who used Google's "Download your data" service for Google Photos between November 21 and November 25 of 2019 may find that their data export is incomplete -- and could contain videos from other users. Google is informing impacted users now, and it is unclear how many users are a victim of the problem.
The notice was screen capped by Twitter user Jon Oberheide, co-founder of Duo Security, on February 3. It is not known how many users were affected at this time.
Whoa, what? @googlephotos? pic.twitter.com/2cZsABz1xb
-- Jon Oberheide (@jonoberheide)
Google states that for a five day period, a technical issue made it possible for users' videos to be exported to unrelated users archives. They assure users that the issue has been fixed, but notes that users should delete prior exports and perform a new export at this time.
It is possible that a user's videos have been shared with an unknown amount of other users, and it isn't being made clear which videos may have been shared. Google only mentions videos, so it can be assumed that exported photos are likely unaffected.
Google had recently been the subject of other security scandals. In late 2019, a security research organization in Germany placed eight 'smart spies' in both the Amazon Alexa and Google Home app stores to demonstrate how easily eavesdropping and phishing can be done over smart speakers.
It was also recently discovered that Avast, a popular antivirus tool for both PC and Mac, had been harvesting user data and selling it directly to Google and Microsoft.
Comments
"Of course, being that it's Google, I'm sure on this forum people will rage and pretend Apple has never had a privacy breach."
No comment here about the Google mishap, rather just about your strawman argument: Your point of view is not made stronger by trying to portray anyone that doesn't agree with it as a deluded person. It reads more like reflection (i.e. that you're coddling Google.)
Let's start with the opening:
and
Note the use of 'you' and 'yours', reminding YOU that YOU initiated this action, so in some way, you're partially to blame, especially since you have downloaded data that doesn't belong to you. What actually happened was that Google screwed up and sent you data that belonged to someone else. This is Google's way of asking if you were dressed provocatively when they lost your data, and if so then perhaps, in some way, you were asking for it.
Exhibit B:
"We apologize for any inconvenience caused"
Weird Uncle Google is now telling you exactly how serious this breach was: an inconvenience. Whether it was an inconvenience or not depends on what was on the pictures they sent to perfect strangers; it certainly isn't their call. But they'd like to make it clear that this is all this is: an inconvenience.
You've been conditioned well by the [lazy] computer industry and tech geek culture. Security and reliability(!!) has never been a serious concern at the core of computing (especially capitalism-driven computing product), and only now is it finally starting to seriously bite humanity in the ass. REPEATEDLY.
...And there we go with the victim-blaming.
Just because YOU have spent ages learning how not to trust computing doesn’t mean everyone else has (nor should have to constantly watch out for untrustworthy product marketing).
The utter callous brutality of the kind of society some people are okay with...
I reject google docs entirely, and search tools for the most part, but I can’t say I am clear of reliance on Google.
I use GMail for “business” mail (ie: every time I’m required to make an account somewhere, or give someone my email address) and I now kind of hate myself for it. It was a protection against my private email address being spewed all over the internet and spammed to death, and that has worked out wonderfully... but seeing Google’s endless mistakes AND intentional abuses of user data, I am NOT OKAY with how much I actually rely on Google.
I also watch lots of shit on YouTube and use Google’s reverse-image-search (which is very handy and isn’t replicated well by anyone else). Other than those (which I’m growing more and more intolerant dealing with), I’ve drawn a line in the sand with Google, and refuse to get deeper. But I’m deep enough. When will it bite me in the ass?
I often wonder when Apple’s iCloud will make me feel just as vulnerable as Google’s shit. Do i transition my “business” mail to them, when they also have a history of abandoning online services?
We really do have a house of cards here...