On Jan 3, 12:02 pm, Jay Wilson <[email protected]> wrote: > My name is Jay Wilson; I'm a Product Manager at Photobucket. The > program "Phusk" hosted on your code.google.com site > (http://code.google.com/p/phusk/) is malicious. It scrapes our private > accounts for photos. We hope that you will aide us in having this > removed. Our users (and their rights to privacy) would be very > appreciative.
[Note I already sent this reply once, but while Jay Wilson received it, this Google Group bounced it due to overzealous spam-filtering. I'm resending from Gmail this time to make sure it gets through!] I don't speak for Google, but: A simpler solution to this would be for Photobucket to choose better random filenames, e.g., instead of "210.jpg", use "70fb4c86aed.jpg". Or, if it's important that the base filename be the same (perhaps because it's user-specified), then interpose the random component into the path preceding it: http://s74.photobucket.com/albums/foo/bar/70fb4c86aed/210.jpg The reason the system is insecure right now is because Photobucket is not thinking of its photo filenames as passwords, even though they essentially are passwords in practice. If you started treating them with the same security constraints as passwords, the problem is solved. In general, I think it would be a dangerous precedent for an open source hosting platform (such as Google Code Hosting) to remove applications because they happen to violate some third-party's terms of service. Whatever agreements Photobucket has with its users -- whether registered users or random Internet passers-by -- are no business of Google's, and Google should not be in the business of determining whether a given piece of code complies with someone else's terms. Many useful applications violate someone's terms of service. For example, cryptography applications are illegal in some countries, but that doesn't mean open source hosting sites should stop hosting them. So just because this application is "illegal" according to Photobuckets desires for how people should use its service, likewise doesn't mean Google should stop hosting the source code to the application. Again, just my opinion, not Google's, -Karl Fogel -- You received this message because you are subscribed to the Google Groups "Project Hosting on Google Code" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-code-hosting?hl=en.
