tl;dr: Choose your Flickr uploader carefully, always make sure to set permission correctly, especially for private photos. Best not to upload any private content on Internet.

The following is a Flickr mail I sent to Flickr support, unfortunately, they didn’t understand what I meant, the reply is just standard response from support. I will explain more after the mail content.


From: Flickr Customer Care
Subject: Re: [Flickr Case 2201518] Re: Other issues


Hello, livibetter!

This is a copy of a help case reply:
-------------------------
Hello,

Thank you for contacting Flickr Customer Care.

I understand that you have a concern regarding the privacy and safety
levels of photos on Flickr. I apologize for any inconvenience this has
caused you. Let me provide you this information.

Both the privacy and safety settings of your photos can affect the
visibility of your photos. Photos can be public (anyone can see them),
private (only you can see them), or viewable only to other Flickr
members that you have designated as Friends and/or Family. If someone
can't see a photo make sure that it has the permissions you want. For
example, if it is a Friends/Family photo, make sure that person is
listed as a Friend/Family in your Contacts.

Moreover, Flickr is a global community made up of many different kinds
of people. What's OK in your backyard may not be OK in theirs. Each one
of us bears the responsibility of categorizing our own content within
this landscape. So we've introduced some filters to help everyone try to
get along.

When you upload content to Flickr, you need to choose what Safety Level
it fits in:

* Safe - Content suitable for a global, public audience

* Moderate - If you're not sure whether your content is suitable for a
global, public audience but you think that it doesn't need to be
restricted per set, this category is for you

* Restricted - This is content you probably wouldn't show to your mom
and definitely shouldn't be seen by kids

A good rule of thumb is, bare breasts and bottoms are "moderate." Full
frontal nudity is "restricted."

If you are seeing abusive items on Flickr, please use the "Report Abuse"
link at the bottom of all Flickr pages. This is the best and fastest way
to get this information to the correct team.

I hope the information I have provided to you above will help address
your concern. If you need further assistance, please let me know by
replying to this email with these details:

- Please give us a detailed description of the problem you are having,
including the exact steps you would like to do.

- The exact steps you are taking.

- Any other information that you feel is important in helping us resolve
your issue.

Flickr values your input on making our service experience better. We
appreciate your time and patience for letting us work on this issue.

Thank you again for contacting us.

Regards,

Tom

Flickr Customer Care

To get the most out of Flickr, please upgrade your browser to the latest
version:

Chrome: http://www.google.com/chrome
Safari: http://www.apple.com/safari/download
Firefox: http://getfirefox.com
IE: http://www.microsoft.com/windows/internet
-explorer/worldwide-sites.aspx

Original Message Follows:
-------------------------


Hi,

My flickr account name is "livibetter"

Over the years, I have seen some private photos on

http://www.flickr.com/photos/

Which originally I believe it's uploaders' faults for not
setting photo permissions along with photo uploading.

The situation goes like:

1. I see a new uploaded photo,
2. Click on it,
3. Flickr tells me that's a private photo; or I see the
photo page, but it disappears from the user's photo stream,
go back one page, Flickr tells that page is now private.

When I first I see this, I didn't pay much attention to it,
because I believed that could be user's fault, they set
photo private after uploaded. But as time goes on, I began
to see more and more this kind of situation.

Sometimes, it appears right away, sometimes, it takes a few
seconds. Which provide enough time, if someone wants to
download a larger version.

And more than one time, I saw intimate moment between
couples, the kind of moment that two people are naked even
having sex.

If you check my flagging logs, you will see I flag a lot of
nude photos from spam uploaders whenever I see one. So, I am
pretty good to tell if that's a photo uploaded by spammers.

In those few times, those accounts do not occur to me they
are spammers, because those photos look like from normal
people. In their photo stream, they are just some normal
family, kids, pets, etc.

So, I started to think, there is an issue with private
photo.

Somehow, they are leaked for extremely short moment, only a
few seconds. But that could be enough for people to
download, even manually without utilizing scripts.

Just a few hours ago, I saw another but they are normal
photos. You can watch the recording while I manually showed
that I could even get the photo pages.

http://youtu.be/FOzXmNax3XM

I have contacted http://www.flickr.com/photos/audiere/ and
exchanged with him and got a possible explanation for the
leaking, that's why I believe this could be uploader.

Since I have seen more than one time, I feel this issue must
be addressed. Just one intimate photo can ruin people's life
even a small version of thumbnail, last time I saw was
probably few days ago and I recalled I had enough time to
get into photo page. I am sure another time was in April,
because I was thinking about providing it by uploading a
sequence of testing private photo using the web uploader,
but I didn't do it.

I want to know what exact the problem lies and warn people
about it. (Which could be advising people choose their
uploader carefully)

I attach mails between me and audiere, he provided code he
used, he used own code to upload and I believe some
uploaders have same issues not because there is some timing
delay for photo permission between Flickr servers.

Sincerely yours,
Yu-Jie Lin

##########

To: audiere Christopher Brown
Subject: About private photos

Hi,

My name is Yu-Jie Lin. I know this may sound strange, but I
need your private photos to show Flickr about my concern of
private photos.

I saw one of a thumbnail of your private photo via
http://www.flickr.com/photos/ and I took this chance to
record because you had been constantly uploading private
photos.

Private photos shouldn't be seen, but there was a very short
timing that people might see them, which I have notice more
than a year, just didn't have a chance to make a record of
the issue.

Anyway, please check out this video:

http://youtu.be/FOzXmNax3XM

*** Please don't share the link to anyone else, I want to
get Flickr's response first and wait for them to fix it ***

I demonstrated two successes of viewing them in photo page,
although seeing thumbnails have already shown the issue.

1st success: 0:39
2nd success: 3:18

I don't know if this is caused by app or timing of photo
processing, which only Flickr can be sure about it.

I want to let you know about this issue and get your
agreement of using your photos as demonstrations. (Even
those private photos are licesed under CC)

I will need to know what uploader were you using? The new
Flickr web uploader, old Flash, or other?

After I get your response, I will contact Flickr privately
with more detail and send you.

Please don't let anyone else know about this, I don't want
to cause an insecure feeling among Flickr users and make
some people attack Flickr on this issue.

Once Flickr fixes this, it's fine if you want to let people
know about it. I plan to write about this and I will make
that video accessible to public.

##########

To: audiere Christopher Brown
Subject: About private photos [2]

I think I need more info.

Beside the uploader, how exactly you do the uploading? Do
you remember to set uploads private or after photo being
uploaded?

Thanks,
Yu-Jie Lin

##########

From: audiere Christopher Brown
Subject: Re: About private photos

Oh, wow, that's very revealing, thanks for the info! The
photos I'm uploading aren't super private; if someone saw
the thumbnails of a few of them I wouldn't be too
distraught, but yes, it's definitely worth looking into!

Actually, I think it's mostly my fault; here's the code I
was using (I wrote my little backup script myself--so, it's
not surprising that there are a few bugs):

photo = flickr_api.upload(photo_file=self.fullpath,
title=self.title)
photo.setPerms(is_public=0, is_friend=0, is_family=0,
perm_comment=0, perm_addmeta=0)
album_photoset.addPhoto(photo=photo,
description='flickr-store', tags='flickr-store', hidden=2)

And here's the code I'm about to use:

photo = flickr_api.upload(photo_file=self.fullpath,
title=self.title,
is_public=0, is_friend=0, is_family=0, hidden=2)
photo.setPerms(is_public=0, is_friend=0, is_family=0,
perm_comment=0, perm_addmeta=0)
album_photoset.addPhoto(photo=photo,
description='flickr-store', tags='flickr-store', hidden=2)

Now, we'll see if that prevents my photos hitting the public
stream...

It's probably the way flickr processes incoming pictures;
because there is a gap between the upload and the privacy
settings in the former lines of code, it thinks they're
public until someone actually requests to see a picture,
which is likely after the setPerms call hits the Flickr
servers.

Hope my little fix didn't ruin your plans, but you're
totally welcome to show them that video, if you like.
They're all marked CC-attribution because that's my account
default. But thanks for the bug report!

I'll probably open source my little uploader to
github.com/chbrown at some point, but I just haven't yet.

##########

From: audiere Christopher Brown
Subject: Re: About private photos [2]

Yeah, and those 10 or so that were sitting in my stream at
the top, were probably at that halfway point--just after
upload and just before setPerms, when my script crashed, or
I killed it or something.

So, really, stupid user error on my part. Thanks again!

##########

To: audiere Christopher Brown
Subject: Re: About private photos

Thanks for the code, that's actually one possibility I have
thought of, that's why I send you a second email for
details. I wasn't entire sure where the problem lies on.

The issue is I have seen this kind of situation many times
over the years, and some of them are initmate moments
between couples. (I am obssesed with Flickr
www.flickr.com/photos/)

Since you wrote your own code, I begin to think there might
have some problematic uploaders.

Anyway, I will still send a mail to Flickr with copies of
our mails, so I can get the confirmation that problems are
entirely on uploaders.

##########

From: audiere Christopher Brown
Subject: Re: About private photos

Ha, I don't think I'd send any intimate moments to Flickr,
private or not.

Here's my code, which seems to have fixed the privacy issue:

github.com/chbrown/flickr-backup

At least, I haven't seen any more of my photos on
www.flickr.com/photos/

Thanks again for the heads-up!

Flash: Flash V:11.2.202 D:Shockwave Flash 11.2 r202
Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.5)
Gecko/20100101 Firefox/10.0.5
IP: 118.169.138.148
Email: livibetter@gmail.com
AMT info:
https://amt.yahoo.com/amt/dosearch?.token=r0mTQjDvX4svRFh6i8ou.Kmpu.btBkzfIopHBwMf4rA-

-------------------------
This is a copy of our response to your recent help query sent to the primary email address associated with your Flickr account. If you'd like to respond, please send the email to case2201518@support.flickr.com to ensure a timely response.

You can change your primary email address at any time via your account page: http://www.flickr.com/account/prefs/email/

I’ve been using Flickr for years and I am obsessed with recent uploads. When I am bored, I go to refresh a few pages. That’s how I get my Flickr contacts, every time I see cats and home-cooked dishes (especially bread baking in recent times), I add them as contact.

Note

Recen photos have not been available since July, 2013. (2015-12-07T07:28:59Z)

But it’s not all good or safe photos, there are a lot of nude or even pornography being uploaded as you are reading. Just head over and keep refreshing for 10 minutes, you are most likely to see a couple of those photos. There is nothing terribly wrong with those as long as they don’t break the law or violate Flickr terms, the only problem is why I was seeing them?

The possible reasons are:

  • They are uploaded by spammers, they don’t care if those fall into public viewable area, which is actually what they want.
  • Uploaders forget to set permission.
  • Something is mishandled during uploading process, which is the case I am writing for this post.

Since I spend a lot of time in that page, I am quite good to tell if that’s a spammer’s account. (I can even tell a photo is uploaded via Instagram or not from that small square thumbnail, because that, I even wrote about Instagram photos on Flickr.)

It’s not uncommon that I will see a photo become private after I click on its thumbnail on that page. At first, I didn’t pay much attention to this, because I think the uploader later correct the photo’s permission.

Then, I started to see some photo that should never be seen other than two people in the photo. They are intimate photos and I know that photos are uploaded by the real account user, not hacked, because same faces show in other photos, those normal family photo with lovely kids or pets.

They disappear a few seconds from the account’s photostream, and that only indicates they are indeed private photos, which have no intention to be seen by others.

I realized this is an issue, a serious one, it must be known and aware of. But it took me more than a year to write this post, because I didn’t really know the cause. However, I did form some ideas in my mind.

I have just seen another incident a few days ago, but I didn’t have means to prove or to find the real problem, besides I couldn’t use other’s intimate photo to show the problem. It’s a woman sitting on chair, forgive me to omit the detail. Even I only see the thumbnail, I know what it is about. The other photos are with her young son, probably only four or five years old, and her husband. Imagine if I knew this family in person, that would be very awkward. Hopefully, I will forget the detail soon.

Back in April (2012-04-02T05:08:23Z), I determined to find out what’s really going on, but as usual, I never tried to do it. At the time, I suspect it may be the official uploader which leaks until now I still don’t have answer for it.

Less than 24 hours, I saw another incident. Luckily, this time those photos are normal photos, but set to be private and I took this opportunity. Here is a recording showing you I even get to the photo page for two successful attempts by manually refreshing and clicking:

https://i.ytimg.com/vi/FOzXmNax3XM/hqdefault.jpg

(1st success: 0:39. 2nd success: 3:18)

After contacted the Flickr user audiere, I confirmed one of my suspected theories. The flawed uploading code, you can read our exchange mail above, but I quote those code to show you:


photo = flickr_api.upload(photo_file=self.fullpath, title=self.title)
photo.setPerms(is_public=0, is_friend=0, is_family=0, perm_comment=0, perm_addmeta=0)

He wrote his own uploader which included a flawed process of uploading, it takes two API calls to upload and set up the permission. Between two calls, it creates a timing, a very short gap, a few seconds, that others can have possibly accessible to the photo if act quickly.

Since I have seen this many times, I can tell you that sometimes I can even have time to download the largest or original version just use my mouse to click and click.

Imagine if I was a very bad person, I could spread those intimate photos using some measures so no one would find out the source of spreader. That could hurt people who upload those to Flickr and think the uploader take care of permission perfectly, i.e. photo is never leaked even for a few seconds.

To use Flickr API correctly, the permission can be set along with uploading as audiere fixes his code:


photo = flickr_api.upload(photo_file=self.fullpath, title=self.title, is_public=0, is_friend=0, is_family=0, hidden=2)

This is not a Flickr’s fault, but uploader’s flaw. Though I can’t get a confirmation about their server process the permission setting before pushing out the photo to be accessible.

I am certain there are more flawed uploaders around because I have seen many times of this case, though only a few times were intimate photos. If your favorite uploader is open source, please go review its source code to see if it handles permission correctly. File a bug report, if it doesn’t.

I am writing this post because I hope you can be careful for your private photo and not only limited to Flickr, but all private stuff you put online. Please choose uploader (including official ones) or any third-party app carefully, they may make mistake in coding. Even it’s just a thumbnail, it can ruin your life.

Unfortunately, I was unable to get a confirmation from Flickr support about the official uploader and if there is any chance that their process can leak even if permission is set with uploads. The support clearly didn’t read through my mail, sadly. I was hoping they would confirm there are some known uploaders may have this kind of issue at least. But I basically got nothing informative from support.

The best way is not to upload any stuff you don’t want people to see or to read. If you insist and entirely trust any website you use, you are at your own risk as I already demonstrate you that I can just hit refresh and get a larger photo because of a flaw of using API. If I write a program to monitor an account which I know the account user uploads private stuff via flawed uploader, I am certain my code can manage to download a few largest photos.

Actually, the best way is not to create any you may regret if other people see it. I never understand why some guys want to photo down there or girls want to take a braless photos, well even just in underwear. And yes, I do see those via the page and I am certain they are just like normal people you see every day in your life.

To give you a worse case, one-time, just one-time, I’d seen a teen girl goes braless or naked, I couldn’t remember which. (Glad I couldn’t) I know it’s a regular teen girl because of her other photos. When I got to the photo page, was planning to flag the photo, I immediately felt I was like a pedo when I saw the face, in thumbnail it looks like a spammer’s photo. (There are certain spammers upload same sets of normal-people-look-alike’s naked photos over and over again, no idea where they get those photos) I wasn’t sure if I should flag it, because she would know photo must have been seen. I believe if your photo gets flagged you will get notification, I wasn’t sure. But view count certainly can tell.

Anyway, there are a lot of strange photos going on in that page, pornography, all sorts of fetish, trans-dresser, infant just got out of womb (this is fine, but little bloody), adult comics, two naked dolls placed in sexual-suggestive-positions, and even more. If your mind can’t comprehend, it’s better you keep yourself away from that page. If you can, flag as much as you can whenever you see one isn’t suitable to public.

Years before, I even used report abuse to report entire account. One time, I saw a suspicious photostream filled with young girls with very less clothing on, not nude, but very strange when you see those photos, some probably not even old enough to be teens. I reported that account as suspicious pedo account.

I think Flickr should offer an option allow users to decide if their photos can be seen via that page, and/or only show photos from users have joined for a month at least or longer. New user may make mistake on settings and this probably have more time to identify spammer’s account.

Honestly, I definitely don’t think that page is okay for everyone to view, especially minors. It’s quite often to see those photos in my experience.

But in other hand, it’s how I get my awesome contacts. You can see silly cats, inspiring home cooking, places and cultural around the world, or know what holiday is today from those recent photos. Most photo are still great.

Again, it’s best not to create any private stuff digitally, there is no absolute way to keep those safe.