SmugMug’s Private Photos Aren’t Really Private

Photo hosting site SmugMug apparently has a huge security hole which allows anyone to easily access other users’ photos which have been marked as “private,” reports Google Blogoscoped. What’s worse, the folks at SmugMug are aware of the issue, but claim this is intended behavior, separating the notions of “privacy” and “security.”

In a nutshell, the problem is this: if you set your photos as “private”, they can still be accessed simply by URL manipulation; for example, I randomly typed in this URL “http://www.smugmug.com/gallery/1021″ in my browser and got someone’s gallery that, perhaps, was not intended for the whole world to see. It is possible to prevent this behavior by setting a special password for your image/gallery, but how many people understand this?

Here’s an excerpt from SmugMug’s CEO Don MacAskill’s long conversation with Google Blogoscoped:

“…we view security and privacy as two separate, but related, issues. Security is like locking your front door (no-one can get in with out a key) and privacy is like closing your window drapes (no-one can look in from the outside, but you can tell people where you live and they can visit without a key).

At SmugMug, the feature you’re talking about, private galleries, falls under the privacy umbrella, not security. It’s intentionally designed so that you can “tell other people” about your photos (share a URL in an email, embed or hyperlink on your blog or message forum, etc) without having to share something like a password. Only people you’ve shared this URL with can find the gallery and/or photos in question.

The problem here, of course, is the fact that most people don’t care about semantics in cases such as this; if they set a photo to “private,” most of them probably expect that no one else can see this photo, period. A similar discussion arose recently when it was discovered that Google Reader shares your “shared” items with everyone in your Gmail account, but this is a far worse problem, because private photos are at stake. As usual, it will probably just take some media attention (such as this article) for the folks at SmugMug to get to their senses, but why does it always have to be so?

Blist: Making Spreadsheets Fun?

The latest to tackle online database and spreadsheet creations: Blist. Launching today at DEMO, blist is a more flexible way in which to create those dreadful spreadsheets we all have to do for one reason or another. The company’s aim is to simplify the process by tailoring the application according to your needs, as opposed to your having to configure your data according to the existing parameters of a spreadsheet.

It does so by offering an array of templates that can be selected for a variety of purposes, from wedding guest lists to fantasy football stats. Data can be viewed in multiple formats, like tables, calendars or widgets. Incorporating multimedia items like photos or videos means that users can do with these spreadsheets whatever they like, for any purpose they see fit.

With an intuitive interface, the target user is the non-technical folks out there that don’t really like the complications of a spreadsheet. Blist spreadsheets are collaborative, web-based tools, so the social aspect of sharing data is built into this application. From the looks of it, blist’s offerings also extend to the construction of queries, meaning this tool has the potential for enabling non-technical users to create tables and perhaps even mashups.

There is a handful of applications out there that are taking on the challenge of creating an easy-to-use, web-based mashup tool that will translate into a high user adoption rate based on a simplified and intuitive process, like Strata. As web surfers find more ways in which to control and use their own information (or third-party information for their own purposes), mashup tools will become an increasingly integrated aspect of our every day use, so tools that help us towards this direction will become more valuable.

Print Screens Without the Paper: Iterasi

Iterasi is a new company launching its service at DEMO today. The product of serial entrepreneur Pete Grillo, who sold his previous company WeSync to Palm in 2000, Iterasi is another way to organize your web. While the premise of the service is very straightforward, Iterasi pulls from so many schemas that we already have applied to the organization of the web that I’m having trouble figuring out the best way to describe how it all works in comparison to what we already have. But here goes:

Iterasi is a bookmarking tool that lets you take a snapshot of a website in its native format. That means that whether the site is dynamic or static, these web pages can be bookmarked, saved, searched, retrieved, shared, and tagged. This is handy for saving online receipts, submission/application forms, content and images, to name a few. Think of it as a web-based print screen function  without the paper.

As with other bookmarking tools, Iterasi comes complete with a browser bookmark so you can amass websites as you surf the web. Similar to StumbleUpon, Iterasi will let you “notarize” your saved site, adding in tags, showing tags that others have applied to the same site, and providing your own title. These saved items will display in your Iterasi account as thumbnail images, similar to JigJak or Hyperigo.

But if Iterasi is anything like a bookmarking site, it’s main point of differentiation is the personalized ways in which you can organize all your bookmarks. Think of a glorified version of the browser sidebar that lets you place all your bookmarks into various folders. There’s also an option to set a timer for notarizing a webpage at a specified time. If you do this regularly, then you’ve got a time-lapsed glimpse at how a website changes over time, kinda like archive.org.

Now that we’ve taken a look at Iterasi’s main features and likened it to pieces of several existing tools out there, what can Iterasi be used for?

The searchability of Iterasi is very key to the overall value of this service, as this enables users to truly create their own web. Should this data be gathered as an aggregated look at web behavior, multiple things can be inferred, from shopping habits to new perspectives on web search, or a combination of several of these things. It could also be used in conjunction with other tools out there like Shoeboxed that collect your receipts to help you with your own budgeting.

Given the outlook for personalized web experiences, data portability, and a number of other customized tools for mashing up varied parts of your own Internet, Iterasi offers a compellingly simple look at the potential for the tailored web. Is this a better way to handle personal bookmarks than Clipmarks‘ social attempt at sharing items?

[Source: Mashable.com]

eBay Acquires Fraud Sciences For $169 Million

eBay through Paypal has acquired fraud detection provider Fraud Sciences Ltd for $169 million.

Israel and Palo Alto based Fraud Sciences offers automated anti-fraud systems including SpotLight VFX and SpotLight T2T, merchant solutions the provide transaction verification with fraud prevention. In an October 2007 profile, Israelplug said that Fraud Sciences products “help online retailers verify the identity of buyers and accept orders that they would have seen as suspicious in the past - thus enabling them to increase their sales.”

eBay said the acquisition will assist them in significantly improving trust and safety across its sites in 2008. Fraud Sciences’ risk tools will be integrated with PayPal’s fraud management system.

Personnel from Fraud Sciences, including Yossi Barak, Fraud Sciences’ COO, and founders Shvat Shaked and Saar Wilf, will join PayPal’s technology and fraud management teams.

This acquisition is expected to be completed within 30 days.