Instagram’s got a problem
Instagram seems to be the latest company having privacy issues. According to Quartz, they initiated tests that showed when a user posted photograph to Instagram publicly, which is the default setting, would remain publicly viewable on the web, even if the user made their account private.
This privacy hole put an untold number of users photographs at risk and was exposed by Quartz to Instagram. Instagram took steps this weekend to make the necessary repair.
You may be wondering how this happened? This privacy lapse revealed itself on the Instagram website. When a user is logged into the website, they can browse photographs posted by any user they are following, regardless of their privacy setting. The URL can then be copied from a posted image and sent to anyone, anywhere; including Twitter and Facebook where the image could theoretically remain forever, without the original user’s knowledge or consent.
How it all works
Typically, if the link is to a photograph taken by a user who “has set their account to private, a person navigating to the URL will be presented with a webpage stating “Page Not Found.” However, if the shared photograph was taken at any point while an account was public, even if that account was later made private (until Instagram’s latest patch) the image would still have been displayed to anyone with the link. In a sense, these photographs were hiding in plain sight—there was nothing stopping anyone from looking at them, but you needed to know where to look to see them,” according to Quartz. If this sounds a bit convoluted; Quartz made an infographic to explain how it worked.
At first, Instagram didn’t seem too concerned with the problem, stating, “This is not an area where we have received feedback or concerns from the community but will continue to revisit,” a spokesperson for Instagram initially told Quartz in an emailed statement on Jan. 8. “If you choose to share a specific piece of content from your account publicly, that link remains public but the account itself is still private.” Soon afterward, however, they stated, “In response to feedback, we made an update so that if people change their profile from public to private, web links that are not shared on other services are only viewable to their followers on Instagram.”
The hole has been patched, but…
Considering even with the hole now patched, any privacy glitches are potentially sensitive for Facebook (which also owns Instagram), which agreed to submit to audits of its privacy practices for two decades when it settled a lawsuit brought by the Federal Trade Commission, charging it with deceptive practices. “The settlement requires Facebook to take several steps to make sure it lives up to its promises in the future, including by giving consumers clear and prominent notice and obtaining their express consent before sharing their information beyond their privacy settings,” the FTC said at the time. Quartz also states they, “were unable to find any instance in Instagram’s support documents where the company makes clear how photos a user believes are private could be publicly available in the way they were until this weekend.”
A final note: using the Internet is a calculated risk. Privacy is not 100 percent or guaranteed. When a Twitter user turns their account from private to public, all of their previous private tweets become public. So while this Instagram privacy hole may be a pain, it certainly isn’t new. Be selective about what you share because Internet security is not iron-clad.