Help / The Help Forum

This thread was closed automatically due to a lack of responses over the last month.

Hot Topics

[Official thread] Upload-by-email is no longer supported
Latest: 5 hours ago
[Official Thread] Flickr login freedom is here
Latest: 6 hours ago
[INVESTIGATING] Thumbnails of 35 of my images are not appearing
Latest: 6 hours ago
[Investigating] My icon is missing
Latest: 9 hours ago
[Official Thread] Stats on Mobile Removed
Latest: 13 hours ago
[Official Thread] Updates on speed & stability so far
Latest: 15 hours ago
[Official Thread] Flickr partners with Pixsy to fight image theft
Latest: 2 days ago
Hi SmugMug, my wish list for Flickr
Latest: 2 days ago
[Official Thread] (Updated 2019.03.20) Temporary Video Downtime
Latest: 4 days ago

 

Current Discussion

Pictures disappeared and are now white or blank
Latest: 14 minutes ago
Replacing images
Latest: 56 minutes ago
Why is a photo appearing as a blank?
Latest: 59 minutes ago
Flickr not generating zip file
Latest: 71 minutes ago
Why won’t my photos delete or remove from my album?
Latest: 78 minutes ago
What is going on Explore now?
Latest: 84 minutes ago
Picture suddenly broken/not appearing
Latest: 2 hours ago
How to upload RAW file formats (.DNG, .NEF)
Latest: 3 hours ago
Zip Downloads - Not Working
Latest: 4 hours ago
FLICKR APP on ios
Latest: 5 hours ago
Error upload FILE TIMED OUT
Latest: 5 hours ago
Flickriver no longer works for me
Latest: 6 hours ago
More...

Search the Help Forum

Flickr photos stolen by the thousands through the Flickr API

loupiote (Old Skool) pro says:

anyone can steal public photos from Flickr and create a slideshow using www.slide.com , and use this slideshow (that can contain photos in high-resolution) in way not approved by the copyright owner.

just to demonstrate the problem, i have created a slideshow using ARR photos stolen from Flickr user FlyButtafly:

www.slide.com/r/ZUO71fpD6j9d-q8cbSlGf2RwjrQdbxEC

(i could have picked any other flickr account with public photos, and even mix-and-match photos from several accounts)

See the nice advertising banner at the top? I am sure that FlyButtafly never approved her ARR photos to be used to sell advertising on slide.com and on any other site where slide.com slideshows can be embedded (e.g. myspace, and hundreds of other sites, as you can see on slide.com).

the issue is that flickr does not require the flickr account password in order to access the public photos from each flickr account, Just the name of the Flickr account will give anyone with an "API key" (e.g. the slide.com website) access to all the "safe public" photos of that account, even those that are ARR, in a size up to medium or large (not original unless the account gives anyone access to the original, i think, if original size is larger than 1000-pixel).

so with slide.com i can enter any Flickr user name, make a slideshow and disseminate it with no indication of its source (and possibly hiding the watermark embeded in the photos, as you can see on the example above - make the window fullscreen and click on "Original View" to see the photos really large with hidden watermark).

i want to make it clear that the problem is not with the slide.com website (i just used it here for demonstration), but rather with the Flickr API.

this thread is by no mean suggesting to use other photo sharing websites, but rather to discuss how the Flickr API should be "fixed" to prevent the problem (please ignore comments from the usual trolls).

in other words, given the way the Flickr API works today, Flickr is an easy free-for-all source of photos because it gives API access to the photo "bits" of large version of the photos (up to 1000-pixel) without requiring the password of the account owning the photos, regardless of the license attached (e.g. ARR).

in my opinion, the flickr API should only provide access to thumbnail bits of each image, unless a password is provided to access larger version of the photos, ESPECIALLY in case of ARR (All Rights Reserved) photos.

What do you think?
Posted at 4:14AM, 6 October 2007 PDT ( permalink )
loupiote (Old Skool) pro edited this topic ages ago.

← prev 1 2
(1 to 100 of 137 replies in Flickr photos stolen by the thousands through the Flickr API)
view photos

iansand says:

Ipernity.
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

i could make another slideshow with your photo to sell more advertising, iansand. i don't think that the CC license attached to you photo allows that (CC NC).

actually, here is one for Iansand:

www.slide.com/r/-Bt1Oy77wz9GOFAi9sqd-hgiU6XNJM-O

(which goes against his CC NC, because of the advertising banner - note that i did that only to demonstrate the problem)
Posted ages ago. ( permalink )
loupiote (Old Skool) pro edited this topic ages ago.

view photos

iansand says:

Is that what Ipernity does? They should be ashamed.
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

no, that's what flickr does. i have no idea what other photo sharing sites to with their API, if they have one. this thread is about Flickr API.
Posted ages ago. ( permalink )

view photos

yinyang says:

interestingly enough if you want to create a Facebook or bebo slide you need to actually login in to your account, whereas with flickr or myspace you just need a username!

try it out...! i just did with stewart's (!!) and mine to make sure it doesn't pick up F&F, which it doesn't (phew!)
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

Flickr does not require a password to suck-out the bits from the "public & safe" photos using its API, even if those photos are ARR (All Right Reserved). the only thing that Flickr needs is the user name, which is public.

you probably need a password only for the websites that requires a password for access to the image data.

Friends and Familly photos are "private" so they won't get leeched out of Flickr without a password.

of course, i know that it is possible for a member to "opt-out" of the API, but that's not what i want. i want the API to access my ARR public photos photos, but only the thumbnails data, and i want a password to be needed to access the larger images for my ARR photos with the API.

i know that this is not a perfect protection, i.e. smart services could access the photo pages and extract the image bits by parsing the HTML from the photo pages. but this would offer a "space-ball" type level of protection in the API, making it harder to suck-up all the photos from flickr using the API and user-names, like slide.com is doing.

of course i understand that doing this would probably require using a different "secret" for the thumbnail images vs. the small, medium or large images, which all use the same "secret" currently. so such a change would probably only affect newly update photos. but i really think that this is a problem that should be resolved.
Posted ages ago. ( permalink )
loupiote (Old Skool) pro edited this topic ages ago.

view photos

Walwyn says:

The problem for CC-NC images is that there is no way that the API could tell whether the site is commercial or not. In fact one could put it on what is to all intents and purposes a non-commercial site and then have the commercial site frame the non-commercial webpage.

Agree though that it would be best if the ARR images weren't made available but there are going to be knock on affects to that.
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

i agree that for CC-NC photos, it is unclear whether the API should allow anyone to suck-up the large size bits out of flickr.

but i'm not happy that the API allows that for ARR photos, and that it is so easy to do that, e.g. through slide.com or other similar sites using the Flickr API.

and by the way, once the photos are sucked out of flickr and re-processed into a slideshow, they can move around on the web, and there is never a link or pointer toward the original photo pages (as this is not required by the Flickr TAO, since the slideshows are not using deep-links to the flickr images, but rather copies on another server).
Posted ages ago. ( permalink )

view photos

Walwyn says:

One of the problems is that given the thumbnail image you can derive the URL for the other images too. So just returning the thumb URL wouldn't be enough each size would have to have a separately derived URL.
Posted ages ago. ( permalink )

view photos

FlyButtafly says:

Thanks for pointing me here, loupiote.

Yeah, I have a bit of a problem with that slideshow.

From what I could see, the only reason I was attributed was because loupiote named it the way he did. Seems someone could name their slideshow anything they wanted, and unless someone clicked on the photo, they'd have no idea where it came from.

And that "original size" slideshow bit - where it upsizes the image and splashes the title across the bottom (effectively hiding my watermark, as loupiote pointed out)...

I don't think flickr is providing larger than med. sizes for them, because the larger sizes' quality seemed to be degraded a bit - so that's something to take up with slide.com. However - the fact they require no authentication and allow anyone to pull med. sized images from flickr, even when they're ARR...

To me that is a blatant violation of copyright. They shouldn't be pulling up any ARR images at all. Unless they are your own.
Posted ages ago. ( permalink )

view photos

dwof says:

I am opted out of the API on 3rd party sites, and it still creates a slideshow of my pictures. Grrr. This is annoying.
Posted ages ago. ( permalink )

view photos

austenhaines says:

Yeah, opting out of that seems to have little difference on a few sites. im still unsure what difference its supossed to make.
Posted ages ago. ( permalink )

view photos

~Cath G~ says:

I thought that opting out of the API 3rd party searches would opt me out of API 3rd party searches. How silly of me!

Seriously, I am unhappy with the attitude that because I post photos on flickr I should be happy with them posted elsewhere through the API, because I'm not. I chose to use flickr. I don't chose to use the other sites that harvest my images through the API.

Surely as a paying customer I should decide where my work is shown? I chose flickr and I don't understand why flickr is unable to respect my choice.
Posted ages ago. ( permalink )

view photos

The Searcher says:

I use Slide on my website ( www.poprelics.com ) and I tried to set it up to use larger than medium-sized, and there were no options for that. So I think the medium size is the largest it uses.

But since it isn't actually displaying photos until someone chooses the photos to display, how is this different than any number of other sites that create tools? Isn't it the user who is responsible for the proper use of the tool?

There was a discussion recently about www.Picnik.com. It lets any one pull ANY image from ANYWHERE, and display it in whatever resolution is available, and allow it to be manipulated and re-saved, with no attribution, no link to Flickr, nothing. I honestly doubt they're even using the API, they can pluck this stuff out of the web without it.

So why should the API tools have more stringent controls than the naked internet? What would be the point?

I just don't get how this use/tool is much different than sites like Picnik, or any of FD's Flickr toys for that matter. These are useful tools, but if they aren't restricted by gathering publicly available images, and if they aren't doing anything WRONG, then why should the API be more restrictive than the intertubenets?
Posted ages ago. ( permalink )

view photos

striatic says:

'Isn't it the user who is responsible for the proper use of the tool?'

the argument is that the tool induces infringement.

however, if you go to the slide site and make a slideshow, it is pretty clear the intent on slide is for people to construct their own slideshows.

for instance, the site says 'enter *your* username' as opposed to 'enter the username of the person you wish to steal photos from'.

slide could make it so that you could only use your own flickr photos in a slideshow by using the flickr api authorization system .. but that's an inconvenience to people who want to genuinely make their own slideshows with their own photos, especially when it is very clear that the intent here is for people to make their own slideshows using their own photos.

all the terminology on the site points to that use.
Posted ages ago. ( permalink )

view photos

The Searcher says:

same with picnik. Except at least currently there's very little language on the site that explains anything about photo ownership and licenses. I'm really not trying to pic on picnik, but it has been defended as a site with a good product/service that can just be used to do wrong, not designed to do wrong. So if that's the case, certainly a service like Slide would fall in that same catagory?

I'm just trying to find a baseline for what people feel is acceptable use, and where the limits are for a responsible site/tool/company in not creating a theft-machine, but at the same time not having to be completely responsible for how users may abuse the tools.
Posted ages ago. ( permalink )

view photos

~Cath G~ says:

So why not make users authorise their use of the site? That seems to work well with other sites eg fd flcikr toys
Posted ages ago. ( permalink )

view photos

The Searcher says:

FD has a Flickr account authorization. But it also has a simple URL option, letting you pluck any image off of the internet that you want. Leaving the issue of responsibility and copyright firmly in the hands of the user.

Right? Wrong?

Because if it's ok for FD Flickr Toys, and Picnik, then it has to also be alright for Slide.
Posted ages ago. ( permalink )

view photos

striatic says:

'That seems to work well with other sites eg fd flcikr toys '

flickr toys allows you to do plenty with other people's photos without authorization.

take the profile widget:

FlyButtafly. Get yours at bighugelabs.com/flickr

oh noes, i stoled flybuttafly's photomosnaps! what do!?

the point is that the api allows folks to do plenty of things with other people's photos without permission. in the case of FD's profile widget's, the use is obviously oriented toward people using their own photos, so no one cares.

with slide, the point is obviously for people to use their own photos, and yet people care.

don't ask me why people care, but i suspect it might have something to do with a certain contrived slideshow at the top of this topic that really takes what the tool is meant to do out of context.
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

i don't think that the discussion should focus on slide.com.

the problem is that the flickr API provides the data of all ARR public images without requiring a password or authentication.

however, if you go to the slide site and make a slideshow, it is pretty clear the intent on slide is for people to construct their own slideshows.

hmmm no so sure: look at slide.com, it allows you to make a slideshow with random photos from what they call "search", using arbitrary keywords. no idea where those photos come from.

the argument is that the tool induces infringement.

i think that the flickr API induces infringement, by making this possible. technically, the flickr API could limit the image data available through the API by requiring authentication.

Flickr already does that for private photos, for non-safe public photos, and for "original-size" bits. so there is no technical reason for them not to add ARR bits (except for the square and thumbnail data).

it is true that websites using the flickr API could police themself, but volontary policing never works as well as enforcement at the API level.

e.g. if flickr was giving access to private photos through the API with no authetication and just asked API user to not use them because of the TOS, people would cream, because for sure some websites would access those regardless of the TOS.

well, in my opinion, the same should go for ARR photos.
Posted ages ago. ( permalink )
loupiote (Old Skool) pro edited this topic ages ago.

view photos

loupiote (Old Skool) pro says:

oh noes, i stoled flybuttafly's photomosnaps! what do!?

as long at the ARR images are only used as thumbnails, that does not bother me, because this is fair use, and thumbnails images appear on all search engines.

with slide, the point is obviously for people to use their own photos, and yet people care.

they they should authentication - which, by the way, would give access to all the user's photos, including those that are moderate, restricted or private.

but again, my feeling is that the problem is not with slide.com, but rather in that fact the flickr's API allows this to happen.

don't ask me why people care, but i suspect it might have something to do with a certain contrived slideshow at the top of this topic that really takes what the tool is meant to do out of context.

slide.com is just the tip of the iceberg.

i have found video slideshows made with my ARR photos floating on youtube, so there are other tools doing the same, that people use routinely to steel ARR photos from flickr and use them illegally.

one one side Flickr tells us that they care about illegal download of photos (e.g. they implemented the spaceballs to make it harder) - but on the other hand they make it very easy for anyone to download thousands of ARR photos throught the API in a fraction of a second.

that's not right.
Posted ages ago. ( permalink )
loupiote (Old Skool) pro edited this topic ages ago.

view photos

golden fire says:

I agree with loupiote....ARR should mean something!

For Flickr to allow us to select these settings and then do nothing to ensure they work is just plain shoddy.

Flickr, get with the program. ..it is obvious we expect some sort of protection from you ..try to evolve to meet these challenges..
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

and again do i want my public ARR photo opened to the flickr API (so that they can be found using the API, e.g. by tag search), and i do want their thumbnail data available through the flickr API.

i just don't want the bits for larger sizes (for ARR photos) available without authentication.

the fact that flick uses the same "secret" for all image sizes (except original) is the issue, on the technical side.

thumnails (and square) should use a different "secret" - actually maybe there should be a different "secret" for each image size, so that access to them could be controlled independently.
Posted ages ago. ( permalink )

view photos

Caroline in Ireland says:

Can flickr not produce a tool that we can download for free to add our names or handles to a photo before we upload them so that if they are robbed from the site it'll be useless to do so? Maybe there is such a thing??
Posted ages ago. ( permalink )

view photos

Caroline in Ireland says:

.
Posted ages ago. ( permalink )

view photos

The Searcher says:

Missed my point(s) completely. Amid the rabble-rousing, how about you take the API out of the equation completely?

"the problem is that the flickr API provides the data of all ARR public images without requiring a password or authentication. "

The PROBLEM, if it is such a thing, is that the INTERNET provides access to all ARR images without requiring a password or authentication. Picnik's and FD Toys' usage sometimes uses the API, but also functions just fine with non-API internet search/URL functions.

So again, AGAIN, I ask: What's the point of requiring Flickr to add restrictions to the API, if those restrictions are NON EXISTENT via Simple Internet Access? People willing to do ill, can do ill regardless.

Your same problems would be here. Your same fears, your same potential for abuse. So why hamper/hobble something useful, if there are non-API ways to affect the same potential for abuse?

How about instead of clamouring for restrictions that would do no good, you instead clamour for better education and understanding of the underlying issue.

that would be people, taking stuff that doesn't belong to them. and understanding such.
Posted ages ago. ( permalink )

view photos

matt says:

The PROBLEM, if it is such a thing, is that the INTERNET provides access to all ARR images without requiring a password or authentication.

Indeed. If you want your content (or some subset thereof) protected by authentication, then it needs to be protected by authentication everywhere, or there's no value to that protection at all, apart from a warm and fuzzy feeling. It really is an an all-or-nothing choice; it's either all protected, no matter where you view it from, or none of it's protected.

Partial authentication like is being asked for is like trying to prevent a draft by closing all the windows, but leaving the door wide open.
Posted ages ago. ( permalink )

view photos

golden fire says:

Thought you might like to see this related topic.

www.flickr.com/help/forum/en-us/50508/

It appears Paul Hammond, staff is refering to this topic....

Quote
Paul Hammond says:
We're not ignoring this thread, or the new one loupiote started - quite the opposite. There's a healthy debate going on at Flickr HQ as to what our response should be, and so many of us have really felt uncomfortable in responding here in case our views are taken to be *the* flickr line.

But I can see how our silence can be interpreted as ignoring the issue, and I'm sorry about that.

Our hands are also tied slightly by the huge number of applications that rely on the existing behaviour of the API. If we make changes too quickly, we'd break a lot of things (like, say, fd's flickr toys) that a lot of flickr users love.

We're interested in hearing everyone's point of view - but please keep it civil. In particular, can we try to steer clear of comparing this issue to murder or suggesting that someone isn't allowed to have an opinion about what happens to their photos just because they've never heard of Jeremy Keith?

[oh, and in the interests of full disclosure, Jeremy aka Adactio is a personal friend of mine, just in case anyone thinks that's relevant]
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

@The Searcher

The PROBLEM, if it is such a thing, is that the INTERNET provides access to all ARR images without requiring a password or authentication. Picnik's and FD Toys' usage sometimes uses the API, but also functions just fine with non-API internet search/URL functions.

i know that. but then why would flickr bother with the spaceballs?

i'm just suggesting that Flickr is not helping by making easier to make automatic tools leeching all ARR public photos

If they want to make it easier to grab ARR photos, they should remove the spaceballs.

i.e. doing the spaceballs thing and at the same time allowing their API to suck-up large amount of ARR public photo without requiring authentication is a bit contradictory, no?

@Paul Hammond (staff)

FYI read paul's posting here: www.flickr.com/help/forum/50508/#reply318122

yes, i am sure that you are completely aware of this issue. it's certainely not easy to resolve, but personally i really feel that flickr is seen as a "free for all" source of photos, and that the current API does not help much in respecting the right of phographers that have ARR photos on flickr.

Our hands are also tied slightly by the huge number of applications that rely on the existing behaviour of the API. If we make changes too quickly, we'd break a lot of things (like, say, fd's flickr toys) that a lot of flickr users love.

sure, we want our photos showcased, and we want to use great external tools like Scout and all the other flickr toys, and we want image search engines to find our photos using the API. but we want to control which of our data can be leeched out using un-authentified API calls. i think that's fair.

@matt

Partial authentication like is being asked for is like trying to prevent a draft by closing all the windows, but leaving the door wide open.

i think it's more like the opposit. i would prefer locking the door, even if a third-floor window is opened. yes, people can enter the house, but it requires more efforts. i bet you that less people will get in the house if you do that, rather than opening the door and closing all the windows.
Posted ages ago. ( permalink )
loupiote (Old Skool) pro edited this topic ages ago.

view photos

Brenda Anderson says:

Here's what I don't get.

When I joined Flickr 3 years ago, the house was open, the doors were open, the windows were open.

Then, a year or so later, people started worrying about all that openness, so Flickr decided they'd let you close one of the windows if you wanted (by introducing the "who can download" setting)... then a bit later, another window shut with the "who can blog" setting.

Now, some are proposing that Flickr shut the doors and lock them too.

But, this is what I don't get. The doors have always been open. But you seem upset by the fact that an open door means that someone might come in and take something.

If open doors worry you, then perhaps you should share your photos on a closed door site.

[by 'you' I don't mean anyone specifically in this thread]
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

@Brenda

you photos are ARR. are you happy to see them here, showed with an advertising banner? (and without attribution)

it took me about 15 sec to steal 100 of your ARR photos and make this slideshow. - i was nice to mention your name, but i didn't have to.

Now, some are proposing that Flickr shut the doors and lock them too.

no, we are suggesting that they don't make it easy for anyone to leech-out all our ARR photos using an un-authentified API, but will still love the API and we love to have our photos "public" on flickr.
Posted ages ago. ( permalink )
loupiote (Old Skool) pro edited this topic ages ago.

view photos

Brenda Anderson says:

loupiote, I accept that if I put my photos on Flickr, someone else might use them. And If I they are photos that I would mind about, then I set those to friends only.
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

loupiote, I accept that if I put my photos on Flickr, someone else might use them. And If I they are photos that I would mind about, then I set those to friends only.

that's your view. but many people want to showcase their photos (i.e. have them "public"), and at the same time, they want them ARR (all right reserved), meaning that they don't want them to be used unless permitted.

and we know that any image displayed on a webpage can be copied, but flickr does not have to make it that easy to leech-up hundreds of ARR photos using their un-authentified API.

if you don't mind your photos being used like in the slide above, then i don't understand why you make them ARR. you should probably make then with a CC allowing that - that is, if you agree with your photos being used like that.

also, i'm sure that flickr would prefer if they could get the revenues from the advertising on sites like slide.com that showcase photos stolen from flickr.
Posted ages ago. ( permalink )
loupiote (Old Skool) pro edited this topic ages ago.

view photos

Brenda Anderson says:

Why should I make them CC?

Just because I know that someone might use my photos without permission doesn't mean that I should license them anyway. That's like saying, well, someone might break into my house if I leave it unlocked, so I might as well leave the door open.

I've rallied hard in the past against websites that used my images incorrectly... but not to make Flickr change their API but to make those websites use the photos correctly. I don't think we should shut off Flickr because people might misuse our photos.
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

I don't think we should shut off Flickr because people might misuse our photos.

i never suggested to shut-off flickr.

so are for or against the spaceballs, brenda?

if you are for having them, what you are saying does not make sense to me.

if you are against them, you should ask that flickr remove the damned spaceballs!
Posted ages ago. ( permalink )

view photos

Brenda Anderson says:

loupiote (Old Skool) wrote

that's your view. but many people want to showcase their photos (i.e. have them "public"), and at the same time, they want them ARR (all right reserved), meaning that they don't want them to be used unless permitted.
Oh, forgot to answer this bit. True, but showcasing your photos as public puts them out into the public. That's how Flickr works and how it's always worked. It's not like Flickr came along 3 years after you uploaded your photos and said, 'guess what? we've now created an open API so anyone can use your photos on other websites!" Then I could see reasons to be upset about the API. But if you know the API is there, and you still upload your photos as public, then you must be accepting the risk that your photos may be used without permission. Aren't you?
Posted ages ago. ( permalink )

view photos

Brenda Anderson says:

loupiote (Old Skool) wrote

you should ask that flickr remove the damned spaceballs!
And do you think they'll listen to me?

*edit* I should say... Flickr added the spaceball thing because, originally, the photo page was Flash-driven. When they moved from Flash to straight HTML, photos suddenly became open to 'right-click and save'. People complained, so Flickr added the spaceball to discourage right-click downloading.

I don't think they'll turn it off, no matter what I say. :)
Posted ages ago. ( permalink )
Brenda Anderson edited this topic ages ago.

view photos

loupiote (Old Skool) pro says:

. But if you know the API is there, and you still upload your photos as public, then you must be accepting the risk that your photos may be used without permission. Aren't you?

but the API can change.

in the early version of the API, the "original" photos (e.g. hi-resolution) could not be protected. now they are protected, if the user wants that.

i accept the risk of having my ARR photos used without my permission. i don't agree that flickr should make is so easy with their API.

and Brenda i still don't understand why you don't let people download your photos from the photo page?

People complained, so Flickr added the spaceball to discourage right-click downloading.

that's exactly my point! flickr could introduce the equivalent of the "spaceballs" in the API.

i would have less problem with slide.com if their slideshows were hot-linking the original flickr photo-page where the photo was lifted from. but they don't. even even if they did, other sites would not do it.

so instead of trying to police all the sites that use the API, why not change the API to make it harder to lift ARR photos unless you use authentication?

Flickr already does that to protect the access of public photos that are "moderate" or "restricted". i think they should still provide access to all public ARR photos, but only in thumbnail size, unless an authenticated API is used.
Posted ages ago. ( permalink )
loupiote (Old Skool) pro edited this topic ages ago.

view photos

Brenda Anderson says:

loupiote (Old Skool) wrote

and Brenda i still don't understand why you don't let people download your photos from the photo page?
I do... just not everyone.

I don't get your point though. Because I know the API can be used to take my photos without permission, that means I should let people download my photos?
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

Because I know the API can be used to take my photos without permission, that means I should let people download my photos?

yes, you should. because you don't care that people download your public ARR photos. or do you care?

or course the spaceballs are such a joke, so easy to bypass, that it just a joke - but it a matter of principle. if you don't care, you should not use the spaceballs and allow people to download your photos from the photo page.
Posted ages ago. ( permalink )
loupiote (Old Skool) pro edited this topic ages ago.

view photos

Brenda Anderson says:

loupiote (Old Skool) wrote

that's exactly my point! flickr could introduce the equivalent of the "spaceballs" in the API.
But my point was, they added the 'spaceballs' because they had changed the photo page such that the right-click downloading became possible. The spaceball was a way to return to the norm.

The API has always been open. Changing it would change the essence of Flickr as a photo-sharing site with an open API, which it has always been.
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

i don't agree with your reasonning, brenda. i think it's illogical.

The API has always been open. Changing it would change the essence of Flickr as a photo-sharing site with an open API, which it has always been.

i don't know what you mean by "Open API". the API has an authentication layer, which controls what data can be accessed. even with public safe photos, not all data can be accessed (e.g. original photo might be off-limit unless authenticated, even for public safe photos).

that was not the case originally. the fact that flickr changed it does not make the API useless.

the user should have some control on the data made available through the un-authenticated API. right now, the granularity is very small. you can either hide the photo (e.g. private or un-safe), or give access to the photo but not original, or give access to the photo and original.

the user can also prevent their photos from being searched with the API, while keeping them searchable from the Flickr website.

BTW the "access to original" is unfortunately global to the entire account, which i don't like - it should be "per photo".
Posted ages ago. ( permalink )
loupiote (Old Skool) pro edited this topic ages ago.

view photos

Brenda Anderson says:

Then I guess we'll have to leave it at that.
Posted ages ago. ( permalink )

view photos

matt says:

i think it's more like the opposit. i would prefer locking the door, even if a third-floor window is opened. yes, people can enter the house, but it requires more efforts. i bet you that less people will get in the house if you do that, rather than opening the door and closing all the windows.

I do understand where you're coming from loupiote, but this really isn't the case. The web interface really is the front door; everyone knows where it is, and everyone knows how to use it. And as long as its unlocked, everyone can get in without breaking a sweat.

All the tools anyone has ever needed to grab your photos through the web interface existed well before Flickr even came online, and like most such things, are used just as much for entirely legitimate purposes as illegitimate ones*. It's simple and easy to do, and anyone with the brains to use the API to swipe photos could do much the same just through the web interface. In a lot of cases, it's simpler to exploit the web interface, because it requires less Flickr-specific programming.

I'm not saying this as support for any particular position, since I find it highly unlikely that any changes in this regard would affect how I use Flickr. I just think it's a mistake to believe that the API is the real problem. The real problem is authentication: if you want any part of your content to be protected, it has to be protected equally through all the various channels, regardless if that's the web, the API, RSS, the works.

* an example: if you've got a Facebook account, open up a new message to someone, and copy and paste the URL for someone's photostream. Anyone's works, but for the sake of this example, pick someone showing their collections on the front page. You'll get the option to 'attach' a picture to the mail, and if you scroll through the options, you'll notice that the thumbnail-sized mosaics of the collections are one of the choices: it's just grabbing images directly from the page, not touching the API at all.
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

I just think it's a mistake to believe that the API is the real problem. The real problem is authentication: if you want any part of your content to be protected, it has to be protected equally through all the various channels, regardless if that's the web, the API, RSS, the works.

i don't disagree with you, although i think the API makes it easier to leech-out large batches of photos from Flickr.

of course, my hi-res files are protected, but still i am a bit worried about web-size versions taken from flickr by sites like slide.com, reformatted and then floating around the internet with no reference to the source or attribution, in most cases.
Posted ages ago. ( permalink )

view photos

The Searcher says:

Bottom line, the sites cited here that use the API in a way that it can be abused, are the same sites that can be abused WITHOUT using the API.

Still haven't seen the point of locking down useful tools/abilities, if the naked internet still allows the same potential for theft.

Perhaps Flickr simply isn't for anyone who needs to take their "security" so seriously.

personal web sites, watermarks, flash interfaces, may be better suited to people who need to be so vigilant.
Posted ages ago. ( permalink )

view photos

matt says:

i don't disagree with you, although i think the API makes it easier to leech-out large batches of photos from Flickr.

That's what I'm saying – it's a bit of an illusion that the API makes it easier. It's always been easy, and would continue to be just as easy if the API disappeared entirely. The only thing that will be different is that noone will be able to point at the API and say "it's the API!"

I'm not sure what I can really do to convince you of this, short of posting a snippet of code that can actually do it; it wouldn't take long, and would be shorter than the majority of the entries above.
Posted ages ago. ( permalink )

view photos

Dr. Keats says:

Re-definition of terms, perhaps? Instead of "easier", maybe "more convenient"?

Problem, of course, is that for anything 'Net-related: there's always going to be scum-bags who mis-use it... Applies to the API as much as anything else...
Posted ages ago. ( permalink )

view photos

matt says:

Re-definition of terms, perhaps? Instead of "easier", maybe "more convenient"?

Well, maybe 'different'. For a further attempt at domestic analogy, it's like having two mail slots in the same door. The short mailman might prefer the lower one, but the tall mailman prefers the higher one, and whether or not your birthday cards get pilfered depends on the honesty of the mailman, not the slot he uses.

There are some things the API makes easier, but grabbing a category of photos wholesale (whether it's one person, a group, a tag, a set, etc) just isn't one of them.

Problem, of course, is that for anything 'Net-related: there's always going to be scum-bags who mis-use it... Applies to the API as much as anything else...

That's pretty much it, and it's why I think it's important to emphasise the importance of authentication if you want your content protected.

As an aside, though, I'd go so far as to strike out "net-related." Just ride a bike (motorbike or bicycle) to work for a week or two to see how people mis-use the giant self-propelled metal death-machines that when used responsibly you call "cars."
Posted ages ago. ( permalink )

view photos

Dr. Keats says:

I cycle... know what you mean!

Mind you, when I'm in a car, I'm infuriated by cyclists blithely zipping through red lights, etc..
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

@The Searcher

Still haven't seen the point of locking down useful tools/abilities, if the naked internet still allows the same potential for theft.

i never suggested to lock-down anything.

but i would prefer that my ARR photos bits (except for thumbnails) not be used anywhere out of flickr unless i permit it. i know those bits can be reached through the HTTP protocol (i.e. from the flickr web pages). that's fine. but it would make me feel slightly better if authentication was needed to access those bits when using the API - since basically in most cases i would be the only one to want to do that, i would provide the authentication to access my own data.

so nothing would be locked-down, things would just work with the API, and i would be able to use any third-party site that uses the flickr API, provided that they get authentified.

right now i see two problems with sites like slide.com that uses un-authentified flickr API:

1) I am unable to access my private or "public & unsafe" photos from those sites (I want to!)

2) everyone is able to steal everyone-elses ARR public (& safe) photos and use them in ways not permitted by the copyright owner.

by the way, Brenda, i hope you don't mind, i added little hearts and some music on top of your photos:

www.slide.com/r/eOHWB4w_7j-7Y7UXn266TP7SrkVn6Rs7?view=ori...
Posted ages ago. ( permalink )
loupiote (Old Skool) pro edited this topic ages ago.

view photos

iansand says:

Ipernity.
Posted ages ago. ( permalink )

view photos

Walwyn says:

I'm not sure what I can really do to convince you of this, short of posting a snippet of code that can actually do it; it wouldn't take long, and would be shorter than the majority of the entries above.

I think the point is that people getting content through the API obtain the ARR images without doing anything special. They have to check after getting the photo-id for the permissions to decide whether to drop the photo or not. Additionally there is a returned flag 'ispublic=1' which we all know is open to miss interpretation.

Someone with no intention to be misuse the content may do so simply through omission. They may even think that what they have done is correct (they didn't mean to misuse), they then say that its either the user's fault for not opting out of the API, or flickr for providing them with the content. A row then ensues. In a sense they are correct that the API is at fault as it did provide them content that they didn't want ie someone's ARR images.

Yes there are other ways of taking the content from flickr without using the API but when that happens it is usually pretty clear what the intent was.
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

@Walwyn

and also i find it very ennoying that those sites (e.g. slide.com) use the API with no authentication, therefore only access a limited subset of the photos i have photos on flickr, since a number of my photos can only be accessed with authentication (e.g. private or non-safe photos).

i don't like that.

Someone with no intention to be misuse the content may do so simply through omission. They may even think that what they have done is correct (they didn't mean to misuse), they then say that its either the user's fault for not opting out of the API, or flickr for providing them with the content. A row then ensues. In a sense they are correct that the API is at fault as it did provide them content that they didn't want ie someone's ARR images.

your analyse is correct, that's what happening here.
Posted ages ago. ( permalink )

view photos

Walwyn says:

A new API could be devised that enforced the permissions. However as said by staff they don't want to break old applications that comply.

A solution would be for the old API to remain in force allowing old apps to continue. Any new request for an API key would only be released under the new API. Any problems that are subsequently brought to peoples attention under the old API would then have the choice of either complying with the permissions under the old API, or having the key revoked and having to rewrite for the new API.
Posted ages ago. ( permalink )

view photos

Dr. Keats says:

So, that would kind of work like the way changing a CC licence works - under CC, everyone, nice or nasty, can use the images. Change it to ARR, and the people who were using the images before can still do so, but any new would-be users have to respect the new setting....
Posted ages ago. ( permalink )

view photos

Walwyn says:

Yeah except that once a nasty user is found, they can either make the small adjustments necessary to become nice, or have the old API key withdrawn, and any new key would only give them access to the new API. IOW they'd then have to do a much bigger rewrite. Carrot and stick.
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

> A new API could be devised that enforced the permissions. However as said by staff they don't want to break old applications that comply.

correct.

but do you think that slide.com (and all the other apps that do similar things) do actually comply with the Flickr API terms?

apparently, they don't.

The Flickr API TOS does not allow using the ARR photos in ways not explicitely permitted by the copyright owner. and if NC-Attribution photos are used, attribution should be given. none of that is enforced by slide.com.
Posted ages ago. ( permalink )

view photos

The Searcher says:

walwyn: the sites discussed here, like Picnik, Slide, FD's toys, they all have, side-by-side with the API-enabled Flickr buttons, a "URL" button, that does essentially the exact same thing as the Flickr button, except without need of the API to function.

"I think the point is that people getting content through the API obtain the ARR images without doing anything special."

They do this regardless, with any public images available online. It isn't that there are obscure workarounds to the features the API tools allow, it is that there are direct, side-by-side functional tools on the SAME sites, that do NOT use/require the API at all, and thus would function the exact same way without it.

In fact, the way FD implements it, he requires that authentication if you use the Flickr access. But if you choose the naked internet access, no authentication is required. So there's someone who's voluntarily tightening the requirements for API use, and yet allowing more potentially infringing use without it.

You're asking to lock the front door, while leaving the OTHER front door, two side doors, back door and cellar door unlocked. That sort of "security" makes the spaceball look like Fort Knox.
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

In fact, the way FD implements it, he requires that authentication if you use the Flickr access. But if you choose the naked internet access, no authentication is required. So there's someone who's voluntarily tightening the requirements for API use, and yet allowing more potentially infringing use without it.

no, this is why they are doing that.

they are asking for a password so that they can access all the photos of the user, including those that are not safe (e.g. moderate) or private.

i would like slide.com to do the same so that i can access all my photos, not just a subset.

of course i agree that using non-authentified http access gives you access to the bits of all ARR public & safe photos from all photographers.
Posted ages ago. ( permalink )

view photos

Walwyn says:

@Searcher

The issue is where the tools allow you to directly access and select ARR flickr content to use via the API. This gives the impression that the usage is allowed and sanctioned. You know as well as I do the number of times we hear the argument, but it says "public" or "then you should opt out of the API".

That you could do the same by finding and pasting an URL into the tools is of a different nature, as presumable the person doing so is at least partially aware that what they are doing is a bit iffy.

Take the slide.com app it asks me for a flickr screen name so presumably it is OK for me create a slideshow from any users content get the HTML code and post it on any website. I never have to visit the user's stream, I never have to check the copyright status of the images, I can remain blissfully unaware of any such issues. Flickr served up the data so my use must be OK. This appear to be different from the photobucket usage where it will only allow me access to accounts that I know the password to.
Posted ages ago. ( permalink )

view photos

Jason and Ali says:

You're bonkers. Completely, utterly bonkers. You asked for your photo to be publically available, and it's publically available - what's the problem?
Posted ages ago. ( permalink )

view photos

Nikonlessrob says:

So what , so someone makes a slide show of my photos .. I'd be proud of that .
Posted ages ago. ( permalink )

view photos

Walwyn says:

@Jason and Ali
what's the problem?

You are confusing being publicly viewable with being publicly available to reuse.

The problem is that no one has have the right to redisplay an ARR image without explicit permission from the copyright owner (fair-use aside), irrespective of whether it was obtained directly via the flickr API or by some other means.

@NikonRob
I'd be proud of that .

You'll note that all of my images are CC-NC so any one can make a slide show of them and redisplay on some other web page, so long as that web page is not part of a commercial enterprise. Other people, such as yourself, chose to have their images ARR that should be respected.
Posted ages ago. ( permalink )

view photos

The Searcher says:

Walwyn: tell me how Picnik's usage is any different than how you described Slide's. Or FD's. Why does one get a pass and not the other? From a Joe-User point of view, there's little difference whether or not some under-the-hood API is being used to gather images. The tools let people gather ANY images, regardless. So locking down the API, does not solve your issue with how they are presenting their tools.

Your solution would be better served if the sites just better EXPLAINED the usage people were about to do. Warning popups, accept-these-terms click-throughs, etc. As it is, you're advocating locking a door on a public park with no fences. as is, that's pointless.

Loupiote: your issue with sites' API authentication is valid, but that's more of a usability issue with individual sites' level of functionality. That's a "feature" that you'd like some of these people to add. They're all 3rd party developers, some probably kids in a basement, and I'm sure most would be very willing to listen to a suggestion to improve their tools. But Flickr's API has useful functions with and without authentication. So why force Flickr to only offer a locked down version, when it's the weaknesses of 3rd party tool development that you need fixed?
Posted ages ago. ( permalink )

view photos

striatic says:

'You are confusing being publicly viewable with being publicly available to reuse.'

but on the internet, being publicly viewable means being publicly available for reuse, one way or another.

even if reuse isn't legally allowed, the image is still "publicly available" for that purpose, simply because it is viewable.

also, the API doesn't change the legal standards for reuse.

i mean, long before flickr came along, yahoo image search type indexing would allow for the creation of slideshows like those on slide.

you know who the API is good for? it is good for flickr, so that bots don't have to constantly hammer the site, looking for stuff. if the API wasn't about, folks would just scrape flickr. perfectly legally, yet wasting resources so that a some group of flickr users can retain their false sense of security.
Posted ages ago. ( permalink )

view photos

striatic says:

also, as for slide's intent and what it is trying to induce.. emphasis here is mine ..

go to slide.com text on the front page:

"Slide Shows

Make a Slide Show and tell the world about yourself."

click that and the largest text on the screen says:

"Upload your own images"

click flickr and it says:

"Enter your flickr screen name" and "get my images"

maybe your problem is with their somewhat obscure "search" tab, which suggests "paris hilton" as a search term, but i don't know what that has to do with the flickr api. i tried searching "flybuttafly" but nothing came up in their results.
Posted ages ago. ( permalink )

view photos

Walwyn says:

@Searcher

I'm not picking on slider.com I was just using it as an example where it is very easy to create a display of some one's ARR images. No doubt the other example sites you point to do likewise, they don't get a pass from me.

The FD tools happen to have been around for sometime and because a lot of the regulars here like them, they just seem to get thrown up as an example of "well the FD tools do that so it must be OK", its all a bit circular don't you think?

Picnik seems to give me the option to enter the URL of any web picture, presumably so that I can get an image from my personal site, but if I don't enter one and just press open it displays the current Explorer images for me to pick from.

Can you think of a valid reason why the developers thought that was a reasonably thing to do? Its gratuitous and as I said in the picnik thread fosters the mindset that all this stuff is there for the taking.

Does the API make it easier for web-monkeys to do this? Does it contribute to fostering the impressioon that flickr ARR images are there for the taking?

To answer both questions I think it does.

Am I personally concerned about? Nope all my images are CC-NC, so I'm not really going to lose sleep over anyone's ARR images, but I can see why they might get a little pissed over it.
Posted ages ago. ( permalink )

view photos

drab rings says:

"but on the internet, being publicly viewable means being publicly available for reuse"

This statement is wrong is so many ways. The little symbol with the C inside does not allow anyone, Internet posted or not, to use any property without permission of the owner, registered or not. Anyone claiming otherwise is condoning the illegal reuse of someone else's property a.k.a. theft.

That is the same thing as saying....hey look at that empty field, since it is next to a road and I can see it I guess it's mine to use....I mean that private property sign doesn't mean anything.

Now doesn't that sound uneducated striatic?

The API must prevent the use of images that are considered under copyright and which the Flickr user has "opted out" of third party software and API searches. The current Flickr API goes against Flickr's own vision of the tools provided to protect the property of its users.

Many people will argue the fact or ask why place images on Flickr and have them as public. The answer is simple, why not when the host, Flickr, is providing tools, has policy, and generally supports the protection of intellectual property. There is a contradiction between the tools to protect ones images even when under copyright and what is allowed by the API.

The API needs to repaired and goes against everything else Flickr has in place to protect the users. Its not a far stretch to say Flickr is condoning the illegal use of protect property of others by allowing the API to operate this way. Why offer the user community an option to CC or ARR their images if they are all over Internet, thanks to Flickr API programs, protected, hidden, or otherwise? That would be a rhetorical question striatic.

EDIT: fixed a typo
Posted ages ago. ( permalink )

view photos

striatic says:

'This statement is wrong is so many ways.'

you didn't actually read my post, did you?

i said that there is a difference between something being available for re-use, and available for legal re-use.

'Anyone claiming otherwise is condoning the illegal reuse of someone else's property a.k.a. theft.'

give me a bloody break. no one is advocating the violation of IP here, no matter how many words you want to shove down their throats. just because a system can allow for the violation of IP doesn't mean that the system should be scrapped or re-configured to make violating IP impossible.

the flickr api can aid in the redistribution of copyrighted works. so can your camera. hand it over.

'Why offer the user community an option to CC or ARR their images if they are all over Internet, thanks to Flickr API programs, protected, hidden, or otherwise?'

because there is a difference between what is technically possible and what is legally permissible, and because it isn't possible to code what is technically possible to match what it is legally permissible.

you need separate systems for each, and sometimes they are divergent.

if you think you can take the law and transliterate it to code, you understand neither law nor code.
Posted ages ago. ( permalink )
striatic edited this topic ages ago.

view photos

loupiote (Old Skool) pro says:

@Walwyn

You'll note that all of my images are CC-NC so any one can make a slide show of them and redisplay on some other web page, so long as that web page is not part of a commercial enterprise.

here are your CC-NC photos on a commercial website with advertising:

www.slide.com/r/dqsUmdcP5T9OetMfDXcUAAJo2_geTrYt?view=ori...
Posted ages ago. ( permalink )

view photos

drab rings says:

You are correct I am not a developer and never pretended to be one.

The problem is there are inherent tools or options within the Flickr UI to prevent third party applications from searching a users photos and several other protection options; however, a developer can use the Flickr API to gain access and circumvent the permissions that have been set on the user account. This is a problem whether you like it not it is a major flaw and contradicts Flickr's own policy, tools, and statements of their staff in various other threads.

I may not understand code in a sense of being an author or one that implements code but I sure understand the concepts and can see the problem.

So I ask what came first, the Flickr UI or the API and why do they not work together properly to conform to Flickr's policy regarding property protection? I am willing to bet the API came after the UI and these problems are unintentional.

As far as ARR vs. CC images, are these not tags associated with the images itself since each image can have different permission settings? If so then why isn't there a function defined within the API that allows responsible developers to continue to develop their applications while protecting the Flickr community that desire to be protected?

It isn't about translating law into code, its about coding responsibly. I disagree that it would require two separate systems.
Posted ages ago. ( permalink )

view photos

The Searcher says:

foulwater: you should really go look at the way these example sites are using the API you wish was locked down. Slide, Picnik, FD's toys, they all offer, completely independent of the API, ways and means to take any image off of the internet, just as easily.

The idea being, it isn't the tool, it is how the tool can be abused. And my whole point is, they work just fine without a restrictive API, in fact without using the API at all. So locking down the API will do you no good at all, it will be a phantom security (really, my analogy of a locked door on an open field, works fine here.). So what's the point? You can't protect PUBLIC property that you have already made available to the entire internet. Not with a lock and key.

Educate people on how photos and IP can be used properly. That's about the only thing that will work.
Posted ages ago. ( permalink )

view photos

Brenda Anderson says:

foulwater wrote

So I ask what came first, the Flickr UI or the API and why do they not work together properly to conform to Flickr's policy regarding property protection? I am willing to bet the API came after the UI and these problems are unintentional.
Actually, the API, in this case, came first. All of the UI features that let you choose who can download, who can blog, who can see the originals... have been added since I joined Flickr. In my mind, it's the API that hasn't caught up with the UI...

I guess I'm reiterating what I said much earlier in this thread. The API exists as it is. I upload my photos to Flickr knowing that it does. If that means someone can "steal" my photos using the API, then that's a risk I take to use Flickr. If your photos are so precious to you that you can't take that risk, but you use Flickr anyway knowing that the risk exists, then it seems to me that you need to reevaluate your situation. (speaking to the generic 'you' of course)
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

then Flickr should seriously educate all the websites that use the Flickr API (e.g. slide.com), and make sure they don't use the ARR photos unless the user gives authentication.

of course, changing the flickr API would resolve the problem automatically, and force those interested in stealing ARR bits to use a different approach (e.g. http) if they want to circumvent this protection - in which case, as was said earlier, this would obviously show their intent.

@Brenda:

I guess I'm reiterating what I said much earlier in this thread. The API exists as it is.

not true: the API has changed and evolved in the past. for example, it originally was always giving access to "original" size bits. not the case anymore.

in the same way, it would be technically possible to use, for newly uploaded photos, a different "secret" for each size.
Posted ages ago. ( permalink )

view photos

Walwyn says:

@loupiote
here are your CC-NC photos on a commercial website with advertising:

Do you want me to issue a NOI?

However, it has to be your use that is commercial rather than the simple fact that there are ads on the page. The issue is whether it is you that is garnering part of the ad revenue. That is why it would be acceptable for a MySpacer to use one of those images as a backdrop even though News international is plastering ads all over the MySpacer's pages.
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

> Do you want me to issue a NOI?

sure, if you want :) this would be a good test to see how long it takes for slide to take those down.

and the problem of course is that doing this will not resolve the general issue - and as you see, the issue is not only with ARR.

of course, it's slide.com (or whereever this slideshow is displayed) that will make revenues from the ads, not me!
Posted ages ago. ( permalink )
loupiote (Old Skool) pro edited this topic ages ago.

view photos

Brenda Anderson says:

loupiote (Old Skool) wrote

not true: the API has changed and evolved in the past. for example, it originally was always giving access to "original" size bits. not the case anymore.
Ah, a matter of semantics, then.

Flickr changed the way it creates filenames in March, so photos uploaded since then have a different 'original secret'. And yes, the API changed to accommodate that (you now have to pass it the 'original secret' parameter in some queries, and you can only know that parameter if you have the right permissions).

Keep in mind of course, that photos uploaded before the introduction of the 'original secret' still have the same secret they always did... and can still be accessed by the API in the same way they could before. So in that respect, the API has not changed.

Now, it seems you aren't asking for a change to the API but a fundamental change to how filenames are created, by having a different secret for every size. Is that right?
Posted ages ago. ( permalink )

view photos

The Searcher says:

"then Flickr should seriously educate all the websites that use the Flickr API (e.g. slide.com), and make sure they don't use the ARR photos unless the user gives authentication."

AGAIN. What would be the point? If those same sites can (and do) make available ALL ARR IMAGES available not just from Flickr, but from the whole of the internet, without use or need of the API? Why require an authentication, if the button to the immediate right of that, requires none?

locked door. open field. pointless.
Posted ages ago. ( permalink )

view photos

Walwyn says:

sure, if you want :)

I think that has to come from either FlyButtafly or Brenda as both Iansand's and mine are CC'd and your use is non-commercial.
Posted ages ago. ( permalink )

view photos

striatic says:

'I am willing to bet the API came after the UI and these problems are unintentional.'

actually, most of the API methods described here came before spaceball.gif/downloading restrictions.

so you bet wrong.

'As far as ARR vs. CC images, are these not tags associated with the images itself since each image can have different permission settings? If so then why isn't there a function defined within the API that allows responsible developers to continue to develop their applications while protecting the Flickr community that desire to be protected?'

so why isn't there a function?

when you make a getInfo call to the flickr API, information is returned regarding the license status of the photo in question.

so actually there is a function.
Posted ages ago. ( permalink )

view photos

striatic says:

'of course, changing the flickr API would resolve the problem automatically, and force those interested in stealing ARR bits to use a different approach (e.g. http) if they want to circumvent this protection - in which case, as was said earlier, this would obviously show their intent.'

what if their intent is to allow people to get at their own photos without having to jump through flickr authorization hoops? keep their UI as simple as possible to deliver the functionality in as simple a manner as necessary?
Posted ages ago. ( permalink )

view photos

Walwyn says:

what if their intent is to allow people to get at their own photos without having to jump through flickr authorization hoops?

I don't think its a question of the apps intent, for example there is clear copyright policy on slider.com, rather its the intent of the end user. That they are presented with content other than their own, leads them to believe it is free to user.
Posted ages ago. ( permalink )

view photos

Brenda Anderson says:

Walwyn wrote

That they are presented with content other than their own, leads them to believe it is free to user.
But in the case of slide and flickr, they aren't presented with anything. You have to enter the username yourself. So slide assumes (and says in their terms of use) that you are responsible for using only material that you have the rights to use.
*edit to fix stray italics
Posted ages ago. ( permalink )

view photos

striatic says:

'That they are presented with content other than their own, leads them to believe it is free to user. '

but they aren't presented with content other than their own unless they specifically request it, and the clear intent of the application is for people to request their own content.

you can add an authentication step to formalize this .. to nebulous practical benefit and an assured increase in complexity.
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

what if their intent is to allow people to get at their own photos without having to jump through flickr authorization hoops? keep their UI as simple as possible to deliver the functionality in as simple a manner as necessary?

but they should have flickr authentication, so that i can access my private photos, if i want to. and also my "unsafe" photos, which are public (visible by flickr members), but not visible with the API without authentication.
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

you can add an authentication step to formalize this .. to nebulous practical benefit and an assured increase in complexity.

entering a password is not such an increase in complexity, and most people know that they need to enter a password in order to access their personal data - and prevent other from accessing their data in un-authorized ways.
Posted ages ago. ( permalink )

view photos

drab rings says:

@striatic "so actually there is a function."

Thanks for proving my point, it all comes back to responsible coding and it needs to begin with Flickr.
Posted ages ago. ( permalink )

view photos

The Searcher says:

nope. It all comes back to responsible law-abiding use of the internet. all the "responsible coding" in the world won't stop public images available on the internet from being plucked by anyone. Only education will do that.

You already have tools available on Flickr to limit public plucking. Make your images private (and to a lesser degree set filters on them, which keeps them out of non-flickr-user searches)

But if your image is available on the naked internet, then these SAME tools, Picnik, Slide, FD's toys, Firefox and Explorer, can and will and do make those images available with NO "responsible coding" on Flickr's part to hinder them.

"but they should have flickr authentication, so that i can access my private photos, if i want to."

Yes they should, if they feel their product would benefit from it. But as a FEATURE of a product that is not Flickr. Go to their help forum and ask them to do it, and explain the benefits to them. There's absolutely nothing stopping 3rd party software developers from using/creating this feature. Thus it is not a bug on Flickr's part.
Posted ages ago. ( permalink )

view photos

Brenda Anderson says:

So, loupioute, I would like you to delete the slideshow of my photos, as I did not give you permission to post them there.
Posted ages ago. ( permalink )

view photos

drab rings says:

@The Searcher

Just because there are other means of obtaining the images from Flickr does not negate the fact the Flcikr is NOT taking precautions to protect the users that desire to be protected. The ones that are for protection and encourage Flickr to uphold what they preach in the TOS and Community Guidelines are merely wanting the reassurance that Flickr is NOT providing or enabling non-law abiding developers a means to take and use protected property. The API in its current state does not conform to the protection standards of the API. Even if you protect your images using the built-in tools Flickr offers anyone can gain access to your images through the API.

You are comparing apples to oranges. The discussion is about the Flickr API and how it does not conform to the protections standards of the Flickr UI not about other methods of retrieving hosted images. The developers that are gaining access to Flickr images without using the API only have one intent.

Responsible coding is the key as Flickr can only control their application and API to prevent and to conform to what is being offered as security.
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

> Thus it is not a bug on Flickr's part.

technically it's not a bug on Flickr's part.

but if flickr cares about the rights of photographers, maybe they should reflect this in their API.

on one side, they put the spaceballs on web pages, on the other side, they give batch access to all the ARR public photos through the API in large size. this seems a bit contradictory.

i know that flickr cannot prevent people from grabbing public photos and using them illegally. but they could make it slightly harder for people to do that with their API.

You are comparing apples to oranges. The discussion is about the Flickr API and how it does not conform to the protections standards of the Flickr UI not about other methods of retrieving hosted images. The developers that are gaining access to Flickr images without using the API only have one intent.

correct.
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

So, loupioute, I would like you to delete the slideshow of my photos, as I did not give you permission to post them there.

you'll have to file a NOI with slide - if you can figure out how to do that :)

and let me know how many days / weeks it takes them to remove your photos.

of course i'll remove it once this thread becomes locked and this issue is adressed by flickr.
Posted ages ago. ( permalink )
loupiote (Old Skool) pro edited this topic ages ago.

view photos

Brenda Anderson says:

Okay, NOI has been sent.
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

thanks! :)

by the way, you earlier wrote, in this thread:

loupiote, I accept that if I put my photos on Flickr, someone else might use them. And If I they are photos that I would mind about, then I set those to friends only.

did you change your mind?
Posted ages ago. ( permalink )

view photos

Walwyn says:

But in the case of slide and flickr, they aren't presented with anything. You have to enter the username yourself.

I'll try to clarify because we've getting hung up on specific apps. I note in passing that I can use slide without creating an account, and without accepting any terns of use,.Having entered a username, I'm then presented with a list of sets, plus a button to switch to another username. If I were cynical I'd say the TOU was no more than a "Cover our asses". Whilst on specific apps what is that picnik thing about where it displays hacks up the current explore list for you to edit, email, or re-upload? Surely they don't think that all 500 of those are yours.

Anyway take one of the recent examples of an app that was displaying flickr content for their users to reuse: coolchaser. In that case the developers said they hadn't intended to allow the use of ARR images and quickly fixed it, by doing the appropriate permission checks. They may also have had a feature where you could put in an URL for the image to use.

That was a case, just like picnik, where copyright material was being presented to the user as something they could use, and the end user could violate a copyright without meaning to. The coolchaser site got no pass. Funny that. But they'd never have got into the mess in the first place if the default list of photos returned hadn't included the ARR ones.
Posted ages ago. ( permalink )

view photos

Brenda Anderson says:

loupiote (Old Skool) wrote

by the way, you earlier wrote, in this thread:
Are you inferring permission by something I said AFTER you used my photos in your slideshow (which is illegal, isn't it)?

*edited to clarify my wording*
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

Are you inferring permission by something I said?

yes, you wrote, in essence, that you don't mind those photos being used on the internet.

so if you are changing your mind, i recommend that you set those photo as private, as other people are using slide (or other websites) to steal your photos as we speak. i am not posting your photos anywhere, of course, i used those slides as examples.

the fact that you don't like that makes my point. thanks, Branda!
Posted ages ago. ( permalink )

view photos

Brenda Anderson says:

I said: I accept that if I put my photos on Flickr, someone else might use them.

I didn't say that I gave you permission to use them.

I also said: I've rallied hard in the past against websites that used my images incorrectly... but not to make Flickr change their API but to make those websites use the photos correctly.

And how do I handle it if someone does use my photos without permission? I ask that person to remove my photo(s) and if they do not, I file a Notice of Infringement with the hosting website, which is the first legal step.
Posted ages ago. ( permalink )

view photos

loupiote (Old Skool) pro says:

And how do I handle it if someone does use my photos without permission? I ask that person to remove my photo(s) and if they do not, I file a Notice of Infringement with the hosting website, which is the first legal step.

and yet, Brenda, you are perfectly happy that the Flickr API makes it so easy for anyone to use your photos without permission?

i feel some contradiction there...

and of course, i did not "steal" your photos with any malicious intent, i did it to illustrate the issue being discussed in this thread (and given your reaction, it worked). so calm down, and enjoy the slideshow with the music and the little hearts, it's cute.

I've rallied hard in the past against websites that used my images incorrectly...

so you should direct your energy against slide.com, not against their un-educated users like me.
Posted ages ago. ( permalink )
loupiote (Old Skool) pro edited this topic ages ago.

This thread was closed automatically due to a lack of responses over the last month.

← prev 1 2
(1 to 100 of 137 replies in Flickr photos stolen by the thousands through the Flickr API)
Subscribe to a feed of stuff on this page... Feed – Subscribe to help discussion threads