search

photo / frontend

The official @github repository of the Trovebox frontend software. A photo sharing and photo management web interface for data stored "in the cloud" (i.e. Amazon S3, Rackspace CloudFiles, Google Storage).
https://trovebox.com
Apache License 2.0
1.38k stars 244 forks source link

Privacy model, groups, permalinks, etc #390

Open jmathai opened 12 years ago

jmathai commented 12 years ago

The privacy model needs to be both easy and flexible. There are lots of different options but the goal of OpenPhoto is to select the one which makes the most sense to the majority of users. I realize different users have different needs so we'll try to address those in this issue as well.

Simplicity

Having photos be public and private is the most simple permission model. This omits the option to share private photos with others. To solve that there are several options.

Groups

The identity system in OpenPhoto relies on verifying ownership of an email address. We currently do this using either BrowserID or Facebook. The login framework allows any service which confirms ownership of an email address to be supported.

Groups simply consist of any number of email addresses. A group can also simply be an email address for ease of use - it basically lets you share with an email address without having to "create a group".

Groups are the fundamental unit to share with.

Objects

When sharing you have to decide exactly what you're going to share. It can be your entire collection of photos, a single photo or a group of photos.

Sharing your entire photo collection is easy. We should consider how many users this method works for. It means that we add another type of permission which has the ability to view photos and leave comments.

Sharing a single photo can be done by having a unique URL for the photos. It's security by obscurity which should be fine. The unique URL can include some version of the hash and perhaps the secret.

Sharing a group of photos is more complicated. First, we don't have albums. We could do sets of tags which are represented as an album but the implementation of this is more complicated. I'm curious how often a group of photos need to be shared and one of the previous two options don't work.

Again, we have to solve for the majority here.

Authentication

A sharable link with an obfuscated URL should not require a user to log in. The obfuscated URL alone should be sufficient.

gibbonweb commented 12 years ago

proposition for "sharing tags": certain tags could be declared private and only visible when logged in / using an obfuscated URL. Kind of like privately shared Picasa albums: They are like regular albums, but

Example: https://picasaweb.google.com/101037554144446269710/AmandiaBrandonSWedding will prompt you to log in https://picasaweb.google.com/101037554144446269710/AmandiaBrandonSWedding?authkey= would show you the album (i.e. tag) as expected

forresto commented 12 years ago

I'm interested in this to share photos of the new one privately.

jmathai commented 12 years ago

@forresto At the moment we support groups and privacy. You can mark photos as private and select the email addresses you'd like to share with. Anyone signing in with the email addresses specified will have access to those photos.

If you've installed OpenPhoto yourself you can create groups under settings. We haven't added groups to the bulk editing option so you have to add photos to a group one by one (lame). We'll be adding this soon.

iampeter commented 11 years ago

Just as a follow-up: Sharable links are cool unless you need privacy. The main reason I'm using OpenPhoto is because I want it to be open to a closed set of friends / relatives. If I share a link, it can go anywhere in 5 minues. Of course any photo can be forwarded at any time, but it's just harder than just sharing a link.

jmathai commented 11 years ago

@iampeter We're implementing the move away from groups. There's two features that cover some (but not all) of the functionality which groups provide today.

  1. Issue #731 lets you add others as collaborators to your account. Unlike groups, they (currently) have the ability to upload, edit and delete photos.
  2. Issue #191 lets you share an album with anyone by providing a unique URL with a token. The token can be set to expire at any time. Unlike groups, if the link is shared then anyone has access to those photos as long as the token is not yet expired.

There's some gaps in functionality which groups provided but moving forward both of these are simpler for us to maintain and for users to use.