Photo Kiosk at Marriott Marquis San Francisco - Everyone Can See Your Pictures (and more)



So you took your picture at that cool looking kiosk at the Marriott Marquis in San Francisco while out at the RSA Conference. You know, the one setup there by Pacific Digital Signs? Cool. Then you get the email that includes a link to www.isnap.com so you can get your picture. Nice! 

When you view your picture it looks pretty good. Check out mine.


This page also informs you of the following:


Well, thats not exactly true. Here is the URL to my picture: 

http://www.isnap.com/desktop/picture.php?id=1362658 

Yes, it's as silly as you think it is. Change up the "id=" value and you will see everyone else before and after me that took their picture on this kiosk. Neato! 

http://www.isnap.com/desktop/picture.php?id=[######]

As a matter of fact, if you play around a bit you will see that you can access pictures of people taken at other places like the Luxor in Las Vegas and even a few Cruise Lines! Back .... like.... years ago. 

For Pacific Digital and Isnap, I suggest you fix this. And no, this is not hacking. This is a poorly designed service that is far from "private" or "not publicly viewable."

6 comments:

  1. You're a handsome man, Mr Smith!

    ReplyDelete
  2. The link is currently not working- so maybe they fixed it- but at the cost of breaking every link everyone shared through iSnap ever!

    ReplyDelete
  3. Interesting that it now comes up with a menu of pictures to review that are grouped by event. I wonder if those that took their pictures on the kiosk know that their pics are public?

    ReplyDelete
  4. Hi Kenneth,

    Thanks for pointing this out. I agree that the "This picture is private..." text is a bit misleading, as it should say something more along the lines of "it is not search-able via the isnap portal". Regardless its a good point and have passed your feedback on to iSnap, they expect to have it corrected within the week.
    Best,
    Vince

    ReplyDelete
  5. Hi Kenneth,
    Thank you for bringing this to our attention. We applied an update today with a solution that is backwards compatible with all posts. Older private photos will now require a verification step (which you can test with your example link above). Any customer having issues retrieving their photo can contact us at support@isnap.com. We appreciate feedback from our users, especially involving ways to improve our product and experience. If you have any additional feedback, please feel free to contact me directly at dat@isnap.com.

    Regards,
    Dat Tau
    iSnap

    ReplyDelete
  6. Dat, are the sets of images that do still appear (without confirming anything) ok to be public? Were the users aware at the time the pictures were taken at the kiosk that the pictures would be on the Internet?

    ReplyDelete