Are Photon images able to be viewed by anyone who has the url?

Are Photon images able to be viewed by anyone who has the url?

Yes.

That’s a worry for those who have a private site. There’s nothing on the plugin that clearly states that.

A clearer plugin page would be good. ??

If any content is not served from your site then you lose control over it. If all the assets, images, js, etc. are served from somewhere else then that part is outside of your control.

This is not limited to Jetpack. Any plugin or theme that uses a service has that exposure and that includes things like Google fonts, spam control plugins, etc.

Jetpack leverages WordPress.COM and their content distribution network. When you activate Photon or any CDN you lose control as that CDN works by creating a copy of your images on their site. Any one who has that URL for the CDN copy can view it.

That’s not the same thing as being able to read your post on your site, provided you are hosting that part (the HTML) in your site. Your controls will work in that case.

For Jetpack’s privacy information, this is a good URL to start with.

https://jetpack.com/2018/05/25/jetpack-gdpr/

There are more details but the short version is don’t use Jetpack or any CDN if you are concerned about your site’s privacy.

I’ve archived your duplicate topic as it really is about this one.

One way to disable Photon is described here.

https://wpmayor.com/disable-photon-jetpack/

But again, if you are concerned about privacy then Jetpack and a CDN really is not for your site.

But here’s the thing… even if I don’t even install jetpack on my website OR activate it, Jetpack still uploads my images and can be viewed by anyone with the url… that is a little bit shocking don’t you think?

This means. As soon as you install WordPress, regardless if you have Jetpack installed or activated, all your images will be uploaded… for no apparent reason?

The other topic is different, it asks how I can stop it.

But here’s the thing… even if I don’t even install jetpack on my website OR activate it, Jetpack still uploads my images and can be viewed by anyone with the url… that is a little bit shocking don’t you think?

I’m sorry, but that’s not true.

If you do not have Jetpack installed then this does not happen.

Are you referring to something else?

I don’t have Jetpack on my new multisite, at all. Then I typed in…
https://i0.wp.com/my-website.com/wp-content/uploads/2019/01/50782935_1008314636029376_57246644412647936_o.jpg (exact url changed for privacy) and I could see the image! No Jetpack anywhere to be seen.

Wait. What?

You are intentionally putting that URL to the CDN manually and you think that your actions are a privacy issue? That’s not how this works and you really need to educate yourself. You are reaching for a wrong conclusion.

There are many sites that will do that and it has zero to do with this plugin or privacy.

Try this link.

Or this one.

If you do not want your site to be access via a particular CDN or scraper then block that via your .htaccess file. The Photon CDN (It’s now called Site Accelerator) uses a user agent of “Photon/1.0”.

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} Photon/1.0 [NC]
RewriteRule .* - [F,L]

With nginx it’s like so.

if ($http_user_agent = "Photon/1.0"){
    return 403;
}

You are intentionally putting that URL to the CDN manually and you think that your actions are a privacy issue?

Yes, let me explain. For example… I have a private site, a member/user that had access to the site and knows the image urls has been banned, they can now still access the image, not viaa my website but via Jetpack/wordpress.com

Am I reaching the wrong conclusion regarding privacy – especially in regard to the example above? Absolutely not!

There is no mention anywhere I can find that tells the everyday user that all my images are available to be viewed if you know (or can take an educated guess) the url.

I didn’t think Google makes available my images viewable if my website has been a private site? If it does I’d love to know.

Thanks for the snippets.

• This reply was modified 6 years, 1 month ago by Pete.

Yes, let me explain. For example… I have a private site, a member/user that had access to the site and knows the image urls has been banned, they can now still access the image, not viaa my website but via Jetpack/wordpress.com

Or anyone’s browser where a copy is made and cached. Or any number of sites that do the exact same thing and spoof a browser user agent. That’s not a privacy issue at all: you are permitting users and devices to do that.

Am I reaching the wrong conclusion regarding privacy – especially in regard to the example above? Absolutely not!

You really are.

If you put images on the Internet without authentication required first then you are enabling that. If you don’t want that to happen then you can close your site and make it truly private. That’s your choice and again, it’s not a privacy issue when you permit that.

That’s on you and that’s how the Internet works.

All I want is Jetpack not to upload my private (noindex) website images when there is absolutely no need to. Google doesn’t.

Show me any other company on the internet that will allow anyone to view my photos like Jeptack does like i’ve just shown you.

Jetpack uploading my private website images when i have not installed it, nor told me is not on me… at all. It is not “the internet”. It is Jetpack’s choice to upload them when it has absolutely no use for them.

Tell me what use Jetpack has to make MY images publicly accessible?

I gave you two examples. If Coral Cache were still working then that would be the case too.

This topic has nothing to do with this plugin and we’re going around in circles. If you do not want to take ownership of your own site then that’s fine. But please do not attempt to impose your unrealistic expectations on other people and companies.

The solution I gave you will work and I hope you do not discover how many companies spoof user agents.

Just to be clear here, Jetpack/Photon will not automatically upload your images to the CDN if you do not use Jetpack.

*With one exception.*

Loading the images under a Photon URL is _how_ Photon knows that it needs to upload the image to the CDN. When you switch on Jetpack and Photon, the Photon URL is appended to you images, that appended URL is the clue for Photon to upload the images to the CDN.

So, the image you referenced was not in our CDN until you manually appended the URL to it yourself.