So why is that public URL more secure than it looks? The short answer is that the URL is working as a password. Photos URLs are typically around 40 characters long, so if you wanted to scan all the possible combinations, you’d have to work through 10^70 different combinations to get the right one, a problem on an astronomical scale.
Or as we like to call it in the biz, “security by obscurity”.
Last week at their annual I/O developer conference, Google announced Photos, the long-rumored separation of Google+ and the great photos product held captive within. Along with the news came the big reveal that the service offers free, unlimited storage for everyone with only the slight caveat that you accept Google’s generous terms of a per-file cap of 16MB and acceptance of Google’s lossy but supposedly very good compression algorithm. Oh, and then there’s that license agreement thing, too.
I don’t personally fear the Google as much as I probably should, so I’m at least trying out the service with a small subset of my photos. Because I’m silly, I shoot primarily in RAW format with my almost 10 year old Nikon DSLR, so I won’t be using Google Photos as my primary photo backup service in the foreseeable future. It’s a compelling service, nonetheless, and a lot of people will justifiably jump on board and love it.