The article doesn't make it clear, are these direct-link photos still subject to... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		bconway on Feb 6, 2012 \| parent \| context \| favorite \| on: 3 years later, Facebook still can't delete photos ... The article doesn't make it clear, are these direct-link photos still subject to the permissions set on them? Would setting a photo's permission to "Only Me" prior to deleting it work around Facebook's failure? If they aren't subject to the photo's permissions, that's a giant security hole, or am I misunderstanding?

tantalor on Feb 6, 2012 [–]

I don't think permissions apply since the files in question are served from a CDN.

tantalor on Feb 6, 2012 | [–]

For example, this photo is only visibly by me,

http://www.facebook.com/photo.php?fbid=706480749906

You can see it if I give you the special link which skips the permission check,

http://www.facebook.com/photo.php?fbid=706480749906&l=a5...

Or on the CDN, which doesn't know about permissions,

http://a7.sphotos.ak.fbcdn.net/hphotos-ak-ash4/432125_706480...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact