If you've spent
much time on Flickr, you've undoubtedly noticed that some members, for reasons known only to themselves, turn off the
option to display the "All Sizes" button above their pics. This can be frustrating when you want to get a
closer look a a good shot, especially when the shooters inexplicably submit their unresizable pics to the dpguru group
for
DPOD consideration. What most people don't realize, though, is that the public API gives directions for constructing the url of any photo
based on information in the HTML of every photo page.
The basic formats for the urls are:
http://photos{server-id}.flickr.com/{id}_{secret}_[mstb].jpg and
http://photos{server-id}.flickr.com/{id}_{secret}_o.(jpg|gif|png)
If you've downloaded images from flickr, this may look familiar. If not, don't worry. All that says is that the url for any image is the word "photos" followed by a server-id number, followed by ".flickr.com/" followed by the member's id number, followed by "_" and a unique number that identifies the picture, followed by an optional "_" and letter to indicate size, followed by ".jpg". That's for the standard flickr image sizes. You can also get the original uploaded image if you know what file type it was by constructing a url ending in "_o." and then "jpg," "gif," or "png," depending on what the person uploaded. For the vast majority of pictures on flickr, it's going to be "jpg."
The size letters are fairly straight forward: if you don't put anything, it's the medium size that's 500px on it's longest size. The other letters are:
-
s small square 75x75
-
t thumbnail, 100 on longest side
-
m small, 240 on longest side
-
[none] medium, 500 on longest side
-
b large, 1024 on longest side (only exists for very large original images that were resized during upload)
-
o original image, either a jpg, gif or png, depending on source format
So now what about the
rest?
In your browser, go to the page for a pic you want to see larger, and use your browser's "view
source" option (Ctrl U for Firefox users). About 1/8 of the way down the page, more if you're a Greasemonkey user like me, you'll see some code that looks like
this:
<!--
photo_hash['29305573'] = new Object();
photo_hash['29305573'].id = '29305573';
photo_hash['29305573'].server = '23';
photo_hash['29305573'].secret = '7c9bb5849e';
What we%uFFFDre interested here, as you%uFFFDve probably guessed, is %uFFFDid,%uFFFD %uFFFDsecret,%uFFFD and %uFFFDserver%uFFFD to plug into our url formula. Now that we have them, we can go look at the picture in different sizes. For instance, the url for the medium size would be http://photos23.flickr.com/29305573_7c9bb5849e.jpg. If we want to see the original, it%uFFFDs at http://photos23.flickr.com/29305573_7c9bb5849e_o.jpg. If we don%uFFFDt want something quite 2107x1704px, we can take a look at that large size: http://photos23.flickr.com/29305573_7c9bb5849e_b.jpg.
21. This is an interesting conversation. I personally don't think that keeping people in the dark helps stop anything. It's a simple hack, and anyone who really wanted to be malicious has known it for a long time. Now other people know it too and they can use it, hopefully, for good--to take a closer look at some of the fabulous pics out there. But let me repeat that: anyone who wants to do you harm probably knows this hack and a whole host of others. In fact, they've probably got developer ids on all the major photo systems and access to both the public and private APIs.
But the larger issue is this: if it is really important to you that an image not be seen, Garth has the only option: don't put it on the net in a format you don't want other people to see. No information is unreachable, and that's all part of the fun. If it really worries you, unplug your computer from the net and use film.
I'm not saying that to be inflamatory, I'm saying that because I think many people don't really grasp the way this medium works, the way computers work. The only way to create effective, scalable sites like flickr, shutterfly, etc. is to generate the urls automatically according to a pattern. And once the pattern is known...well, you get this post.
But vigilance is a better approach to copyright protection than obscurity. Use Keith's technique (http://digitalphotography.weblogsinc.com/entry/1234000647052419/) to embed watermarks in your uploaded images. Do regular google image searches for subject matter you think people might want, and subscribe to a couple of the shadier postcard sites. If you live in New York and are afraid someone may steal your snap of the AOL building for a paper postcard, take a stroll through Times Square every once in a while. All the gift shops carry the same cards.
And then relax. What matters isn't whether someone can download your with more or less difficulty (because make no bones about it: they can always download image one way or another if they really want it. If it's valuable enough to be worth the time, they'll just watch your mailbox and wait for you to send it to your publisher or your mother). What maters is whether, having your image in hand, they choose to violate your copyright and distribute it illegally. I guess how big a concern that is for you depends on your general outlook on humanity.
As a final note if these issues really concern you, a good rule of thumb is this: in any on-line community you participate in voluntarily, assume that if an action isn't forbidden by the terms of service, other members are probably doing it in large numbers.
Posted at 6:26AM on Dec 19th 2005 by Jay Savage