Google's Unguessable URLs
Google secures photos using public but unguessable URLs:
So why is that public URL more secure than it looks? The short answer is that the URL is working as a password. Photos URLs are typically around 40 characters long, so if you wanted to scan all the possible combinations, you’d have to work through 1070 different combinations to get the right one, a problem on an astronomical scale. “There are enough combinations that it’s considered unguessable,” says Aravind Krishnaswamy, an engineering lead on Google Photos. “It’s much harder to guess than your password.”
It’s a perfectly valid security measure, although unsettling to some.
Anura • July 20, 2015 5:45 AM
It depends on what you are trying to protect against. If you want to protect against external websites scanning for photos, it works great. If you want to protect against your so-called friends sending pics of you nekid to their friends, then, it doesn’t provide as much false-sense of security as a system that requires you log in to view the photo. Really, though, for the sake of satisfying people with concerns, for purely business reasons, they should require an account that is whitelisted.