Photo App shows all folders

I’m not very happy with the reply of Bill_S; “it is how the application works” is even worse than a bug, it means that this security or privacy issue will never be solved. Don’t you agree with me that private should be private? WD photos, with all those pretty thumbnails - yes I agree - but also with those useless en worthless thumbnails of our long and wide folder-trees, and pictures I don’t need or want to share. Or thumbnails of music album covers, and so on. Why is that “as it works”? It shouldn’t work like that. And, why should I remove this app? It’s almost the same as removing the EX2, a strange advice, you can’t be serious! By the way, WD2go app doesn’t exists (apple store). 

We are not using WD MyCloud Ex2 right now, only Apple’s Timemachine is running. A little bit too expensive for only this sercice! The iTunes service is also worthless: no home-sharing, so we can’t stream our music via the EX2. The ideas of WD with the EX2 WD are good, that’s why I’ve bought the EX2, but the experience is very very disappointing. WD photos, with only the pretty thumbnails of the public of configurated shared folders, what a great product that would be!

1 Like

Dear Bill_S,

I’m afraid I cannot click the Kudos star just yet. :slight_smile:

I can accept that the app was design to work just like you say, as that is the choice of WD as the vendor. However, now that the app is in the marketplace it is clear that some consumers would prefer it did not work that way. And you have acknowledged that and made your product people aware of this.

One point I would like to make is that security is controlled by the server, not the client. So simply removing the app from a device is not sufficient, as others with a device of their own are free to install the app and use it as they wish. That said, we are only talking here about a home network (at least in my case) so we do have some control over which devices have access and who owns those devices, so we are aware of who might be viewing the contents of our MyCloud device via the Photo app. The issue is that we would like to use the device to store a our private information, and at the same time use the device as a way to share all our holiday photos, etc. with other family members.

So given I am not satisfied with the way the Photo App currently works I have taken the step to disable the access at the server for the time being. My network users can use their laptops to map drives to the shares and view thumbnails to browse folders of photos they are authorised to view. On their mobile devices it is not quite as convenient.

Can I just say that apart from this security issue, I am very happy with the device. It does what I purchased it for, ranging from being a storage area that is available to all devices on my wireless network, a place to store both private and shared content for all members of my family, plus a place to backup files. I am impressed with the ease to set it up, and also the flexibility to define as many users and shares as I need, and assign specific access rights to those users. Also, the ability to login into the device (via SSH as root) is great (I do not like products which are locked down and restrict what the buyer can do – a large vendor who prefixes their products with an ‘i’ comes to mind). So I am really happy with the device but am just a bit disappointed that the Photo App was designed too much towards ease of use instead of honouring the access rights of the users of the MyCloud device.

Regards,
Peter

wardp025 wrote:

Dear Bill_S,

I’m afraid I cannot click the Kudos star just yet. :slight_smile:

 

I can accept that the app was design to work just like you say, as that is the choice of WD as the vendor. However, now that the app is in the marketplace it is clear that some consumers would prefer it did not work that way. And you have acknowledged that and made your product people aware of this.

 

One point I would like to make is that security is controlled by the server, not the client. So simply removing the app from a device is not sufficient, as others with a device of their own are free to install the app and use it as they wish. That said, we are only talking here about a home network (at least in my case) so we do have some control over which devices have access and who owns those devices, so we are aware of who might be viewing the contents of our MyCloud device via the Photo app. The issue is that we would like to use the device to store a our private information, and at the same time use the device as a way to share all our holiday photos, etc. with other family members.

 

So given I am not satisfied with the way the Photo App currently works I have taken the step to disable the access at the server for the time being. My network users can use their laptops to map drives to the shares and view thumbnails to browse folders of photos they are authorised to view. On their mobile devices it is not quite as convenient.

Can I just say that apart from this security issue, I am very happy with the device. It does what I purchased it for, ranging from being a storage area that is available to all devices on my wireless network, a place to store both private and shared content for all members of my family, plus a place to backup files. I am impressed with the ease to set it up, and also the flexibility to define as many users and shares as I need, and assign specific access rights to those users. Also, the ability to login into the device (via SSH as root) is great (I do not like products which are locked down and restrict what the buyer can do – a large vendor who prefixes their products with an ‘i’ comes to mind). So I am really happy with the device but am just a bit disappointed that the Photo App was designed too much towards ease of use instead of honouring the access rights of the users of the MyCloud device.

 

Regards,
Peter

Actually, WD Photos was always meant to be more of a personal app, but there’s nothing wrong with sharing it.  Also, security is not at risk, if you decide you no longer want to share photos.  All you have to do is go into the dashboard and remove the WD Photo permission from each of the users you no longer want to share with.

This “feature” makes no sense to me.  This is equivalent to allowing public access to facebook pictures that are marked as private.

This “feature” also allows the entire directory structure of private shares to be viewable (although not the content itself) through the WD photos app.

This needs to be fixed ASAP and is a highly critical flaw.

I’d like to also point out that this issue is not seen on MyBookLive products as it only allows pictures from Shared Pictures directory to be viewable through WD Photos App.

After upgrading to MyCloud, all pictures on all shares (even private) are viewable through WD Photos.  I preferred to only allow pictures from Public\Shared Pictures to only be viewable through WD Photos App.  Why was this change made?


Bill_S wrote:


Actually, WD Photos was always meant to be more of a personal app, but there’s nothing wrong with sharing it.  Also, security is not at risk, if you decide you no longer want to share photos.  All you have to do is go into the dashboard and remove the WD Photo permission from each of the users you no longer want to share with.

Sounds like a cop out answer Bill.  As community manager, it should be your duty to report these flaws to the developers and not come up with excuses to cover up for their mistakes.  Let’s go back to the drawing board and listen to what the customers want out of these apps.  

1 Like

Bill_S wrote:-

Actually, WD Photos was always meant to be more of a personal app, but there’s nothing wrong with sharing it.  Also, security is not at risk, if you decide you no longer want to share photos.  All you have to do is go into the dashboard and remove the WD Photo permission from each of the users you no longer want to share with.


Bill_S, could you please point out exactly where on the WD My Cloud dashboard this ‘WD Photo Permission’ setting is?? I am running the latest firmware, and I can’t find it on the WD My Cloud dashboard I am using. Nor is there any mention of it in the PDF manual I downloaded. Maybe you could post the link of the PDF manual where this feature is documented.

Thanks. 

fuscoeeng11 wrote:

Bill_S wrote:

Actually, WD Photos was always meant to be more of a personal app, but there’s nothing wrong with sharing it.  Also, security is not at risk, if you decide you no longer want to share photos.  All you have to do is go into the dashboard and remove the WD Photo permission from each of the users you no longer want to share with.


 

Sounds like a cop out answer Bill.  As community manager, it should be your duty to report these flaws to the developers and not come up with excuses to cover up for their mistakes.  Let’s go back to the drawing board and listen to what the customers want out of these apps.  

I’ve made no excuses.  I’m simply telling you how the software works.

wardp025 wrote:

 

Bill_S wrote:-

Actually, WD Photos was always meant to be more of a personal app, but there’s nothing wrong with sharing it.  Also, security is not at risk, if you decide you no longer want to share photos.  All you have to do is go into the dashboard and remove the WD Photo permission from each of the users you no longer want to share with.


 

Bill_S, could you please point out exactly where on the WD My Cloud dashboard this ‘WD Photo Permission’ setting is?? I am running the latest firmware, and I can’t find it on the WD My Cloud dashboard I am using. Nor is there any mention of it in the PDF manual I downloaded. Maybe you could post the link of the PDF manual where this feature is documented.

 

 

Thanks. 

You remove cloud devices by going to the Cloud Access tab, in the Dashboard, clicking on it, then clicking on the user you created to share your photos through.  You’ll find the devices on the lower right of the page.  You just need to click on the trashcan to remove the devices showing WDPhotos you don’t want having access.  It’s on page 61 of the manual. 

By the way, regarding WD Photos showing all your photos, it explicitly says in the manual that WD Photos will show your entire photo collection to anyone you want to share with.

On page 63 of the manual, it says, and I quote,

"Entertainment is happening all around you. Now you can capture every moment of it and send it to your device for access on any page in your home. Take a photo or video clip on your smartphone or tablet and upload it directly to your WD My Cloud device. Then you will have new files waiting for you so you can enjoy them in your entertainment center.

Show off your entire photo collection, that can include thousands of photos, without taking up tons of space on your smartphone."

I’m guessing by your reply that there is no plan to provide a fix for this “feature”.  It doesn’t seem to me that the fix in the WD Photos app should be all that difficult considering that there is no issue in the WD MyCloud app.

Dear Bill_S,

Thank you for taking the time to point me to the relevant sections in the manual. However, you have overlooked the important information on page 64 which states:-

  1. You have three options for connecting to the WD My Cloud device:
     Found in Network: If the mobile device is connected by Wi-Fi to the same Local
    Area Network as the WD My Cloud device, the app is automatically activated.

So I can happily send all the devices I like to the trash can, but if they are on my local network then the user of the device can easily reinstall the app and it is automatically reactivated. I have doubts you have ever used the product.

You should try to understand the scenarios we are all describing instead of trying to defend the product’s behaviour without actually knowing how it works.

Plus, you make a quote about ‘showing off your entire photo collection’ to justify the behaviour. Go back and read the posts (and the TITLE of the this post). We are not complaining about whether we can share our photos. We can put them on a public share if we want to. What we are complaining about is that the Photo App will display the entire folder structure for every share, whether private or not.

And as the previous post says, if you have made the MyCloud app behave correctly, then it can’t be so difficult to fix the Photo app to do the same.

Phamdh wrote:

I’m guessing by your reply that there is no plan to provide a fix for this “feature”.  It doesn’t seem to me that the fix in the WD Photos app should be all that difficult considering that there is no issue in the WD MyCloud app.

There is no need to “fix” anything.  It is a personal app.  As the manual says, if you share, you share everything.  That’s why WD2go was designed - to give you the capability to specifically share what you want to share.

wardp025 wrote:

Dear Bill_S,

 

Thank you for taking the time to point me to the relevant sections in the manual. However, you have overlooked the important information on page 64 which states:-

 

  1. You have three options for connecting to the WD My Cloud device:
     Found in Network: If the mobile device is connected by Wi-Fi to the same Local
    Area Network as the WD My Cloud device, the app is automatically activated.

 

So I can happily send all the devices I like to the trash can, but if they are on my local network then the user of the device can easily reinstall the app and it is automatically reactivated. I have doubts you have ever used the product.

 

You should try to understand the scenarios we are all describing instead of trying to defend the product’s behaviour without actually knowing how it works.

 

Plus, you make a quote about ‘showing off your entire photo collection’ to justify the behaviour. Go back and read the posts (and the TITLE of the this post). We are not complaining about whether we can share our photos. We can put them on a public share if we want to. What we are complaining about is that the Photo App will display the entire folder structure for every share, whether private or not.

 

And as the previous post says, if you have made the MyCloud app behave correctly, then it can’t be so difficult to fix the Photo app to do the same.

 

Those three ways on page 64 only work if you are given access to the photo collection.  Once you remove the other person’s device from your My Cloud dashboard, they no longer have the capability to access the drive, except unless they are on your local network and you haven’t password protected the drive.

I just tested your scenario and could not access my drive on the local wireless network.  It wouldn’t let me get any further without a password.  Maybe you’re not fully understanding how to remove devices from the My Cloud, so if you want I can have support help you.

If there was a real security issue, then we would get on it right away.  But if it’s just how you might want the app to work, then you really need to get used to using WD2go.  That app gives you the control you want.

I recently bought a My Cloud device and I’m experiencing the same problem. I find it unacceptable that this product allows for every media file to be exposed (shared) regardless of user’s selected configuration. Similar to some other user who posted before, I have the need to store work related material that should not be shared with other users in my network.

I can accept that the default behavior is as stated, but there should be a way for the administrator to stop the sharing. Restricting other users from installing the app on their devices is not a solution.

Otherwise, if this problem cannot be solved soon, I will be forced to find another product (from another vendor) to replace my device.

Dear Bill_S,

Try this:-

Delete the user’s device in the dashboard.
Remove the Photo app from the device.
Go to Google Play and install the app.
Run the app and sign in with a username and password.
Now browse through all the shares, not just your own private and public shares, but other user’s private shares.

wardp025 wrote:
Dear Bill_S,

Try this:-

Delete the user’s device in the dashboard.
Remove the Photo app from the device.
Go to Google Play and install the app.
Run the app and sign in with a username and password.
Now browse through all the shares, not just your own private and public shares, but other user’s private shares.

I’m sorry.  I don’t get what you’re trying to say.  If it’s about security, you still had to put your username and password into the app.  Change your password and don’t hand it out.

Dear Bill_S,

No one is handing out their password to anyone. Please read the following very carefully.

I’ll try to explain with a simple story. There are 3 users - admin, jack and jill. All users have passwords. There are 3 shares - Jack, Jill and Public. jack is the only user with any access to the share named Jack. Jill is the only user with access to the share named Jill.

Jack logs in from his laptop on the local network and creates a folder called Jack’s Photos on his share called Jack. He stores 10 photos there. He also creates a folder called Clients. Under Clients he creates folders with the names of his clients – John Smith, Jane Doe and Bill Bloggs. Under John Smith he creates folders called Court Case - Assault Charge, and IRS - Tax Fraud Documents.

Jill logs in from her laptop on the local network and creates a folder called Jill’s Photos on her share called Jill. She stores 20 photos there.

Jill then installs the My Photos app on her mobile phone. She chooses the local cloud device and logs in. The first time setup runs and she can now browse the cloud device. She can see the Public share and the Jill share, and she can view the 20 photos she stored there. But she can also see the share named Jack. She can see that in the folder call Jack’s Photos there are 10 photos, but she cannot see any thumbnails and cannot view the photos themselves. She can also see all the other folder names on the Jack share, such as Court Case - Assault Charge. The Photo App shows that there are 0 photos stored there. She is surprised she can see all of Jack’s folders so she tells him about it.

Jack isn’t very happy. He tells the admin user about this and to check that the access to the Jack share has been set up correctly. The admin says the access is correct, so goes looking on the WD Community forum to see if this is a known problem. He sees a post called ‘Photo App shows all folders’ and sees the advice from Bill_S. He deletes Jill’s My Photos registration using the My Cloud dashboard, as per the instructions Bill_S provided. He tells Jack the problem is fixed, that there is no security issue, and that he got this assurance first hand from a WD Community Manager, who pointed out where this is all documented.

Jill is not aware her access has been removed. She tries the My Photo app and finds that she can enter her username and password but can’t log in. Something is wrong. She deletes the app, goes back to the app store and reinstalls the app, hoping this will fix the problem. She runs the app, chooses the local cloud device and logs in successfully. The first time setup runs and she can now browse the cloud device. She’s happy she has fixed the problem just by reinstalling the app. This time she doesn’t tell Jack that she can see all his folders. But she does now know that she shouldn’t put anything of her own that is confidential in her own share called Jill, because she knows Jack will be able to browse it. So she stores her files elsewhere, defeating the whole purpose of installing the cloud device in the first place.

Jill also has a friend called Bill_S. She tells him that the WD My Cloud device is a great place to securely store all your confidential documents and photos. She asks her admin to create an account called bill_s and a share called Bill_S, with access restricted to just user bill_s. Bill_S now logs in and puts all his private files in his share. He has some interesting folder names which he would not like others to know about. But he is comfortable in the knowledge that the only person who could possibly view his share is the administrator, and he trusts him.

However, Bill_S doesn’t realise that Jill can browse all Bill_S’s folders using the My Photos app. Jill sees some interesting folder names and decides to stay away from Bill_S from now on.

Here endeth the tale.

1 Like

This “all or nothing” approach defeats the entire purpose of having private shares as the entire directory structure of private shares is visible through the WD Photos app.

WD Photos and WD My Cloud apps serve two completely different purposes.  WD Photos is an app that allows users to view “all” pictures stored on the drive.  WD My Cloud is a file manager utility that allows complete control over all files stored on the drive.

WD My Cloud is not a valid replacement of WD Photos so it doesn’t make sense to tell someone to use WD My Cloud instead.

Phamdh wrote:

This “all or nothing” approach defeats the entire purpose of having private shares as the entire directory structure of private shares is visible through the WD Photos app.

 

WD Photos and WD My Cloud apps serve two completely different purposes.  WD Photos is an app that allows users to view “all” pictures stored on the drive.  WD My Cloud is a file manager utility that allows complete control over all files stored on the drive.

 

WD My Cloud is not a valid replacement of WD Photos so it doesn’t make sense to tell someone to use WD My Cloud instead.

No one’s saying you have to replace the drive.  I’m saying that WD2go is more of what you are looking for.  It should work on all of the “Cloud” drives.

Bill_S, I did not mention anything about replacing drives.  There is no longer a WD2Go mobile app.  It has been renamed to WD MyCloud, which is what I was referring to.