I am not sure if I don't like the circular avatar because of the optics or because it destructs the functionality of the qr code in my avatar ;-(

Scenario:
A user uploads a photo and restricts the access to friends only.
As we all know online 'friends' not always are real friends.
So - one of his 'friends' decides to share his private photo with the world.
All he needs to do is to copy the URL of the photo and place it anonymous everywhere he wants to.
As there is no tunneling of the photos, everyone - even non registered users - can open...Scenario:
A user uploads a photo and restricts the access to friends only.
As we all know online 'friends' not always are real friends.
So - one of his 'friends' decides to share his private photo with the world.
All he needs to do is to copy the URL of the photo and place it anonymous everywhere he wants to.
As there is no tunneling of the photos, everyone - even non registered users - can open the URL and view/download the photo.
Which simply means: There isn't really any privacy - no matter what privacy level the user selected for his photos.

You might say: The 'friend' could also download the photo and distribute it.
Thats right.
But it makes a big difference if this 'friend' sends it via 'whatever' to other people - instead of - everyone can open it via an URL on our servers.
Because - in this case our system looks insecure to everybody.
Furthermore, if you know about it, its really an easy job to exploit this and find/download every private photo/video on any jomsocial installation.
We would appreciate if you build the possibility to tunnel photo/video views through php scripts - with 'viewing rights check' - to prevent this.

thx Show more