This is a public service announcement for my Flickr4Writer project. It was recently brought to my attention that Flickr has some privacy settings that users can opt-in for in their account to protect their images. Some users felt that my plug-in for Writer was not honoring these settings. Truly, I didn’t know about them. You can read the thread on the discussion lists here if you are so inclined. For me it came down to a couple of items:
- Flickr enables users to set a flag to prevent “blogging” of their images
- Flickr enables users to be hidden from 3rd Party/API searches
First, a note on the “blogging” flag. This is a setting under your Flickr account privacy tab labeled Who can blog your photos or videos?. To me, this setting is a little misleading because the description of it actually reads:
This means that anyone who does not match at least the contact level you select will not be able to see the "Blog This" button. (Source: http://www.flickr.com/account/prefs/blogging/?from=privacy 07 NOV 2008)
This setting is clearly for the “Blog This” functionality that shows up if you are logged into Flickr as a non-anonymous user and browse photos. There is some functionality for them to integrate directly with your blog engine to do some one-click blogging of photos and videos. Because of the way the setting is named however, some users interpret “blogging” in the broader sense. flickr4writer was challenged as one violating the principal of this setting. Since the setting ONLY enables authenticated users to even blog (the setting options go from any Flickr user (non-anonymous) to your specific friends/family settings. flickr4writer does not use any authentication, so browsing any photos has the appearance to violate this term if the plugin enables an anonymous user to browse and select photos in a tool that is build for “blogging.” While I draw the correlation that flickr4writer is basically a shell to the web site and does not do anything different than an anonymous user being able to browse and grab an image URL, it is the essence of the rule that I was alleged to violate. One challenge here is also that the API is poorly designed in this regard because the “canblog” setting is returned only at the photo level even though it is an uber setting for the user’s account. I think it should be a filter param of the photos.search API call.
The second setting about 3rd Party/API blocking from searches gets even more interesting. First, this totally makes sense. Again, it was a setting I wasn’t aware of. You can change your setting under a section titled Hide your photostream from searches on 3rd party sites that use the API? Great. You’d think that once a user selected this setting that any search would filter out their photos/vidoes at the API level right? Wrong. flickr4writer uses photos.search calls to query data (actually technically the library that Flickr4Writer uses does). Again, by definition of this API, only public searchable photos will be returned. UNLESS you specify a user name. What?!?! Yes, that’s right…if you specifc a user name, their results will come back in the API call. Read that again. If you specify a user name in flickr.photos.search it will not honor the user’s privacy setting. So this sucks for me as an API developer/consumer who wants to honor those settings.
So on to the resolutions. First, I added authentication. flickr4writer now requires you to have a valid Flickr account to even use it (their accounts are free). This helps with the first part about blogging. If a user has specified they do not want their content to be blogged, I honor that and will alert the flickr4writer user with a message that the user they searched prevents blogging and no search results will display. I feel that this complies with that setting within my application. If a user wants to bypass my app and copy/paste the URL to the photo/video still…that’s Flickr’s problem now, not mine. Adding authentication also enabled me to comply with the blogging settings of users because it identifies who the user is and whether or not they can blog the content.
The second thing I modified was to only return content that had Creative Commons or No known license attributes. This actually makes sense and I needed to do it for a while. The licenses I filter for are identified in the flickr.photos.licenses.getInfo API. So if a user has content that is “All rights reserved” then it will no longer show up in the search…even if you are the owner of that content. I’m interested in feedback on this one if you think I should do a check to see if you are the owner and allow you to see licensed content…leave a comment on how you feel about this one.
For the setting of hiding from 3rd parties…I cannot resolve this. There is no setting for me to look at. I’m quite disappointed that Flickr isn’t doing this at the API level as I think that they are violating the user preferences by enabling a loophole. Should they enable a setting for this (I think they just need to fix the API), I will enable my application to comply even more. Please if you are a Flickr user who has set this privacy setting, let Flickr know that you want it to be honored.
The authentication adds some initial screens to the use of flickr4writer. When you launch the plug-in from within Writer, you’ll now see some prompts to authorize the application with Flickr. There will be a button that will take you to Flickr to authorize the action. This is only required one time and you won’t see it anymore unless you de-authorize the application on your account (which you have the complete control to perform).
Please upgrade to the latest version. You will have to uninstall any previous version before installing, but will not lose any settings. Thanks for your assistance in helping keeping flickr4writer compliant.