E. Stephen Mack, Director of TiVoCast Operations, also commented on OTM in his blog.
As someone who has done security work professionally, I want to call attention to one item in particular. OTM uses security through obscurity – which, any pro will tell you, is not security at all. When you share things on OTM anyone who has the URL for the content can view it. The idea is that you only give the URL to the people you want to see the content. There is no way to authenticate the visitors – no registration is required to view, no login, etc. So if you share the URL with A and they share it with B, B can view your content as well. If they post the URL online, then anyone who sees it can view your content. If someone wanted to write a web spider that brute-force tried OTM URLs until it found working content, they could do so. It is kind of like an unlisted phone number – no one can just look you up, but anyone who has the number can call you. And if someone wanted to dial every possible number on an exchange they’d eventually reach you too.
I don’t mean to scare anyone off from using OTM – just be aware of this when deciding what you post and whom you share URLs with. And remember that even someone trusted could expose the URL if their PC has spyware, viruses, etc. So don’t post anything you’d really hate getting out to the world, like rants about your boss, etc. This is what they say:
You control who sees your Video Montages. One True Media is designed to provide a private, secure place for you to store and share your Video Montages, Photo Books, and prints (collectively, your â€œContentâ€). Only you and the people you invite as guests have access to your Content. However, if your guests invite additional people, these additional people will have access to your Content. You agree that you will limit, and will cause your guests to limit, the persons who can view your Video Montages, Photo Books, and prints to persons within your normal circle of family and its social acquaintances.
It does really rub me the wrong way to have them claim to ‘provide a private, secure place’ and then, in the following sentences, basically say ‘except it isn’t really private or secure at all’. To really be private and secure they would have to users to create viewer accounts, and password protect the content uploaded. They could make it optional so you could have the open, easy sharing they have today, or really private sharing for those who want it. I just don’t like sites claiming security when it isn’t there – professional bias, it is the kind of thing I’d protest against my employer doing.
On a personal level, I call attention to this:
You agree not to use the Service: b. to upload, post, order for print, email or otherwise transmit or communicate any material that is obscene, offensive, blasphemous, pornographic, unlawful, threatening, menacing, abusive, harmful, an invasion of privacy or publicity rights, defamatory, libelous, vulgar, illegal or otherwise objectionable;
Obscene – by which community standards? Blasphemous – to which religion/deity? Jesus Christ, how in Buddha’s name are we supposed to know? By Grabthar’s hammer, Eris help us! Vulgar, see Obscene. Otherwise objectionable? That is one ugly baby! I object to you sharing that video! I’m sure this is the result of lawyers and corporate ass-covering, but there is certainly a bit of leeway there to yank pretty much anything.
PS. Thanks to susandennis for the paid time for the community!