« Back to Project Discussions

Gen Image Hosting

Started by Craig Andrew Miles on Thursday, September 22, 2022
Problem with this page?

Participants:

View 4 More

Profiles Mentioned:

Related Projects:

View 2 More
Showing 1-30 of 62 posts

Private User

Scott, I dont know if you or anyone else can shed any light about what is behind the recent changes to image hosting at Geni.

I cant find any documentation or notification of this change anywhere but it appears that the image hosting for Geni images has moved from photos.geni.com to media.geni.com

This is all fair enough, but has come combined with a change of image URL to add a hash parameter such that such a URL now looks like https://media.geni.com/p13/be/b0/0a/b1/5344485ec88caa63/craig_miles...

Presumably the hash has been added as some kind of security device although I am not really sure of the thinking behind that?

I have found that if the hash is not utilised on the image URL then an access error is returned.

Furthermore I have discovered today that the hash used for a given image is not persistent.

Yesterday, the URL for the same image above was
https://media.geni.com/p13/be/b0/0a/b1/5344485ec88caa63/craig_miles...

While the photo URLs are returned as before via the API, except now with the hash extension, the URL can no longer be utilised in any practical way. This clearly then stops usage of the URL from providing an image for a given ancestor to any resource external to Geni.

Is this change deliberate? If so why? And why has this been done seemingly secretly? I understand that it is not something that would affect most users but clearly anyone using the API would be likely to notice.

As a result I now have all of the images missing from my external representation of my ancestor tree.

Is there any workaround to allow the image URL to be used without the hash or to get around the constantly changing hash value?

Thanks

Craig

Yes, the change is deliberate.

The URLs were changed for security reasons.

We didn't see a need to announce the change. Most of our users haven't noticed.

I'll see if I can get some more details for you by the end of next week.

I don't agree with the "Most of our users haven't noticed." I got many complaints

Private User, you say the change is deliberate.
You mean the daily changes in the URL's these past 4 days at least?

You say; We didn't see a need to announce the change.
Please be aware of the fact my projects have a far wider reach then the ordinary Geni user only. I collaborate with people on a national scale hence my audience has a wide national reach. For that matter it would be much appreciated these changes were announced upfront, thank you.

Can I assume these daily changing URL's are a matter of the past now or is there more to expect the coming days? I'd like to know when it is save time to correct the URL's in many of my projects, thank you

Private User

I find it is rarely a good idea to change things without communication. You can always be sure that there are people who are using a system in ways that the designers are unaware and have not anticipated. This is not always a bad thing.

It is always a good thing to do these users the courtesy of informing them of changes in advance because as I and others have found it is very inconvenient and time-consuming to try to figure out what has gone wrong when there are unexpected changes.

For me this is the second time in a few weeks I have had to adjust to unexpected behaviour following the changes to the authentication with no public information available on either change.

We didn't post about the security change because Geni's services were not affected. We are not a general-purpose image hosting site and our users should expect that we are taking necessary steps to protect the privacy of their photos.

Craig Andrew Miles the image URLs are valid for 12-36 hours (exactly how long is returned in the Expires HTTP header). You should either refresh the URLs from Geni's API as needed, or cache them in accordance with whatever privacy policy you establish with the users of your app.

Job Waterreus what complaints have you heard?

Thanks for the response Mike Stangel

However going to such great lengths to protect the privacy of an image that has been chosen as the mugshot and is publicly available via the public facing profile seems excessive.

I'm sure you understand that making an image URL valid for only 12-36 hours renders it useless for external use which no doubt is a major change for others other than me. Dimitri Gazan for example.

I think that you should also understand that despite your protestations, making such a breaking change unannounced and undocumented is disrespectful to your users, admittedly a small proportion thereof.

Perhaps as a compromise the hashing could be removed from the image used as the public facing profile picture?

I agree Torbjørn Igelkjøn

Why anyone would post images to a shared public site like Geni and then expect to keep them private is beyond me? If a person is that way inclined they would surely use a different service like Ancestry or MyHeritage.

But my point is that even the image used on the public facing profile is being unnecessarily protected in this way.

Maybe you are right Torbjørn and public profiles are next for the chop. This desire to protect "privacy" can be taken too far!

I have used such links to Geni images in the "about" section on numerous profiles as documentation for everything from copies of book pages to death notes, and have considered these links as permanent. One reason for doing this was also to make these sources available for non-members. Now, these links don't work anymore. If I have to edit all these profiles and move the images to another service, this mean a lot of work.

I have always thought that if an image is set public, it is meant to be public. If I want to protect an image, I want to set it private myself, and I don't need Geni to "protect the privacy" of my public images. This change is ridicolous, and I hope that it can be reversed. Since Geni usually don't inform when changes are planned, I also wonder if one have to expect that in the future, also the public profiles themselves will be unavailable on the internet unless you are a Geni-member. Then, I would feel that all the hours that I have spent making the Geni world tree better will be largely wasted. It seems like I should probably find myself somwhere else to spend my time and effort.

Here is just one example of documentation on a profile. Some of the links were copies of pages in the book "Askevold-slægten" where the family was mentioned. Some were newspaper clips. These links are now broken.
Silla Katharina Kierulf

Sorry for deleting and reposting. I miss a way to edit when I have forgotten something or want to correct a post. As it is now, one have to delete it and post again, hoping that no one replies in the meantime.

Since the urls are valid for some hours, the easiest way to make them permanent would probably be to cache them through wayback machine. The profile mentioned above has 9 images. Imagine the work of finding tens or hundreds of such profiles, preserving the image links and editing the about section of all these profiles.

It's an understatement to say how over the top I think it is that links to images I graphically designed myself are not accessible after a day and a half!

Mike Stangel

I'm aware of problems where a link to pictures is used in text fields like the about of a profile and more common in projects as well as using links to full screen PDF files (like I use to link to some Geni documentation I made and saved on Geni as PDF files).

Some users like Dimitri also use graphical elements in the layout for projects and now have a problem if those elements are in a link destination.

In projects, Abouts, and most any other place on Geni, image links of the form

{ { / / photos.geni.com/p13/9f/56/00/47/5344483b1b293105/sarah_hood_large.jpg } }
(without the spaces, of course)

work just fine. The issue at hand is that when one 'grabs' the link associated with the viewed image (that's when the hash is added), evidently to make it a non-perma-link ... looking something like:

https: / / media.geni.com/p13/9f/56/00/47/5344483b1b293105/sarah_hood_large.jpg ? hash=b8b9c0d43e78c3d2a0797ad8ed6019f4b2721d9d6373c5207cf08862175eeb06.1664002799

I gather the intent is to force access to the Geni media to be 're-authorized' via an API call, rather than having a "perma-link" URL. Which different from how links to Geni profiles currently work (a URL to a profile acts as a "perma-link", being translated through to the "final" profile even after a chain of merges may have changed the previously 'saved' Geni-ID).

Thanks for clarifying - we can fix the media.geni.com links in wikitext to auto-renew the expiry hash.

Thanks, Mike Stangel. I hope the fix will also include old links on the form https://media.geni.com/p13/e2/8d/9b/af/534448503421cf66/askevold-sl... when used in "about"-section of profiles or anywhere else on Geni.

Mike Stangel

So you seem to be accepting that the current state of affairs with the recent change is not acceptable?

Can you please clarify what you are agreeing to change.

For example, will the URL to my public profile image https://media.geni.com/p13/be/b0/0a/b1/5344485ec88caa63/craig_miles... be made a "perma-link" in the terminology of Dan Cornett with or without a hash?

Mike Stangel will this help for the full-screen PDF links?

(hoi hoi interesting stuff here :)

I have already come across wanting to show for internal use, a Geni image, to a Geni user, on a Geni forum, for Geni interest ..but the only way so far was to grab the URL of the pure image and give it in his mouth.
I would have always preferred to get them to the image page, so they read the title, TAGs, descriptions, dates, etc etc ..but I had discovered that only (C) could access that link.

You are all very technical here and I cannot be useful on the dark side of programming..
..however I can only point out that unlike other parts, here there is no private album, public album option;) <--

--> maybe give the possibility of choosing which ones to reserve that hourly treatment, and which permanent ones could be the most obvious choice? :D

Livio Scremin If you click actions in the top right corner, then edit, you will find a checkbox in the top right corner of the box that comes up, with the option of making the image or document public or not.

... and I agree with you: When an image or document is public, both the image page and the link itself ought to be both permanent and accessible.

@Torbjørn.. you are talking about the options on documents, which in fact whose links work optimally:)

I'm talking about a privacy option of everything in picture "album" ..

((always if you know that your 146 images you uploaded to Geni can be organized and moved into various and different renamed "albums" ..because I'm talking about the privacy option that can be set on an entire "album", not in every single image which, however, I confirm it does not yet exist neither on a single image nor on an album:))

if instead you are referring to the generic privacy menu:
*https://www.geni.com/account_settings/profile_privacy
it refers to your profile images.. yes, because Geni combines privacy with profiles..

I repeat that instead I'm pointing out to programmers that other platforms, perhaps more focused on the quantity of images, have already solved by putting each album the possibility of choosing..

So my suggestion then is that, if at all, this whole new unexpected need has arrived,
can take the piece of code that already manages the privacy of documents very well, and insert it in the code of the photo albums (for heaven's sake not every single photo PLZ)

PS. Torbjørn.. Of course, even if the link of the pure image of the document, already set as public, receives the time treatment (is it so true? I know it is so :)
..well then I send you a hug ..hoping that here now, now talking about it, programmers understand and fix it ^^'

Livio Scremin You are right. It is a while since I have uploaded as photos instead of documents, and I had forgotten how it is working. As you say, there seems to be no way to choose if a single photo (or a complete album) is "private" or "public".

However, also images uploaded as documents get this hash tag, even if they are public.

If the privacy concern is about the missing choice for making photos or albums public/private, in my opinion it should be adressed by introducing such an option instead of making all image links non-permanent, regardless if they are photos, documents or even .pdf files.

Hi everyone, sorry for the delay in responding. Dan Cornett pointed out that we already fixed wikitext links to photos.geni.com images, but Job Waterreus and Dimitri Gazan pointed out that wikitext image links to the new media.geni.com URLs stop working after a day or so. We've released a fix for that, meaning that if you grab an image URL to a photo at media.geni.com with the expiring hash parameter and paste that URL into the wikitext double-curly braces, those photos will continue to be viewable when the wikitext is rendered even many days after the URL was captured. By means of example, below is an embedded image (my profile photo thumbnail) with an expiry of September 24th ( media.geni.com/p13/9e/27/1a/e7/5344484956e968d7/juq92yif_t2.jpg?hash=3631b92e228cb181a6c68b788b73978a0a539e08259043220e10b3141ef2dcc4.1664002799 ) but when my message is rendered, the expiration will be updated so that it it still viewable today:

media.geni.com/p13/9e/27/1a/e7/5344484956e968d7/juq92yif_t2.jpg?hash=65ba7a6cac387b4eb409c11132dd21041854a438bad62d8cf57f12a81f15304a.1764662399

Torbjørn Igelkjøn the S3 links should have been fixed a week ago -- if you can find an example that's not working, please let me know so we can investigate.

Craig Andrew Miles No, I'm not necessarily saying the current state of affairs is acceptable; I need to understand exactly what's wrong (preferably with an example I can look at) so that I can determine if it's a) a bug, b) an unintended consequence of the change that we should fix, or c) something we will no longer support. For the media link to your profile photo, what is fixed as of today is that you can embed it as a wikitext image (using double curly braces) on our site and it will continue to work. Bare links to that URL are no longer supported outside of Geni for privacy concerns that you may not have, but for which we've become convinced are absolutely necessary due to things like the use of the Wayback Machine to cull URLs of photos that have long since been made private but continued to function. This means Geni can no longer be used as a general-purpose image sharing service (something we never intended in the first place, and which is a risky proposition given the kinds of images that shady individuals may seek to host somewhere semi-anonymous and then share to the Internet at large or within other non-Geni communities). Rather, photos are now shared as the site determines who is able to view them, and for a limited period of time to limit sharing.

Livio Scremin and Torbjørn Igelkjøn whether or not a photo is publicly-viewable is a function of whether or not it's tagged to something public like a profile or a project. We certainly don't want to break legitimate use cases on Geni, so I'm asking you to give me specific use cases and we'll see if we can address those. I already see one other case we should consider, which is the bare URL that Craig Andrew Miles posted above (NOT within double-curly braces); I believe we could rewrite those "on the fly" to refresh the expiration the same way we do with embedded images. Before I commit to that, though, I want to consider the privacy impact (for example, I upload a photo that's private but suppose my 3rd cousin can see it because they're within my Family Group radius; they copy the image URL and send it to a complete stranger on Geni without my permission. Do I really want the complete stranger to be able to view it for all of eternity?? Or is that unavoidable anyway, because the third cousin could just save the image as a file and share their own personal copy of it?)

TNX @Mike for the very thorough answer, there is so much to assimilate that I almost don't want to intrude, since it indicates very well the direction taken regarding external redirects.
But since the programming team is now working on the topic, the right time to specify the next details is now or never again:)

*(this is just a my last screen for reasons of technical explanation, but it could be whatever: a painting, a photo, a histogram etc. etc)
example in a internal message or Geni forum I want the interlocutors to note this:

1) https://www.geni.com/photo/view/6000000036850731188
I call it "image page" because you access the title, TAGs, descriptions etc ..it would be perfect but for some strange reason, I found that only the (C)s could access it, not all users.

therefore, so far I opened the "pure image", I copied the URL and post this:
2) https://media.geni.com/p14/3d/88/d0/57/534448618cda41de/pros__origi...
but if now the "self-destruction" of 24 or even 48 hours is set to this ..unfortunately there are users who come back online on Geni even weeks later (& when it's okay:)

well of course I can upload it on the outside..
3) https://drive.google.com/file/d/1ajRwG1rX_EjGtT4_3pwpk7ah5ZghfOqm/view
but me, it's me...
..bho maybe since the team has just worked on the whole topic, try to see if it is appropriate to let the link (1) work^^'

obviously this detail does not interest any of the users here who need external addressing..
[[apart from reporting the nice free 13GB of google drive:D ]]
..with who knows how many hours of work ruined, to which personally I offer a hug :/

*link of point 1) https://www.geni.com/photo/view/6000000036850731188?photo_id=600000...

Thanks for the very considered response Mike Stangel

I am not sure from my reading of your response though whether you consider as acceptable my proposal that the image designated as the publicly visible profile image be exempt from the timing-out-hash-implementation because by definition it is intended to be publicly visible.

So as previously stated I would like to see for example the URL to my public profile image https://media.geni.com/p13/be/b0/0a/b1/5344485ec88caa63/craig_miles... be made a "perma-link" in the terminology of Dan Cornett with or without a hash so that this can be treated in some sense as a "permanent" link externally embedded in a non-Geni web page or an Excel or Word document.

For example I have developed my own web-app to store information on my ancestors, for the interest of myself and my family which has to date used the embedded Geni image URLs from the public profiles of these ancestors. Of course these links are now broken.

Given that I can download and physically store all of these images, making them "private" on the Geni site seems unnecessary - to date it has been unnecessary to make physical copies of the images but you seem to be suggesting that this is now the only solution? Is that really an improvement?

If you are not prepared to make an exception of the profile image, and I really dont understand why you wouldn't, then following the suggestion of Torbjørn Igelkjøn wouldn't it be better to allow a user the facility to make the profile image private should they want to rather than the system enforcing that all such images should be private.

I also feel that you haven't addressed adequately the making of this change without any consultation or prior warning to users on the incorrect assumption that this wouldn't adversely affect anyone. Will there be changes to how such decisions are made in future on the basis of the experience with this change?

Mike Stangel I have already given an example of a profile where I have a lot of links, some of which are bare links to Geni images uploaded as documents. These still give the same error message as before. For example, go to the profole Silla Katharina Kierulf and find the text "Kjelde: Bernt Askevold: "Askevold-Slægten og nogle i dend indgiftede Slægter" (1915), side 211", click on the link and see what hapoens. The same will also happen to bare links to .pdf files. These are documents set to public and uploaded to a public profile, and if I have to edit all the profiles where I have used such links in the "about" section to fix broken links, this means a lot of work.

However, I find that the "document page" is still working even if I am not logged on, and it is possible to download the link (with the hash tag) from there even for non-members. Good! The corresponding "image page" (as Livio Scremin refers to) for images uploaded as photos does not work, even for Geni users. In his example, I think both (1) and (2) should work, at least as long as (2) is in the "about" section of a profile, in a discussion thread or anywhere else on Geni making (3) unnecessary unless the bare links are used outside Geni for other purposes.

You mention a solution yourself which will make (2) work and which will also save me the work of editing hundreds of profiles. You mention a privacy concern if private links are grabbed by family members and used on public profiles, but also admit that the photo (or document) could be copied and uploaded again anyway. Then, the answer of that question should be clear. Making the links broken will not have the intended effect anyway.

Here is an other example:

Anders Simonsen Njøsen

"I 9/5 1739 vart slutta skifte etter ei Ingeborg Åmundsdtr. Njøsen".

The link to the .pdf is broken.

I have hundreds of such broken links.

Showing 1-30 of 62 posts

Create a free account or login to participate in this discussion

English (US)   eesti   Svenska   Español (España)   Français   עברית   Norsk (bokmål)   dansk   Nederlands   Deutsch   »
To enable the proper functioning and security of the website, we collect information via cookies as specified in our Cookie Policy. Geni does not use any third-party cookies.