Article Lead Image

Photobucket shuts down Reddit’s nude-photo thieves

After a string of bad publicity, Photobucket is fighting fusking—the act of stealing and posting private nude photos—with a security overhaul and DMCA takedown requests. 


Kevin Morris


Fuskers beware: Photobucket has heard the chorus of bad publicity and is fighting back, armed with Digital Millennium Copyright Act (DMCA) takedown requests and a security overhaul.

Fusking is the appropriately filthy-sounding term for the practice of nabbing private photos through a flaw in the image-hosting site’s security system. The average fusker ignores banal photos of you and your dog and goes straight for the pics most people would never want to be made public: nude shots.

The practice has been around for years but came under intense scrutiny last week after BuzzFeed’s Katie Notopoulos and Gawker’s Max Read called out two communities on Reddit (one of which boasted nearly 8,000 readers) that were actively sharing allegedly fuskered pictures.

Now, Photobucket has served the moderators of those communities with DMCA takedown requests. Moderator mecseh, who runs r/requestaplunder, posted the letter in its entirety to the subreddit r/modhelp. (The moderators of r/PhotobucketPlunder confirmed to the Daily Dot that they had received a nearly identical letter.)

“It has come to PBI’s attention that you are violating PBI’s Terms of Use by means of the subReddit /r/requestaplunder which either performs, enables or encourages “Fusking” of the Photobucket site.”

It continued:

“You are improperly accessing private photo albums on the site via an automated means without permission of the account holders and in a manner that makes the images available without the surrounding site banners and information, all in violation of Photobucket’s Terms of Use. The Fusking is also causing PBI monetary damage due to a loss of good will, increased burden on its servers, administrative time and expense to address additional customer service and support needs. Your actions thus violates the Consumer Fraud and Abuse Act, 18 U.S.C. § 1030.”

Fusking worked thanks to an absurdly easy security exploit: While the site allows users to tag their images as private, anyone can view a photo on the site so long as they have its unique URL. Since Photobucket retained each photos original file name, it’s relatively easy to dig up photos that ought to be private. There are even programs that do all the dirty work for you.

So in addition to legal wrist slaps, Photobucket is also implementing some security changes as part of a general site overhaul, which ought to fix the problem.

As BetaBeat’s Nitasha Tiku reported earlier today:

“Photobucket has offered the ability to scramble URLs for years, but in the wake of the controversy, the company is being more proactive, automatically scrambling URLs for new albums, unless users request otherwise, posting an interstitial when users log in suggesting that they scramble the URLs on older albums.”

For their part, moderators of both r/PhotobucketPlunder and r/requestaplunder officially prohibited fusking and claimed most of the photos posted to the subreddits were publicly available. That seems to be true: The company’s CEO, Tom Munro, told Tiku that the majority of the photos posted to Reddit were indeed public, and only 50 private accounts had been violated.

Munro was right to note, however, that “even one is too many.”

The legal threats seem to be working. r/PhotobucketPlunder has shut its doors.

“Due to a legal request from photobucket, we have gone dark. It was a good run,” a post at the subreddit read.

Photo by john_voorhees/Flickr

Share this article

*First Published:

The Daily Dot