Have you ever uploaded a nudie shot to Photobucket — one of the web’s largest, and oldest, image-hosting sites? If you did, you probably kept it private, right? So only its intended recipient could see it, and it wouldn’t get found and spread all over the internet?
Yeah, there’s a good chance some 8,000 creeps have seen your naked photo on Reddit.
Yesterday, inspired by the “hackers” who were able to access Wired writer Mat Honan’s online accounts and fully wipe his MacBook, BuzzFeed’s Katie Notopoulos took a look at “fusking,” the not-actually-hacking technique of finding private—and often nude—pictures on Photobucket by exploiting its privacy settings:
[I]f I put photos in a private or password-protected album, I can still send a direct link to an individual photo to my friend, and she won’t need a password to view that photo. If she wants, she can pass along that link to any of her other friends and they can also view over the Photobucket site, no problem, regardless of how I set the privacy level on the album. […] Problem is, the URLs Photobucket uses for these pictures use the photos’ actual file names, and file names aren’t that hard to guess. […] That’s where “fusking” programs come – you just enter the username and album name, and the fusking program will run through likely guesses and pull up any images it can find.
Notopoulos mentions having seen evidence of fusking on 4chan and other message boards where people discussed “hacking” or “stealing” finding Photobucket images. But you don’t even need to go as deep as 4chan: there’s a whole section on Reddit, with nearly 8,000 subscribers, dedicated to fusking — and another for people to make requests.
“r/photobucketplunder,” (NSFW) as the subreddit is known, stands in the long and proud tradition of creepy and popular Reddit subsections like “r/jailbait” (which was finally taken down, over loud objections of “free speech,” when it came out that child porn had appeared on the subreddit) and “creepshots.” Every day, its most dedicated users (it has 7,808 subscribers, though readership is likely higher) post new albums of nude and otherwise sexual photographs found on women’s Photobucket accounts, re-uploading the photos to image-hosting site Imgur in case the women figure out what happened and take theirs down. Many of the accounts are discovered by people trawling Photobucket for cute girls; others are posted in r/requestaplunder, a subreddit where anyone can ask r/photobucketplunder’s fuskers to work their magic.
Mecesh, one of the subreddit’s moderators, says he’d take down the photos immediately if someone complained (“We don’t want to be malicious. Most people here like the voyeuristic nature of it,” he told me over email). But no one ever has. The rules — posted on the page’s sidebar — warn users against alerting the photographs’ subjects that they’ve become unwitting pinup models for a few thousand Redditors: “Do not follow the usernames of the girls submitted to this subreddit. When you follow them it sends an e-mail to them notifying them they’re being followed. This usually either makes them cancel their photobucket or make the album private which in turn makes it so we no longer get any pictures from them.”
While making albums private doesn’t prevent all fuskers, it does mean that your shots won’t show up on Reddit. r/photobucketplunder doesn’t allow its users to post photos from albums set to “private” — only the albums of women who don’t realize or understand that anything they put on Photobucket is visible to anyone. This helps Mecesh (and, one imagines, other users) rationalize the whole endeavor: “We only allow submissions that are publicly accessible. We don’t allow or encourage the hacking of private accounts. Everything posted here is available for public view, just not all of the women may realize that. If someone doesn’t know by now that if they upload naked pictures to the internet that they are there forever does that make it wrong?”
Well, yes: setting up a forum to find, trade, and save on new servers private photographs that were mistakenly made public is wrong, even if it isn’t illegal. “Don’t share or steal people’s private things” may be anathema to the internet, but it asks people to be decent, rather than paranoid. “Don’t put private things in public places,” as a moral imperative, blames victims and excuses the behavior of thieves and creeps.
But it is good practical advice. “You would be amazed at some of the information we come across here,” mecesh writes. “We have found accounts where people have uploaded pics of personal checks, drivers licenses, credit cards, social security cards. It is unreal.” I asked him what he thought people should do to prevent their photos from showing up on r/photobucket plunder. “If you care about your info getting out there, make your account private,” he said, but acknowledged that not even that is foolproof. “To protect photos and info the number one suggested is don’t upload them to the internet.”