The original post: /r/privacy by /u/mrpacmanjunior on 2024-11-10 23:30:32.
Something to be aware that I haven’t seen discussed anywhere else yet.
On the new Google TV Streamer, when you set the ambient slideshow to pull from one of your google photos libraries, the rest of your google photos albums and favorites appear to be visible to anyone who has your 4 digit password, which the device prompts you to create when setting up content controls for your children.
These passwords are commonly shared among parents and other adults who are frequently at your home (grandparents, baby sitters, friends). The point of them is so your kid can’t watch inappropriate shows. They are not meant to be as secure as your regular google password (which is hopefully long, unique and backed up with some form of 2FA or passkey).
Yet when the slideshow starts, you can press down on the remote to pull up screensaver settings, and if you click into the google photos option, all it asks for is the 4 digit code and then it lets you scroll through all the albums in your library plus any “live albums” that it automatically populates based on facial recognition or a photo’s status a starred favorite.
It used to be the only way to select which album you were using was from within your Google Home app on your phone or whatever device you were using. But the point is it was behind much stricter security than a 4 digit code people commonly share with each other.
Here’s a scenario I envision: Let’s say you and your wife have a 10 year old. The 10 year old has a kids profile and you and your wife share a main account. Since you bought and set up the device, its your email address that has the main account. You have set up a special photo album for photos you want displayed for the ambient slideshow feature. You also have a 4 digit passcode so your kid can’t watch R rated movies. But your wife might want to watch R rated movies when you aren’t around, so you give her the 4 digit code. And lets say your mother in law also comes over a lot, so she has the code. Now you might be okay with your wife having access to your entire google photos library, but you definitely don’t want your mother in law to have access to it. The fallout could be as mild as embarrassment or as big as getting busted for cheating or looking at porn.
This gets much scarier when you think about a woman in an abusive relationship who is the primary account on the streaming device and her abusive partner or controlling in laws gain access to every photo she’s ever put in an album or favorited in her Google Photos account.
My solution for now is to set up the device under a completely new and segregated Google account and to share the 1 photo album I want for the ambient photo slideshow to that new Google account.