This article is important, but seems a little technically sloppy. The issue isn't about autoincremented IDs, but the fact that they are used as external identifiers. The specific reason they shouldn't be used is that they are guessable.

It also confuses the concept of a GUID a little, I think. That refers to a global UID, which could reasonably be a URL+autoincremented number: global and unique.

But guessable. Which is the core issue.

I try to consider external IDs like passwords: create a cryptographically strong hash, using some salt, and externalize that.

Worse, the most common GUID is 128 bits formed from (I think) a MAC address plus a timestamp. They are designed for uniqueness, not non-guessability.

On ourdoings.com photos are given unique, random URLs. No nude photos allowed, though.

Pikans responding to pikans.

The world continues to shrink.

Joshua Schachter's (del.icio.us) views on auto-incrementing: http://joshua.schachter.org/2007/01/autoincrement.html

Another problem with auto_increment occurs when the user id comes from an auto_increment field. By signing up as a new user once a week and observing your own user id you can measure the rate of growth of a competitor.

"By signing up as a new user once a week and observing your own user id you can measure the rate of growth of a competitor."

I've done similar with cheques. In a previous job, I was paid by cheque. Each month, I logged the cheque number. From this and taking into account other payment methods, I determined that the company had significantly fewer transactions than the boss claimed.

Using this technique I've found out some interesting things about Digg: http://news.ycombinator.com/item?id=106063

Don MacAskill (SmugMug CEO) has posted a response on his blog: http://blogs.smugmug.com/don/2008/01/28/your-private-photos-...

Says Don: "To us, privacy and security are two separate, but related, issues. One analogy we use often is that security is like locking your front door and arming your alarm (no-one can get in without a key), and privacy is like closing your window blinds (no-one can look in from the outside, but you can tell people where you live and they can visit without a key)."

There's a lot of wisdom in the saying 'when you find yourself in a hole, the first thing to do is stop digging'

His explanation isn't convincing, and certainly doesn't reassure anyone whose private photos were revealed

It seems like this is working as designed. The problem is different definitions of "private," which I think SmugMug is wrong on. While the setting is functioning as they intended, I do not consider it to be private. If the label were "not displayed" this issue would probably not have come up.