http://s3.amazonaws.com/data.tumblr.com/tumblr_XXX.jpg?AWSAccessKeyId=XXX&Expires=XXX&Signature=XXX
As opposed to the URLs you normally see when viewing an image on Tumblr:
http://XX.media.tumblr.com/tumblr_XXX.jpg
The original URL is now giving me an "access denied" XML response but there are a bunch of references to it to be found on google. It's also worth noting that the XML response is the same for broken links regardless of which of the two previous URL formats you use. The s3 URLs appear to have been in use since at least 2009 (from some of the googlebot's crawl dates).
I found this interesting because I didn't see any prominent references to S3 storage on any of Tumblr's user agreements or staff blog. As more companies move to cloud storage solutions, users need to be more aware of where their information is going. What additional policies or user agreements, if any, are implied when your data is stored on Amazon? Is information passing country borders and subject to new laws?
On another note, while searching for more about this, I found this article mentioning a leak of Tumblr's API credentials, including their S3 clusters.
No comments:
Post a Comment