I thought Google Drive was more secure than this.
If I upload a photo to Google Drive, I don't care that it's entrusted to them and I also assume someone working there can look at it. No big deal. However, for the rest of the world, I assume my photo is safe short of someone getting my password and logging into my account.
I opened my image while in the network tab inspecting traffic and I found that the image pulls from a secondary location:
This is an image shared with no one but myself on Google Drive. Anyone capable of inspecting network traffic can intercept that image by its googleusercontent address as it bypasses my login authority.
So, there's the public version of the private document hosted on googleusercontent.com, and there's the private version hosted on drive.google.com
Google Drive doesn't even seem like a reasonably secure option for my data, even though they claim "Your files are private unless you choose to share them."
source: Is Google Drive secure?
My files don't seem all that private from someone inspecting network traffic.
But, I must be missing something. What am I not understanding? I tried to find that address that exposes my image with Wireshark but got lost in details. How does a network snoop view the request generated to googleusercontent as I see it generated in my network tab in the browser when I open the 'private' photo in Google Drive?