The previous system had overly weak protection against gaining access to arbitrary unlisted content. I don't think the approach they're taking to deploying a security enhancement is the wrong one.
Conversation
If someone doesn't act on a notice about their content, I don't think the right move is their likely private content not being properly secured.
It's quite unfortunate that they apparently had a serious security design flaw in the previous system though. I wonder how old it is.
1
I don't see a better option than requiring people to either make the content public to keep the current URL or use a new properly secured system for sharing it.
They would be doing users a major disservice if they required taking action to avoid potential compromise of data.
1
This Tweet is from a suspended account. Learn more
This Tweet is from a suspended account. Learn more
Replying to
Sure, but that's not a good enough reason to allow private user data to be compromised by not fixing a security vulnerability.
YouTube videos are unlisted because the people publishing them didn't intend for them to be available without having the URL. That's the point of it.
1
If the system has a security flaw, leaving it that way is not upholding the security properties which were supposed to be provided to users.
I'd guess that they didn't fix it for so long because they didn't want to cause disruption but waiting just makes these things worse.
1
Leaving it vulnerable to people guessing the URLs would not be upholding their commitment to users. It would end up with users having sensitive data leaked. I'm sure you can understand that people have sensitive videos and documents they shared with others. It's very common.
2
This Tweet is from a suspended account. Learn more
Replying to
Being able to guess the URL is a security vulnerability and violates how a reasonable person would have expected the feature to be implemented.
Users reasonably expect privacy / security as the default, and that's not unreasonable.
The chosen default is the secure / safe one.
1
Having a way to keep data private but allowing it to be leaked via enumeration / brute forcing is either a security vulnerability or a deliberate dark pattern.
It's how Facebook leaked a ton of people's phone numbers, etc. Protecting data from compromise/leaking isn't a scandal.
Different needs have to be balanced and in this case I think it's pretty clear that harm from people's private information being leaked is far greater than inactive accounts not being able to pick a different default.
If data is meant to be public, it's one of the easy options.