Proton
Proton reviews popular photo sharing services and reviews the best way to share family photos online privately. Image shows three illustrated photographs with silhouettes of people on them.

Finding a way to share photos online is a great way to record memories and update loved ones. But uploading your personal images to some of the most popular photo storage and sharing services comes with risks.

The main cause of concern when sharing photos online is privacy, which is the right to control how your information is viewed and used. This article explains the importance of privacy when sharing family photos in particular and assesses the level provided by some of the most popular ways to do so.

The safest way to share photos online

The best way to safely share family photos (or any file) online is by using a service that offers end-to-end encryption (E2EE). This means that the service facilitating the storage and sharing of your photos can never view your content because it remains securely encrypted throughout the entire sharing journey. The only people who hold the key to decrypt them are yourself and those who you provide with access.

While many photo storage and sharing services claim to offer encryption, what they really offer is encryption in transit and at rest. This means that when you share a photo file, that file is encrypted and then sent to your service provider’s data center. Here it is decrypted and remains at rest — your service provider may or may not temporarily encrypt it using a key it controls. 

A diagram presenting the difference between in-transit and at-rest encryption vs end-to-end encryption.

When encryption is only provided in transit and at rest, the service provider can access your content once it reaches its data center, along with any third-party partners it works with. When encryption is handled like this, it also means that if your service provider is hacked or suffers a breach, your files will be exposed. 

When a photo sharing service or their third-party partners have direct access to your personal data, they can use your information for their own benefit. This can include using data gathered from your images to create targeted advertisements, train AI models, or benefit other third parties. 

If threat actors gain access to your family photos, they may use them for more insidious purposes. Think identity theft to commit fraud, photo manipulation, or gathering sensitive or personal information for social engineering. This can become especially fraught when photos of minors are involved. 

Why privacy is important when sharing family photos

Children are often targets for threat actors as, unlike adults, they normally won’t detect suspicious activity on bank accounts or credit histories created in their name until later in life. 

As minors may not totally understand the implications of having their image shared online, it is the responsibility of the adults in their life to make informed decisions on their behalf. In the US, there are currently no federal laws prohibiting the publishing of photos of minors without their consent. However, in France a bill was recently published allowing judges to restrict parents(nueva ventana) from publishing images of their child while taking that child’s viewpoint into account.

Beyond your own family, it’s also important to consider the consent of other people’s children when uploading images of birthday parties or school events. Their vulnerability makes finding a secure and private way to share family photos essential. 

To help you make a more informed decision about the best way to share family photos, we’ve assessed some of the most popular options and the levels of privacy they provide.

Google Photos

Sharing images with Google Photos requires you to create or already have a Google account, but the people receiving your photos do not need one.

Regarding privacy, Google states that it “invests in advanced security infrastructure and easy-to-use privacy controls(nueva ventana)”. Its infrastructure features encryption that “keeps data private and secure while in transit”. This is an indirect way of saying that when you share your photos with Google, they’re private and secure when traveling to its servers but once they reach Google, it can access your photos and their metadata. 

In May, Google announced that it was updating its photo service to integrate its Gemini AI(nueva ventana) model. The AI supports a new “Ask Photos(nueva ventana)” feature that allows you to search for specific images in your library by describing their content. This update turns your library into a visual database as Gemini analyzes everything from faces to locations and text in the photos you share.

While the company has publicly stated that “your personal data in Google Photos is never used for ads” and that it “doesn’t train any generative AI products outside of Google Photos on this personal data”, Google has been caught lying(nueva ventana) about similar claims in the past.

We’ve already explored numerous examples of Google’s privacy-washing tactics. So, while the Big Tech giant claims to be concerned about the state of privacy on the internet, its history of being accused of violating privacy rights and gaining significant revenue from ads trained on your personal data suggests that providing genuine privacy isn’t compatible with its business model.

Google Photos scorecard
End-to-end encryption
Can’t access your data
No history of breaches
Compatible with every OS

iCloud Photos

iCloud Photos is Apple’s answer to photo sharing and storage. By default, Apple uses what it calls “standard data protection” to encrypt data you share with iCloud using its own keys, both in transit and at the company’s data centers. So, while it ensures your data is secure against third-party unauthorized access, Apple can still see it. And, while Apple and iCloud provide more privacy options than Google, it’s turning more and more to Google’s business model, using your data to sell advertisements.

To prevent Apple from seeing the photos you share and improve your privacy, you can enable what the company calls “Advanced Data Protection(nueva ventana)” (ADP) in your iCloud settings. ADP provides E2EE for photos, notes, voice memos, and more on Apple devices with iOS 16.2 or later. 

But even with ADP enabled, Apple doesn’t protect certain metadata with E2EE. The company can still see the file type, size, how many times a photo has been used, when it was created and whether or not it was favorited. So, even Apple can’t access information from what you store and share with iCloud, it can still profit from data gathered on how you use it.

ADP also only works if the other people you are sharing photos with also have E2EE enabled, but Apple isn’t totally transparent about what happens when you use iCloud sharing features (nueva ventana)with someone who only has standard data protection in use.

A final downside to iCloud Photos is that it is built specifically for users within the Apple ecosystem. So if you only use Android, Windows, or Linux, you’ll be limited in your ability to use the service.

iCloud Photos scorecard
End-to-end encryption✓/✗
No access to your data✓/✗
No history of breaches
Compatible with every OS

Dropbox

Dropbox is a popular option for cloud-based photo sharing and storage. Those based in the US even have the option to sign up for a plan specifically designed for sharing amongst families(nueva ventana), providing up to 6 family members with their own accounts as well as a shared space to upload photos and other file types.

By default, content shared with Dropbox is encrypted in transit and at rest. E2EE is available, but only for Dropbox Advance, Business Plus, and Enterprise customers, all of which require paid subscriptions(nueva ventana). If you intend to use their services for personal reasons, their privacy policy and history of security issues may make you reconsider.

Dropbox’s privacy policy(nueva ventana) outlines how Dropbox not only collects a lot of information about you but also shares that data with others, including commercial partners and law enforcement. While Dropbox states that it doesn’t sell any of this data to advertisers or other third parties, it provides access to your information to companies like Google, Amazon, and OpenAI, all of which have poor privacy practices.

To top it off, Dropbox has experienced multiple security issues(nueva ventana) in the past, including sharing data(nueva ventana) without its users’ consent and exposing 68 million passwords(nueva ventana)

Dropbox scorecard
End-to-end encryption✓/✗
Can’t access your data✓/✗
No history of breaches
Compatible with every OS

Social media platforms

Platforms like Instagram or Facebook are built to update friends and family on your personal life by sharing photos in real time. After you create an account on either of these platforms, your posts are shared with the entire world unless you adjust the default settings. 

Because of this, sharing family photos on social media comes with the risk of strangers using those images for the insidious purposes mentioned earlier. Experts advise parents not to share large amounts of photos of their children (also known as “sharenting(nueva ventana)”) specifically for this reason. To combat these risks, both platforms offer solutions for keeping your content more “private”.

On Facebook, you can create private groups and albums and control who has access to view the content within them. Likewise, with Instagram, you can put your account in private mode so that the only people who can view the family photos you share on your feed are those you have accepted as a “follower”. These are both free and effective ways to share your photos while maintaining their security, but they do come with the cost of sharing your personal data with Meta, Facebook and Instagram’s parent company.

In its privacy policy(nueva ventana), Meta states that it collects your activity across its products and the information you share, including the posts you create and the content you provide when using its camera feature. It uses this information to “provide a personalized experience to you, including ads”. The data gathered from what you share with Meta is also shared with third parties, including law enforcement and other government authorities. Meta (and Google) have both allowed warrantless surveillance on Americans to continue thanks to these lax policies. 

Meta scorecard
End-to-end encryption
Can’t access your data
No history of breaches
Compatible with every OS

Flickr

Launched over 20 years ago, Flickr(nueva ventana) is one of the original platforms dedicated to easily sharing photos online. With a focus on community building, Flickr images are visible to all of the platform’s visitors by default. But, the platform does allow you to create albums that let you limit who can see your photos. 

Flickr offers privacy settings(nueva ventana) that range from public to friends and/or family to private. When you set your photos to private, Flickr states that “Only you can see the content” as well as the members of groups you share them with. But, historic forum posts(nueva ventana) on the platform show that Flickr contacted people with accounts set to private about the content stored within their albums. So, “Only you” includes Flickr, too.

As far as their privacy policy(nueva ventana) is concerned, Flickr explains that it collects the information you share in connection with your photos (like a photo caption) as well as where your photos were taken. It also uses image recognition algorithms to find visually similar images, organize your photos, and make images searchable. This technology identifies and tags scenes, actions, and objects to do so.

Flickr also shares your data with numerous third parties, such as vendors, consultants, and other service providers to carry out work on their behalf. And, as with any company that has access to your photos, Flickr will hand over your data for legal or regulatory purposes and if the company undergoes an acquisition or merger — so there is no knowing where your personal files may end up.

Flickr scorecard
End-to-end encryption
Can’t access your data
No history of breaches
Compatible with every OS

Amazon Photos

Amazon Photos(nueva ventana) is available to Amazon Prime members and offers unlimited storage of full-resolution photos. Similar to Dropbox, Amazon offers a feature it calls “the family vault(nueva ventana)”, which allows up to six people to collect photos and videos together while also having their own Amazon Photos account. But, like its fellow Big Tech players, Amazon has a reputation for collecting a large amount of data about your life

On the promotional page for Amazon Photos, the company states that “because your photos and videos are encrypted, you (and those you share your password with) are the only ones who can view your photos on Amazon Photos”. In reality, the company offers encrypted photo storage, but, as with many of the options examined in this article, photos shared with Amazon are only protected in transit and at rest. So, once your photos reach Amazon’s data centers, the company can — and does — access them.

The Amazon Photos terms of use(nueva ventana) reveals that the company analyzes your photos to automatically organize them into relevant albums. To do so, Amazon uses image recognition technology to identify the people, objects, actions, and scenes within each photo.

It’s possible to turn off the feature (which is enabled by default), but this does not remove Amazon’s permission to see information about your files for technical support, improve their own services, or benefit third parties.

The company’s privacy notice(nueva ventana) shares that it uses your personal information to display interest-based ads(nueva ventana) for features, products, and services. Though it does not do so with information that personally identifies you, it is unclear whether that includes Amazon Photos content.

Amazon Photos scorecard
End-to-end encryption
Can’t access your data
No history of breaches
Compatible with every OS

The best way to keep family photos private when sharing online

As the list above shows, there are multiple online photo-sharing services but, despite their claims, many fail to offer a genuinely private experience.

Proton Drive is a privacy-first solution for sharing family photos online. With end-to-end encryption applied to all photos automatically by default, you can feel confident that no one, not even us, can access your personal files. Everything from the photo itself to its title and the name of the folder you store it in is fully encrypted and accessible by only you and those you choose to share it with.

Unlike the majority of the services listed here, even if we suffer a data breach, your files will remain securely encrypted. You can also add an extra level of security to your photos with password protection and expiring links

By storing and sharing photos with Proton Drive, you will always retain control and ownership of your photos. They won’t be used to create targeted ads, train AI, or shared with third parties.

You can also automatically back up your photos by installing the desktop app on Windows or macOS and the mobile app on Android or iOS. By uploading photos to Proton Drive, you can keep your memories safe, even if you lose your phone or computer.

Plus, you can choose your favorite layout or theme, including dark mode options, letting you select the perfect canvas for your photos. And no file size limits means you can share high-quality photos in their original resolution.

Proton Drive scorecard
End-to-end encryption
Can’t access your data
No history of breaches
Compatible with every OS

If privacy is your priority, consider Proton Drive as a solution to your photo-sharing needs. Creating a Proton account also gives you access to an ecosystem of encrypted services, including a password manager, email, calendar, and VPN(nueva ventana).

Artículos relacionados

The cover image for a Proton Pass blog comparing SAML and OAuth as protocols for business protection
en
SAML and OAuth help your workers access your network securely, but what's the difference? Here's what you need to know.
Proton Lifetime Fundraiser 7th edition
en
Learn how to join our 2024 Lifetime Account Charity Fundraiser, your chance to win our most exclusive plan and fight for a better internet.
The cover image for a Proton Pass blog about zero trust security showing a dial marked 'zero trust' turned all the way to the right
en
Cybersecurity for businesses is harder than ever: find out how zero trust security can prevent data breaches within your business.
How to protect your inbox from an email extractor
en
Learn how an email extractor works, why your email address is valuable, how to protect your inbox, and what to do if your email address is exposed.
How to whitelist an email address and keep important messages in your inbox
en
Find out what email whitelisting is, why it’s useful, how to whitelist email addresses on different platforms, and how Proton Mail can help.
The cover image for Proton blog about cyberthreats businesses will face in 2025, showing a webpage, a mask, and an error message hanging on a fishing hook
en
Thousands of businesses of all sizes were impacted by cybercrime in 2024. Here are the top cybersecurity threats we expect companies to face in 2025—and how Proton Pass can protect your business.