Finding a way to share photos online is a great way to record memories and update loved ones. But uploading your personal images to some of the most popular photo storage and sharing services comes with risks.
The main cause of concern when sharing photos online is privacy, which is the right to control how your information is viewed and used. This article explains the importance of privacy when sharing family photos in particular and assesses the level provided by some of the most popular ways to do so.
- The safest way to share photos online
- Why privacy is important when sharing family photos
- Popular options to share photos online
- The best way to keep family photos private when sharing online
The safest way to share photos online
The best way to safely share family photos (or any file) online is by using a service that offers end-to-end encryption (E2EE). This means that the service facilitating the storage and sharing of your photos can never view your content because it remains securely encrypted throughout the entire sharing journey. The only people who hold the key to decrypt them are yourself and those who you provide with access.
While many photo storage and sharing services claim to offer encryption, what they really offer is encryption in transit and at rest. This means that when you share a photo file, that file is encrypted and then sent to your service provider’s data center. Here it is decrypted and remains at rest — your service provider may or may not temporarily encrypt it using a key it controls.
When encryption is only provided in transit and at rest, the service provider can access your content once it reaches its data center, along with any third-party partners it works with. When encryption is handled like this, it also means that if your service provider is hacked or suffers a breach, your files will be exposed.
When a photo sharing service or their third-party partners have direct access to your personal data, they can use your information for their own benefit. This can include using data gathered from your images to create targeted advertisements, train AI models, or benefit other third parties.
If threat actors gain access to your family photos, they may use them for more insidious purposes. Think identity theft to commit fraud, photo manipulation, or gathering sensitive or personal information for social engineering. This can become especially fraught when photos of minors are involved.
Why privacy is important when sharing family photos
Children are often targets for threat actors as, unlike adults, they normally won’t detect suspicious activity on bank accounts or credit histories created in their name until later in life.
As minors may not totally understand the implications of having their image shared online, it is the responsibility of the adults in their life to make informed decisions on their behalf. In the US, there are currently no federal laws prohibiting the publishing of photos of minors without their consent. However, in France a bill was recently published allowing judges to restrict parents(nowe okno) from publishing images of their child while taking that child’s viewpoint into account.
Beyond your own family, it’s also important to consider the consent of other people’s children when uploading images of birthday parties or school events. Their vulnerability makes finding a secure and private way to share family photos essential.
Popular options to share photos online
To help you make a more informed decision about the best way to share family photos, we’ve assessed some of the most popular options and the levels of privacy they provide.
Google Photos
Sharing images with Google Photos requires you to create or already have a Google account, but the people receiving your photos do not need one.
Regarding privacy, Google states that it “invests in advanced security infrastructure and easy-to-use privacy controls(nowe okno)”. Its infrastructure features encryption that “keeps data private and secure while in transit”. This is an indirect way of saying that when you share your photos with Google, they’re private and secure when traveling to its servers but once they reach Google, it can access your photos and their metadata.
In May, Google announced that it was updating its photo service to integrate its Gemini AI(nowe okno) model. The AI supports a new “Ask Photos(nowe okno)” feature that allows you to search for specific images in your library by describing their content. This update turns your library into a visual database as Gemini analyzes everything from faces to locations and text in the photos you share.
While the company has publicly stated that “your personal data in Google Photos is never used for ads” and that it “doesn’t train any generative AI products outside of Google Photos on this personal data”, Google has been caught lying(nowe okno) about similar claims in the past.
We’ve already explored numerous examples of Google’s privacy-washing tactics. So, while the Big Tech giant claims to be concerned about the state of privacy on the internet, its history of being accused of violating privacy rights and gaining significant revenue from ads trained on your personal data suggests that providing genuine privacy isn’t compatible with its business model.
| Google Photos scorecard | |
| End-to-end encryption | ✗ |
| Can’t access your data | ✗ |
| No history of breaches | ✓ |
| Compatible with every OS | ✓ |
iCloud Photos
iCloud Photos is Apple’s answer to photo sharing and storage. By default, Apple uses what it calls “standard data protection” to encrypt data you share with iCloud using its own keys, both in transit and at the company’s data centers. So, while it ensures your data is secure against third-party unauthorized access, Apple can still see it. And, while Apple and iCloud provide more privacy options than Google, it’s turning more and more to Google’s business model, using your data to sell advertisements.
To prevent Apple from seeing the photos you share and improve your privacy, you can enable what the company calls “Advanced Data Protection(nowe okno)” (ADP) in your iCloud settings. ADP provides E2EE for photos, notes, voice memos, and more on Apple devices with iOS 16.2 or later.
But even with ADP enabled, Apple doesn’t protect certain metadata with E2EE. The company can still see the file type, size, how many times a photo has been used, when it was created and whether or not it was favorited. So, even Apple can’t access information from what you store and share with iCloud, it can still profit from data gathered on how you use it.
ADP also only works if the other people you are sharing photos with also have E2EE enabled, but Apple isn’t totally transparent about what happens when you use iCloud sharing features (nowe okno)with someone who only has standard data protection in use.
A final downside to iCloud Photos is that it is built specifically for users within the Apple ecosystem. So if you only use Android, Windows, or Linux, you’ll be limited in your ability to use the service.
| iCloud Photos scorecard | |
| End-to-end encryption | ✓/✗ |
| No access to your data | ✓/✗ |
| No history of breaches | ✓ |
| Compatible with every OS | ✗ |
Dropbox
Dropbox is a popular option for cloud-based photo sharing and storage. Those based in the US even have the option to sign up for a plan specifically designed for sharing amongst families(nowe okno), providing up to 6 family members with their own accounts as well as a shared space to upload photos and other file types.
By default, content shared with Dropbox is encrypted in transit and at rest. E2EE is available, but only for Dropbox Advance, Business Plus, and Enterprise customers, all of which require paid subscriptions(nowe okno). If you intend to use their services for personal reasons, their privacy policy and history of security issues may make you reconsider.
Dropbox’s privacy policy(nowe okno) outlines how Dropbox not only collects a lot of information about you but also shares that data with others, including commercial partners and law enforcement. While Dropbox states that it doesn’t sell any of this data to advertisers or other third parties, it provides access to your information to companies like Google, Amazon, and OpenAI, all of which have poor privacy practices.
To top it off, Dropbox has experienced multiple security issues(nowe okno) in the past, including sharing data(nowe okno) without its users’ consent and exposing 68 million passwords(nowe okno).
| Dropbox scorecard | |
| End-to-end encryption | ✓/✗ |
| Can’t access your data | ✓/✗ |
| No history of breaches | ✗ |
| Compatible with every OS | ✓ |
Social media platforms
Platforms like Instagram or Facebook are built to update friends and family on your personal life by sharing photos in real time. After you create an account on either of these platforms, your posts are shared with the entire world unless you adjust the default settings.
Because of this, sharing family photos on social media comes with the risk of strangers using those images for the insidious purposes mentioned earlier. Experts advise parents not to share large amounts of photos of their children (also known as “sharenting(nowe okno)”) specifically for this reason. To combat these risks, both platforms offer solutions for keeping your content more “private”.
On Facebook, you can create private groups and albums and control who has access to view the content within them. Likewise, with Instagram, you can put your account in private mode so that the only people who can view the family photos you share on your feed are those you have accepted as a “follower”. These are both free and effective ways to share your photos while maintaining their security, but they do come with the cost of sharing your personal data with Meta, Facebook and Instagram’s parent company.
In its privacy policy(nowe okno), Meta states that it collects your activity across its products and the information you share, including the posts you create and the content you provide when using its camera feature. It uses this information to “provide a personalized experience to you, including ads”. The data gathered from what you share with Meta is also shared with third parties, including law enforcement and other government authorities. Meta (and Google) have both allowed warrantless surveillance on Americans to continue thanks to these lax policies.
| Meta scorecard | |
| End-to-end encryption | ✗ |
| Can’t access your data | ✗ |
| No history of breaches | ✓ |
| Compatible with every OS | ✓ |
Flickr
Launched over 20 years ago, Flickr(nowe okno) is one of the original platforms dedicated to easily sharing photos online. With a focus on community building, Flickr images are visible to all of the platform’s visitors by default. But, the platform does allow you to create albums that let you limit who can see your photos.
Flickr offers privacy settings(nowe okno) that range from public to friends and/or family to private. When you set your photos to private, Flickr states that “Only you can see the content” as well as the members of groups you share them with. But, historic forum posts(nowe okno) on the platform show that Flickr contacted people with accounts set to private about the content stored within their albums. So, “Only you” includes Flickr, too.
As far as their privacy policy(nowe okno) is concerned, Flickr explains that it collects the information you share in connection with your photos (like a photo caption) as well as where your photos were taken. It also uses image recognition algorithms to find visually similar images, organize your photos, and make images searchable. This technology identifies and tags scenes, actions, and objects to do so.
Flickr also shares your data with numerous third parties, such as vendors, consultants, and other service providers to carry out work on their behalf. And, as with any company that has access to your photos, Flickr will hand over your data for legal or regulatory purposes and if the company undergoes an acquisition or merger — so there is no knowing where your personal files may end up.
| Flickr scorecard | |
| End-to-end encryption | ✗ |
| Can’t access your data | ✗ |
| No history of breaches | ✓ |
| Compatible with every OS | ✓ |
Amazon Photos
Amazon Photos(nowe okno) is available to Amazon Prime members and offers unlimited storage of full-resolution photos. Similar to Dropbox, Amazon offers a feature it calls “the family vault(nowe okno)”, which allows up to six people to collect photos and videos together while also having their own Amazon Photos account. But, like its fellow Big Tech players, Amazon has a reputation for collecting a large amount of data about your life.
On the promotional page for Amazon Photos, the company states that “because your photos and videos are encrypted, you (and those you share your password with) are the only ones who can view your photos on Amazon Photos”. In reality, the company offers encrypted photo storage, but, as with many of the options examined in this article, photos shared with Amazon are only protected in transit and at rest. So, once your photos reach Amazon’s data centers, the company can — and does — access them.
The Amazon Photos terms of use(nowe okno) reveals that the company analyzes your photos to automatically organize them into relevant albums. To do so, Amazon uses image recognition technology to identify the people, objects, actions, and scenes within each photo.
It’s possible to turn off the feature (which is enabled by default), but this does not remove Amazon’s permission to see information about your files for technical support, improve their own services, or benefit third parties.
The company’s privacy notice(nowe okno) shares that it uses your personal information to display interest-based ads(nowe okno) for features, products, and services. Though it does not do so with information that personally identifies you, it is unclear whether that includes Amazon Photos content.
| Amazon Photos scorecard | |
| End-to-end encryption | ✗ |
| Can’t access your data | ✗ |
| No history of breaches | ✓ |
| Compatible with every OS | ✓ |
The best way to keep family photos private when sharing online
As the list above shows, there are multiple online photo-sharing services but, despite their claims, many fail to offer a genuinely private experience.
Proton Drive is a privacy-first solution for sharing family photos online. With end-to-end encryption applied to all photos automatically by default, you can feel confident that no one, not even us, can access your personal files. Everything from the photo itself to its title and the name of the folder you store it in is fully encrypted and accessible by only you and those you choose to share it with.
Unlike the majority of the services listed here, even if we suffer a data breach, your files will remain securely encrypted. You can also add an extra level of security to your photos with password protection and expiring links.
By storing and sharing photos with Proton Drive, you will always retain control and ownership of your photos. They won’t be used to create targeted ads, train AI, or shared with third parties.
You can also automatically back up your photos by installing the desktop app on Windows or macOS and the mobile app on Android or iOS. By uploading photos to Proton Drive, you can keep your memories safe, even if you lose your phone or computer.
Plus, you can choose your favorite layout or theme, including dark mode options, letting you select the perfect canvas for your photos. And no file size limits means you can share high-quality photos in their original resolution.
| Proton Drive scorecard | |
| End-to-end encryption | ✓ |
| Can’t access your data | ✓ |
| No history of breaches | ✓ |
| Compatible with every OS | ✓ |
If privacy is your priority, consider Proton Drive as a solution to your photo-sharing needs. Creating a Proton account also gives you access to an ecosystem of encrypted services, including a password manager, email, calendar, and VPN(nowe okno).
