Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

Security issue - Deleting images stored on Livefilestore

Jun 17, 2013 4:03AM PDT

My aged parent has used windows live mail to send me photos of documents containing confidential information - rather than simply emailing me the images the "system" seems to have uploaded them to a public server and emailed me thumbnail links instead.

As I am able to access these images with a simple URL with no password protection or other security could you please advise, as a matter of urgency, how I delete these images to prevent them falling into the wrong hands?

I am sure that microsoft would not create a service that allows users with no technical knowledge to unwittingly publish confidential information to the public domain but cannot find any obvious way to remove them.

Thanks.

Discussion is locked

- Collapse -
Answer
Seems well discussed.
Jun 17, 2013 4:12AM PDT
- Collapse -
PS. If this is skydrive, read this one.
Jun 17, 2013 4:13AM PDT
- Collapse -
Not on Skydrive
Jun 17, 2013 4:33AM PDT

Thanks but these images are not uploaded by the user or stored on Skydrive - they are automatically uploaded by live mail and stored on a "Livefilestore.com" url to which I seem to have no access ...

- Collapse -
You should not have access.
Jun 17, 2013 4:38AM PDT
- Collapse -
thanks
Jun 18, 2013 12:06AM PDT

Bob - your responses have nothing at all to do with my question but thanks anyway.

- Collapse -
Good luck.
Jun 18, 2013 12:13AM PDT

Sadly it appears to have EVERYTHING to do with it. The SENDER put them there and the images are on a specific service and you won't be able to delete them until you take over their account.

"
As I am able to access these images with a simple URL with no password protection or other security could you please advise, as a matter of urgency, how I delete these images to prevent them falling into the wrong hands?
"

The SENDER of the images made a mistake which they'll have to correct if you can't convince someone at MSFT to take them down.

I'm more than willing to discuss this but it appears you think this is something you or I can fix.

Nope,
Bob

- Collapse -
I have access to sender account
Jun 18, 2013 12:28AM PDT

Hi Bob - the reason I think you have the wrong end of the stick is that I have access to the sender account - she is begging me to ensure that she has not opened herself up to identity theft.

The sender did not make a mistake per se - this seems to be the default behaviour of windows live "photo email" feature which needs to be deliberately disabled. Unfortunately my parent, and many others, will have no idea about this.

I have accessed her account and deleted the sent email from it (which showed a messaging stating the images uploaded will be automatically deleted in 28 days btw). I have checked her Skydrive and there are no images there. Nor does there appear to be any way for the SENDER to remove the images that have been uploaded to Livefilestore.com.

So it seems this confidential information is going to be accessible in the public domain for 28 days and there is nothing anybody can do about it.

As I state below the response to this exact enquiry on support.microsoft.com seems to have been to delete my post and block me as the post is gone and I can no longer access MS support when logged it which seems remarkably extreme for a simple question from a customer!

- Collapse -
That's a different question as I read this.
Jun 18, 2013 12:42AM PDT

Frankly the issues with "Live" apps and email has me not using them except to check out things that folk ask about.

Please read all about email and plain text and I'd like to know what you think.

That is, should all plain text protocols be removed?

Back on topic. Until this post I had to assume you were the receiver and they were the sender. Now that you added that you have control over the sender's email account and thus SkyDrive then the question is something else.

-> Here's my non-authoritative answer. Microsoft thinks that security by obscurity works. That is, since you can't list the folder's contents of that skydrive location then no one can guess the filename and see what's there.

YOU MAY DISAGREE but it appears you think I don't care. I really do. But unless MSFT gives you some delete button or option to not send such via a link like that, then the next choice is clear. And since I don't want you guessing, here it is. Don't use MSFT's product for this. Also, considering email is in the clear anyway, don't send such over email.
Bob

- Collapse -
Agree
Jun 18, 2013 11:04PM PDT

wholeheartedly - hard to believe MS are pumping tons of naive users' images to publicly accessible servers and claiming (as they do in their faq) that these images are only accessible by the sender and the recipient when this is clearly not the case if the only "protection" is an obscure URL string.

The biggest issue as ever is that the consumer simply doesn't seem to care - whether through ignorance, blind faith in the brand or complicity. All I know is that my mother freaked when I explained this to her and is switching to another service / desktop client and pgp as soon as I can get over and install it for her Wink

- Collapse -
No response from MS - they deleted my post instead!
Jun 18, 2013 12:18AM PDT

So, I posted the exact same question on support.microsoft.com and their response - deleted my post and appear to be preventing me from accessing forums?!

As I am no longer able to access or post to Microsoft's support forum I'm hoping someone in the know here can help.

My point to re-iterate - is that the default behaviour of the "photo email" feature of Live Mail is to upload full sized images to their Livefilestore server (this is NOT Skydrive) and that this image seems to be protected only by an obscure URL.

This suggests to me that Livefilestore could relatively easily be trawled for sensitive images and as Microsoft do not provide a way for users to delete images it is hosting there they are being exposed to a significant security threat.

Any one care to comment?

- Collapse -
Email is sent in the clear anyway.
Jun 18, 2013 12:22AM PDT