Sunday, December 07, 2008

Pixelpipe, Picasa and my Google password

I've used PictureSync for years to upload images from iPhoto SmugMug. Lately I've used a specific iPhoto plug-in for Picasa and SmugMug uploads, but the app did well when I needed it.

Now the author has launched a web service that performs similar functions: Pixelpipe. The beauty of the service is that he can create single high quality uploader for OS X or iPhoto or Windows, and then the middleware will route the image to one or more services.

The good news, at least with regard to Picasa, is that you don't have to provide Pixelpipe with your Picasa/Google password. That would be unthinkable -- I have far too much wrapped up in my Google password to hand it over to a 3rd party. [Update: see comments.]

Google has a good API for this sort of thing. If you're authenticated with Google, then Pixelpipe requests access and Google asks if you want to grant it. Pixelpipe never gets your Google info.

I'm sure not all the services work that way, but Google is the one I care about. My SmugMug un/pw is only for photos, but my Google un/pw is a big chunk of my digital identity.

Update 11/9/08: Signing up for SmugMug does require a un/pw, but that's a much smaller risk than handing over my Google credentials. I commenter tells us that SmugMug will also move to the "OAuth" standard, so even that won't be necessary. I recommend, however, that when you share a password like this you use either a unique password or, more practically, the password you use for all the stuff you don't really care about.

In the crash of '08 a big advantage of Pixelpipe is you can spread your risks. I pay for storage at both Picasa and SmugMug -- and I have lots of it. Might as well replicate anything I send to SmugMug at Picasa.


Jacob said...

Many more providers are now adopting similar authentication mechanisms (OAuth is the standard) including SmugMug (and will be implemented soon for them in Pixelpipe). It's a major improvement over giving out passwords, although is tricky for mobile devices and the user must ensure they are signing into a provider's valid website to grant access, to prevent phishing.

JGF said...

Great comment, thanks!