not so private imgur [variety including NSFW]

[mizerydearia]

It started with

Code:

for i in `seq 1 100`;do wget "https://i.imgur.com/$(cat /dev/urandom| tr -dc '0-9a-zA-Z'|head -c 5).jpg";done

and then

Code:

mkdir gif nongif;while true;do file=$(cat /dev/urandom| tr -dc '0-9a-zA-Z'|head -c 5);wget "https://i.imgur.com/$file.jpg";if test "$(stat -c%s $file.jpg)" = "669";then rm $file.jpg;else if test -n "$(file $file.jpg |grep -i gif)";then mv $file.jpg gif/$file.gif;else mv $file.jpg nongif;fi;fi;done

but now

Code:

mkdir gif nongif
for a in a b c d e f g h i j k l m n o p r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9;do
 for b in a b c d e f g h i j k l m n o p r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9;do
  for c in a b c d e f g h i j k l m n o p r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9;do
   if [[ "$a" == "a" && "$b" == "a" && "$c" < "n" ]];then continue;fi;
   for d in a b c d e f g h i j k l m n o p r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9;do
    for e in a b c d e f g h i j k l m n o p r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9;do
     file=$(echo $a$b$c$d$e);
     if test \! -f nongif/$file.jpg -a \! -f gif/$file.gif;then 
      echo $file > /var/www/localhost/htdocs/imgur_last;
      wget "https://i.imgur.com/$file.jpg";
      if test "$(stat -c%s $file.jpg)" = "669";then
       rm $file.jpg;
      elif test -n "$(file $file.jpg |grep -i gif)";then
       mv $file.jpg gif/$file.gif;
      else
       mv $file.jpg nongif;
      fi;
     fi;
    done;
   done;
  done;
 done;
done

Here's a list of valid images I've found so far


Here's a bash script provided by cjdelisle

[1715029872]

1715029872

[1715029872]

1715029872

[1715029872]

1715029872

[mizerydearia]

A huge sample of images coming soon.

[phillipsjk]

Genius! imgur appears to be a victim of it's own success.

Subversive too. (from the FAQ):

Yup. No one will ever know who posted what. If you share your image all over the Internet and it becomes popular, then it might be featured in the gallery. This ensures that the private image you sent to your boyfriend will never be seen by anyone else, while making all the funny images posted to reddit available for viewing.

To get your image into the Gallery, it must be spread all over the Internet and gain a certain level of popularity. This means that you’re still able to upload images and have them remain private (just don’t share them all over the Internet!) while still being able to view the best images out there.
...

Imgur can't easily make the URLs longer (with more entropy) because that would break all existing links out in the wild, which is considered bad form. Is Imgur a plot to get racey pictures of people's girlfriends?

Edit: The Terms Of Service say no:

Don't upload copyrighted material, harassment, spam, gore, pornography, or anything that looks like pornography. If you do, we will ban you along with the site you're hotlinking from, delete all your images, report you to the authorities if necessary, and prevent you from viewing any images hosted on Imgur.com. We mean it.

Hotlinking to any image is fine, but just keep in mind that this is a free service, so please be nice to our servers. Also, please link back to the image's page on Imgur, which is the same link as the image but without the file extension. If you abuse this privilege, then bad things will happen (see "Stuff not to do").

They go on to prohibit nudity, among other things.

PS: It appears they can fix this by converting the image URLs to a longer format, then turing the "image's page on Imgur, which is the same link as the image but without the file extension" into a HTTP redirect to the image's new, more secure location. The sever can then detect and block random scans at it's leisure.
PPS: Once the hotlinks go live (assuming they are used), the people at Imgur will be reading this thread.
PPPS: No 'sleep 1;'? What is the rush? Wget sleeps for one second between fetches by default. However, you circumvent that with your loop.

[Matthew N. Wright]

I found this out almost two whole years ago and it occured to me then that the reason its so easy to find images is because they aren't trying to hide them.