Instagram’s approach to privacy is nothing like the piecemeal strategy used by parent company Facebook. On the photo-sharing service, your privacy settings are limited to public and private—or at least that’s what we thought. Instagram just fixed a bug that let people see your private photos if they had once been public.
Quartz discovered the flaw and asked Instagram about it, prompting the Friday fix. Before the hole was patched, if you shared web links to your photos when your account was public and then decided to go private, those links would still lead to publicly viewable images. The hole was only exploitable on the web, not in Instagram’s iOS and Android apps.
Now those links lead to images that can only be seen by your followers, unless you share a photo on Instagram and other social networks (like Twitter or Facebook) at the same time. Then anyone can see it and always will be able to, unless you delete the photo. But if you publish a link to an Instagram photo that hasn’t been simultaneously shared to other networks, the service should limit that image’s audience to your current privacy setting—and now, that’s actually the case.
Why this matters: Instagram doesn’t often come under scrutiny for its privacy policies, but Facebook definitely does. The popular photo-sharing service has yet to be harmed by its parent network’s privacy missteps, but if it starts making some of its own, Instagram might lose its luster—and some of its 300 million fans—just as the company is about to start doubling down on advertising.