All posts tagged photography

Have Your Online Galleries Been Hacked?

Are Your Boudoir Clients Photographs Safe and Secure Online?

Today in one of the boudoir forums that I frequent, a member posted about her discovery that there was a forum for voyeurs who were hacking their way in to boudoir galleries online. They weren’t stopping at boudoir galleries though — they were logging in to family galleries, and I’m sure other session galleries.

These people weren’t using the usual hacking methods though, at least not at first. They were actually just finding the path to the gallery and from there guessing the password.

Oh, and they started the thread in 2012. [Corrected. This post originally said November, 2013.]

It just took us until 2014 to find out about it.

More recent posts on the thread talked about using extortion to get money from the women in the galleries that they had found. Yes, threatening to post photos to Facebook unless they were paid off.

Then there were the threads about how they had figured out that they could potentially “scrape” all of the galleries from Red Cart, gaining EVERY PHOTO POSTED there. Boudoir or not. Boudoir was what they were after though.

Voyeur Forum RedCart Scraping of Boudoir Photographs

They weren’t just going after online proofing sites (SmugMug, ZenFolio, and RedCart were all mentioned in their thread), but they were also going after online album proofing sites.

Voyeur Forum Suggests Hacking Album Company Site

Now you might think that your online gallery software or your album proofing company should be doing something to protect you from this hacking. The thing is, if you read their Terms of Service? Every single one of them has an “out” written in to their contract. It is your responsibility to make sure your passwords are secure. Beyond that, if someone gets in to them? Not their fault. (*I could argue that RedCart has a bigger issue on their hands if they were figuring out how to pull down every image on their site. Right now isn’t the time for arguing. Right now is the time to FIX THIS situation.*)

Here is SmugMug’s Terms of Service and here is ZenFolio’s Terms of Use and Privacy Policy.

SmugMug's Very Standard Security Information

SmugMug’s Terms are pretty much the industry standard for ANY hosting service. Their responsibility is limited. It is your responsibility to keep your client’s photos safe.

UPDATE: If you are a Zenfolio user, a photographer started a feature suggestion that people can only guess a password 3 times before being locked out of a gallery. If any of you would vote for it, please go here.

The forum has now moved the post to their “Member’s Only” section, so we can’t see what they have added to it at this point. At the time that the post was moved, the thread was 121 pages long.

Thing is, this may be the one forum that we know about, but I promise you – it is NOT the only forum out there with information like this.

Protecting Your Clients

Ok, now that we are all sufficiently panicked about this, let’s talk about what we can DO about it.

1. Never post your client’s images online, ANYWHERE. Realistically, that is the only safe & secure method to use. I went that route a few years ago when we caught someone trying to hack (truly hack, not just guess at passwords) their way in to my online gallery software that I hosted on my own server. I don’t post my boudoir client’s images online. We meet in person to view the images. (I’ve talked before about my whole In Person Viewing process in these posts: overcoming your fear of in person sales sessions, boudoir photography workflow – preparing for in person sales and the magic of in person sales sessions.)

I do however use an online album proofing company and an online slideshow option. I am considering discontinuing both of those services after today.

But I HAVE to do Online Proofing! (Insert reason here.)

Ok, so option #1 isn’t an option for you, for whatever reason. You simply must post your photos online for them to see them.

2. Use a SECURE password. Using your client’s name? Not a secure password. Using “boudoir”? Not a secure password. Using “sexy”? Not a secure password. These and many more obviously easy to guess passwords were being passed around in this forum. An entire boudoir photographer’s gallery was linked, and every single session used the first name as the password. Yes, they worked. No, that is NOT secure. WORDS, no matter how unique they are to your client, are not secure.

(Want to learn more than you ever wanted to know about password security? Wired Magazine – Secure Passwords Keep You Safer and the scary story of how Mat Honan’s entire world was hacked, Wired Magazine – Kill the Password: Why a String of Characters Can’t Protect Us Anymore.)

3. Have a clause in your contract limiting your liability if your galleries are accessed. Do you want your clients coming after you if someone got in to your galleries and took their photos and posted them all over Facebook? No? Then you need to talk with your lawyer to make sure you are protected in case this happens to you. (Yes, just like SmugMug, ZenFolio, and RedCart have in their Terms of Use.) Make sure that your clients understand that no password is EVER completely safe.

Make sure you understand that too. No password is ever completely safe. It is not a matter of if you will be hacked, it is a matter of when. You need to put photos online with that understanding.

From now on, if I ever have to put a gallery online for any reason, I will require my clients to sign a special release for the gallery going online. This is something you should consider not just for boudoir sessions, but for any client. Make sure your client is aware that the photographs could be compromised. For example, some parents do not want their children’s photos viewed by anyone.

4. Be obscure about where your galleries are located at. “One of the best security measures in the online world is “obscurity” otherwise known as “security through obscurity”.

Basically if you have online galleries that you want protected, don’t add them to your main gallery list or your site’s navigation. At Fotomerchant we call them “ghost” pages and only people you give the unique URL to will even know the page exists.

Also, make sure the pages are NOT listed in your sitmap.xml and that your robots.txt does not allow full site crawling and then Google will never know they exist either… Unless you post a link to the gallery somewhere public!

Obscurity is one of the only measures that requires human knowledge in order to crack it” — Derek Clapham, co-founder of FotoMerchant, in response to a private forum post I made about this situation this afternoon.

However, private, hidden, unsearchable galleries were on that list that we discovered. Just making it obscure wasn’t enough for them when they were determined. In some cases, “they were able to find these hidden pages due to the nature of their URL design. It was predictable and based on a number sequence”, said Derek.

5. Pull expired galleries offline. When possible, use FTP to make sure the images are completely removed. If you let the gallery expire and it is still online, the photographs are still stored on a server somewhere. Servers can be hacked, your files can be accessed. Remove them from the server completely when you are done with the gallery or album proof.

Once something goes online, it is never completely safe

Even if you do all of the things listed above, are your client’s photos still secure?


No, they are not.

Hidden, not listed, not linked, unsearchable galleries? ALL were in that post discovered today.

Once these people found the easy to target galleries, they pushed on to find the harder to discover ones. They figured out how to move up and down the gallery structure of the software. How to change the string text to get to a gallery. They kept looking. For almost two years they have been looking. Some in the thread mentioned “let me check my documents of the ones I’ve gotten in to” — so even if this thread disappears, there are others out there, and private files that people keep.

Photo Credit: ~Brenda-Starr~ via cc

Boudoir Photography Workflow – Preparing Photographs for In Person Sales

Boudoir Photography Workflow - Preparing Your Proofs for In Person Sales

Today, I want to share my boudoir photography workflow that I use. This is the workflow that I have developed now that I overcame my fear and I do In Person Sales sessions after every client’s session.

Let me get this out of the way: this works FOR ME. There are a million different ways to do things, as we have discussed before. Create the business you want to create. This is my way of doing them. No right or wrong, and I’m sharing my perspective to help you out. That said, I would LOVE to hear how you do things, as I’m sure my readers would as well. Feel free to leave a comment!

Backing Up Your Photographs

After each session, I back up my images to both a Western Digital My Book Drive and a Western Digital Passport Drive. I work off of the Passport Drive because it is easy to move around, I can hand it to my editing assistant as needed.

I make two copies of everything just in case a drive fails, there was a transfer error when copying the files, or I lose a drive. None of these things have happened to me in 5 years, but I really don’t want to tempt fate. I also check the files (bringing them in to Lightroom) before I reformat and shoot on the memory card again. Just in case!

Memory is cheap these days. I use one drive until I fill it up. Then I move on to a new drive. If you want to learn more about Lightroom workflows, I highly recommend anything by Jared Platt. He has several videos and Creative Live courses you can check out!

Culling Your Photographs

I am a heavy shooter. I had a camera body for 2-3 years that was temperamental about focusing so I developed this habit; I also work at f/1.8 most of the time, and last but not least, people blink. I’d rather have too many than too little. The same goes for my culling of the photographs. I often leave 2-3 options of the same pose in my editing for clients to chose from. Half smile, full smile, closed lips. Head tilted or not tilted. I want them to have the option. The differences may be slight, but they are different.

I often leave over 100 images in my final collection of proofs; sometimes it is closer to 200.

The fact that I do In Person Sales is VERY IMPORTANT here. I would not recommend doing this if I was posting images in an online gallery. I get to control how quickly they see the images, so they don’t end up in analysis paralysis.

I also offer products with higher image counts. I have one album option that has up to 100 pages in it, so they could potentially buy 100 images.

I choose to do this because Boudoir photography is a very intimate experience. While I am the expert and know which photos are the best, I like to give them some say in the final selections. Sometimes, the smile I love the most is not the smile that they love. My brand is about self-acceptance and beauty within all of us, but I also understand that we all have some quirks that we can learn to accept, and still might not want a photograph of them.

Proofing the Photographs

I do all of my preparation for viewing sessions in Lightroom. I do not open Photoshop for a single image for the In Person Sales Session. After I have completed my culling of the images, I go through them and do a check on the White Balance and on the colors. I convert some to black and white. I might adjust a crop.

I choose to only do full retouching on the final images that they select for their albums and wall art in Photoshop.

I educate my clients repeatedly on this part of my process. At the session I will remind my clients that I do not do full retouching because, “If I did that, you would have to wait so long to see your photographs! I know you’re excited and you can’t wait to see them!” They get it, they really do.

I also don’t do full retouching again because of what I have opted to build as my brand. I think that the mass media’s extreme overuse of Photoshop is distorting our image of reality and our perception of beauty. I want my clients to see just how beautiful they truly are – without Photoshop! I’ve had several clients question me in their viewing sessions, insisting I had modified their images. Nope, not at all … that is ALL YOU. Beautiful. Just like you are.

Recently, I saw a photographer friend post proofs online from a session she had had done. The proofs were fully retouched. She said in the commentary, “If only I looked like this every day.” I won’t lie, it broke my heart a little. It resonated with me. That is why I don’t fully retouch my proofs.

In our viewing session, if I sense that they are hesitating over an image because of a flaw that they see, I will discuss with them what I am going to edit in the photographs. I have not found retouching the images makes any difference in my sales, and since it impacts my costs it is more profitable for me to not do it.

Preparing the Slideshow

Once I have completed culling the images and doing an quick pass through the images to color correct them, I select images for a slideshow that I create with Animoto. I normally select 50-75 images. I use this slideshow to kick off our meeting as it gives them a chance to just see the images without thinking about if they are going to stay or go.

How Long My Workflow Takes

My workflow, from importing the images in to Lightroom, through culling them, color correcting them, selecting images for Animoto and making the Animoto Slideshow itself takes me 1 to 1.5 hours. (This does not include the time to back up the cards to two drives – I normally start that at night when I’m done working and walk away.) My goal is for this to be a quick process.

Of course, this time does not include the full, final retouching I will do to an image before it goes to print – this is just my workflow to get me to the viewing session.

What is Your Workflow?

Do you do things the same? Different? Any tips or advice?

Photo Credit: qthomasbower, used under Creative Commons

What Lens Should I Buy for Boudoir Photography? Six Tips to Help You Choose!

What lens should I buy for boudoir photography?

“What lens should I buy for boudoir photography?”

It is the question I have seen countless times over the years in so many forums. The question I get from friends. The never-ending question. There is only one problem — the lens you should buy really all depends on you! What lens do you love? How do you like to photograph? Where do you photograph? Do you have space to back up so you can use a long lens? What do you like?

A big deciding factor – what camera body do you have? My Canon 50mm f/1.2 lens on my 5D mkIII, which is a full-frame sensor camera, will work differently than it would on your Canon 7D, which is a 1.6 crop frame sensor. In other words, my 50mm lens would behave like an 80mm lens on the 7D. Two very different results!

Before I go much further – my apologies; I only know Canon gear. I’ll try to interview a Nikon photographer in the future to get tips on Nikon gear as well, but overall the same advice applies.

So how should you decide what to buy?

1. Look at what your current limitations are. Do you often find that you wish your lens could go wider? Or that you could zoom in more? My first camera came with a kit lens, so I couldn’t go very wide – and I found that when I traveled, I wished I could back up even more — so my first lens purchase was a wide angle lens. That was the lens which at the time addressed my most immediate need.

2. Do you often shoot in low-light situations? You might want to consider lenses with larger aperture openings. (The smaller the number, the larger the opening.) I photographed weddings along with boudoir work for the first 4 years of my boudoir business, so I have only lenses that are f/2.8 or even better, like the 50mm f/1.2 I mentioned above. That way, I could photograph in dark churches where no flashes are allowed during the ceremony. In my boudoir work, I don’t have problems with it being dark, but that shallow depth of field created by an f/2 or so can be luscious for isolating body parts. That said, the “Thrifty Fifty” 50mm f/1.8 is a great lens, and the 50mm f/1.4 was my workhorse lens for several years. Same with the 85mm f/1.8.

3. Do you plan to upgrade your camera body in the future? If so, make sure your lens will work with future camera bodies. That first wide angle lens that I purchased was an EF-S lens, which only works on the cropped sensor line of Canon cameras. Once I moved to a full-frame camera (the 5D), my beloved wide angle no longer worked with that body. For Canon gear, the EF lenses work on ALL camera bodies. The EF-S lenses are built for the crop-sensor camera bodies only.

4. Try before you buy! Look to see if local stores in your area rent camera gear. Network with local photographers and see if someone will loan you a piece of gear for you to test out. Rent from to try out gear longer term. (They not only rent lenses but camera bodies, flashes, and a lot of other items!) This has saved me a lot of money over the years! I rented lenses from that I thought I really, really wanted – only to discover that I didn’t love them as much as I thought I would. (Renting is also an excellent option for making sure you have backup gear when you need it.)

5. There is no such thing as right or wrong gear. Buy what works best FOR YOU. Sell it if it isn’t working. I started out with the 24-70mm and the Thrifty Fifty. For me, the 24-70 wasn’t my favorite lens, and I passed it on to my second photographer when I was still photographing weddings. I love the sharpness of primes (fixed lenses that don’t have a zoom capability – like the 50mm) at the time, but lately I’m thinking I want to give that 24-70 another try. With my style of boudoir photography and in my current studio space, it might work really well for me. I’ve had people tell me over the years that they can’t believe I don’t love that lens – and others have told me over the years that they don’t love it either. Do what is right FOR YOU.

6. Use Flickr to your advantage. When I first was acquiring gear, I would study photos that I loved on Flickr, and then I’d look at the camera EXIF data to see what gear was used. After awhile, I noticed trends – for me, it was the Canon gear (I love the Canon blue colors) and the 50mm lens. Those were my first purchases. Note: not all photographers share the EXIF data for their images, but if it is there there will be text just to the right of an image like the photo below. If you click on the camera type, it will show you all sorts of other data as well.

Use these tips, and I think you will be well on your way to purchasing gear that is perfect for you! Remember, it is NOT a challenge to see who can have the most gear. There is no “Winner” if you have thousands of dollars of gear and it is just gathering dust! Gear is expensive, and in order for your business to be profitable you need to be wise in your purchasing decisions. Hopefully this will help you make wise choices that are best for your business!

Disclaimer: Links in this post are affiliate links. If you purchase the gear mentioned by using these links, I will received a small commission from the companies. These are all companies that I use personally on a regular basis, and I was not paid to write this post.

Photo above by Robert S. Donovan and used under the Creative Commons License.