I don’t know how many of you have messed around with Writely, Google’s online word processor, but I had to take a quick note today, and rather than decide how to file it on my hard drive, I decided to just use Writely. So I typed in some text and did some formatting. Then I accidentally dragged one of the toolbar buttons into the body and it inserted it as an image into the document (pretty neat, if useless)! Then I wondered, does Writely show me the HTML of what I’m doing? Yes, of course (and it’s a lot better than Word’s HTML, let me tell you). And then I thought, what does it do with the inline images? And so I looked at the HTML. And these images are hosted, because how else could they show up in the document (especially shared and collaborative documents)? And then I wondered, okay, so how does it know that I’m looking at those images from inside a Writely document, or even if I’m a legitimate viewer of those images? Well folks, the answer is, at least so far, it doesn’t. For example, this blog post is a shared Writely document. Anyone in the world can view it. Interestingly (for the sake of this post, not in the sense of actually being interesting), this document contains this image:

That’s only 21K, but it’s definitely hosted at Writely (for the purposes of this blog, it may be hosted somewhere else, but if you go to the document, it’s definitely hosted at Writely). And what’s really weird is, I had originally inserted the full 1.5-megabyte raw original of this image (Writely’s limit is currently 2 megabytes for images). Writely issued this link, and even after I deleted the image from the document, that link continues to work. I fully expect that link to rust, but if so, I have another, private document with that full-size image inserted, which they can’t very well delete, because it’s embedded in a document. But you can publicly view that link too!

This is all kind of amazing. Because if one was the right/wrong type of person, and one didn’t already have an insanely large hosting plan for insanely cheap, one might be tempted to abuse this service by, oh, I don’t know, storing their entire porn collection in Writely documents!