ndb.BlobProperty vs BlobStore: which is more private and more secure

Question

I have been reading all over stackoverflow concerning datastore vs blobstore for storing and retrieving image files. Everything is pointing towards blobstore except one: privacy and security.

In the datastore, the photos of my users are private: I have full control on who gets a blob. In the blobstore, however, anyone who knows the url can conceivable access my users photos? Is that true?

Here is a quote that is supposed to give me peace of mind, but it's still not clear. So anyone with the blob key can still access the photos? (from Store Photos in Blobstore or as Blobs in Datastore - Which is better/more efficient /cheaper?)

the way you serve a value out of the Blobstore is to accept a request to the app, then respond with the X-AppEngine-BlobKey header with the key. App Engine intercepts the outgoing response and replaces the body with the Blobstore value streamed directly from the service. Because app logic sets the header in the first place, the app can implement any access control it wants. There is no default URL that serves values directly out of the Blobstore without app intervention.

All of this is to ask: Which is more private and more secure for trafficking images, and why: datastore or blobstore? Or, hey, google-cloud-storage (which I know nothing about presently)

Answer 1

If you use google.appengine.api.images.get_serving_url then yes, the url returned is public. However the url returned is not guessable from a blob's key, nor does the url even exist before calling get_serving_url. (Or after calling delete_serving_url).

If you need access control on top of the data in the blobstore you can write your own handlers and add the access control there.