When should I use the private file system instead of public file system?

Question

I try to build a social network on Drupal 8 currently.

And now I have to decide, which files (e.g. user pictures, uploaded user files) should be handled as private files and which as public files.

As far as I know, the public file dir listing is deactivated by Drupal generated .htaccess and it returns a 403 server error. The file is only accessible if you know the exact URL.

The private file system sometimes is buggy (e.g. default user pictures) and doesn't it bloat the database with aliases? If I want to grab e.g. a picture from the site which is saved in private file system, but shown as content of a view or a node field, I can simply right click on it, and despite private file structure I can save it locally.
So, back to question, when does it make sense to use private file system?

Answer 1

You should use private file system for files to take under control of your drupal installation.

If you have some content with files and pictures you want to be visible only for certain users or groups, then you should save it in private file system. Perhaps paid content or sensitive content.

Content and images which is public to all do not need to be in private file system. For that it is better to use public file system to save server resources.

All files in public space are usable for everyone who knows the url. Files in private space are not. You can get them only if drupal serves it to you.