Defeating Snapchat’s Privacy in 4 Easy Steps

Snapchat doesn’t fulfill on it’s promise. It can’t, and it won’t. Not now, and not in the foreseeable future.

Self-destructing pictures only work if another copy can’t be made.

The obvious problem: screen shots

They kind of solved the easy problem of screen-shots by logging and notifying the sender if one of the receivers takes a screen shot.

It doesn’t eliminate the threat that a photo can be stored, but it does mitigate the risk a fair amount.

Now onto the less obvious, and much larger problem…

Snapchat_logo

How to secretly copy a Snapchat pic

  1. Receive a Snapchat photo
  2. Take out a second phone/camera
  3. Open the Snapchat photo
  4. Take a picture of the screen with the second device
Not taken with Snapchat, but the principle is the same.
Not taken with Snapchat, but the principle is the same.

Et voila… You now have an undetectable, savable and resendable copy of the previously private Snapchat.

We live in a world full of cameras my friends. Never forget it.

Unopened Snapchats

If a Snapchat photo is unopened, it still lives on Snapchat’s servers, and can be turned over to the authorities. Which has happened about a dozen times.  

Dishonesty in the product

Let’s be real. There are a limited number of use-cases for self-destructing photos. Sending unimportant photos to friends, and sending really, really private photos to friends.

Snapchat sucks. It cannot do what it promises, because what it promises is not achievable through software. Full stop.

There is no such thing as a private photo delivery system.

If you don’t want people seeing a particular photo, then don’t take it, and certainly don’t send it to someone. Once you do send a private photo, the only security that remains is the integrity and respect of the receiver.

Your phone isn’t a sex toy. 

Practice safe computing.

(image via Wikipedia)

Device Security: Fingerprints vs Passwords

Apple’s announcement and release of the iPhone 5s raised an interesting question that many have asked me:

“Which is safer, Touch ID or  a pin code?”

The answer is, it depends on what you’re protecting yourself from.

touchid_hero

Pin codes 

They are a nuisance

Far too many people don’t use them, because they are annoying. A device that is devoid of security is already defeated.

Pin peeping

Someone can easily observe a user inputting a pin, and thus defeat the security.

Police prevention

It takes a massive amount of legal proceedings for the police to compel a person to turn over their password.

Fingerprint 

Police & fingerprints

The police can compel you to turn over your fingerprints. There isn’t enough legal precedent to ensure protection from the authorities.

Deep sleepers

If you’re a deep sleeper, someone could access your device with your fingerprint, and defeat your security while you’re dreaming.

Effortless security

The way Touch ID is setup, using your fingerprint as a password is effortless after initial setup.

Safe print storage?

The way Touch ID is architected, your fingerprint data should be secure. Even if it isn’t, the device isn’t storing your prints, it’s storing a mathematical translation of your prints. So, if someone defeats Apple’s security and accesses your print data, it’s not actually your print, it’s a looooooooooong string of seemingly random characters.

Other fingerprint enabled devices, I cannot speak for at this time.

That being said, I wouldn’t worry about this because we leave our fingerprints everywhere. If someone is motivated and wants to steal your prints and do bad things, it’s pretty much impossibly to prevent (hair follicles too).

The bottom-line

If you think you’ll be invoking your right to remain silent in the near-future… Go with a pin… And please don’t hurt anyone.

If you don’t trust the people under your roof… Go with a pin…  And maybe a lock on your door.

Your safest option would be to enable fingerprint security, and have a pin… But Apple doesn’t allow it. Two layers of security would be better than one.

That being said, pick one. Pin or print, it doesn’t matter. If you’re committed to security laziness, at least protect your device with a print. No security is a terrible idea.

Practice safe computing.

(Image via Apple)

The Ubiquity of Porn & Mobile Apps

“When did apps become like porn?” The delightfully crazy lady ask.

The tired traveler stared back at her with a look of befuddlement.

She laughed, “Ok, that wasn’t clear… I mean, there’s like a porn for everything you can imagine… And the things you can’t. When did apps become like that?”

So that was an except of my interaction with a stranger on the shuttle from the San Francisco Airport to my hotel back in September (I wrote most of this weeks ago and then forgot to finish it). I had just arrived in Palo Alto for the Quantified Self Conference. Back to the crazy lady’s question sans third person…

After she asked the question I pondered it seriously for a moment, came up with my answer, and the asked myself, “does she really want me to answer her?” The expression on her face scream that she was dead serious.

“When did apps become like porn? I’m not really sure of the exact day and time; it’s been a couple of years. But… I’m pretty sure that both porn and apps became so widespread for the same reasons:

  • Low cost technology
  • Low barrier to entry production
  • Free tutorials

Pretty much anyone can afford a computer, mobile, and a camera. The software to produce code and edit film ranges from dirt cheap to free, and there are free tutorials all over to learn how to do it… Also, tripods. They helped too.”

To cap it all off, this conversation was set to a cultish radio preacher ranting about the impending end-times… Which is in part the fault of ubiquitous porn. It was an interesting ride, made all the more surreal by days of sleep deprivation.

Speaking on Mobile App Design for Business at NJ Connect

Wednesday, October 17 at 6PM in Red Bank, NJ -

I will be joining Juergen Berkessel (@polymash) and Robyn-Stratton-Berkessel (@robbiecat) of Polymash at NJ Connect’s October event to speak on mobile apps for business.

My presentation will cover the basics of design, development, security, maintenance, timeline & budget.

Juergen & Robyn will present on promoting an app once it’s live. This is an often overlooked aspect of mobile, and I am really looking forward to hearing what they have to say.

After they wrap, we will join forces for a panels/ Q&A.

If you’re interested in attending, you can RSVP with NJ Connect on meetup.com. It’s filling up quickly.

I hope to see you there.