Tag: Practice Safe Computing

Defeating Snapchat’s Privacy in 4 Easy Steps

Snapchat doesn’t fulfill on it’s promise. It can’t, and it won’t. Not now, and not in the foreseeable future.

Self-destructing pictures only work if another copy can’t be made.

The obvious problem: screen shots

They kind of solved the easy problem of screen-shots by logging and notifying the sender if one of the receivers takes a screen shot.

It doesn’t eliminate the threat that a photo can be stored, but it does mitigate the risk a fair amount.

Now onto the less obvious, and much larger problem…

Snapchat_logo

How to secretly copy a Snapchat pic

  1. Receive a Snapchat photo
  2. Take out a second phone/camera
  3. Open the Snapchat photo
  4. Take a picture of the screen with the second device
Not taken with Snapchat, but the principle is the same.
Not taken with Snapchat, but the principle is the same.

Et voila… You now have an undetectable, savable and resendable copy of the previously private Snapchat.

We live in a world full of cameras my friends. Never forget it.

Unopened Snapchats

If a Snapchat photo is unopened, it still lives on Snapchat’s servers, and can be turned over to the authorities. Which has happened about a dozen times.  

Dishonesty in the product

Let’s be real. There are a limited number of use-cases for self-destructing photos. Sending unimportant photos to friends, and sending really, really private photos to friends.

Snapchat sucks. It cannot do what it promises, because what it promises is not achievable through software. Full stop.

There is no such thing as a private photo delivery system.

If you don’t want people seeing a particular photo, then don’t take it, and certainly don’t send it to someone. Once you do send a private photo, the only security that remains is the integrity and respect of the receiver.

Your phone isn’t a sex toy. 

Practice safe computing.

(image via Wikipedia)

Device Security: Fingerprints vs Passwords

Apple’s announcement and release of the iPhone 5s raised an interesting question that many have asked me:

“Which is safer, Touch ID or  a pin code?”

The answer is, it depends on what you’re protecting yourself from.

touchid_hero

Pin codes 

They are a nuisance

Far too many people don’t use them, because they are annoying. A device that is devoid of security is already defeated.

Pin peeping

Someone can easily observe a user inputting a pin, and thus defeat the security.

Police prevention

It takes a massive amount of legal proceedings for the police to compel a person to turn over their password.

Fingerprint 

Police & fingerprints

The police can compel you to turn over your fingerprints. There isn’t enough legal precedent to ensure protection from the authorities.

Deep sleepers

If you’re a deep sleeper, someone could access your device with your fingerprint, and defeat your security while you’re dreaming.

Effortless security

The way Touch ID is setup, using your fingerprint as a password is effortless after initial setup.

Safe print storage?

The way Touch ID is architected, your fingerprint data should be secure. Even if it isn’t, the device isn’t storing your prints, it’s storing a mathematical translation of your prints. So, if someone defeats Apple’s security and accesses your print data, it’s not actually your print, it’s a looooooooooong string of seemingly random characters.

Other fingerprint enabled devices, I cannot speak for at this time.

That being said, I wouldn’t worry about this because we leave our fingerprints everywhere. If someone is motivated and wants to steal your prints and do bad things, it’s pretty much impossibly to prevent (hair follicles too).

The bottom-line

If you think you’ll be invoking your right to remain silent in the near-future… Go with a pin… And please don’t hurt anyone.

If you don’t trust the people under your roof… Go with a pin…  And maybe a lock on your door.

Your safest option would be to enable fingerprint security, and have a pin… But Apple doesn’t allow it. Two layers of security would be better than one.

That being said, pick one. Pin or print, it doesn’t matter. If you’re committed to security laziness, at least protect your device with a print. No security is a terrible idea.

Practice safe computing.

(Image via Apple)

Mother’s Day Weekend Tech Support!

It’s Mother’s Day weekend, and I’m sure many of you are traveling to spend time with loved ones. In addition to whatever wonderful things you’ve already planned, may I suggest a little tech support? A few minutes of effort can go a long way!

Try:

  • Updating your mom’s operating system
  • Updating her browser
  • Updating and running a virus scan

Those few things are almost effortless, and can go a long way towards protecting your mother’s machine from all manner of badness.

Practice safe computing by lending a helping hand!

Facebook Password Protection Law Fails: It’s Good

Yesterday’s amendment to a larger FCC reform bill that would make it illegal for employers to ask for employee’s social media passwords failed to garner the votes it needed.

This is a good thing.

Don’t get me wrong, my montra remains the same: “Don’t give your passwords to anyone.” By anyone I include boyfriends, girlfriends, spouses, children, or employers. That being said, I don’t see this as the kind of issue that must be transformed into law as there is nothing inherently dangerous about giving away a Facebook password, and there are other ways of getting at the information in one’s Facebook profile beyond demanding access.

Personally I won’t work with obviously unethical people. I rather like the idea of telling a potential employer to piss off because they demand something that they have no business asking for. I see the fact that an employer can ask for my passwords as a layer of protection for me. It’s a simple red flag system, as I will loathe working for or with people like that.

It’s fine if they ask me for my password, and it’s my right to tell them that I don’t work with unethical people.

The Other Side of the Argument

Now some of you are already thinking, “David, you don’t have a family to think about.” And you’re damn right. I don’t. At that point, you’re putting a value on your privacy. It’s your choice. We place a value on our privacy every time we signup for an online service like Google or Facebook. What’s wrong with doing the same for employment? With regards to your potential employer, ask yourself:

  • How badly do you want that job?
  • Do you honestly believe that the (largely imagined) job security you seek is really going to come from the jerk who demands your passwords?
  • Are you ok with working for a micromanager? Because that’s who asks for your passwords.

What To Do If You Turn Over Your Password

  • Tell the potential employer that your password will change by the end of the day. This is a personal security issue, and you can’t knowingly have a compromised password in the wild for more than a day.
  • If you reuse passwords (which you shouldn’t), you need to change the password on all accounts that use that compromised password. Do it as soon as you get home.
Practice safe computing by keeping your passwords unique and secure.

(PC Mag)