Digital privacy is once again in the spotlight due to rumours that emerged last week of a widespread hack of Snapchat accounts. The incident, which has already been dubbed ‘The Snappening’, has allegedly allowed a massive collection of thousands of both random and intimate Snapchat pictures and videos.
Vaguely reminiscent of the iCloud security breach Celebgate, right?
Well, indeed, thousands of private pictures and videos are said to have recently been published on the notorious 4Chan message board and the online forum Redditt, the same places where hackers published the stolen iCloud pictures of nude celebrities this past summer.
Except, in this case, it is not about pictures and videos of female celebrities which would never have made to the public eye if it wasn’t for the obvious gender directed attack.
Instead, the pictures have been intentionally sent by the people they concern to others through the Snapchat mobile application. And, more grievously, it might involve a vast majority of underaged individuals.
For those who are less technologically aware, the Snapchat is a mobile application which allows users to send personalised and draw-on messages to others, with the promise of an instant and automatic deletion of images, pictures and videos within seconds after having been watched by the receiver.
It is like in those Hollywood movies where the message would self destroy in five or ten seconds. How enigmatic!
One romantic viewpoint of the application is that the ephemerity of the content is deemed to make it more treasured and valued and, consequently, to make people more attentive to it.
On the pragmatic side, it is as well quite obviously intended that no record of the content will ever be kept and, once self deleted, it won’t surface ever again.
Nevertheless, I fail to understand how someone could trust that the information sent would be secure just because it couldn’t be saved. In my opinion, the whole concept was a pure illusion. In fact, it would suffice to take a screenshot of an image within a phone before it would expire or to use another camera to capture a Snapchat screen and the receiver would be able to make the moment last forever.
Anyway, the overall effect is that the promise of instant and short lasting content has made the application particularly popular among teenagers, who represent the vast majority of its users base. And, therefore, the main concern is that the collection might, in parallel to random content, involve pictures and videos which would legally be considered child pornography.
Although Snapchat has faced security problems before, it seems that, this time, the incident is due to the use of a third-party website which allows to store and catalogue snaps that would otherwise be deleted.
Indeed, the data has apparently been obtained through a third-party website Snapsaved.com, which allows Snapchat users to use the service on a desktop computer, rather than just on a mobile phone. By getting a user’s login details, such as username and password, the website could access to Snapchat’s servers. Therefore, it was able to access and store the shared information, thus circumventing Snapchat’s instantaneous deletion most famous feature.
Therefore, its users were able to save photos sent to them via Snapchat without the sender’s knowledge. Not too comforting, I suppose…
Snapchat was quick at issuing a statement according to which the scenario of a security breach of its servers was absolutely rejected:
In other words, according to the issued statement, if the victims have used a third-party application, they are the sole responsibles for having suffered a hacking attack.
Does this victim-blaming sounds familiar?
Anyway, although Snapchat is technically correct when it points out that the security of its own servers was not compromised, it conveniently failed to address the real issue at stake.
I am far from being a geek but I cannot help to wonder, for instance, why do these third parties applications and websites succeed in having access to the content shared through Snapchat? What is the company doing in order to prevent the connection of these applications to its own?
Snapchat conveniently dodged the very relevant issue that is: even those users that share messages by means of the real Snapchat application are at risk because it is not possible for the sender to ascertain if the receiver is using the official Snapchat application or a third-party one.
So it is all good when Snapchat blames users who use a third-party unauthorized service; but what about all the users that are unwittingly communicating with friends who use those services? Are they to blame as well? Or should we consider that, in a globally sharing world, they shouldn’t be sharing anything in the first place?
According to Snapchat’s own statement, it seems to consider that users should envisage the possibility and perhaps expect that the receiver is able to save the pictures, namely by using a third-party service.
While this is quite unfortunate from a marketing perspective, it is also deeply hypocrite. The whole point of making pictures disappear, besides the romantic vision of ephemeris, to make the sharing safer.
It is without any doubt that a security flaw exists within Snapchat’s product, which cannot be ignored and for which Snapchat is responsible.
Currently, there are very few credible sources of information and most are anonymous. Many believe this whole story to be a hoax, arguing that the photos that were being spread on 4chan were images that had already leaked online. On Reddit, some of those who claim to have downloaded the photos in the Snappening hack shared their disappointment regarding the mundane nature of the pictures. No surprise here. We can always rely on internet to destroy any remaining bits of faith in humanity. Others claim that a vast amount of the content qualifies as child pornography.
Disregarding if an actual hack took place or not, this ephemeral messaging application raises serious and longstanding concerns.
It is an unfortunate reminder that privacy violations of social networks’ users may occur even if a company’s servers are not directly attacked due to the use of a third-party services.
Furthermore, it brings to spotlight issues regarding the knowledge regarding the navigation on internet, software usability and social media literacy.
Last but not the least, the exposure of children and underage individuals to the risks of privacy and security online breaches outlines their vulnerabilities in an increasingly technological-based social networking world.
invalidating the EU Data
invalidating the EU Data