Why We Should Celebrate Snapchat and Encourage Ephemeral Communication

An anonymous reader writes "Within a few months of launching, Snapchat has made an enormous and lasting impact on the culture of communication on the Internet – and we should all be grateful. They have simplified a security process enough to the point that anybody can use it, while validating the market of the next generation of privacy-preserving ephemeral communication. Most importantly, we may finally get a break from the forced permanence of the Facebook and Google world, where everything you do and share is a data point to be monetized and re-sold to the highest bidder."

broken link

[Skapare]

The link is broken. I see naked HTML. Forbes won't let me in. Oh wait, What?

Re: broken link

[dreamchaser]

This is slashdot my friend. Editors don't actually edit anything.

Re: broken link

[fisted]

Editors don't edit anymore because they perfectly know their readers don't read TFS anyway. The only group left on /. holding up to their promises are

Re:broken link

[symbolset]

It's OK. I'll just put an end to the discussion now. There is no such thing as an ephemeral Internet. It is a myth. All your naughty words, deeds and pics are archived by a number of different services including The Internet Archive. Such a thing is not possible: the Internet is actually designed to prevent it. Various means of showing your naughty bits over the Internet to one person only for only a brief time have a number of design flaws including "THE ANALOG HOLE".

Re:broken link

[DoctorBonzo]

Oooooh. Analog hole? You make it sound so dirty.

Re:broken link

[cayenne8]

From reading the synopsis, all I can say is:

WOW...this is amazing!! I cannot believe such a world changing thing has become available to the public!!!!

By the way, what is snapchat?

What and what?

> privacy-preserving ephemeral communication. Most importantly, we may finally get a break from the forced permanence

If it's transmitted in the clear and displayed on a screen, it is neither privacy-preserving nor ephemeral.

Re:What and what?

[homb]

Just like you can't stop someone from secretly recording a face-to-face conversation, Snapchat tries to enforce as much as possible the demands for privacy: if the recipient stores the message (through a camera screen capture for example), then it is clear s/he is going against the wishes of the sender, and that ultimately could have legal ramifications.
Technically the data isn't transmitted in the clear. You have to do some work to crack its encryption.

Re: What and what?

[HJED]

Actually it does in the same way that pressing delete in a file browser does, (the article doesn't explain it very well) the problem is that that can be recovered using data forensic tools as it is not overridden merely unmapped. I would argue that is a flaw (or an efficiency decision) in the OS. If you want to securely delete something on a computer you need to use a tool that overrides it a few times first.

Re:What and what?

[rjstanford]

if the recipient stores the message (through a camera screen capture for example), then it is clear s/he is going against the wishes of the sender, and that ultimately could have legal ramifications.

If that's acceptable, then just send your naked pictures with a little note saying, "Hey, please delete this instead of sharing it with your frat and checkoutmynakedgirlfried.com, mmmkay?" Either the technology as-is is adequate (in which case you don't need it), or its not (in which case you shouldn't use it).

Their marketing, however, appears to be fantastic, since the previous logic isn't being used.

Re: What and what?

[IndustrialComplex]

So you can't trust them not to spread your picture but you can trust them to not download a bypass and then spread your picture?

That's not a contradiction. You are looking at the problem in a single moment of time.

Alice trusts Today Bob enough today to not bypass the software OR spread the picture. Alice does not trust that Tomorrow Bob will not spread the picture.

By preventing Today Bob from preserving a copy of the picture, Tomorrow Bob will have no picture to disseminate. Tomorrow Bob cannot alter Today Bob's software. Why would Today Bob be trusted but Tomorrow Bob not be trusted? A nasty breakup could occur between Today and Tomorrow.

If this system were broken by design, then you might want to inform the DoD and the whole process of security 'reading in, and reading out' with regard to access to information. You trust the person today to not make copies of classified information, you also trust them to not attempt to circumvent software controls. That doesn't mean you trust them later, to not want to pass on that information, but you take precautions TODAY to ensure that they don't retain that information in case they change their minds later.

In short: It is possible to trust and not trust a single entity, when the periods of trust and not trust are distinct moments in time.

Re: What and what?

[Aaden42]

If you're talking about forensic recovery, then you can't kill it with just one overwrite. Wear-leveling at the hardware level would ensure that your single overwrite actually wrote to different physical blocks than the original. The original blocks wouldn't be touched again until a reasonably large percentage of free storage was overwritten. If you can root the device, you should be able to read out the raw disk blocks with `dd` or similar, Search for "JFIF" tags identifying a JPEG image, and go from there. Assuming the OS is booted at that point, any built-in flash encryption would transparently decrypt as you accessed it, so no help there.

iOS at least does provide a way to do this properly if you really want to. Never store the image in the clear. Create a random encryption key for each image and write the image to flash encrypted with that key. Store the key in the OS' Keychain services. When you want to delete the image, destroy the key, then you can delete the encrypted image from the flash device without concern. iOS provides a mechanism for actually destroying a key in Keychain. IE the flash wear-leveling problem is accounted for at the operating system level. Down side to that is now your app has to go through US export control BS since it does encryption

SO... Now that it's secure on disk, I move to the next weakness. Sniff it over the wire. I haven't looked at SnapChat's traffic, but let's assume they used SSL (otherwise, way too easy...). You'd need to setup a man-in-the-middle proxy. Even on locked down non-jailbroken iOS, you can add trusted CA roots to the OS. So self-sign a cert for whatever hostname they use for their servers, trust it on the device, and now you can sniff the images to save them and most likely figure out the protocol to emulate a client and remove the phone from the equation completely.

Of course, all of this is pretty silly when there's an OS-provided screen capture function that apps aren't able to delete. Power/home button combination, and you have a screenshot. The entire concept of Snapchat is fundamentally flawed given that it can't possibly enforce what it's stated purpose for existence is on its target platform.

Re: What and what?

[blueg3]

That's not actually the case here. People seem to be assuming that you can recover Snapchat images because they're deleted but the data is still resident on disk. Sure, that's a common reason for being able to recover data from a computer. It's not the case, though.

The problem seems to have first been documented by Decipher Forensics. It's clear from their writeup that they didn't do data carving to recover deleted files. The images are simply stored an a directory that's not user-accessible and not deleted.

Within this folder were located every image sent to [a SnapChat] account ... including the images that had been viewed and were expired.

Snap What?

[Cornwallis]

"Snapchat has made an enormous and lasting impact..."

And this is the first I've heard of it.

Re: Snap What?

[MachineShedFred]

Me too. And I still don't know wtf it is, or why I should care.

Re:Snap What?

[dyfet]

Indeed. At least cryptocat I had heard about...never heard of this ever before. Sounds like self-promotion by a private commercial entity...and then there is this about it (from http://en.wikipedia.org/wiki/Snapchat)

"...In May 2013, Forbes reported that the photos do not actually disappear, and that they can still be retrieved even after their time limit had expired.[6]..."

Oops...maybe your snapchat really is only shared with your friends and every three letter agency in the book?! :)

Re:Snap What?

[Njovich]

I take it nobody has sent you any naughty pictures recently? You may not be the target group for it.

And I don't mean this insultingly or so, I'm neither. But make no mistake, 90% of people under 20 know about it, and it did have its impact.

Re:Snap What?

[Arduenn6058]

FTFA

The makers of Snapchat are right to reject the “sexting app” label – it’s not clear that this is what it is even being used for, and everyone deserves the option to communicate privately when they want, without automatically being branded as a pervert.

Just as I thought. It's just another sexting app.

Re:Snap What?

[Big+Hairy+Ian]

"Snapchat has made an enormous and lasting impact..."

And this is the first I've heard of it.

I believe the author like every teenager thinks he invented masturbation

Which of course is impossible because I invented it!

Re:Snap What?

[Cenan]

I take it nobody has sent you any naughty pictures recently? You may not be the target group for it.

Technically the target audience would be the people sending the pictures, the ones receiving would be a secondary audience - and only use the program because the primary audience is sending naked tits to them via it. Akin to why many people around here, allegedly, use Facebook, because other people use it and they wish to participate. /nitpick_off

But this is by far not the first time I've heard of it, although I wouldn't have been able to name it by name, I knew of chat apps for phones that tried to implement a kind of DRM scheme for sexting. A dead end, but people seemed to have bought it nonetheless.

Re: Snap What?

[L4t3r4lu5]

Snapchat is a picture messaging service which displays the image, once opened, for only 10 seconds, then deletes it. You can't screenshot the image because you need to hold your touchscreen for the image to display for those 10 seconds.

There are hacks to bypass this security feature, but they require a rooted phone.

Re:Snap What?

[L4t3r4lu5]

If you send naughty pictures to a recipient you don't trust, you deserve the fallout. Learning who is trustworthy is a valuable life skill; It shouldn't be hacked around by technology.

Re:Perhaps

[smallfries]

Best slashvertisement. Ever.
Best editing of a summary. Ever.

Lowest point? We should be handing out awards for this shit.

Snapchats Don't Disappear - deleted photos found

[dyfet]

How do they reconcile their claims with "Snapchats Don't Disappear: Forensics Firm Has Pulled Dozens of Supposedly-Deleted Photos From Android Phones" - http://www.forbes.com/sites/kashmirhill/2013/05/09/snapchats-dont-disappear/?utm_campaign=forbestwittersf&utm_source=twitter&utm_medium=social

"A 24-year-old forensics examiner from Utah has made a discovery that may make some Snapchat users think twice before sending a photo that they think is going to quickly disappear. Richard Hickman of Decipher Forensics found that it’s possible to pull Snapchat photos from Android phones simply by downloading data from the phone using forensics software and removing a “.NoMedia” file extension that was keeping the photos from being viewed on the device. He published his findings online and local TV station KSL has a video showing how it’s done ..."

Opps...sounds closer to fraudsters

The Slashdot Trifecta

[water-and-sewer]

"We should be grateful" the summary says.

Well I for one am grateful that we seem to have hit the Slashdot trifecta: (1) Obvious, blatant slashvertisement intended to showcase some product noone's ever heard of, (2) link to a site behind a paywall, and (3) Web 2.0 product that somehow involves social and tracking and profile building, something I would want no part of.

Do I win? And if so, do I get my money back?

Re:The Slashdot Trifecta

[MachineShedFred]

You forgot: (4) a blatently obvious lack of using the "Preview" button on the part of the "editor", and a complete disregard for fixing it after it's been pointed out and tagged as a broken link.

Re:The Slashdot Trifecta

[c]

... (2) link to a site behind a paywall ... Do I win? And if so, do I get my money back?

Technically, it's just a URL with some mangled HTML which might have made it into a link if a so-called editor actually did his fucking job.

So, it's a Slashdot trifecta, just not the one you identified. No prize for you.

Re:Snapchats Don't Disappear - deleted photos foun

[gl4ss]

if someone can see the message they can record it.
if not with anything else then with another smartphone, duh.

this is just a snapchat advertisement.

Commercialware - Government In Control

Thanks for this slashvertisement. Not let me deconstruct it:

It's a commercial entity behind this, which means the government has easy leverage to make them snoop on all their millions of users. All the government has to do is to set them up for "inquiry into inappropriate accounting and tax evasion". See what they did to Bernie Ebbers of MCI and the boss of Qwest.

Bernie Ebbers did not comply with their demands for illegal eavesdropping, he did not take their bribe in the form of "NSA telecommunications contracts" and then Mr Ebbers was thrown into jail to rot until he will probably die or have dementia.

http://www.dailykos.com/story/2006/05/13/210046/-Bush-Retaliates-Against-Qwest-For-Saying-No-To-Spying

The REAL finance criminals of New York, those who destroyed the world economy in 1929 and tried the same in 2008/9, they collect their bonuses and retire to their country castles. They certainly DO NOT go to jail:

http://en.wikipedia.org/wiki/Maurice_R._Greenberg
http://en.wikipedia.org/wiki/Richard_S._Fuld,_Jr.

Very soon the New York criminals will use YOU Americans for a new war, after they used you to take out Saddam Hussein. The new war will be against Iran, because that nation feels with the oppressed people in Gaza and the West Bank. The real terrorists in Saudi-Arabia and Israel won't be touched.

Let's see how corruption, decadence, sodomy, drug abuse and lies work out on the long run for the American Empire. If history is a guide, it will end very much like the Roman Empire. Just at internet speed.

Re:Commercialware - Government In Control

Not necessarily disagreeing with anything you've posted, but I'm really not sure how you got from a "deconstruction" of a blatant slashvertisment for some kind of photo-sharing service, to middle-eastern politics. Let me try.

As a photo-sharing service, it is not at all out of the question that bigger "social media" operators like facebook, google or even Microsoft might buy them out to either extinguish or intgrate the chatsnap service into their own. This means that any pictures you put into this service could, ultimately end up in the hands of someone like Mark Zuckerberg who, as we all know, is a vegetarian.

Vegetarianism is not only better for your body and for the environment, but is self-evidently the most ethical way of life possible, seeking to minimise the amount of suffering caused to other living, feeling creatures. If the world were to switch from animal proteins to pulses and fungus-based protein, not only would the amount of land required for agriculture be massively reduced, but greenhouse emissions in the industrialised world would whistle for a cab and when it came near the License plate said "fresh" and had a dice in the mirror If anything I could say that this cab was rare But I thought nah, forget it, yo homes to Bel-air! I pulled up to a house about seven or eight And I yelled to the cabby "Yo, homes smell you later!" Looked at my kingdom I was finally there To sit on my throne as the prince of Bel-air

Wait, what

in the actual fuck is ..

Re:Perhaps

[digitalchinky]

I have no idea what snapchat is, don't care either, though a couple of weeks back it was something about snapchat's not disappearing, now this - how much is slashdot being paid to run this stuff?

Oh dear

[wonkey_monkey]

They have simplified a security process enough to the point that anybody can use it

Yeah, and look what's happened to Slashdot now it's so simple that anyone can use it:

the market of the next generation of a href="http://www.forbes.com/sites/tarunwadhwa/2013/05/22/why-we-should-

Please, submitters, check your summaries (I say "your", though this is just another copy-and-paste job) for things like borked HTML, because the editors clearly aren't interested in editing anything.

Because it's broken by design

[brunes69]

Keeping chat history in the cloud with Google Talk / Hangouts is one of the features I love about the service the most. I can not even count the number of times that the ability to look at old chat logs has saved my butt.

The very "feature" SnapChat is promoting is also the reason I would never use their service... I want and need a cloud-based shared history for my chat logs, thanks. To me, they are just as important and ephemeral as emails.

Did Snapchat write this story?

[bignetbuy]

This "stories" has all the hallmarks of some marketing dribble written by Snapchat. It has the right buzzwords, is full of itself, and touts some silly app as the future of the Internet.

When did Slashdot sell its soul and start accepting stories from companies?

Snapchat is a joke.

As soon as I saw this I laughed my ass off. The reality is that if you send something to someone, they can have it forever. A friend of mine has written apps for both iOS and Android using Cydia Substrate to hook the API calls used to display images and video in snapchat and automatically save them out to your SD card.

It's not possible by definition of how computers work to do something like this securely.

Snapchat doesn't disappear

[anthony_greer]

Do the editors read the news? I first saw this yesterday morning:

http://www.latimes.com/business/technology/la-fi-tn-privacy-watchdog-epic-files-complaint-against-snapchat-with-ftc-20130517,0,3618395.story

and if they weren't monitoring/storing snap chat, I would think the FBI would be bitching like they do about Skype...

Slashdot bug report

[2phar]

The 'disable advertising' option appears to no longer be working.

It's because like, ur old and stuff or whatever...

[splitsevin]

(Disclosure: I'm am old bastard myself but I work in the mobile dev world so it's my job to know when things are making waves in the industry.)

The demographic that they appeal to is very, very young. As in teens and college-aged adults. The app itself is extremely popular in the iTunes store and on Android. So much so, in fact, that Facebook, after not being able to buy it quickly (after explosive... truly explosive growth) decided to rip it off and build a clone called, wait for it, Poke.

People declared the end of Snapchat as big bad Facebook was going to eat their lunch, digest their user base and excrete them out into a paper bag to be lit aflame and left on Snapchat's front step. Poke hit around #14 on iTunes, then slide down fairly rapidly and is now an afterthought.

This was a victory for small dev shops that demonstrated that big companies can clone a product but that user loyalty is a very, very real thing.

Re:Perhaps

[tverbeek]

Posting this immediately after an article about how teens are sharing too much personal information online is (as those kids are saying) epic.

How about imageboards?

[s1lverl0rd]

4chan threads self-destruct after a (short) period of inactivity, and has done so for a long time - I don't see how this ephemeral communication thing is either new or newsworthy.

I'm pretty sure we shouln't go and celebrate the existance of 4chan, either.