Slashdot Mirror
Five Alternatives To Snapchat
Nerval's Lobster writes "Snapchat isn't having the best 2014: less than a week after a cyber-security collective revealed an exploit that could allow hackers to swipe users' personal data from the messaging service, a couple hackers reportedly went right ahead and stole 4.6 million usernames and phone numbers, posting them as a downloadable database. It's easy to see why Snapchat's become so popular: the idea of messages that vaporize within a few seconds of opening holds a lot of appeal to not only the excessively paranoid, but also anyone who simply wants to keep their online footprint to a minimum. But as several security experts are pointing out, the idea of 'disappearing messages' was never a foolproof one. 'If you took a photo of your phone while the risky image was on screen, or took a screenshot, or dumped your phone's graphics RAM, or used basic forensic data recovery techniques to retrieve the "deleted" files after viewing them, or fetched the image through a session-logging web proxy,' Phil Ducklin wrote in a Jan. 1 posting on the Naked Security Website, 'then you'd quickly have realised that Snapchat's promises of "disappearing images" were fanciful.' For those who no longer trust Snapchat, but want that same vaporizing-message functionality, some alternatives exist, including Silent Circle (which offers a messaging app, for a subscription fee, that forces messages to self-destruct after a set period of time) and Wickr (features military-grade encryption — AES256, ECDH521, RSA4096, TLS — and the app-builders claim they don't have the keys to decrypt; messages vaporize after a set time)."
Perhaps they should have taken the $3B offer from Facebook (or the alleged $4B from Google) when they had the chance. Especially since people have endless opportunities to abandon services like Snapchat for the Next Cool Thing anyway.
Koans and fables for the software engineer
What about using PGP/gpg, setting up a web of trust, sending the encrypted data via whatever messaging protocol one wants, and not depending on someone else's word that they will destroy data on an expiration date?
Yes, having a promise that a photo will go poof is nice, but this assumes that the client-side DRM is working, and this may not be the case... so might as well just give up pretenses and use something time tested.
Yes, web of trusts take some time to build, but it is more secure than trusting a third party to do all the work.
...tell me how they stop you taking a photo of the screen when the message is on it...
And what if I take a picture of my phone while the image is displayed? You have to face the truth: Self-destructing messages are a type of DRM, which can always be defeated.
It's best to use encrypting free and open source software, and only send data to friends whom you can trust to disable logging. OTR messaging does this, and has many FOSS implementations. The proprietary programs from TFA can't guarantee security, because the source code can't be examined.
So does your phone steadily run out of RAM as the chips are incinerated? ...I didn't know the batteries were that powerful either, I'm so far behind the times.
I came to the datacenter drunk with a fake ID, don't you want to be just like me?
then again, I don't have a body that too many people are interested in seeing in a state of undress, or a burning desire to show it to other people.
He tried to kill me with a forklift!
Bet turning down $3B from Facebook is looking pretty arrogant and stupid now
Let's be fair, an "excessively paranoid" person wouldn't trust a free service, they'd roll their own. Second, honestly, why on earth would anyone think that any free service is unexploitable? What example do we have of a free service that's been reliable in terms of privacy and security? Maybe I'm wrong, but I can't think of one.
Is there a good PC version of any of these? It seems odd that they're phone-only, messaging on the computer is still very much a thing.
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
Snapchat and it's ilk is a kind of DRM. As such it will never really work.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
No amount of security is going to prevent that from happening. If you send someone a photo, prepare for it to be stored somewhere, no matter how you send it.
None of the five alternatives provide client source. "Trust us, we're secure".
Makes me wonder if that last one uses military-grade encryption to hash timestamps.
Don't take or post pictures you don't want to be seen by others.
It would be nice to beat people who bring cameras or take out their phone on a Stag do.
Woops I read that wrong.
Not Snapchat!
Please stop saying this, it just sounds stupid.
Maybe because I am struggling paying student loans and keeping expenses down like 60% of Americans, but if I were offered $1,000,000,000 for a company that makes more no money I would fucking take it!
If my other 2 partners got greedy and think they are the next Bill Gates and deserve to the be the top richest people for providing no value then I would have sold my share to Zuckerberg and told the other 2 partners to bite me or pay me the $1,000,000,000 themselves!
I mean come on what is so freaking innovative about a chat client written in java that can be done by any freshmen level CS student with pics that vanish after a timer?! ... and if I were retarded enough to be an investor you bet your ass I would sue the hell out of all of the partners for $3,000,000,000 or try to recoup my money back. They did not have the shareholder interests at heart either.
http://saveie6.com/
Or don't use it. Are you better off with or without it?
I want to delete my account but Slashdot doesn't allow it.
The summary presents Silent Circle's subscription service as an alternative that accomplishes what Snapchat doesn't, but that's crap. Nearly all of the listed ways of preserving Snapchat messages will work with Silent Circle... and anything else that tries to do the same thing. Oh, I have no doubt that the Silent Circle app is a lot better at protecting your data in transit, and I'm sure it reduces message access to key access, so once you can verify that the keys are gone, the contents are effectively gone, but those keys are still vulnerable to all sorts of device hacks. They have to be.
I have hopes that in the future we may be able to embed secure key management hardware in devices, which will make this kind of stuff a lot harder to defeat, but ultimately nothing will ever be able to make sure that digital data actually goes away. DRM -- which is what this is, just in a slightly different form and for a different purpose -- doesn't work, and can never work, not in an absolute sense.
This isn't to say that Snapchat's disappearing messages aren't good enough for many purposes, and that Silent Circle's implementation isn't adequate for even more (assuming the people you want to talk to also have it), but anyone who thinks that they can send digital photos of their genitals to their friends, confident that only the recipient will ever see them, is simply mistaken. And anyone who wants to use ephemeral messaging for any more important purpose is a fool.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Yeah yeah, pull the other one. A quick national security letter telling them to log everything will take care of that issue, and who's gonna know? We will never have privacy. The only solution is to make sure the authorities don't have any either.
“He’s not deformed, he’s just drunk!”
It has nothing to do with how innovative the product is - even though it did bring something that no other apps did at the time, what matters is that it had many users. That's all that counts.
It has nothing to do with how innovative the product is - even though it did bring something that no other apps did at the time, what matters is that it had many users. That's all that counts.
Well call me old fashioned, but what matters to me is money. It is a corporation after all.
Users do not mean jack if it does not bring in money. So yes these guys were idiots and blinded by greed and did the shareholders (assuming they had outside investors and help) not only a disservice but broke the law by not selling.
So if I were one of the 3 partners I would have sold out and pains like the security issue show its age. It is new and doesn't have an IT department more than a few people. It also shows how naive they are in the fact that there are many SQL and No-SQL databases to use that are mature, tested, have huge apis, and most importantly get regular security updates.
Perhaps I am bitter I was not offered billions so do not discard that part :-)
http://saveie6.com/
Wickr works amazingly well.
Trolling is a art,
None of the alternatives, no matter how technologically sophisticated (within the bounds of current smartphone technology) can protect against a picture of the screen being taken with a second device.
-Snapchat keeps complete records of ALL user activity.
-Snapchat specifically does NOT employ (real) end-point encryption so customers' communications are not secure in any absolute sense
-Snapchat 'communications' can easily be archived for all time by the recipient through the trivial means of a camera, let alone by the myriad of circumventing 'hacks' possible at the recipients end.
Snapchat sells a lie. This does not mean that there are not informed users using the service for fun and convenience, but Snapchat sets out to push another clear NSA agenda- implying to the sheeple that using corporate, heavily compromised services is a 'safe' way to communicate.
The NSA desires that ordinary people are highly groomed in their technology habits to prefer those methods most beneficial to the NSA. Much of this is laying down the future, and has NOTHING to do with any form of specific target today.
Instant Messaging was the very worst example of this. EVERY IM service passed every text message through their central servers, rather than using the far more logical direct user-to-user connection once the 'match-making' had been set-up. And the reason for this was every IM service was, in reality, an intelligence operation, specifically designed to capture the text-communications of millions of Humans.
Snapchat is a different flavour of NSA operation. Snapchat is about gathering compromising information created when people let their guard down. The common use for such 'intelligence' is when a person in an 'important' position is 'invited' to have a private 'chat' with a representative of their government they have never met before. The 'chat' is designed to point out that the victim stands at a crossroads. Path one offers every possibility of a rosy future. Path two is all about how easy it is to stumble and fall, all because of how damaging the revelations of past indiscretions can be to the career prospects of a 'fine' 'upstanding' citizen.
Remember, in the USA politicians can be anything BUT atheists. The demonstrates nicely that in the USA, your apparent form in the eyes of the sheeple could not matter more. When Obama was following his lord and master, Tony Blair, and preparing to hit Syria with the largest air attack seen in Human History, do you think Obama had ANY problem persuading the lesser scum that help authorise such Crimes against Humanity that they were going to vote in favour of the holocaust? Obama only failed because fellow big hitters, far too powerful to fall prey to such blackmail methods, were freaked out by the amount of anti-war sentiment detected by full surveillance NSA programs, despite the saturation of anti-Syria propaganda on the zionist controlled mainstream media outlets in the West.
But if fellow high-ranking elites had NOT been against the holocaust of Syria, Obama would have gained the votes of just about everybody in the two houses (frequently using 'Snapchat' like intelligence as coercion), and millions of Syrians would be now dead.
As a fairly heavy user of snapchat I see all these comments about it failing due to poor security just plain wrong. Almost no-one uses it for the security. Its about the lack of cost if the picture is 'wrong' or poor. Sending selife's or pictures of what's happening in your day is a nice way to keep in touch with someone. It feels more personal than text or voice and is much easier to do. Who cares if its a bad picture or a little boring, its gone in 10 seconds. Maybe some have a usecase for high security (nude pictures etc) but that isn't the largest market, or at least in my experience.
has anyone else thought that the Snapchat db breach may have been done at the behest of a company that wanted to buy Snapchat but was rebuffed? Disclaimer- not talking about any specific company; we all know all kinds of deals between players unseen to us are always being floated . Just wondering if this breach isn't somehow strategic to some company. "Let us buy you at this strike price or we'll trash your valuation " is not something anyone would ever SAY to anyone but it MIGHT be the take away lesson other companies watching it all go down could learn.
Self-destructing content -- isn't that what we have always rallied against? Gladly, as you mention, it can't possibly work.
If my other 2 partners got greedy and think they are the next Bill Gates and deserve to the be the top richest people for providing no value then I would have sold my share to Zuckerberg and told the other 2 partners to bite me or pay me the $1,000,000,000 themselves!
It's not publicly traded. Private corporations can and do have rules about selling out. Often times the other owners must agree to any sale. Would you want to risk getting into a business venture and suddenly discover your partner is now Zuckerberg?
Yes. The value of Snapchat isn't the app itself -- the app and its server-side infrastructure could be replicated in a matter of weeks by Facebook engineers. The value of Snapchat was and is entirely its current user base. If you're Facebook and you can suddenly acquire millions of non-Facebook users (or tether existing users more tightly to Facebook) then you have millions of more opportunities to sell ads, and to sell user metadata to whoever.
But once the bubble pops and the users go elsewhere, Snapchat goes the way of... um... well, any company I can't remember the name of because they've gone the way that Snapchat will go. If you know what I mean.
Koans and fables for the software engineer
you'd quickly have realised that Snapchat's promises of "disappearing images" were fanciful.' For those who no longer trust Snapchat, but want that same vaporizing-message functionality, some alternatives exist
Great. And how do those alternatives stop any of the work-arounds mentioned in the summary?
Or did you mean "alternatives which are just as bad"?
systemd is Roko's Basilisk.
Security is like a 2 inch steel door with an unbreakable lock.
I know that a plasma thingie would cut right through it, but I lock my frontdoor nonetheless and I sleep well.
Security has to be just good enough. It will never be perfect.
How about:
6) None of the above.
Have gnu, will travel.
IRC on your own network.
The same promises were made for Video/Music streaming. In that it is off site, and supposedly used as DRM. However it is bs. There are certain clever ways to go about it. However Once you have it on your machine, you can do all sorts of stuff to it to then save it as something else. This has been done time and again.
Most people probably wouldn't know how to do it, even with snap chat. But all it takes is someone to build a application that does it for you, then you can just use that.
Taking a screen shot of your device for example while using snap chat would seem to be the easiest and most trivial solution. Not having used snap chat maybe it has a way to disable your phones ability to take a screen shot...
Anyway the protection is an illusion. It is better than nothing, but it probably isn't all that secure to begin with.
Here, have a good example.
At its height in January 1997, News Corporation made an offer of $450 million to purchase the company
[several failed attempts to sell skipped]
Instead, they sold out for about $7 million in May 1999 to Launchpad Technologies, Inc., a San Diego company founded and backed by Idealab, and the PointCast network was shut down the next year.
silent circle encrypts the messages on the device, the keys are not vulnerable to this attacks you mention because they require user passphrase to unlock the decryption key. Silent Circle is real crypto designed by people who know crypto.
Go back and read the list of attacks against Snapchat. Silent Circle is still subject to screen shot attacks, device malware attacks, device graphics RAM dumping attacks, etc. It probably isn't subject to retrieval of deleted messages, and really shouldn't be subject to grabbing of messages through a session-logging proxy. But that's my point... though it's vulnerable to fewer attacks because, it's still vulnerable.
BTW, I'm a guy who builds systems with real crypto, and who knows real crypto. I respect the Silent Circle authors, and have every reason to believe they're doing the best job that can be done. But the best job that can be done is far from perfect due to other limitations.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Still in beta. Only on ios. I use it. It works. Better for messaging than snapchat. Simple. Not military complexity like the alternatives mentioned
Worth checking it
Cyber dust
Come on slashdot, get the guy's name right.
Get free bitcoins: http://freebitco.in
You cannot send someone an image, which can be displayed by the user and prevent the user from saving it.
Yes, it is used exclusively by 4.6 million teenagers who all have no understanding of a mobile phone's screen capture capability and only communicate with nude images of themselves.
Never underestimate DRM. This is how the machine wars began...
Android has detected you are trying to violate DRM using another device. Accessing device... shutting down... countermeasures launched...