Slashdot Mirror
Five Alternatives To Snapchat
Nerval's Lobster writes "Snapchat isn't having the best 2014: less than a week after a cyber-security collective revealed an exploit that could allow hackers to swipe users' personal data from the messaging service, a couple hackers reportedly went right ahead and stole 4.6 million usernames and phone numbers, posting them as a downloadable database. It's easy to see why Snapchat's become so popular: the idea of messages that vaporize within a few seconds of opening holds a lot of appeal to not only the excessively paranoid, but also anyone who simply wants to keep their online footprint to a minimum. But as several security experts are pointing out, the idea of 'disappearing messages' was never a foolproof one. 'If you took a photo of your phone while the risky image was on screen, or took a screenshot, or dumped your phone's graphics RAM, or used basic forensic data recovery techniques to retrieve the "deleted" files after viewing them, or fetched the image through a session-logging web proxy,' Phil Ducklin wrote in a Jan. 1 posting on the Naked Security Website, 'then you'd quickly have realised that Snapchat's promises of "disappearing images" were fanciful.' For those who no longer trust Snapchat, but want that same vaporizing-message functionality, some alternatives exist, including Silent Circle (which offers a messaging app, for a subscription fee, that forces messages to self-destruct after a set period of time) and Wickr (features military-grade encryption — AES256, ECDH521, RSA4096, TLS — and the app-builders claim they don't have the keys to decrypt; messages vaporize after a set time)."
Perhaps they should have taken the $3B offer from Facebook (or the alleged $4B from Google) when they had the chance. Especially since people have endless opportunities to abandon services like Snapchat for the Next Cool Thing anyway.
Koans and fables for the software engineer
What about using PGP/gpg, setting up a web of trust, sending the encrypted data via whatever messaging protocol one wants, and not depending on someone else's word that they will destroy data on an expiration date?
Yes, having a promise that a photo will go poof is nice, but this assumes that the client-side DRM is working, and this may not be the case... so might as well just give up pretenses and use something time tested.
Yes, web of trusts take some time to build, but it is more secure than trusting a third party to do all the work.
And what if I take a picture of my phone while the image is displayed? You have to face the truth: Self-destructing messages are a type of DRM, which can always be defeated.
It's best to use encrypting free and open source software, and only send data to friends whom you can trust to disable logging. OTR messaging does this, and has many FOSS implementations. The proprietary programs from TFA can't guarantee security, because the source code can't be examined.
So does your phone steadily run out of RAM as the chips are incinerated? ...I didn't know the batteries were that powerful either, I'm so far behind the times.
I came to the datacenter drunk with a fake ID, don't you want to be just like me?
then again, I don't have a body that too many people are interested in seeing in a state of undress, or a burning desire to show it to other people.
He tried to kill me with a forklift!
Let's be fair, an "excessively paranoid" person wouldn't trust a free service, they'd roll their own. Second, honestly, why on earth would anyone think that any free service is unexploitable? What example do we have of a free service that's been reliable in terms of privacy and security? Maybe I'm wrong, but I can't think of one.
Read the summary before posting and you will know that they don't try to stop that. They don't even stop screenshots directly from the device (although on many phones they will notify the sender that such a screenshot was taken). SnatchChat's Raison d'être (I am sure /. will make that look stupid because they don't handle unicode - it meant "reason for existence) is sexting. It is for the Anthony Weiner's of the world. Folks that either don't care that there are ways around the auto destruction of the photo or aren't bright enough to figure it out.
Is there a good PC version of any of these? It seems odd that they're phone-only, messaging on the computer is still very much a thing.
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
Snapchat and it's ilk is a kind of DRM. As such it will never really work.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Don't take or post pictures you don't want to be seen by others.
It would be nice to beat people who bring cameras or take out their phone on a Stag do.
Woops I read that wrong.
Not Snapchat!
Please stop saying this, it just sounds stupid.
Maybe because I am struggling paying student loans and keeping expenses down like 60% of Americans, but if I were offered $1,000,000,000 for a company that makes more no money I would fucking take it!
If my other 2 partners got greedy and think they are the next Bill Gates and deserve to the be the top richest people for providing no value then I would have sold my share to Zuckerberg and told the other 2 partners to bite me or pay me the $1,000,000,000 themselves!
I mean come on what is so freaking innovative about a chat client written in java that can be done by any freshmen level CS student with pics that vanish after a timer?! ... and if I were retarded enough to be an investor you bet your ass I would sue the hell out of all of the partners for $3,000,000,000 or try to recoup my money back. They did not have the shareholder interests at heart either.
http://saveie6.com/
Or don't use it. Are you better off with or without it?
I want to delete my account but Slashdot doesn't allow it.
The summary presents Silent Circle's subscription service as an alternative that accomplishes what Snapchat doesn't, but that's crap. Nearly all of the listed ways of preserving Snapchat messages will work with Silent Circle... and anything else that tries to do the same thing. Oh, I have no doubt that the Silent Circle app is a lot better at protecting your data in transit, and I'm sure it reduces message access to key access, so once you can verify that the keys are gone, the contents are effectively gone, but those keys are still vulnerable to all sorts of device hacks. They have to be.
I have hopes that in the future we may be able to embed secure key management hardware in devices, which will make this kind of stuff a lot harder to defeat, but ultimately nothing will ever be able to make sure that digital data actually goes away. DRM -- which is what this is, just in a slightly different form and for a different purpose -- doesn't work, and can never work, not in an absolute sense.
This isn't to say that Snapchat's disappearing messages aren't good enough for many purposes, and that Silent Circle's implementation isn't adequate for even more (assuming the people you want to talk to also have it), but anyone who thinks that they can send digital photos of their genitals to their friends, confident that only the recipient will ever see them, is simply mistaken. And anyone who wants to use ephemeral messaging for any more important purpose is a fool.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Yeah yeah, pull the other one. A quick national security letter telling them to log everything will take care of that issue, and who's gonna know? We will never have privacy. The only solution is to make sure the authorities don't have any either.
“He’s not deformed, he’s just drunk!”
It has nothing to do with how innovative the product is - even though it did bring something that no other apps did at the time, what matters is that it had many users. That's all that counts.
It has nothing to do with how innovative the product is - even though it did bring something that no other apps did at the time, what matters is that it had many users. That's all that counts.
Well call me old fashioned, but what matters to me is money. It is a corporation after all.
Users do not mean jack if it does not bring in money. So yes these guys were idiots and blinded by greed and did the shareholders (assuming they had outside investors and help) not only a disservice but broke the law by not selling.
So if I were one of the 3 partners I would have sold out and pains like the security issue show its age. It is new and doesn't have an IT department more than a few people. It also shows how naive they are in the fact that there are many SQL and No-SQL databases to use that are mature, tested, have huge apis, and most importantly get regular security updates.
Perhaps I am bitter I was not offered billions so do not discard that part :-)
http://saveie6.com/
Wickr works amazingly well.
Trolling is a art,
None of the alternatives, no matter how technologically sophisticated (within the bounds of current smartphone technology) can protect against a picture of the screen being taken with a second device.
As a fairly heavy user of snapchat I see all these comments about it failing due to poor security just plain wrong. Almost no-one uses it for the security. Its about the lack of cost if the picture is 'wrong' or poor. Sending selife's or pictures of what's happening in your day is a nice way to keep in touch with someone. It feels more personal than text or voice and is much easier to do. Who cares if its a bad picture or a little boring, its gone in 10 seconds. Maybe some have a usecase for high security (nude pictures etc) but that isn't the largest market, or at least in my experience.
Yes. The value of Snapchat isn't the app itself -- the app and its server-side infrastructure could be replicated in a matter of weeks by Facebook engineers. The value of Snapchat was and is entirely its current user base. If you're Facebook and you can suddenly acquire millions of non-Facebook users (or tether existing users more tightly to Facebook) then you have millions of more opportunities to sell ads, and to sell user metadata to whoever.
But once the bubble pops and the users go elsewhere, Snapchat goes the way of... um... well, any company I can't remember the name of because they've gone the way that Snapchat will go. If you know what I mean.
Koans and fables for the software engineer
you'd quickly have realised that Snapchat's promises of "disappearing images" were fanciful.' For those who no longer trust Snapchat, but want that same vaporizing-message functionality, some alternatives exist
Great. And how do those alternatives stop any of the work-arounds mentioned in the summary?
Or did you mean "alternatives which are just as bad"?
systemd is Roko's Basilisk.
How hard is that? When did people lose common sense???
If you value your privacy at all...don't join up to FB and other "social networks". And if you actually MUST join them...don't share personal shit you don't want getting out to the general public. It is a simple litmus test...
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Security is like a 2 inch steel door with an unbreakable lock.
I know that a plasma thingie would cut right through it, but I lock my frontdoor nonetheless and I sleep well.
Security has to be just good enough. It will never be perfect.
How about:
6) None of the above.
Have gnu, will travel.
The same promises were made for Video/Music streaming. In that it is off site, and supposedly used as DRM. However it is bs. There are certain clever ways to go about it. However Once you have it on your machine, you can do all sorts of stuff to it to then save it as something else. This has been done time and again.
Most people probably wouldn't know how to do it, even with snap chat. But all it takes is someone to build a application that does it for you, then you can just use that.
Taking a screen shot of your device for example while using snap chat would seem to be the easiest and most trivial solution. Not having used snap chat maybe it has a way to disable your phones ability to take a screen shot...
Anyway the protection is an illusion. It is better than nothing, but it probably isn't all that secure to begin with.
Go back and read the list of attacks against Snapchat. Silent Circle is still subject to screen shot attacks, device malware attacks, device graphics RAM dumping attacks, etc. It probably isn't subject to retrieval of deleted messages, and really shouldn't be subject to grabbing of messages through a session-logging proxy. But that's my point... though it's vulnerable to fewer attacks because, it's still vulnerable.
BTW, I'm a guy who builds systems with real crypto, and who knows real crypto. I respect the Silent Circle authors, and have every reason to believe they're doing the best job that can be done. But the best job that can be done is far from perfect due to other limitations.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Come on slashdot, get the guy's name right.
Get free bitcoins: http://freebitco.in
You cannot send someone an image, which can be displayed by the user and prevent the user from saving it.
Never underestimate DRM. This is how the machine wars began...
Android has detected you are trying to violate DRM using another device. Accessing device... shutting down... countermeasures launched...