A question
SnapSaved ... used the software's API to extract stills and short vids...
Given that Snapchat is supposed to ensure that pictures are deleted after viewing, why does it provide an API for them to be extracted by third party software?
Tens of thousands of stolen private SnapChat photos and vids are being plastered across the internet for perverts to download and ogle, it's claimed. SnapChat says it isn't to blame. When word spread on 4chan's notorious /b/ board that someone had allegedly swiped as many as 200,000 SnapChat files from strangers, it was feared …
Another nail in the "security by obscurity" myth's coffin I guess.
Probably did something stupid like use a hard coded key in the app anyone with a compiler can extract.
But even then, anyone stupid enough to use an un-official site to save snapchat pictures is stupid enough to not have understood the point of snapchat, nevermind the fact that giving your password to a third party is dumb in the first place.
The good book as something about this too.
" A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools."
I think you misunderstand - the people saving the pictures are likely the ones who received them, not the clueless mugs who sent them. But yes, first rule of digital content is that if someone else can decrypt the file for viewing, then you have to assume they'll find a way to decrypt it for saving. Snapchat was always a con.
"Snapchat was always a con."
You have to wonder if the crooks of Wall Street are still seeing Snapchat as a $10bn business?
I suppose the answer is that the value of any company is simply what the dumbest investor will pay for it. With stupidity having no lower boundary, it doesn't matter how laughable and revenue free an idea is, so long as a service has non-paying users, it can still be packaged up as the next great thing and sold.
"why does it provide an API for them to be extracted by third party software?"
It doesn't, the API is for the SnapChat client to get it's only copy of the image/video, I presume the server then deletes it's copy. SnapSaved used the API by seeing how the official client used it, saved the file, and then provided continued access to it.
That would just be another layer of obscurity. If it works over wifi, which I presume it can, rather than cellular data, then dumping the content of the packets is trivial. Yes, it would be beyond a third party website but still claiming 'the picture disappears' is disingenuous.
It is easy enough to explain that the design of snapchat exposes an API to other apps, but that misses the point : why did they not come up with a better design, one more appropriate to the stated aims of Snapchat?
Failing that (and I can't believe they really couldn't come up with a way to close the hole), they could at least warn the user. But, the current text in the Play Store says simply :
Please note: even though Snaps, Chats, and Stories are deleted from our servers after they expire, we cannot prevent recipient(s) from capturing and saving the message by taking a screenshot or using an image capture device.
Note that there is no mention of the recipient(s) being able to capture the images internally.
I think the text needs to be updated at least.
Grown up ladies! Your most intimate nude selfies WILL inevitably be shared across the web, so please put some effort into making sure the lighting and framing are right, and the pose shows you off to your best. Thanking you in advance, AC.
Younger ladies! Just don't do it, please.
Blokes! Same as with the younger ladies.
If you can see it you can record it - even by pointing another flaming camera at the screen. Beyond that there's ... I dunno, VMs, Bluestack, Screenshots ... the list is endless.
The idea that pictures can ever 'cease to exist' is surely a massive misrepresentation of the truth.
And you'll get the number of years until the general public gets a clue that everything you post online has a good chance of being made public and bite you in the ass years after the fact, no matter what some corporate mountebank tells you.
It's also about the same time it will take the governments to stop private companies from scamming the public non stop.*
Of special relevance is the fact that the people whose privacy has been compromised weren't the ones who used a dodgy app/gave their passwords to a third party/had their device haxxored/did some terribly stupid thing, but the ones who sent their snapshits to them.
I'm always trying to explain this to my clients, family and friends, but 90% listen attentively to my short, informative and not boring at all sermons (;-), they nod, and make encouraging noises and thank me profusely. One month later they're opening executable files that a friend sent them over email, giving their email addresses and passwords to any page that asks nicely, sending texts and images they wouldn't like to see printed in their obituaries, visiting webpages that require that you disable some of your security settings to have the privilege to see some cheap porn, and in general, doing really really stupid things.
Mark my words: Internet will be the end of Mankind!**
Note*: And I don't mean sending some spammer or scammer to the slammer (he!) twice a year so the public sees said governments as 'doing something about the problem'. I mean, as an example, preventing the telcos from profiting from scams or requiring a copy of a contract signed physically by the customer before allowing him/her to be charged for 'premium services' ~='scams'.
Note**: hopefully "...as we know it." ;-)
Only *ONE* thumbs up?!?
Very nice rant! And succinct too.
Can I clip it to send to my friends and relatives?
I have exactly the same problem trying to explain to folks what they are doing wrong..
..starting with why you don't use the same password everywhere!
<facepalm>
There was a website called DigiCrime which demonstrated in a humorous way the problems out on the web.
It needs to be seriously updated..
OK, so someone has been naughty and there's potentially millions of personal pics floating about somewhere but on a non-technical level why all the fuss? It makes for a good DM headline but what are the chances of you being recognised by someone you know? Unless your content was absolutely outstanding it will remain to all intents and purposes anonymous. If it's so outstanding as to reach the top of the pile then maybe you should consider a career change. Personally I wouldn't take the effort to scan a pile of snapchat pics to find something interesting when there are plenty of sites with quality stuff already categorised for free
Paedophile angle? I suppose we are talking mainly about the 13-15 year group which while legally are underage it's not the end of the world. Not my cup of tea yet don't class it in the same league as 5 year olds and I doubt many of them are sending selfies to their friends. So more than likely another DM style mountain out of a mole hill.