The Snappening; who to blame?
Snapchat. If we talk about a teen with a smartphone overdosing on Social Media, this is most certainly something s/he can’t live without. However, we doubt if any of you more mature or older folks use it. What we are sure about, though, is that you’ve heard about the recent leak of Snapchat pics and candid pictures and videos available online.
Developed by Josh Meyers, Reggie Brown, Bobby Murphy, and then students of Stanford, Snapchat is a photo messaging application that has become an essentiality for teenagers running on a high dose of Social media, among others. Such is the popularity of Snapchat that in May 2014, users were sending an average of 700 million photos and videos every day, which were viewed over half a billion times. The founders were offered US$3 billion last year in July, by Facebook, and then US$4 billion in November by Google, both of which were declined.
What it does?
In the words of its founders, Snapchat was created to counteract the need to maintain an idealised online identity. This, Spiegel- one of the co-founders – believes, “(has) taken all of the fun out of communicating.” The Snapchat app simply functions by letting users send snaps and videos of them to others, which are automatically deleted from the recipient’s phone and the company’s servers after a programmable – usually short – time period, once the recipient has seen the content.
Privacy & Security Concerns
Even though Snapchat has been subject to a number of security and privacy concerns in the past, people continue to use it. In fact, the company was voted the most unreliable in a report released by Electronic Front Frontier Foundation in May 2014.
Due to the nature of the app, it’s not hard to fathom that the primary user base of the app is of users aged between 13 and 23 years; with over half the total user base being under 17 years of age. The app is primarily used by people to send humorous content like funny and stupid faces. Another not-so-hard-to-imagine and all-so-common use of the app is for sending candid and sexual content.
Vulnerability of snaps being stored
While Snapchat bases its whole product marketing on the auto-deletion of the snaps, so they aren’t stored, it’s hardly the case in actuality. The snaps stay in the company servers for 30 days, if they are not viewed. Then there are other ways to recover the deleted snaps, and even more to store the snaps. Numerous 3rd party apps exist that allow just the same.
Recent Leak: The Snappening
Recently hackers gained access to close to 90,000 pictures and 9,000 videos sent over SnapChat, originally meant to have been deleted. These snaps were most likely captured by some third-party app, whose database was compromised by these hackers. SnapSaved.com is believed by many in the industry to be the source of this leak. Due to the nature of SnapChat’s user base and its usage, it is but obvious to consider the prospect of a good lot of these leaked images and videos to be content which may be classed as Child pornography.
The whole 13GB worth of this “low-resolution garbage” was available for download on ThePirateBay and other places across the depths of the Internet. Although, this dump was available at several sources, it wasn’t really easily accessible for the average non-tech-savvy user.
Who’s to blame?
Snapchat proudly boasts of its feature of auto-deletion of the images once they are viewed, and even notifying senders when recipients take a screenshot, but we believe this is gross misrepresentation. According to the company’s own policies, the last 200 “snaps” of a user are logged and stored on its servers for a full 30 days, if not viewed.
When Forbes published a report in May 2013 that the snaps did not actually disappear on the expiry of the time period, and can be retrieved with minimal technical knowledge, the Electronic Privacy Information Center filed a complaint with the Federal Trade Commission. This resulted in Snapchat settling with FTC over allegations of deceiving users over the amount of personal data it collected. With the breach having impacted 4.6 million customers, Snapchat will have to face privacy monitoring for 20 years.
As if the vulnerability of having this highly sensitive data on its servers wasn’t enough, Snapchat got just one out of six stars in the Electronic Frontier Foundation survey of government compliance and other factors. Snapchat joins hands with the likes of AT&T in the list of companies that don’t even require a warrant before they dole out users’ sensitive communications to the government. Company spokespersons, however, have denied this allegation.
Back in December 2013, Snapchat’s inability to fix an API vulnerability resulted in a leak that brought public parts of usernames and phone numbers of approximately 4.6 million accounts.
With all the above, it wouldn’t be wrong to say that Snapchat is definitely one reckless and careless company when it comes to handling its users privacy.
Then, we have those multitude of third party apps that are developed specifically to capture snaps, which should otherwise be let deleted. Such third party apps not only harm Snapchat but also compromise the privacy of users whose snaps are being recorded by them. While Snapchat does attempt to get apps like these removed from the Play Store, their efforts are still not enough, as many apps and services like SnapSaved.com still remain publicly accessible, which appears to be the source for this most recent leak.
Since the recent leak did not source from either Snapchat or its servers, we can’t hold the company liable for much, apart from negligence for allowing to have such apps exist in the public domain.
Then, there are those hackers who not only committed a crime by hacking into the servers of these companies, but also breached the privacy of the users by posting the contents of their hack online.
Those involved in the distribution of this hacked content, including the perpetrator of the recently shut down viral website, ‘TheSnappening.org’ – which made these 98,000-plus snaps available easily – are certainly to blame for their carelessness, but we believe they haven’t done much wrong beyond this.
Snapchat was already careless, apps to store snaps already existed, databases of these apps were already hacked, and these “saved and hacked snaps” were already out there, all guys like “massguru” (The creator of TheSnappening.org) did was made it easier to access! Finding the snaps of a specific person is almost impossible from this disorganised dump of 13GB available on all these sources.
So, if we were to finally blame someone, it’ll have to be those hackers who not only violated the rights of those companies that managed databases of these saved snaps, but also were careless enough to not care for the users’ privacy and post the contents of their hack online.