A bot named 'epicchallenge' programmatically sends a snapchat video about a "smile" contest to a huge (42k) list of users. Then we programmatically get their responses and have people vote on them.
Woah, woah woah. So by entering my username into snapgraph to "explore my snap chat network" aka see an animation of my top friends, I'm opting into your bullshit spam contest app, and anything else you plan on making?
Not a smart move dudes. My trust in anything you else make = Zero.
In case anyone is wondering, the deleted comment that thattallguy replied to explained how they built something along the lines of a "friends network visualizer" and abused their users' trust.
We basically built something on top of Snapchat, which is a relatively-new social photo sharing app with no API for developers. So we made our own APIs and made Ranker.io work :)
We communicate with Snapchat's servers and pretend to be their mobile app. This gives us access to everything that you can do through the mobile app. For example, we can send messages, view (and save) messages, create new accounts...
A typical example of twisted IT ethics. Just because you CAN doesn't mean you SHOULD do something. It is like shoplifting; it isn't suddenly ok when there is no one to physically stop you.
Aren't snap chats supposed to self destruct? This is really cool.If you think it would be useful, I'd be happy to offer all your users a free custom credit card skin from CreditCovers.com with their photo on it if you'd like. ($10 retail value each) - I assume they all wouldn't redeem it but we could budget ~$100k of product for you for this or another promotion. Anthony @ CreditCovers.com if you want to talk.
I don't understand how any of these items could be okay with snapchat:
1. You are keeping chats that are meant to be ephemeral
2. You are acting as a snapchat client to create an API where there should not be one.
3. You are basically spamming users on snapchat to get them to add you.
I agree. From Snapchat's TOS, "you agree to not: 1) Use any data mining or extraction methods in relation to the Services; 2) Interfere with or hinder the operation of the Services or any other individual's use of the Services in any way; 3) Inflict or impose any perverse or excessive burden on the Services in any way; 4) Compromise the security of the Services; 5) Use the Services for any purpose that is illegal, beyond the scope of their intended use, or otherwise prohibited in these Terms; 6) Utilize the Services to transmit spam, viruses, bugs or any material that could be considered threatening or unlawful in any way."
I think quite a few of those terms have been violated.
So basically, you spammed 42k users, and tricked them into sending what they thought were ephemeral pictures but were instead permanently saved and displayed publicly on your website. And now you're bragging about it.
Ok I suppose that's better than nothing, but you're still violating the most fundamental aspect of snapchat, and I guarantee you that a good chunk of your pictures came from people who didn't realize that you were actually saving their pictures.
You have to know about it to request removal. That doesn't fix the issue of user's not understanding that you're changing the expected behavior. I'd assume you meant it would be posted online and then removed shortly after.
Not to be rude... but are you sure people fully understand this? Snapchats are supposed to be seen at most 10 seconds. Snapchat frequently has little bugs where the snap doesn't show up for it's full amount of time.
I hate to say this because I genuinely like the idea... but this website seems shady to me. They are bragging about reverse engineering an API, and IMO, at best, spamming users with a 10 sec disclaimer saying their photo will be posted online.
Overall: Nice site. Congrats on the technical side. But I really don't think I can condone this.
The modern version of misfits are already crafting the brothels of tomorrow - check how this porn site disguises itself amidst today's ignorance of psychology.
I love this type of hacking on undocumented APIs. Does anyone know if it's possible to bend or break the technical rules of SnapChat through this type of direct API access? It would be interesting to try and post a 20 second video... or send someone Lord of the Rings. :-)
Snapchat was really asking for this to happen, with exposing usernames publicly at snapchat.com/<username> and showing subsequent top friends. What was the rationale of doing that vs keeping it all inside the app?
I think this is a neat idea. Looking forward to more! It's creative website scraping, which is what developers did before APIs were mainstream (in case you were living in a cave). The posters here are just butt hurt they didn't think of this idea first. Haters gonna hate.
Something about this just strikes me as arrogant. Please enlighten me if I misunderstood ...
"How does it work?
We communicate with Snapchat's servers and pretend to be their mobile app. This gives us access to everything that you can do through the mobile app. For example, we can send messages, view (and save) messages, create new accounts..."
That's a detail that's not relevant at all to their "users" (the people sending in snapchats). It sounds like they're bragging about their circumvention of Snapchat's lack of an API.
I don't want to diminish the technical accomplishment here -- reverse an engineering an API and writing a Snapchat bot is impressive. But, as other posters have pointed out, they're likely violating the Snapchat terms and misleading their "users."
Is it impressive? Unless Snapchat put a lot of work into making the binaries prevent RE (which, in ios is probably unlikely due to runtime restrictions), it's probably fairly straightforward.
On another note, the only way an app dev could really prevent this is if mobile devices had some sort of TPM or other remote attestation feature.
It is Hackathon Culture after all; Do something because you can, or just to see what is possible. Unfortunately, you guys are getting lots of negative pushback here. Sometimes, it's not what the Tech does, but how you leverage the Tech, and how you Package your Product. Is this a "just for fun" project, or do you guys plan on going all the way? If the intention here is to build/release a real product, I can see a few potential issues with this approach, some of which are already covered here. Perhaps if you used a different approach, and solved a different problem (Same Tech, Different Product) you might have more positive feedback. In fact, I can think of a great 'Pivot' possibility here using the Tech you've built to provide a different Type of Service that I can see customers happily using, and paying for. If this sounds interesting, feel free to reach out to me on Twitter, @shawnkreilly
48 comments
[ 5.1 ms ] story [ 95.0 ms ] threadA bot named 'epicchallenge' programmatically sends a snapchat video about a "smile" contest to a huge (42k) list of users. Then we programmatically get their responses and have people vote on them.
Looks like a fun idea!
Not a smart move dudes. My trust in anything you else make = Zero.
I'm I wrong here?
We basically built something on top of Snapchat, which is a relatively-new social photo sharing app with no API for developers. So we made our own APIs and made Ranker.io work :)
1. You are keeping chats that are meant to be ephemeral 2. You are acting as a snapchat client to create an API where there should not be one. 3. You are basically spamming users on snapchat to get them to add you.
I think quite a few of those terms have been violated.
You know exactly what you're being called out on.
I hate to say this because I genuinely like the idea... but this website seems shady to me. They are bragging about reverse engineering an API, and IMO, at best, spamming users with a 10 sec disclaimer saying their photo will be posted online.
Overall: Nice site. Congrats on the technical side. But I really don't think I can condone this.
I'd assume you meant it would be posted online and then removed shortly after.
"How does it work?
We communicate with Snapchat's servers and pretend to be their mobile app. This gives us access to everything that you can do through the mobile app. For example, we can send messages, view (and save) messages, create new accounts..."
That's a detail that's not relevant at all to their "users" (the people sending in snapchats). It sounds like they're bragging about their circumvention of Snapchat's lack of an API.
I don't want to diminish the technical accomplishment here -- reverse an engineering an API and writing a Snapchat bot is impressive. But, as other posters have pointed out, they're likely violating the Snapchat terms and misleading their "users."
On another note, the only way an app dev could really prevent this is if mobile devices had some sort of TPM or other remote attestation feature.
Good Job on the Tech!!