"Ephemeral" messages, the way Snapchat does it, is useless against surveillance and possibly even other kind of hacking later on if the company is actually saving the content on its servers. Perfect forward secrecy is a much better way to have "ephemeral" conversations, even if the encrypted data remains stored.
Adding self-deletion on top of that just makes it slightly better in case someone wants to decrypt those messages later, even though it should be an almost impossible task.
So if apps want to offer safe conversations for users, they should first implement end to end security and perfect forward secrecy either with OTR or TextSecure's protocol. If they want to add self-deletion on top of that mainly as a marketing feature, that's fine, but it shouldn't be the main priority.
PFS doesn't help if one of the parties is leaking information. And, I guess, in case of Snapchat, [at least most] leaks are from the participating users, not the service.
No amount of crypto would prevent malicious party from picking up a camera and taking a photo of the screen.
Yes, on the rise. I see a lot more supposedly private photos from those services on /r/gonewild and 4chan and the like than ever before. Oh wait, perhaps by on "the rise", he meant there are more gullible users incorrectly thinking they're ephemeral, not the actual outcome of a trend of more "ephemeral" messages becoming permanently archived and publicly displayed.
Ephemeral apps seem to be ideal for insider trading too. Send an ephemeral message on your mobile phone, and nobody is the wiser. (Banks have tremendously rigours retention policies to keep track of things like this)
One of the more well known VCs in SV gave a talk two weeks ago and told a story about when he met the founders of SnapChat two years ago. He asked them "So, tell me honestly, are people using this app for anything but sexting?" One of the founder replied "No, there are loads of cats too!" The VC asked "Wait, how do you know there are cats too? Isn't everything deleted?" Needless to say he passed on the investment.
He mentioned he passed (and passed on Secret as well) because he doesn't want to invest in anything that makes it easy for children to be destructive to each other. Let's put it this way, he's not hurting for deal flow and investments.
That seems like flawed reasoning. It'd be better to teach kids to be reasonable human beings irrespective of the medium of communication. If kids want to be destructive to one another, they will be (people can be just as cruel over FB as they can on an anonymous site).
SnapChat's share of voice has fell off the face of the earth, from a branding perspective it is scary. We don't know their user numbers but the buzz has fell flat and the uncool whatsapp just increased their userbase after the facebook deal. I would be scared as an investor if i invested at a billion dollar valuation, since we are not seeing that stable share of voice instagram had. Maybe its a result of bad engineering like Friendster but who knows, they have enough ,money to hire good engineers especially security specialist but their CEO seems to be a bit immature.
>Lavabit was a small secure e-mail service, with an encryption system designed so that even the company had no access to users' e-mail.
This isn't exactly accurate, and so the comparison doesn't work.
Lavabit always had the capability to read a users email.[1] Snapchat has, and does, retain Snaps.
If Snapchat instead generated a public/private keypair and used those to sign and encrypt Snaps before they left a user's phone then whether or not Snapchat retained the Snap but hid it from the user would not matter.
There are other issues, like end users recording the Snap. Also, while the central service would not be able to retain the content of your Snap metadata would be available to them.
>We need ephemeral apps, but we need credible assurances from the companies that they are actually secure and credible assurances from the government that they won't be subverted.
Given the current climate, this strikes me as rather foolish. Further, who is to say that the next head of state will not breach the assurances of the last?
We should design services so that trusting the operator is a non-issue.
There will always be people who want privacy, regardless of whether their intention is good or bad. On the other hand, regulators and rulers will always want to know as much as they can.
The privacy seekers will come up with innovations to bypass the existing privacy breaking techniques. They will work for a while, before the regulators clamp down on them.
This will be a cat and mouse game going on forever. On a positive note, some of these innovations have changed the world in a positive way.
The government should not be your enemy. If people want privacy, they ough to just tell the regulators that, and those regulators shoud work on making it so.
If the real situation isn't like that, it's a different problem, requiring a different kind of action, and just developping some new tech won't help.
I clicked because I thought this was going to be about actual apps that delete themselves. I was a bit disappointed to find it was about ephemeral messaging apps.
Schneier links to a post by Danah Boyd [a], who outlines two very interesting tactics for 'privacy control' on Facebook, that teens are using today:
1. "Super-Logoff": Where you deactivate your Facebook account when you log off, so that all wall posts, likes, tagging no longer works.
2. Purging posts: Where you systematically purge posts and likes a few days after making them. This lets friends see what is currently on your mind, but they can't refer back to it 2 years later.
23 comments
[ 0.19 ms ] story [ 66.6 ms ] threadAdding self-deletion on top of that just makes it slightly better in case someone wants to decrypt those messages later, even though it should be an almost impossible task.
So if apps want to offer safe conversations for users, they should first implement end to end security and perfect forward secrecy either with OTR or TextSecure's protocol. If they want to add self-deletion on top of that mainly as a marketing feature, that's fine, but it shouldn't be the main priority.
No amount of crypto would prevent malicious party from picking up a camera and taking a photo of the screen.
Yes, on the rise. I see a lot more supposedly private photos from those services on /r/gonewild and 4chan and the like than ever before. Oh wait, perhaps by on "the rise", he meant there are more gullible users incorrectly thinking they're ephemeral, not the actual outcome of a trend of more "ephemeral" messages becoming permanently archived and publicly displayed.
And was it a wise idea to pass on that investment? Seems not...
This isn't exactly accurate, and so the comparison doesn't work.
Lavabit always had the capability to read a users email.[1] Snapchat has, and does, retain Snaps.
If Snapchat instead generated a public/private keypair and used those to sign and encrypt Snaps before they left a user's phone then whether or not Snapchat retained the Snap but hid it from the user would not matter.
There are other issues, like end users recording the Snap. Also, while the central service would not be able to retain the content of your Snap metadata would be available to them.
>We need ephemeral apps, but we need credible assurances from the companies that they are actually secure and credible assurances from the government that they won't be subverted.
Given the current climate, this strikes me as rather foolish. Further, who is to say that the next head of state will not breach the assurances of the last? We should design services so that trusting the operator is a non-issue.
[1] http://www.thoughtcrime.org/blog/lavabit-critique/
The privacy seekers will come up with innovations to bypass the existing privacy breaking techniques. They will work for a while, before the regulators clamp down on them.
This will be a cat and mouse game going on forever. On a positive note, some of these innovations have changed the world in a positive way.
If the real situation isn't like that, it's a different problem, requiring a different kind of action, and just developping some new tech won't help.
1. "Super-Logoff": Where you deactivate your Facebook account when you log off, so that all wall posts, likes, tagging no longer works.
2. Purging posts: Where you systematically purge posts and likes a few days after making them. This lets friends see what is currently on your mind, but they can't refer back to it 2 years later.
[a] http://www.zephoria.org/thoughts/archives/2010/11/08/risk-re...