Forgot your password?
typodupeerror
Privacy Communications Encryption

Five Alternatives To Snapchat 94

Posted by timothy
from the quantum-tin-can dept.
Nerval's Lobster writes "Snapchat isn't having the best 2014: less than a week after a cyber-security collective revealed an exploit that could allow hackers to swipe users' personal data from the messaging service, a couple hackers reportedly went right ahead and stole 4.6 million usernames and phone numbers, posting them as a downloadable database. It's easy to see why Snapchat's become so popular: the idea of messages that vaporize within a few seconds of opening holds a lot of appeal to not only the excessively paranoid, but also anyone who simply wants to keep their online footprint to a minimum. But as several security experts are pointing out, the idea of 'disappearing messages' was never a foolproof one. 'If you took a photo of your phone while the risky image was on screen, or took a screenshot, or dumped your phone's graphics RAM, or used basic forensic data recovery techniques to retrieve the "deleted" files after viewing them, or fetched the image through a session-logging web proxy,' Phil Ducklin wrote in a Jan. 1 posting on the Naked Security Website, 'then you'd quickly have realised that Snapchat's promises of "disappearing images" were fanciful.' For those who no longer trust Snapchat, but want that same vaporizing-message functionality, some alternatives exist, including Silent Circle (which offers a messaging app, for a subscription fee, that forces messages to self-destruct after a set period of time) and Wickr (features military-grade encryption — AES256, ECDH521, RSA4096, TLS — and the app-builders claim they don't have the keys to decrypt; messages vaporize after a set time)."
This discussion has been archived. No new comments can be posted.

Five Alternatives To Snapchat

Comments Filter:
  • by QilessQi (2044624) on Thursday January 02, 2014 @11:40AM (#45846637)

    Perhaps they should have taken the $3B offer from Facebook (or the alleged $4B from Google) when they had the chance. Especially since people have endless opportunities to abandon services like Snapchat for the Next Cool Thing anyway.

     

    • Maybe because I am struggling paying student loans and keeping expenses down like 60% of Americans, but if I were offered $1,000,000,000 for a company that makes more no money I would fucking take it!

      If my other 2 partners got greedy and think they are the next Bill Gates and deserve to the be the top richest people for providing no value then I would have sold my share to Zuckerberg and told the other 2 partners to bite me or pay me the $1,000,000,000 themselves!

      I mean come on what is so freaking innovativ

      • by wvmarle (1070040)

        It has nothing to do with how innovative the product is - even though it did bring something that no other apps did at the time, what matters is that it had many users. That's all that counts.

        • It has nothing to do with how innovative the product is - even though it did bring something that no other apps did at the time, what matters is that it had many users. That's all that counts.

          Well call me old fashioned, but what matters to me is money. It is a corporation after all.

          Users do not mean jack if it does not bring in money. So yes these guys were idiots and blinded by greed and did the shareholders (assuming they had outside investors and help) not only a disservice but broke the law by not selling.

          So if I were one of the 3 partners I would have sold out and pains like the security issue show its age. It is new and doesn't have an IT department more than a few people. It also shows ho

        • by QilessQi (2044624)

          Yes. The value of Snapchat isn't the app itself -- the app and its server-side infrastructure could be replicated in a matter of weeks by Facebook engineers. The value of Snapchat was and is entirely its current user base. If you're Facebook and you can suddenly acquire millions of non-Facebook users (or tether existing users more tightly to Facebook) then you have millions of more opportunities to sell ads, and to sell user metadata to whoever.

          But once the bubble pops and the users go elsewhere, Snapcha

  • What about using PGP/gpg, setting up a web of trust, sending the encrypted data via whatever messaging protocol one wants, and not depending on someone else's word that they will destroy data on an expiration date?

    Yes, having a promise that a photo will go poof is nice, but this assumes that the client-side DRM is working, and this may not be the case... so might as well just give up pretenses and use something time tested.

    Yes, web of trusts take some time to build, but it is more secure than trusting a thi

    • by N1AK (864906)
      All well and good, however from what I've seen so far 99.9% of the issue with things on snap chat being shared beyond the senders intent are where the recipient saves a copy. If you present the data to a user un-encoded at any point, barring you being able to restrict the device they are using (and even then if they have a camera), then they will still be able to do that.
  • by Anonymous Coward

    And what if I take a picture of my phone while the image is displayed? You have to face the truth: Self-destructing messages are a type of DRM, which can always be defeated.

    It's best to use encrypting free and open source software, and only send data to friends whom you can trust to disable logging. OTR messaging does this, and has many FOSS implementations. The proprietary programs from TFA can't guarantee security, because the source code can't be examined.

  • by trybywrench (584843) on Thursday January 02, 2014 @11:44AM (#45846675)
    So does your phone steadily run out of RAM as the chips are incinerated? ...I didn't know the batteries were that powerful either, I'm so far behind the times.
  • by 3.5 stripes (578410) on Thursday January 02, 2014 @11:44AM (#45846677)

    then again, I don't have a body that too many people are interested in seeing in a state of undress, or a burning desire to show it to other people.

    • Well, you can always cause yourself some interesting lesions and then admit yourself to a teaching hospital.
      • I'd imagine that if the lesions were that interesting, they'd prefer hi-res images that they could use as reference for future students...

    • then again, I don't have a body that too many people are interested in seeing in a state of undress

      Neither did Anthony Weiner. Didn't stop him.

  • Let's be fair, an "excessively paranoid" person wouldn't trust a free service, they'd roll their own. Second, honestly, why on earth would anyone think that any free service is unexploitable? What example do we have of a free service that's been reliable in terms of privacy and security? Maybe I'm wrong, but I can't think of one.
    • by Minupla (62455)

      Truecrypt.

      Paying for something is not an implicit guarantee of quality. In point of fact we use Wickr at home for casual level messaging. Why? The guys behind it are known in the infosec community and therefore have a reputational stake in not doing dumb things. Additionally it has survived an audit by forensics professionals where snapchat failed:

      http://www.youtube.com/watch?v=LwW9g_SQn9Y [youtube.com]

      Min

      • by Kimomaru (2579489)
        Well, no, we're not talking about paying for something, we're talking about using a free service. Both may be innadequate.
    • if by free you mean "free and open source", they're not "unexploitable". The only thing that is IMHO guarateed is the chances for a quick fix in the case of an exploit are higher!
      • by Kimomaru (2579489)
        No, I mean "free" as in "you didn't pay anything, so what do you expect?"
        • oh, well, free has nothing to do with it.
          But I see and agree with what you're saying!
          • by Kimomaru (2579489)
            Ok, so I must disagree. When you don't pay for something, the person giving it to you doesn't have much of an obligation or incentive. That isn't to say that people who get paid directly for a service will do it properly, but if you don't pay for a service directly and your information is being used to support the system financially through ads, then the relationship between your information and its monetization is what's important. It's baffling that someone would look at the exploits and breaches on so
  • Is there a good PC version of any of these? It seems odd that they're phone-only, messaging on the computer is still very much a thing.

    • by CastrTroy (595695)
      Any PC version would be easily susceptible to the print screen button. At least on Android (earlier versions anyway, not sure about new ones) they made it extremely difficult to get a screenshot, even if the phone was rooted. I can understand why they wouldn't want apps collecting screenshots, but as a general system function, I can't see how it's survived so long without being there.
      • on android, as far as I can remember (but I've never used official images, cyanogenmod or equivalent), vol- / power was the combination to take a screen shot
    • Is there a good PC version of any of these? It seems odd that they're phone-only, messaging on the computer is still very much a thing.

      People who are advanced enough to use a keyboard interface to a computing device are smart enough to know the entire premise for the product is a fraud.

  • by flyingfsck (986395) on Thursday January 02, 2014 @11:58AM (#45846827)
    Snapchat and it's ilk is a kind of DRM. As such it will never really work.
  • Don't take or post pictures you don't want to be seen by others.
    It would be nice to beat people who bring cameras or take out their phone on a Stag do.
  • Woops I read that wrong.

  • Oh, no! (Score:2, Funny)

    by Lisandro (799651)

    Not Snapchat!

  • by Anonymous Coward

    Please stop saying this, it just sounds stupid.

    • Please stop saying this, it just sounds stupid.

      Especially when you think of FIPS... the Military uses it. Therefore Dual_EC_DRBG can be part of Military-Grade encryption.

  • Or don't use it. Are you better off with or without it?

  • by swillden (191260) <shawn-ds@willden.org> on Thursday January 02, 2014 @12:20PM (#45847119) Homepage Journal

    The summary presents Silent Circle's subscription service as an alternative that accomplishes what Snapchat doesn't, but that's crap. Nearly all of the listed ways of preserving Snapchat messages will work with Silent Circle... and anything else that tries to do the same thing. Oh, I have no doubt that the Silent Circle app is a lot better at protecting your data in transit, and I'm sure it reduces message access to key access, so once you can verify that the keys are gone, the contents are effectively gone, but those keys are still vulnerable to all sorts of device hacks. They have to be.

    I have hopes that in the future we may be able to embed secure key management hardware in devices, which will make this kind of stuff a lot harder to defeat, but ultimately nothing will ever be able to make sure that digital data actually goes away. DRM -- which is what this is, just in a slightly different form and for a different purpose -- doesn't work, and can never work, not in an absolute sense.

    This isn't to say that Snapchat's disappearing messages aren't good enough for many purposes, and that Silent Circle's implementation isn't adequate for even more (assuming the people you want to talk to also have it), but anyone who thinks that they can send digital photos of their genitals to their friends, confident that only the recipient will ever see them, is simply mistaken. And anyone who wants to use ephemeral messaging for any more important purpose is a fool.

    • I have hopes that in the future we may be able to embed secure key management hardware in devices, which will make this kind of stuff a lot harder to defeat, but ultimately nothing will ever be able to make sure that digital data actually goes away. DRM -- which is what this is, just in a slightly different form and for a different purpose -- doesn't work, and can never work, not in an absolute sense.

      Given the latter, why have hope for the former?

      • by swillden (191260)

        I have hopes that in the future we may be able to embed secure key management hardware in devices, which will make this kind of stuff a lot harder to defeat, but ultimately nothing will ever be able to make sure that digital data actually goes away. DRM -- which is what this is, just in a slightly different form and for a different purpose -- doesn't work, and can never work, not in an absolute sense.

        Given the latter, why have hope for the former?

        Because "can't work in an absolute sense" isn't the same as "isn't useful". And having stronger key management will extend the range of utility by reducing the avenues of attack and increasing the scope of threat models under which it's secure.

        Of course, this still leaves open the problem of how to get people to understand the practical limits of the technology.

      • local vs global : ex (may be not usefull bu illustrate the concept) a mobius (http://en.wikipedia.org/wiki/M%C3%B6bius_strip) strip is locally orientable (take any open peice of it, and it has an orientation), but not globally (the whole surface can not have an orientation).
  • Yeah yeah, pull the other one. A quick national security letter telling them to log everything will take care of that issue, and who's gonna know? We will never have privacy. The only solution is to make sure the authorities don't have any either.

  • by grub (11606)

    Wickr [mywickr.com] works amazingly well.
  • by kruach aum (1934852) on Thursday January 02, 2014 @12:35PM (#45847325)

    None of the alternatives, no matter how technologically sophisticated (within the bounds of current smartphone technology) can protect against a picture of the screen being taken with a second device.

    • Or a good artist with a decent memory creating a realistic rendition with oil on canvas, pencil on paper, or perhaps even a grid of castles in the sand. I'm beginning to think Snapchat is a Psy-Op by the CIA to convince people like me that the rest of the population really is so stupid they deserve to be treated as pets of the state. It's like that first episode of the first (or fifth?) season of 'The Wire' where they convince the low level criminal that a xerox machine is a lie detector to provoke a conf

    • by Kjella (173770)

      Exactly, it's still trivially easy but it's more about intent and premeditation. It's more like the logic of a cooldown period for gun purchase, you shouldn't be able to go directly from getting fired down to the gun store, buy a gun and go postal. Same way you can't go nuts with SnapChat pictures you never saved and if you did it proves you planned to keep those pictures against your partner's will and you went to great lengths to be deceptive about it - there is really no other reason to avoid the standar

  • by ASpotySpot (3459659) on Thursday January 02, 2014 @01:02PM (#45847667)
    As a fairly heavy user of snapchat I see all these comments about it failing due to poor security just plain wrong. Almost no-one uses it for the security. Its about the lack of cost if the picture is 'wrong' or poor. Sending selife's or pictures of what's happening in your day is a nice way to keep in touch with someone. It feels more personal than text or voice and is much easier to do. Who cares if its a bad picture or a little boring, its gone in 10 seconds. Maybe some have a usecase for high security (nude pictures etc) but that isn't the largest market, or at least in my experience.
  • you'd quickly have realised that Snapchat's promises of "disappearing images" were fanciful.' For those who no longer trust Snapchat, but want that same vaporizing-message functionality, some alternatives exist

    Great. And how do those alternatives stop any of the work-arounds mentioned in the summary?

    Or did you mean "alternatives which are just as bad"?

  • Security is like a 2 inch steel door with an unbreakable lock.

    I know that a plasma thingie would cut right through it, but I lock my frontdoor nonetheless and I sleep well.

    Security has to be just good enough. It will never be perfect.

  • How about:

    6) None of the above.

  • The same promises were made for Video/Music streaming. In that it is off site, and supposedly used as DRM. However it is bs. There are certain clever ways to go about it. However Once you have it on your machine, you can do all sorts of stuff to it to then save it as something else. This has been done time and again.

    Most people probably wouldn't know how to do it, even with snap chat. But all it takes is someone to build a application that does it for you, then you can just use that.

    Taking a screen shot of

    • by neminem (561346)

      I haven't used it either. It might have the ability to disable taking a screenshot on your phone. It most certainly doesn't have the ability to disable taking a picture of your phone from another physical device, because that would be impossible.

      • Never underestimate DRM. This is how the machine wars began...

        Android has detected you are trying to violate DRM using another device. Accessing device... shutting down... countermeasures launched...

  • Come on slashdot, get the guy's name right.

  • You cannot send someone an image, which can be displayed by the user and prevent the user from saving it.

Nothing happens.

Working...