App designed for safe sending of naughty selfies is rife with risks A smartphone app touted as a safe way to exchange naked pictures and saucy texts poses a huge privacy risk. Snapchat is available for both iPhone and Android devices, and is marketed towards teenagers and young adults. The app lets senders control how long a message or picture can be viewed, before it expires after a maximum …
Nude photo and a 12+ rating seem rather contradictory. I can remember stories of when children in the US have sent pictures of themselves have been arrested and charged with publishing child porn. Does this mean the publisher of this app will be charged with aiding and abetting of the said crime?
Back when I was just 8 years old, I invented a method of creating a "self-destructing message". This involved making a recording on a tape cassette; then, after rewinding it, carefully opening up the cassette housing and inserting a small piece broken from an old loudspeaker magnet in the path to the take-up spool, where the tape would rub over it. This made a cassette that was only listenable once: the very act of playback wiped out the content.
However, there was a fatal flaw, as follows: There was no way to tell whether or not the EARphone socket of the playback machine was plugged into the AUXiliary input of another machine; so the technique was insecure against anyone who knew the trick (and had another cassette recorder).
Summary: Any kind of "limited read" is inherently insecure, because you only ever need to be able to read something once to make a copy of it.
Apple gave the app a 12+ rating and so effectively allowing 12 year olds to snap and send pics of themselves in the nude. At some point this image is then being uploaded and hosted on a server and then distributed to it's recipient , surely this is child porn?
Wasn't it only a year ago that the owner of mega upload was arrested for distributing illegal content hosted on his servers.
Well yeah, but your missing the point completely and obviously never read the full comment before posting your response.
The images are being uploaded to a server before being distributed to the end-user. The owners of these servers, even for 10 seconds are distributing questionable images of younger children. Even if the images were uploaded willingly by the user they are still illegal images.
The same thing happened with mega upload. Its users were uploading illegal content and Kim dot-com was arrested for owning the servers which were distributing the material. Copyright infringement or child porn it's still illegal content.
All of that also applies to the built in Photobooth app, you bollard. Any 4 year old is capable of using it, and has no rating.
- take pictures of self
- upload, hosted on a server (could even be an Apple hosted mac.com account)
- distribute to recipient (build in email app)
http://en.wikipedia.org/wiki/Safe_harbor_%28law%29
"...it limits the opportunity for others to forward it around the school campus, or (worse) upload it to Facebook or an image sharing site."
I know it's stating the bleedin' obvious, but I'll do it anyway. If you're worried about this sort of thing then ...errr ....don't text/email naked pics of yourself to other people? Just a thought.
Oh, and shut that stable gate on your way out will you... oh shit! Too late!!!!!
See previous discussion concerning phones being raided for similar pics by service people. The hosting site will be one of the most targeted by hackers for the naughty pics and various governments for potential use by their opponents as a way to pass notes. It's the stuff of spy novels: self eating messages.
Comes with all the problems of file transfer.
As for the people reflexively yelling "child porn" and "ratings" in here that are not doing so in a cynical way but are actually Pennsylvania-level pants-on-head retarded:
1) Go down to the newspaper stand
2) Grab one of them magazines on the upper shelves
3) ???
4) You are now feeling better
Then reflect on how FTP can be used by your daughter/son to pump around nudies of themselves.
It's possible to share stuff on the internet in all kinds of ways. An app that facilitates something by making it incredibly easy to do is likely to increase the number of people doing it. Those who don't have the technical ability to use the more complex methods of sharing can still download an app and use it. How many teens would go through the steps needed to share pictures using ftp?
It's an app with as age restriction of over 12 designed for sending images that you want to keep private. And by the sound of it the images sent are hosted on a server owned by the app publisher. That doesn't sound dodgy to you? You don't think that's any dodgier than any other ftp site?
What about using this stuff for the pictures?
http://en.wikipedia.org/wiki/Magic_Eye
Remember that? Could you ever see what it was? I couldn't, but I have sight problems - not terrible but probably enough to make this sort of trick impossible for me. Anyway, to get a snapshot off -that- seems like probably more trouble than just hiding a camera with timer in your date's bathroom.
A naked picture of a 12+ child is not automatically pornographic, it's just a pic of a naked child, which, courtesy of the kneejerk reactionists, has been corrupted into being changed from the beautiful creation of nature that it is into something crude and debasing.
However, the subsequent use to which the picture is put is what can change its original purpose to one of pornographic.
And of course, the necessary point needs to be made because of said kneejerk reactionists, I only find women above forty to be sexually appealing in case anyone deems the above comments to be pro-child porn.
The photos are encrypted with a static AES key, and then transferred with https. The addition of AES adds no real security whatsoever, since the key is sitting there in the app binary waiting for anyone to grab it. However, I suppose since it's being encrypted by one user's phone then decrypted by the others, it's easier for the company to say they never had access to the photo data.
If it used proper asymmetric key generation with public keys shared through the network, that would be a different story, but I wouldn't expect this kind of app to get something like that right.
It took me maybe an hour or so but I was able to modify the application to save the received images after being decrypted but before they were even opened, so the other person does not even think you've opened the photo, but you have the photo sitting on your phone.
I took a totally work-safe picture of me wearing clothes and smiling naturally, sent it to some user names I found after a google search or two, and my first response was sure enough some random girl and a picture of her boob, which was saved without her ever knowing. Having completed my proof of concept, I deleted the photo and the app from my device. As far as she can tell, I have never seen the photo.
@ AC 1502
"I took a totally work-safe picture of me wearing clothes and smiling naturally, sent it to some user names I found after a google search or two, and my first response was sure enough some random girl and a picture of her boob, which was saved without her ever knowing. Having completed my proof of concept, I deleted the photo and the app from my device"
This reminds me of the old days on fleet street where are intrepid reports always "made his excuses and left" the message parlour. I never had any doubt in my mind that he had indeed done that - I respect fleet street journalists as people of integrity.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
