Snapchat Says Users Were Victimized By Their Use of Third-Party Apps 90
Lucas123 writes: Reports that the servers of photo messaging site Snapchat were hacked are being denied by the company, which is now is saying its users were instead victimized by their use of third-party apps to send and receive Snaps. Hackers on 4chan have said broke into the site and they're preparing to release 200,000 photos or videos in their own database that will be searchable by Snapchatter name. According to one report, the third-party Snapchat client app enabled access for years to the data that was supposed have been deleted. The hackers have said they have a 13GB photo library. For its part, Snapchat in a statement reiterated its Terms of Use Policy, that "expressly prohibits" third-party app use "because they compromise our users' security."
Ban third parties (Score:2, Redundant)
So why didn't Snapchat take a proactive approach and ban the third parties? They really depended on the ToS for enforcement of security?
Re:Ban third parties (Score:5, Insightful)
Are they going to ban development systems and emulators? Pretty sure BlueStacks can take all the screenshots I want. How about cameras? Eyeballs? Is the analog hole closed yet?
Anyone who thought a Snapchat image was truly ephemeral was, at best, ignorant.
Re: (Score:1)
digital signatures built into the application
Re: (Score:2)
A simple "gross negligence" will suffice.
Re: (Score:3)
Pretty sure that's the definition of ignorance.
Online at Amazon ... (Score:2)
Most of snapchat's 25 y.o. users don't even know where to buy a postage stamp.
Online at Amazon. Of course the seller, USPS, only gets a 4/5 star rating.
Re: (Score:3)
So why didn't Snapchat take a proactive approach and ban the third parties?
It wouldn't help. Their system is fundamentally flawed because it relies on trusting the client, and the client's OS. The image is displayed on the screen and the app is supposed to then erase it, making sure it can't be screen captured. If the OS allows screen capture, or the app has been modified then the image can be captured.
All they needed to do was release a modified Snapchat app that allowed users to save images on to warez sites. As well as saving imagines to the phone it also sent them to the hacke
Re: (Score:2)
That 4chan guy, at it again. (Score:5, Funny)
Will someone please stop this anonymous mystery hacker? he's causing havoc all over the place.
Re: (Score:2)
4chan has been taking down a lot recently...
Moderators can't keep up with the flood of posts in places like /b/, but the level of censorship there is rising pretty quickly.
Re: (Score:2)
It's actually the biggest problem with this collection of photos -- the sheer number of them that must include photos of the underage in various states of undress.
The 130GB "leak" is from a website the most popular 3rd party app dumped to, and some enterprising hacker dumped into a zip file.
Evan Spiegel, Reggie Brown and Bobby Murphy should be bracing for the class action suit of the century now that the cat is out of the bag and running all over the media, completely with Snapchat photos of nude teens.
Re: (Score:2)
That's because Kids don't know any better and Parents don't care.
Re:That 4chan guy, at it again. (Score:4, Funny)
Well we're trying.
The first two chans were sabotaged or accidentally destroyed before their completion. The third chan vanished without a trace twenty-four hours after being completed. 4chan is our last best hope for peace.
Go onto Google Play and search for Snapchat (Score:1)
What app they think the photos were stolen from? And I say "the think" since they are not giving access to anyone, so I guess that client was mimicking the official client and thus could not be detected by them.
Go onto Google Play and search for Snapchat. Many are openly advertising themselves as being able to save/leak photos.
Re: (Score:2)
There are both unofficial clients that pretend to be the native API and there are capture programs that circumvent the no-screenshot functionality. More sophisticated users can run Snapchat under something like BlueStacks. Less sophisticated users can use the analog hole.
Re: (Score:2)
Wouldn't the analog hole be taking a film photo of your phone while the image is visible? It's more of a digital hole really.
Sorry.
But in any case, isn't it about time that people stopped sending photos of their bits over the internet the whole time? And perhaps SnapChat should be in a little bit of hot water for suggesting that the photos are ephemeral - you shouldn't make promises that you can't keep.
Will there be nude selfies? (Score:1)
Re: (Score:2)
ALERT! SOME ONE LIED ON THE INTERNET (Score:1)
Since when is a thread on /b/ news? It's motto is literally
"The stories and information posted here are artistic works of fiction and falsehood.
Only a fool would take anything posted here as fact."
Seriously is this what passes for news today?
What snapchat claimed to do was a form of DRM (Score:2)
Snapchat's response was "they captured images by violating the TOS".
That's like a bank telling you it's not their fault if you lost money because the bank robber violated their posted TOS.
Re: (Score:3, Insightful)
No, it's like a bank telling you that it's not their fault when you make a check out to "cash" and someone other then who you intend cashes it.
Assuming snap chat is correct. In order to be a victim here one of two things needs to have happened:
1: You use a 3rd party client that leaked your photo - This is 100% your fault
2: You need to have sent a photo to someone using a 3rd party client which leaked your photo - Maybe you should have shown better judgement when sending out a photo if you were going to get
Re: (Score:2)
I don't think that analogy is right at all; OTOH, I think I can improve mine a bit: it's like the bank telling you to use their credit card for all your transactions because it's safer than any other banks' credit card (never mind cash), but then disclaiming all liability when there is a hack that makes that not true.
Re: (Score:2)
Either yours or his is the correct analogy. If the images come from the Snapchat server, then they are not deleting their images as they claim they are. That is your analogy.
If the prevailing theory that the popular 3rd party app for Snapchat is breaking the delete-after-x-hours promise by uploading the image to a non-Snapchat server so it can be accessed later, or uploading the image without knowledge of the users of the app because they are sick buggers who want to see what the pics are (NSA I'm watching
Re: (Score:2)
Even though they disclaimed it in the fine print, Snapchat's entire premise was that you could send you pictures to people, and they could only see them once, for a little bit.
The analogy about the cash is off-point -- the entire reason people use credit cards in
Re:What snapchat claimed to do was a form of DRM (Score:4, Insightful)
I'm not sure if this has always been the case, or was added later, but for a very long time now, at least the Play Store's description has included:
So nobody should have been under the illusion that it was, in fact, impossible to save these images even if they lived a sheltered life and never imagined the analog loophole.
Re: (Score:3)
Yeah but that's like the really fast voice at the end of the drug commercial talking about death.
Snapchat's entire premise when it started out was that things were transient. Everybody
that's not a lot... (Score:2)
13GB? Seriously, that's not all that many pictures...
Re: (Score:3)
It's around 200,000 pictures, actually. No need to figure out how many pictures are in 13GB when they say, right there, how many pictures there are.
Re: (Score:2)
Yeah and part B SnapChat pics are *really small... low rez and tiny so you can fit a lot in a little.
Re: (Score:2)
If only there was a way we could figure out the average picture size...
600,000 of 30 million users (Score:2)
Given the small file size of Snapchat pics, it should be about 600,000 pictures out of 30 million users, if I did the math right.
out of 200,000 pics/vids (Score:2)
I can just hear Jennifer Lawrence... (Score:4, Funny)
Boyfriend: "Wow, that's a great picture....but after the recent photo problem, are you sure you should be sending these kinds of pictures?"
Jennifer: "No, it's OK. I'm using this App called SnapChat and it deletes them automatically! They can't be saved or end up in the stupid cloud anymore."
Re: I can just hear Jennifer Lawrence... (Score:2)
And they were all yellow.
I'm disappointed ... (Score:2)
... so far no one has said that people shouldn't be stupid enough to send nude pics and stuff.
Of course, our more important junk is up in the cloud, too.
Re: (Score:2)
swb did. Right above you.
Re: (Score:2)
Well. just SHIT! lol
Thanks.
Re: (Score:2)
Of course, our more important junk is up in the cloud, too.
"My junk" has been in the cloud for years.
Re: (Score:2)
For me, the cloud would have to be 3" from here.
Re: (Score:2)
Re: (Score:2)
I'm starting to feel abnormal because the second someone hands me a camera I don't feel in the least bit inclined to take a picture of my penis with it.
<troll>Well, with yours you'd need a macro lens or a deep zoom, so your attitude makes sense.</troll>
More seriously, it is only a tiny subset of the modern society who does that.
On the male side, I'm guessing they're the ones who assume that if they show it off others will be attracted to them, or at least admire them somehow. They're the flashers who are confused why the women they flash don't immediately open their legs to them. They hear a woman say "What's your name?" and they reply "Can
Re: (Score:2)
This is where someone jumps in and goes "blah blah blah blah victim blaming! Blah blah blah offensive! Blah blah blah slut shaming!"
Giving advice on how to protect yourself is now seen as victim blaming, so you won't see too much of that. We live in a society where if you jump in the tiger's cage and get eaten, it is considered offensive to say that maybe you shouldn't have jumped in the tiger's cage.
Re: (Score:2)
Your analogy would work better if the jumper had been told, repeatedly, that the tiger had been removed.
Re: (Score:2)
"Their use".. well, actually.. the recipient's use (Score:5, Interesting)
While I suppose it's possible that that the reference to 'users' in 'their' is a different subset, the phrasing makes it seem that somebody who sent a picture was victimized by their own use of a third party app, while in reality all signs are pointing to the recipient of the photo using said app.
The recipients hopefully feel doubly-awful not just for betraying their friend's trust (not saving the image implied by the use of snapchat - technical feasibility and analog loopholes aside) in the first place, but for playing a pivotal role in those images possibly becoming public.
While I'm certainly in favor of educating people that when you send stuff to others, you have lost all control over it, no matter what assurances you get, I'm also in favor of educating people not to be jerks (be that the recipients, or the hackers).
Re: (Score:1)
Re: (Score:2)
...or, sadly, the other way around.
Senders may be vulnerable too (Score:2)
Re: (Score:2)
Except that the signs point to SnapSaved.com, which only let you receive and save images; sending was to come at a future time, either via webcam or file upload.
You can read a statement from them at their facebook page:
https://www.facebook.com/Snaps... [facebook.com]
Re: (Score:2)
Except that the signs point to SnapSaved.com, which only let you receive and save images; sending was to come at a future time, either via webcam or file upload.
Go to Google Play and you will find numerous snapchat clients. It really is premature to say we know the full story.
Re: (Score:2)
How many of the numerous snapchat clients have been implicated, and how many of those have denied and/or admitted to foul play?
Official SnapChat: Implicated and denied
SnapSave: Implicated and denied
SnapSaved: Implicated and admitted
While it's fair to say that there's a hypothetical situation in which other apps also stored the images, and that said other apps might also do so when sending them, and that said other apps' hosting servers were also hacked - that same hypothetical line of thinking means we'll n
Senders *are* vulnerable too (Score:2)
At least the evidence so far implicates recipients as playing a pivotal role, rather than senders.
Wrong. As I speculated, a 3rd party app that sends the images of recipients to a 3rd party website may very well also send images of senders to a 3rd party website.
"SnapSaved was a Web-based client built for Snapchat that allowed users to access “snaps” from a Web browser. However, the service, which according to DNS records ran on a server at the hosting company HostGator, apparently kept all images received or sent by its users without their knowledge."
http://arstechnica.com/securit... [arstechnica.com]
Re: (Score:2)
Last I knew SnapSaved could not yet send pictures.
Whether Ars is simply writing this as an assumption that you could, or whether you actually could, I wouldn't know.
However, I never said that in the eventuality that people used a third party service to send them that they would not also be 'vulnerable'. That's not even material to my comment.
I will happily concede that IF you could send through SnapSaved and IF they saved the sent images as well, THEN the sender could obviously also be blamed for using tha
Re: (Score:2)
But you still can't blame everybody else using the official client for sending TO that person just because THEY used a third party service.
Why not? They willingly transmitted data via at least one intermediate party (snapchat itself plus 3rd party clients). If there is anything well known and consistent about the internet it is that private data gets leaked in many unexpected ways. The sender knows the data is sitting on at least snapchat's servers for some indeterminate time frame.
In short the sender knowingly gave control of their private data to an outsider. There is no way to say that the sender does not share some portion of the blame.
Re: (Score:2)
Because that's a different discussion already adequately covered by "While I'm certainly in favor of educating people that when you send stuff to others, you have lost all control over it, no matter what assurances you get".
Snapchat is fundamentally insecure (Score:2)
The 3rd party apps only even worked because Snapchat is hideously insecure and has been from day one. It stored the pictures unencrypted on the device and didn't even bother actually erasing them (just moved them to another folder!). It's since improved slightly, but it's a fundamentally insecure design and they're apparently being too disruptive and innovative to fix it.
$150,000 per copyrighted work (Score:2)
ISP web hosting, instead of Snapchat and Facebook (Score:2)
Back around the year 2000, ISPs used to offer free web hosting to their customers. Some ISPs had templates that you could fill in with text and uploaded images, to make it simple to create a web page.
If ISPs still offered that service, and if customers who don't know how to write a web page used the service, then private web sites would be more dispersed, and therefore less tempting to crack. (Also, the customers wouldn't have to give out personal information, besides the info that they already needed to gi
Re: (Score:2)
and they added a hidden .impressum.html with the real name / address of the user. meh.