Hard Light Productions Forums
Off-Topic Discussion => General Discussion => Topic started by: MP-Ryan on October 10, 2014, 10:02:08 am
-
http://www.businessinsider.com/snapchat-hacked-the-snappening-2014-10
"I'll use a phone app to send pictures and videos that it says it will delete after a few seconds. I'll send compromising images of myself (whether or not underage) to other people because nothing could possibly go wrong." - SnapChat users.
"You are a ****ing idiot." - Everyone familiar with technology and security.
"LULZ! Gotcha!" - 4chan and the collective assholes of the Internet.
Seriously, did anyone think this could possibly end well? Revenge porn is becoming a serious social problem, ****ing GOVERNMENTS can't keep top-secret data safe and secure (nor Apple and Google, which are practically private governments), and you're going to trust compromising/nude images of yourself to a ****ing phone app because it promises they'll be deleted?
I despair for the future of humanity in a technological civilization. The pace of technology has exceeded the ability of human stupidity to cope with it.
-
Double facepalm.
-
http://www.businessinsider.com/snapchat-hacked-the-snappening-2014-10
"I'll use a phone app to send pictures and videos that it says it will delete after a few seconds. I'll send compromising images of myself (whether or not underage) to other people because nothing could possibly go wrong." - SnapChat users.
"You are a ****ing idiot." - Everyone familiar with technology and security.
"LULZ! Gotcha!" - 4chan and the collective assholes of the Internet.
Seriously, did anyone think this could possibly end well? Revenge porn is becoming a serious social problem, ****ing GOVERNMENTS can't keep top-secret data safe and secure (nor Apple and Google, which are practically private governments), and you're going to trust compromising/nude images of yourself to a ****ing phone app because it promises they'll be deleted?
I despair for the future of humanity in a technological civilization. The pace of technology has exceeded the ability of human stupidity to cope with it.
I'll play the devil's advocate here a bit:
The article said nothing of the content beyond "4chan users say the collection of photos has a large amount of child pornography". Yeah, if you snatch 100000 pictures then there might be a "large amount" of that, but nothing indicates that the users of the service in general have somehow been careless or stupid. All it takes is a handful of people out of what, hundreds or thousands?
The idea of "omg people are ****ing idiots" is generally sound, but you can't jump to that conclusion from the fact that someone hacks or breaks into an image service and probably finds something compromising of someone there.
-
http://www.businessinsider.com/snapchat-hacked-the-snappening-2014-10
"I'll use a phone app to send pictures and videos that it says it will delete after a few seconds. I'll send compromising images of myself (whether or not underage) to other people because nothing could possibly go wrong." - SnapChat users.
"You are a ****ing idiot." - Everyone familiar with technology and security.
"LULZ! Gotcha!" - 4chan and the collective assholes of the Internet.
Seriously, did anyone think this could possibly end well? Revenge porn is becoming a serious social problem, ****ing GOVERNMENTS can't keep top-secret data safe and secure (nor Apple and Google, which are practically private governments), and you're going to trust compromising/nude images of yourself to a ****ing phone app because it promises they'll be deleted?
I despair for the future of humanity in a technological civilization. The pace of technology has exceeded the ability of human stupidity to cope with it.
I'll play the devil's advocate here a bit:
The article said nothing of the content beyond "4chan users say the collection of photos has a large amount of child pornography". Yeah, if you snatch 100000 pictures then there might be a "large amount" of that, but nothing indicates that the users of the service in general have somehow been careless or stupid. All it takes is a handful of people out of what, hundreds or thousands?
The idea of "omg people are ****ing idiots" is generally sound, but you can't jump to that conclusion from the fact that someone hacks or breaks into an image service and probably finds something compromising of someone there.
My take on the whole situation is, if the majority of people are ignorant to the security of software, they would rely on the corporations to make the software secure. An app as large as snapchat being used on say an iPhone 6, the average user would consider that quite secure, and really, overall, I don't see a problem with that mindset.
I don't think the majority of technology users are "****ing idiots" because that isn't fair. The majority of technology users I feel just don't understand how their own technology works, therefore are ignorant to the security issues that come with them. I have good friends who couldn't tell me what a router is, but are by no means idiots of any sort.
-
I have good friends who couldn't tell me what a router is, but are by no means idiots of any sort.
They're idiots if they can't tell you what it is, yet knowingly and willfully use it despite documented flaws in the way it protects privacy without bothering to gain any basic understanding of any associated risk. However, I'd venture a guess that your friends understand that a router connects their devices to the Internet and potentially exposes their data to the Internet, and therefore manage their affairs accordingly, which makes them not idiots at all. To use a non-tech analogy: if you attempt to fly a plane with no training and no understanding of how it works but an ample body of evidence that planes flown improperly crash and kill their occupant, then you are absolutely an idiot. It's not forgiveable ignorance, it's willful stupidity.
This data breach isn't actually SnapChat being hacked (which is why I put it in quotes), in which user loss of data is most certainly not their fault.
This is the result of a massive flaw in SnapChat's security model that has been documented since it was first released - namely that, despite SnapChat's claim that images are deleted, there is absolutely nothing preventing a receiving user from capturing the images the sender transmits to them other than their integrity and goodwill. Not only is it open to technological exploitation - in the form of third-party apps - it's open to behavioural exploitation.... in the form of a camera aimed at the damn screen, an understanding that anyone with a brain in their skull should grasp by simply looking at the app.
As I put it on twitter earlier today - if you stand around naked in public, you shouldn't be surprised if someone takes pictures of you. If people use the app to send compromising images despite these obvious and well-known vulnerabilities in the supposed "privacy protection model" (they don't make quotes big enough for that phrase) in SnapChat, and then are surprised/dismayed if/when those images are suddenly available in public, then I absolutely reserve the right to label them ****ing idiots.
My earlier point is that technology and its ubiquity have eclipsed the human capacity for good sense regarding personal protection. The fact that anyone over the age of 10 can look at SnapChat uncritically as a secure means of transmitting images is unbelievable.
-
In computers, there's no such thing as a "secure" box.
Then again, I strikes me as silly when people expect a company to be fool proof. If the stupid fiascos over nude celebrity photos should be an example, you don't store your private pics of privates on the cloud.
If people really want to be "secure," either they can overwrite their data so it's completely unreadable or do the physical job and break the hard drive with a hammer and burn the platters.
-
This is why people should only use Polaroid photos and snail mail to send nudie pics.
-
In computers, there's no such thing as a "secure" box.
Then again, I strikes me as silly when people expect a company to be fool proof. If the stupid fiascos over nude celebrity photos should be an example, you don't store your private pics of privates on the cloud.
If people really want to be "secure," either they can overwrite their data so it's completely unreadable or do the physical job and break the hard drive with a hammer and burn the platters.
The celebrities were victims of an actual criminal act.
This is different. This is a case of people willingly using a program, despite some very large and very well-documented security holes in it that can be figured out simply by visually observing the application and being familiar with the concept of a camera. Are the third-party exploits a little more technical? Sure. But the principle is the same - it relies on the goodwill of the recipient. There's no actual security, just inconvenience.
All use of the Internet is an exercise in risk management. That's what I'm really venting about - some people are unwilling to manage their risk appropriately, then scream and cry when a perfectly predictable breach occurs. The celebrities had a reasonable expectation that their personal data was secured based on the security model of Apple and Google's storage - that those models turned out to be flawed, despite the documented model is not their fault. SnapChat users most assuredly did NOT have a reasonable expectation that their personal images/video were secured, simply on the basis of how the app works. They didn't manage their risks appropriately.
Perhaps a better summary: http://www.bbc.co.uk/news/technology-29569226
-
I have good friends who couldn't tell me what a router is, but are by no means idiots of any sort.
They're idiots if they can't tell you what it is, yet knowingly and willfully use it despite documented flaws in the way it protects privacy without bothering to gain any basic understanding of any associated risk.
What documented flaws are you talking about? You make it sound like people who don't patch a security issue they don't know about in their router are idiots, which is probably not what you meant. :rolleyes:
However, I'd venture a guess that your friends understand that a router connects their devices to the Internet and potentially exposes their data to the Internet, and therefore manage their affairs accordingly, which makes them not idiots at all. To use a non-tech analogy: if you attempt to fly a plane with no training and no understanding of how it works but an ample body of evidence that planes flown improperly crash and kill their occupant, then you are absolutely an idiot. It's not forgiveable ignorance, it's willful stupidity.
But everyone knows that you can't fly a plane safely without training, because nothing gives you the impression that flying planes is something everyone can do anytime, whereas computers, smartphones and apps all are clearly aimed for everyone without any stated requirements. Trying to fly a plane without training makes you an idiot because everyone knows that you know that it's dangerous, whereas the obviousness of a gadget or app which you're allowed, asked and encouraged to use being dangerous due to risks it doesn't mention on the tin is on a completely different level.
It doesn't take willful stupidity to be unaware of risks of the digital world, whereas it does take willful stupidity to think you can fly an airplane just like that (unless you're mentally retarded enough, or lived your whole life in a jungle or a test chamber without any exposure to the possible risks).
P.S. It seemed like a third-party website claiming to be a front-end to Snapchat was to blame, not anything on the receiving end.
-
Thing is, once upon a time you learned the world wasn't to be trusted in a way that could usually be kept moderately quiet, you learned that humanity contained assholes through things like bad teachers, unfaithful partners, dodgy bosses etc.
In these more Global environments, that lesson really needs to be learned before people possess technology that allows them to capture and transmit images of themselves.
People went with something like Snapchat because they were attempting to be aware of the digital security risk, but didn't consider the human security risk.
As for the 'underage' images, well, I can't speak for something I have not, and do not desire to see, but considering the entire term 'under aged' can vary from country to country and even state to state, I'd like to know what standard it is being judged by before making any assumptions.
-
P.S. It seemed like a third-party website claiming to be a front-end to Snapchat was to blame, not anything on the receiving end.
If it's so, then it's just an age old phishing trick. If you're going to use something like Snapchat, you'd better make sure you use Snapchat and not "Snap-Chat" or "S.Napchat" or any dodgy 3rd party front-end site.
-
As for the 'underage' images, well, I can't speak for something I have not, and do not desire to see, but considering the entire term 'under aged' can vary from country to country and even state to state, I'd like to know what standard it is being judged by before making any assumptions.
most likely the universal standard, the American one :)
-
The celebrities were victims of an actual criminal act.
This is different.
I'm not convinced this is the case. Leaving aside the victim-blaming "people should know better" position, this is still clearly a criminal violation. If someone walks into your house in the middle of the day because you left it unlocked, it's not breaking and entering but it's still sure as hell trespassing.
-
What documented flaws are you talking about? You make it sound like people who don't patch a security issue they don't know about in their router are idiots, which is probably not what you meant. :rolleyes:
It was an analogy about SnapChat, not actually meant to discuss the security of modern routers, dude.
whereas the obviousness of a gadget or app which you're allowed, asked and encouraged to use being dangerous due to risks it doesn't mention on the tin is on a completely different level.
It doesn't take willful stupidity to be unaware of risks of the digital world, whereas it does take willful stupidity to think you can fly an airplane just like that (unless you're mentally retarded enough, or lived your whole life in a jungle or a test chamber without any exposure to the possible risks).
Really? It doesn't take willful stupidity not to notice that the images you transmit can be preserved with nothing more sophisticated than a camera and that this completely breaks the so-called security feature of the application?
P.S. It seemed like a third-party website claiming to be a front-end to Snapchat was to blame, not anything on the receiving end.
It's a third-party tool that allowed users to log into SnapChat through it and thereby save incoming images. In short - it's a highly automated extra camera snapping pictures of your screen, a security flaw that was completely predictable, especially because SnapChat's only means of deterring third-party app use was via the terms of service. That tool then appears to have transmitted people's images to a server.
The flaw remains the same - you are using a tool (SnapChat) that relies wholly on the goodwill of people you are transmitting the images to to ensure they are never released. There's no actual security model, which is patently obvious, and anyone who had personal information compromised as a result is quite frankly the author of their own misfortune. If you send personal information over the Internet in a medium that is insecure on its face without control over how it's used, then it shouldn't be shocking when it is misused.
The celebrities were victims of an actual criminal act.
This is different.
I'm not convinced this is the case. Leaving aside the victim-blaming "people should know better" position, this is still clearly a criminal violation. If someone walks into your house in the middle of the day because you left it unlocked, it's not breaking and entering but it's still sure as hell trespassing.
Funny story - this actually isn't a criminal violation. At least, not by the person who received and ultimately compromised the photos. It's the same reason most revenge porn is not illegal - images consensually sent are not protected by criminal law from distribution in a manner not intended by the sender. Basically, when you transmit information you give up control over it. While the third-party app's storage of the photos it captured for the recipient could potentially be a criminal wiretap/intercept, that wholly depends on the way it's usage rights were set out when people used it to sign in to SnapChat. That's what makes this so different from the CelebGate mess - this wasn't actually a hack. Quite probably there wasn't anything criminal about it. It's just someone exploiting the idiocy of potentially a lot of other someones.
Which is why I'll repeat myself: if you transmit your information over a service that has a broken security model on its face, you'd better be damned sure you're OK with the public release of that information.
-
Technically you could probably still claim copyright on those images though. Which does give you the rights to a civil case.
-
It doesn't take willful stupidity to be unaware of risks of the digital world, whereas it does take willful stupidity to think you can fly an airplane just like that (unless you're mentally retarded enough, or lived your whole life in a jungle or a test chamber without any exposure to the possible risks).
Really? It doesn't take willful stupidity not to notice that the images you transmit can be preserved with nothing more sophisticated than a camera and that this completely breaks the so-called security feature of the application?
Yeah, it doesn't. The fact that the recipient can save and distribute what you send to them doesn't give any reason to assume that the app itself is insecure. I could send you a nude photo of myself via the most encrypted and secure methods available and you can still leak it; those two things have nothing to do with each other.
I don't know why you keep bringing up the fact that the recipient can still save the photo, when that's not how the hack/leak happened (as you say yourself); the third-party app snatched the photos, not the recipients. The fact that people sent photos to people who could have saved and distributed them doesn't mean that the senders weren't aware of that, only that they (in all likelihood) were unaware that the app would silently hand them over to a third party as well. Those two things are not directly related.
-
Technically you could probably still claim copyright on those images though. Which does give you the rights to a civil case.
Correct. Victims can mount a civil case in both examples.
-
It doesn't take willful stupidity to be unaware of risks of the digital world, whereas it does take willful stupidity to think you can fly an airplane just like that (unless you're mentally retarded enough, or lived your whole life in a jungle or a test chamber without any exposure to the possible risks).
Really? It doesn't take willful stupidity not to notice that the images you transmit can be preserved with nothing more sophisticated than a camera and that this completely breaks the so-called security feature of the application?
Yeah, it doesn't. The fact that the recipient can save and distribute what you send to them doesn't give any reason to assume that the app itself is insecure. I could send you a nude photo of myself via the most encrypted and secure methods available and you can still leak it; those two things have nothing to do with each other.
I don't know why you keep bringing up the fact that the recipient can still save the photo, when that's not how the hack/leak happened (as you say yourself); the third-party app snatched the photos, not the recipients. The fact that people sent photos to people who could have saved and distributed them doesn't mean that the senders weren't aware of that, only that they (in all likelihood) were unaware that the app would silently hand them over to a third party as well. Those two things are not directly related.
But they are. This occurred because recipients captured images without the consent of the sender, a violation of SnapChats TOS, but something which SnapChat does nothing to prevent, obvious from the face of the app, resulting in a data breach.
My whole point here is that people using the app to send photos were stupid to assume they were in any way protected from further distribution because it's obvious from the simple fact that you can photo the screen that they were not, never mind the third-party tools available.
if you're trusting a security model you can break in seconds with a camera with transmitting images you lose control over, and you send images you don't want to be public, you ARE an idiot.
-
But they are. This occurred because recipients captured images without the consent of the sender, a violation of SnapChats TOS, but something which SnapChat does nothing to prevent, obvious from the face of the app, resulting in a data breach.
Well, I can only say that I see nothing of the sort said in either article linked to in this thread. All I see is that a third-party app captured the images without consent from anyone.
If you mean that this occurred because recipients were using the third-party app in order to capture the images without the consent of the sender and that app also shared them with a third party, then sure, that seems accurate (if that was the sole/main purpose of the app). But even then the fact that the recipients were able to capture the images have nothing to do with the app sharing them with a third party: if the purpose of the app would have been to add funny mustaches to pictures received (instead of capturing the images), then the end result would have still been the same, which means that the fact that the app offered recipients the ability to capture the images is irrelevant and didn't contribute to what happened.
Other than that, saying that "this occurred because recipients captured images without the consent of the sender" is obviously very misleading because it clearly implies that the recipients captured and released the images, which is not the case. Unless I've mysteriously missed something relevant from those articles, in which case I'd appreciate a quote.
-
I have always figured that, as long as society as a whole demands repercussions from people who's "compromising" photos have been released (firings, criticism, etc.) there ought to be repercussions for people who release such photos. On the positive side perhaps "celeb-gate" will convince people to stop persecuting working stiffs for having nudies that escaped onto the internet.
-
@zookeeper
I feel like you're drifting away from my point: that users have no expectation that their sent images are private because of the ease in which even a technically un-inclined recipient can capture them. It's blindingly obvious that your sent images can be captured and released by the recipient, and therefore you should have no illusions that data sent via Snapchat is secure from release.
The breach of private information occurred precisely because senders assumed recipients were not able to capture their images - despite what should be common sense - and sent compromising images. This was then exploited by recipients, who in turn were exploited by an app. All of this is the result of foolish people not doing their due diligence before using tech services.
@mars
See, I've always thought the limit of consequences to people who lose data should be the equivalent of calling them an idiot - only if this was predictable by any sort of common sense - and leaving it at that. the people who actually non-consensually release data should be subject to criminal consequences.
-
Really? It doesn't take willful stupidity not to notice that the images you transmit can be preserved with nothing more sophisticated than a camera and that this completely breaks the so-called security feature of the application?
I'm going to have to disagree with you there. You remind me of the comment I once read. "Why bother with needing a key to start your car? If a thief can break the security of your door locks, they surely can breach this layer too." Yes there probably are some snapchat users who trusted the security model you're complaining about to keep them safe but I think they're the equivalent of people who leave their car doors unlocked on the grounds that they think starter will defeat anyone trying to steal the car.
I suspect many if not most of the people who used Snapchat trusted the app as nothing more than additional layer of safety. Instead of simply sending the picture via email or whatsapp or some other method, they used Snapchat. If Snapchat deletes the image after x amounts of seconds, well that's just a bonus. The first and foremost layer of security was to simply not send pictures to someone who they wouldn't have sent nude pictures using some other method. In other words, someone they trusted.
So in the end we're down to a breach in trust that could have happened with almost any program. Would you blame the user if someone had been distributing a malicious copy of PGP that uploaded your emails to an internet server? Sure there are steps that a tech-saavy user could take to avoid exposure but we're talking about a program which has half its users in the 13-17 age range. Are we really going to start saying that people who actually took extra steps to keep their pictures safe are stupid because they didn't see a threat like this coming?
I have always figured that, as long as society as a whole demands repercussions from people who's "compromising" photos have been released (firings, criticism, etc.) there ought to be repercussions for people who release such photos. On the positive side perhaps "celeb-gate" will convince people to stop persecuting working stiffs for having nudies that escaped onto the internet.
At this point so many people are taking nude pictures that we really should be losing our 20th century view of it.
-
@zookeeper
I feel like you're drifting away from my point: that users have no expectation that their sent images are private because of the ease in which even a technically un-inclined recipient can capture them. It's blindingly obvious that your sent images can be captured and released by the recipient, and therefore you should have no illusions that data sent via Snapchat is secure from release.
The breach of private information occurred precisely because senders assumed recipients were not able to capture their images - despite what should be common sense - and sent compromising images. This was then exploited by recipients, who in turn were exploited by an app. All of this is the result of foolish people not doing their due diligence before using tech services.
Well... I think this is the exact point we've been arguing about. The breach of private information didn't occur because senders assumed recipients were not able to capture their images, it occurred because recipients assumed that the app they were using wouldn't compromise them - but it did.
I see no reason whatsoever to assume that the users didn't realize that the recipient could capture the images if they wanted to, or that they thought that pictures they send are "secure from release". I don't understand what would lead you to such a conclusion.
You still seem to be arguing basically that people were stupid for trusting another person with a compromising picture (because another person can obviously always copy and leak it), whereas I consider that a completely different thing from trusting a random piece of software with a compromising picture. There's nothing wrong with the former if you actually trust the other person, and for all we know, in this case they might have been perfectly trustworthy, regardless of whether they sought to get personal copies of the pictures received or not.
-
I suspect many if not most of the people who used Snapchat trusted the app as nothing more than additional layer of safety. Instead of simply sending the picture via email or whatsapp or some other method, they used Snapchat. If Snapchat deletes the image after x amounts of seconds, well that's just a bonus. The first and foremost layer of security was to simply not send pictures to someone who they wouldn't have sent nude pictures using some other method. In other words, someone they trusted.
Anecdotal evidence suggests otherwise; people trusted the rapid deletion as a security layer. Also, in one study from this summer, fully 46% of snapchat users were age 12-24, which just happens to coincide with the demographic least experienced with understanding the implications of private information becoming public.
we're talking about a program which has half its users in the 13-17 age range. Are we really going to start saying that people who actually took extra steps to keep their pictures safe are stupid because they didn't see a threat like this coming?
This is precisely what I'm arguing - they actually didn't take an extra step at all. SnapChat is no more secure than email; in practice, considerably less so considering that with email the users would not assume their naughty photos are going to disappear.
At this point so many people are taking nude pictures that we really should be losing our 20th century view of it.
Indeed. Of course, we should also be making people aware of the fact that nude photos these days come with a much higher risk of exposure. If people are OK with that, go nuts. If not... well, you might want to choose who you send it to and the means by which you send it a little more carefully.
@zookeeper
I feel like you're drifting away from my point: that users have no expectation that their sent images are private because of the ease in which even a technically un-inclined recipient can capture them. It's blindingly obvious that your sent images can be captured and released by the recipient, and therefore you should have no illusions that data sent via Snapchat is secure from release.
The breach of private information occurred precisely because senders assumed recipients were not able to capture their images - despite what should be common sense - and sent compromising images. This was then exploited by recipients, who in turn were exploited by an app. All of this is the result of foolish people not doing their due diligence before using tech services.
Well... I think this is the exact point we've been arguing about. The breach of private information didn't occur because senders assumed recipients were not able to capture their images, it occurred because recipients assumed that the app they were using wouldn't compromise them - but it did.
I'm going to venture a guess that the predominantly teenage users of this app operated on the assumption that recipients were not going to be able to capture their photos, which anecdotal evidence certainly indicates.
You still seem to be arguing basically that people were stupid for trusting another person with a compromising picture (because another person can obviously always copy and leak it), whereas I consider that a completely different thing from trusting a random piece of software with a compromising picture. There's nothing wrong with the former if you actually trust the other person, and for all we know, in this case they might have been perfectly trustworthy, regardless of whether they sought to get personal copies of the pictures received or not.
I'm arguing that people were stupid for trusting another person with a compromising picture because the application they chose to do it through promised its non-permanence, a philosophy a non-trivial number of people appear to have subscribed to. How many people would send their compromising photos knowing the user on the other end actually was capturing them?
It's going to be interesting to see if the full information is ultimately released and the mindset the users who have their data released will demonstrate.
Ultimately, I don't believe users should be given a pass for not understanding basic privacy principles around technology. Frankly, by giving people a pass and blaming corporations we encourage more complacency and lack of understanding on the part of users, which is not a good thing for privacy and technology generally.
Both this SnapChat release and Celebgate - though I don't suggest the celebrities acted inappropriately - should be gigantic teachable moments for people to learn two things:
1. If you put it on the Internet, it essentially will exist forever. You can never take it back.
2. The only person or thing that can ensure private information you do not want in public never makes it in public is YOU.
Lessons that frankly need to be taught in grade school these days.
IMPORTANT: I should also note that while no one has explicitly accused me of victim-blaming [yet], I don't think anyone who has their personal information released online is morally blameworthy in the act; that is different from saying they are behaviourally-responsible for the result of negligence (or, more colloquially, the author of their own misfortune). I can call someone an idiot for their actions while still recognizing they are not at fault on a moral level. No one deserves to have their privacy violated. I tend to agree with [law] Professor Eugene Volokh: http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/09/03/nude-pictures-hackers-advice-blame-freedom-and-timing/
-
I'm going to venture a guess that the predominantly teenage users of this app operated on the assumption that recipients were not going to be able to capture their photos, which anecdotal evidence certainly indicates.
I'm arguing that people were stupid for trusting another person with a compromising picture because the application they chose to do it through promised its non-permanence, a philosophy a non-trivial number of people appear to have subscribed to. How many people would send their compromising photos knowing the user on the other end actually was capturing them?
It's going to be interesting to see if the full information is ultimately released and the mindset the users who have their data released will demonstrate.
Certainly it would be interesting. My point was just that currently, we don't know what their assumptions were. Maybe most of them really thought that even a malicious recipient couldn't copy the picture, or maybe they understood the risk and took it consciously. Stranger things are known to happen, after all.
-
This is precisely what I'm arguing - they actually didn't take an extra step at all. SnapChat is no more secure than email; in practice, considerably less so considering that with email the users would not assume their naughty photos are going to disappear.
Again I'm going to have to disagree. I don't think it's much more secure than email but even if someone takes a screenshot they're left with what? A blurry copy of what they would have gotten had the person sent them an email instead. And in most cases, people don't take a screenshot so that message should be gone forever.
You're completely ignoring the "We've broken up and now he/she wants to use naked pics for revenge" aspect of this. If you've sent someone an email they can look back a few months or even years and get your pictures. Yes, someone might take a screenshot but that only occurs if the person you are sending the chat to is untrustworthy at the time. They can't get hold of those pictures at a later date unless they decided to break trust with you and save them at the time. And there is nothing you can do to stop someone doing that except for not giving them naked pictures. Sending by email is considerably less secure in this respect because you not only have to trust who the person is now, but also who they will become.
At least if you sent them over snapchat you have the advantage that you have proof whoever you sent them to was an untrustworthy scumbag at the time rather than posting revenge porn only after something went wrong in the relationship because of something you did (A favourite Revenge Porn excuse is "She, cheated on me so I don't have to keep my promise to not post her naked pics. An excuse which is somewhat undermined if you've saved naked pics that were supposed to have been destroyed." )
Basically though, your entire argument is based on the assumption that the people affected by this leak were using Snapchat to send content that they wouldn't feel safe sending by other means. And you haven't proved that in the slightest. I tend to be of the opinion that someone who would send a naked selfie on Snapchat would have just as used something else if they didn't have Snapchat.
Anecdotal evidence suggests otherwise; people trusted the rapid deletion as a security layer.
If you mean as an extra security layer over and above trusting the person you're sending naked selfies to, I'd agree with you and say that it's not wrong to do so. If you mean as an unbeatable security layer that will prevent someone from getting any of their snapchat content, well 2-3 minutes on Wikipedia would have proved that wrong.
The study also researched as to why people use the Snapchat application. The results suggested that Snapchat’s success is not due to its security properties, but because the users found the application to be fun. The researchers found that users seem to be well aware (79.4% of respondents) that recovering snaps is possible and a majority of users (52.8% of respondents) report that this does not affect their behavior and use of Snapchat.
So it's not trusted as an actual unbeatable security layer. Simply as an additional layer of security of lesser importance than trusting the person you're sending naked pictures to.
feel like you're drifting away from my point: that users have no expectation that their sent images are private because of the ease in which even a technically un-inclined recipient can capture them. It's blindingly obvious that your sent images can be captured and released by the recipient, and therefore you should have no illusions that data sent via Snapchat is secure from release.
And I think you're missing the counterpoint we're making which is that this was not the primary security model the users were trusting. What people trusted was that the people they were sending the pictures to wouldn't leak them. Expecting users to be aware that the image they are sending might be received by a 3rd party application instead of the Snapchat app, and that that 3rd party application might be maliciously saving those images is a completely different level of technical understanding than the simple one you're arguing about.
I tend to agree with [law] Professor Eugene Volokh: http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/09/03/nude-pictures-hackers-advice-blame-freedom-and-timing/
Now, the release of nude photographs isn’t quite in the same category as a brutal physical attack, but it’s still pretty bad stuff; and chiding the victim strikes me as similarly out of place there.
It’s not so much, I think, that the advice dilutes the blame imposed on the culpable party. Sometimes it might, but usually not.
Rather, it’s that the advice, framed as an observation of the victim’s mistake, dilutes the sympathetic outrage that we should be offering to the victim, and to those who empathize with the victim. Law-abiding, rights-respecting people expect other such people to condemn lawbreakers and rights violators, and to express sympathy for their victims. It is, I think, a social duty. It is a duty related to kindness, a sense of the community of the law-abiding, and norm reinforcement, not a duty stemming from law or even obligation to respect others’ rights. But some of our most important social duties fall in that category. The duty applies even if the victims exercised a bit more freedom than is wise under the circumstances. And turning the incident into an occasion to point to the victims’ errors weakens the force of this.
Vs
http://www.businessinsider.com/snapchat-hacked-the-snappening-2014-10
"I'll use a phone app to send pictures and videos that it says it will delete after a few seconds. I'll send compromising images of myself (whether or not underage) to other people because nothing could possibly go wrong." - SnapChat users.
"You are a ****ing idiot." - Everyone familiar with technology and security.
I despair for the future of humanity in a technological civilization. The pace of technology has exceeded the ability of human stupidity to cope with it.
To be honest, I can't see where you agree with him. Almost your entire argument on this thread is nothing but chiding the victim. Worse, you're chiding the victim for something that they probably didn't even do (expect snapchat to be secure).
I do agree that people (especially young people) need better education on the dangers of placing personal information and nude pictures on the internet but I don't think your argument helps that cause because despite what you claim, it is just victim blaming.
-
Stop with the negative waves MP.
Technology user != Technology specialist, man.
WOOF!
-
Basically though, your entire argument is based on the assumption that the people affected by this leak were using Snapchat to send content that they wouldn't feel safe sending by other means. And you haven't proved that in the slightest. I tend to be of the opinion that someone who would send a naked selfie on Snapchat would have just as used something else if they didn't have Snapchat.
The study also researched as to why people use the Snapchat application. The results suggested that Snapchat’s success is not due to its security properties, but because the users found the application to be fun. The researchers found that users seem to be well aware (79.4% of respondents) that recovering snaps is possible and a majority of users (52.8% of respondents) report that this does not affect their behavior and use of Snapchat.
So it's not trusted as an actual unbeatable security layer. Simply as an additional layer of security of lesser importance than trusting the person you're sending naked pictures to.
Nowhere have I said the first layer was not [misplaced, in the case of those people who are affected by the breach] trust in the people they were sending the pictures to not to capture them.
Your own cited stats - 20% of people were not aware that recovering snaps is possible. Extrapolating: 20% of 30 million users is six million people. Six million people who use SnapChat were not aware their snaps could be recovered - despite it being blindingly obvious. Of the 30 million users, 15.8 million people don't allow the fact that snaps can be recovered to affect their behaviour (this is of course, a loaded statistic since "not affecting beahviour" could mean they never would have sent risque snaps in the first place).
Six million people is not an insignificant number when we're talking about users who didn't consider the fact that their snaps weren't actually secure from capture - in other words, they relied on that security layer despite the obvious fact that it is NOT actually a security layer.
If you mean as an extra security layer over and above trusting the person you're sending naked selfies to, I'd agree with you and say that it's not wrong to do so. If you mean as an unbeatable security layer that will prevent someone from getting any of their snapchat content, well 2-3 minutes on Wikipedia would have proved that wrong.
Precisely. Apparently something roughly six million people didn't bother to check on.
And I think you're missing the counterpoint we're making which is that this was not the primary security model the users were trusting. What people trusted was that the people they were sending the pictures to wouldn't leak them. Expecting users to be aware that the image they are sending might be received by a 3rd party application instead of the Snapchat app, and that that 3rd party application might be maliciously saving those images is a completely different level of technical understanding than the simple one you're arguing about.
I believe the two go hand-in-hand. You're trusting that the person you're sending these images to won't capture them and can't capture them. Assumptions which in this case proved false - because clearly a number of recipients did violate that trust and bypass the 'security' offered by SnapChat, resulting in the breach.
To be honest, I can't see where you agree with him. Almost your entire argument on this thread is nothing but chiding the victim. Worse, you're chiding the victim for something that they probably didn't even do (expect snapchat to be secure).
I do agree that people (especially young people) need better education on the dangers of placing personal information and nude pictures on the internet but I don't think your argument helps that cause because despite what you claim, it is just victim blaming.
My argument is that victims were stupid - or more precisely, willfully ignorant of the risk at which they placed themselves - despite all the very good advice and information available to the contrary. Again, I think this is a teachable moment. I don't find the victims morally culpable for their mistakes, but rather that there was eminently great advice available for protecting themselves which people should continue to read now to protect themselves in the future. This argument is fully consistent with Volokh's views. The victims had the right to send private information to trusted recipients in the belief that it will be kept private and not be distributed; however, on the basis of the evidence of that, they should not have reasonably expected that that would be the case, and this is not a circumstance where sophisticated tech literacy was required to figure that out. That doesn't make it their fault, morally; that resides with the people who released the information. It does, however, and as I so ineloquently put it in the original post, make them ****ing idiots about privacy and technology.
So long as we give people a complete pass on taking easily available and very sensible advice about protecting their privacy (even though they have the right to believe it should be protected, despite the reality that it isn't), then the more privacy breaches we're going to continue to see. Part of crime prevention (though this probably wasn't a crime as the law currently stands, like I said earlier) is target hardening. It's an unfortunate necessity that looks an awful lot like victim-blaming, but it's the difference between saying "you are responsible for what happened to you" and "there were things you probably should have considered and people should consider in the future to protect themselves." I completely understand the desire to say "things should be this way because my rights are protected" but the reality is that some people just don't care, and therefore is reasonable that we take measures to protect ourselves.
Volokh's piece is entirely about that distinction.
Now where's my fireproof protective suit...
-
Rather than go point by point on this I think I'd better sum up what I'm talking about.
My argument is that victims were stupid - or more precisely, willfully ignorant of the risk at which they placed themselves - despite all the very good advice and information available to the contrary.
This here is what I object to. I'm quite happy for this to be used as a teaching example. I think people should be made more aware of the dangerous of malicious websites and apps.
What I have a problem with is that in this statement you basically claim that everyone affected by this leak was stupid. As far as I'm concerned this is not a sensible statement to make as it is built on a series of faulty assumptions.
You are attempting an argument that because users were willfully ignorant of the dangers of security flaw A (That you can easily circumvent the deletion of your photos) they were stupid to be affected by security flaw B (A complex phishing scheme). I'm sorry but I think there is a world of difference between "Be careful who you send naked pictures to cause they might try to keep them" and "Be careful that the person you send the pictures to isn't using a maliciously designed application or website which required some not inconsiderable amount of technical skill to set up in order to steal copies of your picture" The first might be pretty obvious but it doesn't follow that the latter is. If you want to make the argument that the phishing scheme itself was foreseeable, go for it. But please leave this nonsensical argument alone.
The data I posted suggested that the majority aren't ignorant of A and in fact simply don't care. Either because they don't send pics to people who would save them, or because they simply don't care if the recipient does save the image. I touched on this in passing earlier but you are completely ignoring the possibility that some people may use Snapchat for files they know the recipient is saving. They may simply have used it cause it was more convenient.
Basically, even if I accept the 6 million people you claim are ignorant as a fact, that still means that 24 million were not ignorant. Or more than 12 million even if you claim only those who didn't let the knowledge snaps could be captured affect their behaviour. Nor does it follow that the 6 million who didn't know were necessarily less careful about making sure that they sent pics only to people who could be trusted.
But yet you are claiming everyone involved was stupid. For doing nothing more than using an application to send a file to a computer which the recipient, through their own actions, had compromised. That could just as easily happen with email or Skype or pretty much any other method of sending data you care to name. By blaming Snapchat for this you actually dilute the message that people should beware of malicious apps as you make it quite clear Snapchat is the problem.