[MP-Ryan]

http://www.businessinsider.com/snapchat-hacked-the-snappening-2014-10

"I'll use a phone app to send pictures and videos that it says it will delete after a few seconds.  I'll send compromising images of myself (whether or not underage) to other people because nothing could possibly go wrong." - SnapChat users.

"You are a ****ing idiot." - Everyone familiar with technology and security.

"LULZ! Gotcha!" - 4chan and the collective assholes of the Internet.


Seriously, did anyone think this could possibly end well?  Revenge porn is becoming a serious social problem, ****ing GOVERNMENTS can't keep top-secret data safe and secure (nor Apple and Google, which are practically private governments), and you're going to trust compromising/nude images of yourself to a ****ing phone app because it promises they'll be deleted?

I despair for the future of humanity in a technological civilization.  The pace of technology has exceeded the ability of human stupidity to cope with it.

[InsaneBaron]

Double facepalm.

[zookeeper]

http://www.businessinsider.com/snapchat-hacked-the-snappening-2014-10

"I'll use a phone app to send pictures and videos that it says it will delete after a few seconds.  I'll send compromising images of myself (whether or not underage) to other people because nothing could possibly go wrong." - SnapChat users.

"You are a ****ing idiot." - Everyone familiar with technology and security.

"LULZ! Gotcha!" - 4chan and the collective assholes of the Internet.


Seriously, did anyone think this could possibly end well?  Revenge porn is becoming a serious social problem, ****ing GOVERNMENTS can't keep top-secret data safe and secure (nor Apple and Google, which are practically private governments), and you're going to trust compromising/nude images of yourself to a ****ing phone app because it promises they'll be deleted?

I despair for the future of humanity in a technological civilization.  The pace of technology has exceeded the ability of human stupidity to cope with it.

I'll play the devil's advocate here a bit:

The article said nothing of the content beyond "4chan users say the collection of photos has a large amount of child pornography". Yeah, if you snatch 100000 pictures then there might be a "large amount" of that, but nothing indicates that the users of the service in general have somehow been careless or stupid. All it takes is a handful of people out of what, hundreds or thousands?

The idea of "omg people are ****ing idiots" is generally sound, but you can't jump to that conclusion from the fact that someone hacks or breaks into an image service and probably finds something compromising of someone there.

[Sololop]

http://www.businessinsider.com/snapchat-hacked-the-snappening-2014-10

"I'll use a phone app to send pictures and videos that it says it will delete after a few seconds.  I'll send compromising images of myself (whether or not underage) to other people because nothing could possibly go wrong." - SnapChat users.

"You are a ****ing idiot." - Everyone familiar with technology and security.

"LULZ! Gotcha!" - 4chan and the collective assholes of the Internet.


Seriously, did anyone think this could possibly end well?  Revenge porn is becoming a serious social problem, ****ing GOVERNMENTS can't keep top-secret data safe and secure (nor Apple and Google, which are practically private governments), and you're going to trust compromising/nude images of yourself to a ****ing phone app because it promises they'll be deleted?

I despair for the future of humanity in a technological civilization.  The pace of technology has exceeded the ability of human stupidity to cope with it.

I'll play the devil's advocate here a bit:

The article said nothing of the content beyond "4chan users say the collection of photos has a large amount of child pornography". Yeah, if you snatch 100000 pictures then there might be a "large amount" of that, but nothing indicates that the users of the service in general have somehow been careless or stupid. All it takes is a handful of people out of what, hundreds or thousands?

The idea of "omg people are ****ing idiots" is generally sound, but you can't jump to that conclusion from the fact that someone hacks or breaks into an image service and probably finds something compromising of someone there.

My take on the whole situation is, if the majority of people are ignorant to the security of software, they would rely on the corporations to make the software secure. An app as large as snapchat being used on say an iPhone 6, the average user would consider that quite secure, and really, overall, I don't see a problem with that mindset.

I don't think the majority of technology users are "****ing idiots" because that isn't fair. The majority of technology users I feel just don't understand how their own technology works, therefore are ignorant to the security issues that come with them. I have good friends who couldn't tell me what a router is, but are by no means idiots of any sort.

[MP-Ryan]

I have good friends who couldn't tell me what a router is, but are by no means idiots of any sort.

They're idiots if they can't tell you what it is, yet knowingly and willfully use it despite documented flaws in the way it protects privacy without bothering to gain any basic understanding of any associated risk.  However, I'd venture a guess that your friends understand that a router connects their devices to the Internet and potentially exposes their data to the Internet, and therefore manage their affairs accordingly, which makes them not idiots at all.  To use a non-tech analogy: if you attempt to fly a plane with no training and no understanding of how it works but an ample body of evidence that planes flown improperly crash and kill their occupant, then you are absolutely an idiot.  It's not forgiveable ignorance, it's willful stupidity.

This data breach isn't actually SnapChat being hacked (which is why I put it in quotes), in which user loss of data is most certainly not their fault.

This is the result of a massive flaw in SnapChat's security model that has been documented since it was first released - namely that, despite SnapChat's claim that images are deleted, there is absolutely nothing preventing a receiving user from capturing the images the sender transmits to them other than their integrity and goodwill.  Not only is it open to technological exploitation - in the form of third-party apps - it's open to behavioural exploitation.... in the form of a camera aimed at the damn screen, an understanding that anyone with a brain in their skull should grasp by simply looking at the app.

As I put it on twitter earlier today - if you stand around naked in public, you shouldn't be surprised if someone takes pictures of you.  If people use the app to send compromising images despite these obvious and well-known vulnerabilities in the supposed "privacy protection model" (they don't make quotes big enough for that phrase) in SnapChat, and then are surprised/dismayed if/when those images are suddenly available in public, then I absolutely reserve the right to label them ****ing idiots.

My earlier point is that technology and its ubiquity have eclipsed the human capacity for good sense regarding personal protection.  The fact that anyone over the age of 10 can look at SnapChat uncritically as a secure means of transmitting images is unbelievable.

[AtomicClucker]

In computers, there's no such thing as a "secure" box.

Then again, I strikes me as silly when people expect a company to be fool proof. If the stupid fiascos over nude celebrity photos should be an example, you don't store your private pics of privates on the cloud.

If people really want to be "secure," either they can overwrite their data so it's completely unreadable or do the physical job and break the hard drive with a hammer and burn the platters.

[Ulala]

This is why people should only use Polaroid photos and snail mail to send nudie pics.

[MP-Ryan]

In computers, there's no such thing as a "secure" box.

Then again, I strikes me as silly when people expect a company to be fool proof. If the stupid fiascos over nude celebrity photos should be an example, you don't store your private pics of privates on the cloud.

If people really want to be "secure," either they can overwrite their data so it's completely unreadable or do the physical job and break the hard drive with a hammer and burn the platters.

The celebrities were victims of an actual criminal act.

This is different.  This is a case of people willingly using a program, despite some very large and very well-documented security holes in it that can be figured out simply by visually observing the application and being familiar with the concept of a camera. Are the third-party exploits a little more technical?  Sure.  But the principle is the same - it relies on the goodwill of the recipient.  There's no actual security, just inconvenience.

All use of the Internet is an exercise in risk management.  That's what I'm really venting about - some people are unwilling to manage their risk appropriately, then scream and cry when a perfectly predictable breach occurs.  The celebrities had a reasonable expectation that their personal data was secured based on the security model of Apple and Google's storage - that those models turned out to be flawed, despite the documented model is not their fault.  SnapChat users most assuredly did NOT have a reasonable expectation that their personal images/video were secured, simply on the basis of how the app works.  They didn't manage their risks appropriately.

Perhaps a better summary:  http://www.bbc.co.uk/news/technology-29569226

[zookeeper]

I have good friends who couldn't tell me what a router is, but are by no means idiots of any sort.

They're idiots if they can't tell you what it is, yet knowingly and willfully use it despite documented flaws in the way it protects privacy without bothering to gain any basic understanding of any associated risk.

What documented flaws are you talking about? You make it sound like people who don't patch a security issue they don't know about in their router are idiots, which is probably not what you meant.

However, I'd venture a guess that your friends understand that a router connects their devices to the Internet and potentially exposes their data to the Internet, and therefore manage their affairs accordingly, which makes them not idiots at all.  To use a non-tech analogy: if you attempt to fly a plane with no training and no understanding of how it works but an ample body of evidence that planes flown improperly crash and kill their occupant, then you are absolutely an idiot.  It's not forgiveable ignorance, it's willful stupidity.

But everyone knows that you can't fly a plane safely without training, because nothing gives you the impression that flying planes is something everyone can do anytime, whereas computers, smartphones and apps all are clearly aimed for everyone without any stated requirements. Trying to fly a plane without training makes you an idiot because everyone knows that you know that it's dangerous, whereas the obviousness of a gadget or app which you're allowed, asked and encouraged to use being dangerous due to risks it doesn't mention on the tin is on a completely different level.

It doesn't take willful stupidity to be unaware of risks of the digital world, whereas it does take willful stupidity to think you can fly an airplane just like that (unless you're mentally retarded enough, or lived your whole life in a jungle or a test chamber without any exposure to the possible risks).

P.S. It seemed like a third-party website claiming to be a front-end to Snapchat was to blame, not anything on the receiving end.

[Flipside]

Thing is, once upon a time you learned the world wasn't to be trusted in a way that could usually be kept moderately quiet, you learned that humanity contained assholes through things like bad teachers, unfaithful partners, dodgy bosses etc.

In these more Global environments, that lesson really needs to be learned before people possess technology that allows them to capture and transmit images of themselves.

People went with something like Snapchat because they were attempting to be aware of the digital security risk, but didn't consider the human security risk.

As for the 'underage' images, well, I can't speak for something I have not, and do not desire to see, but considering the entire term 'under aged' can vary from country to country and even state to state, I'd like to know what standard it is being judged by before making any assumptions.

[Dragon]

P.S. It seemed like a third-party website claiming to be a front-end to Snapchat was to blame, not anything on the receiving end.

If it's so, then it's just an age old phishing trick. If you're going to use something like Snapchat, you'd better make sure you use Snapchat and not "Snap-Chat" or "S.Napchat" or any dodgy 3rd party front-end site.

[Bobboau]

As for the 'underage' images, well, I can't speak for something I have not, and do not desire to see, but considering the entire term 'under aged' can vary from country to country and even state to state, I'd like to know what standard it is being judged by before making any assumptions.

most likely the universal standard, the American one

[Scotty]

The celebrities were victims of an actual criminal act.

This is different.

I'm not convinced this is the case.  Leaving aside the victim-blaming "people should know better" position, this is still clearly a criminal violation.  If someone walks into your house in the middle of the day because you left it unlocked, it's not breaking and entering but it's still sure as hell trespassing.

[MP-Ryan]

What documented flaws are you talking about? You make it sound like people who don't patch a security issue they don't know about in their router are idiots, which is probably not what you meant.

It was an analogy about SnapChat, not actually meant to discuss the security of modern routers, dude.

whereas the obviousness of a gadget or app which you're allowed, asked and encouraged to use being dangerous due to risks it doesn't mention on the tin is on a completely different level.

It doesn't take willful stupidity to be unaware of risks of the digital world, whereas it does take willful stupidity to think you can fly an airplane just like that (unless you're mentally retarded enough, or lived your whole life in a jungle or a test chamber without any exposure to the possible risks).

Really?  It doesn't take willful stupidity not to notice that the images you transmit can be preserved with nothing more sophisticated than a camera and that this completely breaks the so-called security feature of the application?

P.S. It seemed like a third-party website claiming to be a front-end to Snapchat was to blame, not anything on the receiving end.

It's a third-party tool that allowed users to log into SnapChat through it and thereby save incoming images.  In short - it's a highly automated extra camera snapping pictures of your screen, a security flaw that was completely predictable, especially because SnapChat's only means of deterring third-party app use was via the terms of service.  That tool then appears to have transmitted people's images to a server.

The flaw remains the same - you are using a tool (SnapChat) that relies wholly on the goodwill of people you are transmitting the images to to ensure they are never released.  There's no actual security model, which is patently obvious, and anyone who had personal information compromised as a result is quite frankly the author of their own misfortune.  If you send personal information over the Internet in a medium that is insecure on its face without control over how it's used, then it shouldn't be shocking when it is misused.

The celebrities were victims of an actual criminal act.

This is different.

I'm not convinced this is the case.  Leaving aside the victim-blaming "people should know better" position, this is still clearly a criminal violation.  If someone walks into your house in the middle of the day because you left it unlocked, it's not breaking and entering but it's still sure as hell trespassing.

Funny story - this actually isn't a criminal violation.  At least, not by the person who received and ultimately compromised the photos.  It's the same reason most revenge porn is not illegal - images consensually sent are not protected by criminal law from distribution in a manner not intended by the sender.  Basically, when you transmit information you give up control over it.  While the third-party app's storage of the photos it captured for the recipient could potentially be a criminal wiretap/intercept, that wholly depends on the way it's usage rights were set out when people used it to sign in to SnapChat.  That's what makes this so different from the CelebGate mess - this wasn't actually a hack.  Quite probably there wasn't anything criminal about it.  It's just someone exploiting the idiocy of potentially a lot of other someones.

Which is why I'll repeat myself:  if you transmit your information over a service that has a broken security model on its face, you'd better be damned sure you're OK with the public release of that information.

[karajorma]

Technically you could probably still claim copyright on those images though. Which does give you the rights to a civil case.

[zookeeper]

It doesn't take willful stupidity to be unaware of risks of the digital world, whereas it does take willful stupidity to think you can fly an airplane just like that (unless you're mentally retarded enough, or lived your whole life in a jungle or a test chamber without any exposure to the possible risks).

Really?  It doesn't take willful stupidity not to notice that the images you transmit can be preserved with nothing more sophisticated than a camera and that this completely breaks the so-called security feature of the application?

Yeah, it doesn't. The fact that the recipient can save and distribute what you send to them doesn't give any reason to assume that the app itself is insecure. I could send you a nude photo of myself via the most encrypted and secure methods available and you can still leak it; those two things have nothing to do with each other.

I don't know why you keep bringing up the fact that the recipient can still save the photo, when that's not how the hack/leak happened (as you say yourself); the third-party app snatched the photos, not the recipients. The fact that people sent photos to people who could have saved and distributed them doesn't mean that the senders weren't aware of that, only that they (in all likelihood) were unaware that the app would silently hand them over to a third party as well. Those two things are not directly related.

[MP-Ryan]

Technically you could probably still claim copyright on those images though. Which does give you the rights to a civil case.

Correct.  Victims can mount a civil case in both examples.

[MP-Ryan]

It doesn't take willful stupidity to be unaware of risks of the digital world, whereas it does take willful stupidity to think you can fly an airplane just like that (unless you're mentally retarded enough, or lived your whole life in a jungle or a test chamber without any exposure to the possible risks).

Really?  It doesn't take willful stupidity not to notice that the images you transmit can be preserved with nothing more sophisticated than a camera and that this completely breaks the so-called security feature of the application?

Yeah, it doesn't. The fact that the recipient can save and distribute what you send to them doesn't give any reason to assume that the app itself is insecure. I could send you a nude photo of myself via the most encrypted and secure methods available and you can still leak it; those two things have nothing to do with each other.

I don't know why you keep bringing up the fact that the recipient can still save the photo, when that's not how the hack/leak happened (as you say yourself); the third-party app snatched the photos, not the recipients. The fact that people sent photos to people who could have saved and distributed them doesn't mean that the senders weren't aware of that, only that they (in all likelihood) were unaware that the app would silently hand them over to a third party as well. Those two things are not directly related.

But they are.  This occurred because recipients captured images without the consent of the sender, a violation of SnapChats TOS, but something which SnapChat does nothing to prevent, obvious from the face of the app, resulting in a data breach.

My whole point here is that people using the app to send photos were stupid to assume they were in any way protected from further distribution because it's obvious from the simple fact that you can photo the screen that they were not, never mind the third-party tools available.

if you're trusting a security model you can break in seconds with a camera with transmitting images you lose control over, and you send images you don't want to be public, you ARE an idiot.

[zookeeper]

But they are.  This occurred because recipients captured images without the consent of the sender, a violation of SnapChats TOS, but something which SnapChat does nothing to prevent, obvious from the face of the app, resulting in a data breach.

Well, I can only say that I see nothing of the sort said in either article linked to in this thread. All I see is that a third-party app captured the images without consent from anyone.

If you mean that this occurred because recipients were using the third-party app in order to capture the images without the consent of the sender and that app also shared them with a third party, then sure, that seems accurate (if that was the sole/main purpose of the app). But even then the fact that the recipients were able to capture the images have nothing to do with the app sharing them with a third party: if the purpose of the app would have been to add funny mustaches to pictures received (instead of capturing the images), then the end result would have still been the same, which means that the fact that the app offered recipients the ability to capture the images is irrelevant and didn't contribute to what happened.

Other than that, saying that "this occurred because recipients captured images without the consent of the sender" is obviously very misleading because it clearly implies that the recipients captured and released the images, which is not the case. Unless I've mysteriously missed something relevant from those articles, in which case I'd appreciate a quote.

[Mars]

I have always figured that, as long as society as a whole demands repercussions from people who's "compromising" photos have been released (firings, criticism, etc.) there ought to be repercussions for people who release such photos. On the positive side perhaps "celeb-gate" will convince people to stop persecuting working stiffs for having nudies that escaped onto the internet.