Yeah, anonymity is hard. I wonder if they even encrypt stuff they write to local storage.
Good to see that Snapchat got busted for their grand claims backed by weak implementations: http://www.ftc.gov/news-events/press-releases/2014/05/snapchat-settles-ftc-charges-promises-disappearing-messages-were .hc Josh Steiner wrote: > I'm noticing a pattern with these "private" apps: > > http://www.wired.com/2014/08/secret/ > > What a terrible design: > > Secret relies on the anonymity of the crowd to camouflage its users’ > identities. When you first install Secret, you can’t see any posts > from your social circle until you give the app access to your phone’s > contact list. Then the app checks all the e-mail addresses and phone > numbers on the list for current Secret users, and you start following > them. (You also can give it access to your Facebook profile for the > same purpose, though that route was not vulnerable to the hack). > > You must be following at least seven friends on the system before you > can see your friends’ anonymous posts. Even then, you don’t know who > among your contacts are using Secret: If you have 500 people in your > contact list, and 30 of them are using Secret, you won’t know which 30 > they are. A juicy secret posted by a “friend” could belong to any of > those 500 people. > > The problem is, your address book is under your control. And that’s > what Caudill and Seely used to their advantage. > > Caudill’s first step was to create a bunch of fake Secret accounts. > This is easy, because Secret doesn’t make you verify your e-mail > address or phone number. Caudill wrote a simple script to rapidly > create a pool of 50 accounts for his experiments, but he only needed > seven to meet Secret’s secret-sharing threshold. > > Next, he deleted everything from his iPhone’s contact list, and added > the seven fake e-mail addresses as contacts. When he was done, he > added one more contact: the e-mail address of the person whose secrets > he wanted to unmask—me. > > Then he signed up for another new Secret account and synced his > contacts. He now had a new, blank Secret feed that followed eight > accounts: seven bot accounts created and controlled by him, and mine. > Anything that appeared as posted by a “friend” logically belonged to > me. > _______________________________________________ > Guardian-dev mailing list > > Post: [email protected] > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > > To Unsubscribe > Send email to: [email protected] > Or visit: > https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info > > You are subscribed as: [email protected] > -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 _______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
