Our lives online come with perils, whether from the NSA checking up on our digital communications, or the possibility of the wrong e-message going viral. Twitter, Facebook, Google, Instagram, and other social networks have collected all sorts of personal data about us, where we’ve been, what we’re saying, what we like, and our friends.
No wonder the idea of ephemeral messages—such as those sent via Snapchat and other services—is beginning to resonate, attracting lots of startups who want to service that very need.
In addition to Snapchat, other “disappearing message” services include Wickr, Frankly, Leo, and Silent Circle. Others are rapidly coming online. Given the widespread paranoia over our digital communications, is this the future of peer-to-peer networks?
My friends and I recently began using some of these apps, believing it would give us more expressive freedom. I tried out Leo, a self-destructing message app, and received a notification from Carlos Whitt, the app’s founder—he sent me a selfie to show off his new haircut; he followed that up with a photo of the Twitter holiday party, then another of him waiting in line at airport security.
Why did Whitt bother with building this app, given all the other companies intensely interested in disappearing messages? His answer took the high road: “When I started my last company, I just wanted to build a company. Now I want to build something that influences the lives of people in my life, and where I can see the connections grow.”
Nor is he concerned (at least in public) with monetizing his software. “I have no plans of introducing features with the goal of connecting people for making money,” he told me. “Most people only have remote ideas on how to make money, the right way is to focus on the consumer experience with the goal of bringing people closer together. Snapchat has done that, using ephemeral data to bring people together in real life.”
Whereas Snapchat is built around the idea of one-on-one communication, Leo’s focus is group conversations. “My college friends, when we left college, we created a Yahoo groups mailing list, we’d use it 30 times a month, sending random emails and to hang out,” Whitt said. “It started to drop off and now [I] turned them to Leo, we are now hanging out again and sharing photos regularly.”
Is It a Real Business?
When Snapchat appeared in September 2011, everybody joked that its primary customers were sexting teenagers. But the audience soon expanded way beyond that demographic, to the point where its founders felt comfortable turning down a $3 billion acquisition offer by Facebook. But the company still isn’t profitable yet. Are disappearing messages a viable business?
That hinges on whether the messages disappear as promised. Concerns have emerged over the past few months about Snapchat’s security, especially after hackers leaked 4.6 million usernames and phone numbers online.
Joseph Lorenzo Hall, chief technologist at the Center for Democracy & Technology, suggested that Snapchat isn’t doing a very good job of making online communications truly ephemeral. “Snapchat seemed slow to respond (if not unresponsive) to researcher and hacker findings of flaws in their product,” he said. “Privacy and security are exceedingly important aspects of communication tools and Snapchat doesn’t appear to take them seriously.”
Snapchat isn’t the only company wrestling with data leaks, of course. In addition to hackers and other bad actors snooping around databases, the NSA and other government agencies have reportedly tapped into the world’s biggest tech firms and communications networks. If that wasn’t enough, carriers have been negligent in addressing vulnerabilities that allow hackers to gain control of SIM cards. It’s a scary world out there.
Malicious sorts aside, even the most secure disappearing-message apps face some vulnerabilities. First, there’s the screenshot problem: the receiver can take a screenshot of the disappearing message and share it.
Second, there’s the server issue. Hall suggested that, so long as apps store keys or any data on a server, even disappearing messages are vulnerable to snooping from the NSA and other entities: “Snapchat stresses to not send sensitive stuff over the service. Finding your friends on the service requires an exchange of keys.” Hall mentioned Wickr, an app that doesn’t see a key as part of its end-to-end encryption: “The whole idea that you need to carve out a place online that you can be silly and that it won’t be memorialized online. We don’t have to engineer for this when silly becomes embarrassing.”
In the wake of Edward Snowden’s leaked documents, he added, there’s feverish debate over how to prevent such infrastructure snooping by government entities—and how to make people aware that their data is vulnerable: “Certain people argue that to make a hardened Internet, the infrastructure needs to be encrypted by default. It’s hard to get people to think about security and safety. Very few people know that the lock in the browser means the session is encrypted. This means when you send email, you are sending a glorified postcard.”
Technology Behind Privacy Promises
Jules Polonetsky, executive director and co-chair of the Future of Privacy Forum (and an advisor to the creators of the Frankly app), is optimistic about messaging: “Technology can empower us.”
Frankly co-founder Steve Chung goes a step further, suggesting that texting is becoming “the prime way of communicating, especially for the younger demographic.” But texting, he added, will need to evolve in order to meet that future: “SMS has been trapped in this 160 character format, restricted by carrier standard. Your phone changed from being a phone with an antenna; it has become a supercomputer in your pocket.” Messaging services around the world are tiptoeing into gaming, social networking, emojis, video chat, and anything else that will earn them more customers.
Like Whitt, Chung doesn’t seem concerned with monetization at this point: “Our biggest challenge is to get critical mass of users.” He points out how his competitors are generating revenue: Whatsapp charges users a dollar a year; Japanese messaging service Line sells emoticons and emojis; Kakao publishes games. Still other messaging services go with that old standby, advertising.
Ephemeral messaging, Chung thinks, should serve as the default for everyone, especially those concerned with security. He suggested that, because messages sent via his service disappear, they’re secure from law enforcement: “Say a week later the FBI comes, we can’t hand it over because there is no record of that in the world… we can’t do it on something that is sent.”
In theory, however, a government agency with a warrant could order a company that stores and traffics disappearing messages to hand over a text or photo before it’s opened (and thus destroyed) by the recipient. For example, law-enforcement entities have hit Snapchat with “about a dozen” search warrants for unopened Snaps since May 2013.
Warrants aside, messaging services attempt to protect themselves by encrypting as much data as possible. “We hash data on the client side and send it to the server, store it hashed; it is [encrypted] the entire way,” Whitt said. “If the FBI came and looked, they’d see a 20 character [string]. There’s some data like people’s names, profile photos—we hold onto that securely, that data is not [hashed]—beyond that there isn’t much interesting they could get that.”
In search of better security, the tech industry is moving beyond disappearing messages to vaporizing hardware, with researchers exploring Vanishing Programmable Resources (VAPR) that decompose when the messages are no longer needed. IBM is building self-destructing messages for DARPA; Honeywell is researching substances that can crumble after completing tasks; and Xerox is looking into materials that disappear after receiving an electronic signal.
But in a world of densely interconnected networks, is that even enough? It was much harder for an “old school” text (much less a snail-mail letter or telegram) to go viral: now a screenshot of a Snapchat can rocket around the world before the sender can finish drinking a Coke. How do we escape a world that embraces technology that records our words, our faces, our bodies, our location, and our thoughts?
We understand that risk; we want technology that mitigates it. But I’m not sure these messaging services are as secure as their marketing claims—I’ve already deleted Snapchat, and I’m spending more time on Leo and Frankly. You’ll have to decide—and ultimately trust—for yourself.