Sophos Cloud Optix
Slingshot is Facebook’s “disappearing” image answer to Snapchat – the the app that got away.
As readers probably know, Facebook liked the idea of disappearing images a whole lot.
A lot, as in, the all-cash, $3 billion deal with which it tried to buy Snapchat last autumn.
It’s not hard to see why: content that disappears promises a brave new world of repercussion-free posting: sexting without the fear of sextortion, posting things that otherwise could get you fired, boasting about your gang’s felonies without posts getting used in court documents, that sort of thing.
Yes, Facebook wanted its users to experience that unfettered life – and to post way more because of it.
But Snapchat turned up its nose at the offer. So Facebook said fine.
Then, it went off and cooked up its own version.
Facebook launched its take on Snapchat’s purportedly ephemeral picture messaging app, Slingshot, on Tuesday.
Slingshot has more going on than Snapchat when it comes to getting users engaged in messaging back and forth.
But one thing that Slingshot and Snapchat do have in common is nothing to stop recipients from capturing supposedly disappearing content by grabbing screenshots or taking photos of your snaps with other cameras.
Things I’d like to know:
Is there any way of preventing recipients from taking screenshots of Slingshot messages?
Huffington Post’s Bianca Bosker writes that Snapchat’s creators, for their part, have tried to discourage the practice by tattling on anyone who takes a picture of someone else’s snap.
Bosker reports that it’s worked, at least in her circle of Snapchatters, where screenshotting a Snapchat message is perceived as being similar to reading someone else’s text messages when she leaves for the bathroom:
It's feasible, but freaky and in poor form.
Unfortunately, if it’s feasible, it will happen, regardless of peer pressure.
Relying on recipients’ etiquette to refrain from screenshotting is in no way a technological barrier.
On the recipient’s device, will images be encrypted? Will they be stored in memory and implicitly disappear when viewed, as opposed to “hidden” in a directory?
Snapchat assigned the extension .nomedia to filenames – a standard Android marker that told other apps to ignore the file, to not index it or thumbnail it, to refrain from adding it to galleries, or the like.
Also, Snapchat added a record to its own database to say that the image should be treated as though it doesn’t exist.
None of those ploys stood up to computer forensics, which managed to find those “disappeared” files just fine.
In May, Snapchat agreed to a settlement with the US Federal Trade Commission (FTC) over its hazy relationship with user privacy and the fact that it fibbed about those images that “disappear forever.”
We don’t yet know how Facebook will go about making images supposedly depart this world and flit off to digital heaven.
I sent my questions to Facebook who responded with this statement from Rocky Smith, Slingshot Engineering Lead:
Slingshot is for sharing everyday moments with all of your friends at once, not a way to send sensitive information. We don’t see it as a messaging app but instead closer to a feed full of spontaneous moments.
Slingshot’s data use policy says this:
Viewing and Dismissing Shots. Once you view and dismiss a shot, you can no longer view it in the app. If you react to a shot before you dismiss it, the original shot will appear with your reaction. Also, shots and reactions can no longer be seen in the app 30 days after being sent even if they haven’t been viewed or are unlocked and marked to view later.
Hopefully, Facebook has learned from Snapchat’s mistakes and constructed a service in which content truly does go up in a puff of smoke, leaving no trace.
There’s no way to stop people from screenshotting your images on Snapchat, or Slingshot.
So, with that in mind, I’d suggest following the same advice that Naked Security offered with regards to Snapchat: if you don’t want to risk an image being in circulation forever, consider not even taking it in the first place.
And, if you’d like to keep up to date on all our Facebook-related news, why not like the Naked Security page on Facebook
Just thinking out loud, any files/images downloaded and displayed are normally temporarily stored in a folder somewhere. If you know where, you can save that elsewhere – even if the application is designed to prevent screen grabs! (Some are, many aren’t and it’s down to the OS whether you can save anything like that.) But even that doesn’t stop you getting your digital camera out and taking snapshot of the screen showing the little blighters misbehaving. So then it can’t ‘disappear’ unless you deliberately wipe it, but they can’t do that because it’s your snap!
Not that I’m encouraging such bad behaviour in the first place.
You can’t do anything to prevent a user from photographing the screen with a separate camera, but it is perfectly possible to prevent screenshots in mobile operating systems. It is typically done for DRM reasons, so for example if you start watching a film in Netflix, and then hit the screenshot button, you will find that it does not work.
Also, it would not be hard to design a system where the images are encrypted under local storage, and only decrypted when they are viewed. Once the encryption key is overwritten then the cached file in storage is useless to anyone, so there would be little concern if a malicious user or virus got hold of it. The encryption keys for each file can be more strongly protected inside the application sandbox, which is easer to do as the files are small.
Of course I have no idea if Facebook have actually done any of this, or if they have just taken the easy route, and hacked together something that looks nice but is insecure. Considering Facebook’s usual attitude to user privacy, I would consider the latter more likely.
It is just best to live by the mantra “If you don’t want everyone to see it don’t share it.” Once you put it in bits and send it over a network it is there for the world to see.