Top secret messages sent via Confide might not be so secret after all

Nervy constituents! Prying newspapers! Always wanting to find out what politicians are up to, who they’re talking to, and what they’re saying!

No wonder politicians (and their whistleblowing staff) have flocked to message-erasing app Confide.

It’s like Snapchat for professionals who want to keep their discussions on the down low: it automatically erases all conversations, uses a version of the end-to-end encryption used by bigger rivals such as Signal, Telegram, WhatsApp, Facebook Messenger, and a growing list of others, and avoids its rivals’ susceptibility to having messages screenshotted by hiding them until the recipient moves a finger or cursor over each line of text.

Sounds great if you want to keep your job and/or keep voters from turning into angry mobs, eh?

Well, unfortunately, there has arisen a pin, and it just might be bubble-popping time.

The bubble-popper is a class action lawsuit filed in New York on Thursday that claims that Confide drops the ball on two components of its touted confidentiality: ephemerality and screenshot protection.

What Confide says it does: prevents screenshots on most platforms it runs on, swapping in a gray box for a screenshot, if possible. If it’s not possible to do that, Confide’s makers say that its “patent-pending reading experience” restricts what recipients can see to “a sliver” of the message. Like so:

What Confide actually does, according to the lawsuit (see below): allegedly let both Windows and Mac users of the desktop app toggle the settings so they can take a screenshot of the entire message, along with the sender’s name. Here’s a screenshot, cited in the lawsuit, that shows a fully visible representation of a text message and the sender’s name on both platforms:

The lawsuit also claims that Confide’s desktop app fails to give senders a heads-up when screenshots are taken of their messages, “ensuring that the sender continues sending confidential or otherwise sensitive information, pictures, or videos”.

And that “sliver” feature? The one that should only show somebody a wee bit of the message at a time? Looks like Confide never turned it on in the desktop versions, the lawsuit alleges.

A user of the mobile app may think the confidentiality is working just fine, since they only see a sliver of text at a time. But there’s no way for them to know if they’re sending messages to somebody who’s using the mobile version or the desktop app, the suit claims, and thus, there’s no guarantee that their messages won’t be captured, along with their names.

This isn’t the first time that problems have been found with the Confide app. In March, multiple critical vulnerabilities (PDF) were found that could have led to malicious attackers hijacking a session and impersonating a participant, learning the contact details of all or specific Confide users, inserting themselves into a conversation and decrypting messages; or tweaking the contents of a message or attachment in transit without having to decrypt it first.

The researchers said that Confide quickly fixed the holes. Confide, for its part, told Recode and other publications that the class action lawsuit is a pile of bunk. Jon Brod, Confide’s co-founder and president:

The accusations set forth in the complaint are unfounded and without merit. We look forward to responding to this frivolous complaint and seeing this case swiftly thrown out of court.

Let’s hope there’s more than a sliver of a chance that the suit’s claims are bunk. Nobody’s going to feel sorry for politicians trying to cover their tails who then get caught out by an app that doesn’t do what it says it will.

But there are also whistleblowers out there who use Confide. If you’re one of them, it would be wise to err on the side of caution and assume the suit has merit.

In other words, just like you hopefully tell your kids not to take off their clothes when they take Snaps – those so-not-ephemeral images that can come back to haunt them – consider the strong possibility that your confidential messages are anything but.

Auman v. Confide – Filed Complaint by April Glaser on Scribd