Thursday, February 27, 2014

Your Own Cone of Silence

In his reviews of equipment and software, Hiawatha Bray often reveals easily overlooked implications and issues. He never says outright, "Privacy is such a sweet, quaint and obsolete illusion" but raises questions. There is a reason I make it a point to only share good news that I would be happy to have seen by anyone. Bray says the popular-with-youth "Snapchat, a photo-sharing app... erases each picture after it is viewed. While computer forensics experts with special software might be able to retrieve the photos, for the average user, they are gone." Don't you think today's "special software" used by computer forensics experts, will be in the hands of "the average user" in the blink of a digital eye? Think before you hit "Send!"

Below is the text of the entire article. If you click here, you can see it on the Boston Globe website with a three-minute video of Mr. Bray sharing related information.

tech lab
When our messages vanish, privacy gets a better chance
Hiawatha Bray; Globe Staff; February 27, 2014
The text message from my sister in New York was innocent enough, but it was nobody else’s business. I won’t repeat it here. Indeed, I can’t; it vanished a minute after I read it.
Rosemary and I were using Telegram, an instant-messaging service conceived by a couple of Russians and based in Berlin. Telegram features a “secret chat” setting that automatically destroys your text messages, whether on your phone, or your friend’s.
Suddenly, people are rediscovering the value of privacy. You remember privacy, right? We were quite fond of it until the Internet came along. Then we started handing our personal data to anybody who promised us free e-mail service.
Log onto Google, and every keystroke and mouse click gets recorded and analyzed, in a bid to sell us stuff. Place a phone call and the time, the place, and the number you’re calling are likely being filed away inside a giant database at the National Security Agency.
At last, millions of us are having second thoughts and would like some of our privacy back.
Are these apps as secure as they claim? The developers certainly make all the right noises.
Telegram aims to meet this need with its vanishing chat feature, and it’s got lots of company. There’s also Confide, which only displays incoming texts when you touch the words on the screen, and Wickr, a cool app with a “Mission: Impossible” trick — your messages can self-destruct after 10 seconds.
Privacy lovers were alarmed last week when Facebook agreed to pay $19 billion for WhatsApp, an instant-messaging program with 465 million users. WhatsApp’s privacy policy is pretty good, and Facebook says it won’t make any changes, but many WhatsApp users were skeptical, and began looking elsewhere for security.
Facebook, which mines gold from the personal data of 1 billion users, is famously willing to change its privacy policies in search of a few more dollars. The company settled a complaint from the Federal Trade Commission that it deceived consumers about how their personal data was being shared.
So it’s no surprise that demand for ultra-private alternatives to WhatsApp is surging. On Monday, Telegram, which is free, said it had picked up 8 million new users in the days after Facebook’s acquisition of WhatsApp.
Telegram, along with similar apps like Wickr and Confide, may be tapping into a growing global distaste for the constant monitoring of our digital lives.
But are these apps as secure as they claim?
The developers certainly make all the right noises. Indeed, they are so confident of how bulletproof their systems are they dare hackers to break in. Telegram, for example, publishes an encrypted Telegram message every day and promises $200,000 to the first hacker to decode it. Wickr offers a $100,000 prize to successful hackers.
Still, no software can ever be considered absolutely secure. For instance, one hacker got $100,000 from Telegram for finding a serious software flaw (though he didn’t manage to decode the message).
There’s another problem with these privacy apps — getting your friends to use them. Despite the rising popularity of ultra-private messengers, still relatively few people rely on them. Also, the apps are not compatible with one another. A Telegram user can’t send a message to a Wickr user, and so on.
Still, any one of these apps could catch on with remarkable speed. Less than three years ago, two Stanford University students developed Snapchat, a photo-sharing app that erases each picture after it is viewed. While computer forensics experts with special software might be able to retrieve the photos, for the average user, they are gone. It sounded nuts at the time. But now, 77 percent of the nation’s college students use Snapchat at least once a day.
Snapchat proved that people are hungry for truly private digital communications, and the booming popularity of Telegram shows they want privacy for their text messages as well as photos.
Telegram has a super-secret mode in which the sender switches on a self-destruct timer that will delete the entire contents of a message after a fixed time — a week, a day, or in as little as 2 seconds.
Although Telegram can protect against government or corporate snoops, it’s not much help against your friends: a smartphone’s screenshot feature can make copies of Telegram messages, or you could use a different phone to shoot a photo of the screen. So this app is best used with people you fully trust.
A much simpler secret messenger, Confide, is designed to be screenshot-proof. A free app available only for Apple Inc. iOS devices, Confide delivers text messages that look like a declassified CIA file with the words blacked out — in this case, every word. To see a word, stroke the blacked out portion with your finger. Lift your finger and the word disappears.
This clumsy reading method prevents a recipient from taking a screenshot of the message. If he even tries, the sender is notified. And when a recipient closes the Confide message, it disappears forever.
Wickr, also free, offers a lot more features than Confide. You can transmit photos, videos, and audio as well as text; the Apple version can also exchange PDF documents. It links to services such as Dropbox, letting you easily forward files to a friend. It even has a feature that scours your phone’s flash memory to ensure that deleted files are really deleted.
A simple fingertip control lets you decide how long your message will survive: as long as five days, or have it self-destruct 15 seconds after it’s opened. And while you can use the phone’s screenshot function to capture incoming texts, Wickr makes it tough to copy photos, by using the same trick as Snapchat. You must touch an on-screen icon to display a picture, making it very difficult to activate the screenshot command at the same time.
But if it’s absolute privacy you are after, consider going back in time — to good old-fashioned snail mail delivered to an anonymous post office box. And if you must have technology, maybe you can take a page from Maxwell Smart from the old TV spy show “Get Smart” and demand your own Cone of Silence.
Hiawatha Bray can be reached at

No comments: