
Ephemeral Apps - Libertatea
https://www.schneier.com/blog/archives/2014/04/ephemeral_apps.html
======
mbesto
One of the more well known VCs in SV gave a talk two weeks ago and told a
story about when he met the founders of SnapChat two years ago. He asked them
"So, tell me honestly, are people using this app for anything but sexting?"
One of the founder replied "No, there are loads of cats too!" The VC asked
"Wait, how do you know there are cats too? Isn't everything deleted?" Needless
to say he passed on the investment.

~~~
oxryly1
That could be interpreted as being rather spooky. But it could also be a joke
based on word of mouth information.

And was it a wise idea to pass on that investment? Seems not...

~~~
mbesto
He mentioned he passed (and passed on Secret as well) because he doesn't want
to invest in anything that makes it easy for children to be destructive to
each other. Let's put it this way, he's not hurting for deal flow and
investments.

~~~
amirmc
That seems like flawed reasoning. It'd be better to teach kids to be
reasonable human beings irrespective of the medium of communication. If kids
want to be destructive to one another, they will be (people can be just as
cruel over FB as they can on an anonymous site).

------
garrettgrimsley
>Lavabit was a small secure e-mail service, with an encryption system designed
so that even the company had no access to users' e-mail.

This isn't exactly accurate, and so the comparison doesn't work.

Lavabit always had the capability to read a users email.[1] Snapchat has, and
does, retain Snaps.

If Snapchat instead generated a public/private keypair and used those to sign
and encrypt Snaps before they left a user's phone then whether or not Snapchat
retained the Snap but hid it from the user would not matter.

There are other issues, like end users recording the Snap. Also, while the
central service would not be able to retain the content of your Snap metadata
would be available to them.

>We need ephemeral apps, but we need credible assurances from the companies
that they are actually secure and credible assurances from the government that
they won't be subverted.

Given the current climate, this strikes me as rather foolish. Further, who is
to say that the next head of state will not breach the assurances of the last?
We should design services so that trusting the operator is a non-issue.

[1] [http://www.thoughtcrime.org/blog/lavabit-
critique/](http://www.thoughtcrime.org/blog/lavabit-critique/)

------
pdevr
There will always be people who want privacy, regardless of whether their
intention is good or bad. On the other hand, regulators and rulers will always
want to know as much as they can.

The privacy seekers will come up with innovations to bypass the existing
privacy breaking techniques. They will work for a while, before the regulators
clamp down on them.

This will be a cat and mouse game going on forever. On a positive note, some
of these innovations have changed the world in a positive way.

~~~
marcosdumay
The government should not be your enemy. If people want privacy, they ough to
just tell the regulators that, and those regulators shoud work on making it
so.

If the real situation isn't like that, it's a different problem, requiring a
different kind of action, and just developping some new tech won't help.

------
junto
Schneier links to a post by Danah Boyd [a], who outlines two very interesting
tactics for 'privacy control' on Facebook, that teens are using today:

1\. "Super-Logoff": Where you deactivate your Facebook account when you log
off, so that all wall posts, likes, tagging no longer works.

2\. Purging posts: Where you systematically purge posts and likes a few days
after making them. This lets friends see what is currently on your mind, but
they can't refer back to it 2 years later.

[a] [http://www.zephoria.org/thoughts/archives/2010/11/08/risk-
re...](http://www.zephoria.org/thoughts/archives/2010/11/08/risk-reduction-
strategies-on-facebook.html)

------
lucastx
His website has a new design. Nice.

~~~
couchand
At first I was convinced it was a phishing attack of some sort. Bruce Schneier
with a new website? Waaaah!?

------
higherpurpose
"Ephemeral" messages, the way Snapchat does it, is useless against
surveillance and possibly even other kind of hacking later on if the company
is actually saving the content on its servers. Perfect forward secrecy is a
_much_ better way to have "ephemeral" conversations, even if the encrypted
data remains stored.

Adding self-deletion on top of that just makes it slightly better in case
someone wants to decrypt those messages later, even though it should be an
almost impossible task.

So if apps want to offer safe conversations for users, they should first
implement end to end security and perfect forward secrecy either with OTR or
TextSecure's protocol. If they want to add self-deletion on top of that mainly
as a marketing feature, that's fine, but it shouldn't be the main priority.

~~~
drdaeman
PFS doesn't help if one of the parties is leaking information. And, I guess,
in case of Snapchat, [at least most] leaks are from the participating users,
not the service.

No amount of crypto would prevent malicious party from picking up a camera and
taking a photo of the screen.

------
mathattack
Ephemeral apps seem to be ideal for insider trading too. Send an ephemeral
message on your mobile phone, and nobody is the wiser. (Banks have
tremendously rigours retention policies to keep track of things like this)

~~~
fizx
Isn't BBM ephemeral?

~~~
mathattack
I don't think so. I'm under the impression that records are kept there
indefinitely.

------
andrewflnr
I clicked because I thought this was going to be about actual apps that delete
themselves. I was a bit disappointed to find it was about ephemeral
_messaging_ apps.

------
VLM
"are on the rise"

Yes, on the rise. I see a lot more supposedly private photos from those
services on /r/gonewild and 4chan and the like than ever before. Oh wait,
perhaps by on "the rise", he meant there are more gullible users incorrectly
thinking they're ephemeral, not the actual outcome of a trend of more
"ephemeral" messages becoming permanently archived and publicly displayed.

