Hacker News new | past | comments | ask | show | jobs | submit login
Snapchat Employees Abused Data Access to Spy on Users (vice.com)
128 points by jmsflknr 32 days ago | hide | past | web | favorite | 46 comments

I understand that centralized systems are much more efficient than P2P when it comes to high bandwidth communication. But as of today, it would be possible to create a completely decentralized Snapchat (signed ephemeral videos that are shared between two parties). The routing would be the only non-trivial component of this, but it could be solved with a DHT. Why do we continue to trade convenience for privacy? Such a solution would protect from most third parties, including government requests.

As someone without much knowledge of implementing decentralized communication, am I missing some knowledge, or is it solely lack of interest?

What happens when one peer doesn't have internet access for a moment and a snapchat is delivered at that moment? How do you build "retries" into a decentralized infrastructure? If no server is storing the content, couldn't someone fill up my phone storage simply by sending me videos repeatedly? The infrastructure forces my phone to instantly download the content, because no one is paying for storage of it before it gets routed to me right?

These are genuine questions because I don't understand everything either

Have the receiving phone send an acknowledgement message back and if the sender's phone doesn't get one after a few seconds, show a "{name} failed to receive your message. Maybe they're offline." dialog. Allow the sender to try again later.

I like this idea and the features being brainstormed in the thread a lot

It wouldn't make sense for your phone to be part of a P2P network. It's only connected to your radio tower, and not really anything else.

Also, you could define a maximum file limit size, and at that point your phone would be considered backed up, and then if no other route is found, the transfer is cancelled after a certain timeout.

>It wouldn't make sense for your phone to be part of a P2P network. It's only connected to your radio tower, and not really anything else.

That is only a software bug.

I’ve been thinking about a Pi Zero W w LoRa acting as a wifi bridge between the smartphone and the Pi and the Pi uses LoRa for the P2P portion.

Well, these days a lot of phones are part of P2P networks such as BitTorrent, so that's not a blocker.

>How do you build "retries" into a decentralized infrastructure?

Heartbeat pings to contact list, cached at senders end until recipient is ready and offer aliased nodes as a feature so multiple devices can act as a RAID array for an identity, both at senders end and recipients.

> What happens when one peer doesn't have internet access for a moment and a snapchat is delivered at that moment?

The video will be on the sender's device until the recipient confirms that they have received a 100%. So this prevents a phone storage clogging situation.

> The infrastructure forces my phone to instantly download the content, because no one is paying for storage of it before it gets routed to me right?

Yeah, that would be accurate. There could be intermediaries that charge low prices to cache snaps for you so you didn't have to download it ASAP, but that would negate the ephemeral nature built into Snapchat)

The users of Snapchat don't know about this so how would they know to stop using it because of it?

One big reason is battery life. I don't want my mobile device to have to rely on the reliability of another party to transmit. If the other party can't receive at the moment, my phone has to do a lot of work to figure that out and periodically retry sending in a graceful fashion. With a server I am guaranteed that as long as my phone has connectivity, my message will eventually be received, and it only takes as much energy as it takes for me to send it to the server.

Fair point. This problem could be alleviated by @InflatableDodo's comment of using other nodes (devices) on the network to cache the video, so even if the sender went offline, another node could make the connection with the recipient when they are both online. Sort of like seeding a torrent, except in this case, the video gets wiped upon confirmed receipt.

Of course, this is more viable if this gains a large network.

You can have e2e encryption and authentication in centralized systems, p2p is not really needed for it. See Signal for example.

> but it could be solved with a DHT

I think that tox is the solution to what you are asking for.

Agreed, I think I made the leap to decentralization primarily for resilience. Tox looks great, I'm gonna try it out, thanks!

> Why do we continue to trade convenience for privacy?

I think there's a big misconception about privacy rights in America. I think a lot of people believe the government is actually allowed to collect otherwise private information, and that it's important they do so. I think this causes people to become complicit in giving away their information because they don't feel they have any choice, which allows people to become willfully ignorant, which makes it easy for the private sector to do the same.

Tldr, the government is setting a precedent where we shouldn't care about our privacy.

Value (valuation) is proportional to cashflows and decentralized systems have decentralized cashflows

most people wouldn't understand or care about the benefits and P2P is inherently more fragile and complex to program than server-client

I’ve heard early (~2008) Facebook employees bragging about this type of thing. They used to specifically look at who was looking at other people’s pages (aka “stalking” them). They were absolutely doing this for purely personal reasons and thought it was cool enough to brag about it at parties.

What is always strange is how everyone expects the default is this Not happening. People are often bored and nosy and if given the opportunity, they will spy on each other. All primates do this.

well… clearly employees Should Not do this.

Here's what you aren’t seeing, if I may: Consumers see the end product. They intuit rules based on what they see. I only see pictures and videos sent to me, and then they are gone. From this their mental model becomes No one can see media that is not sent to them, and the media is gone after it has been seen. This is strikingly different from the way a developer at Snapchat models the world: We run a big warehouse full of data and media. We present this media to users based on logic that prevents arbitrary non-admin users from seeing others' content and from experiencing that content repeatedly. Oh, and we should eventually get around to writing that cronjob to delete old media. And once we rule the world, we can spend time playing with end-to-end encryption, maybe.

People aren’t stupid (mostly). They are just ignorant (in the literal sense). They are extrapolating in a way that makes sense in a physical world but not in the digital world.

The clearest analogy is that of actual dice vs. video gambling or the virtual spinner in a free-to-play game. With actual dice, what you see is what you get: fair odds. But that virtual wheel is 'weighted' to end on the worthless prize right after the jackpot space nearly every time.

yet again the excuse is made, in defense of abusing data access privileges, that ... "logging isn't perfect"

Just a few days ago, I read about how Facebook fired employees who were using internal data to stalk women. I am going to assume this is the case for all social media:


Complying with legal requests, fighting child pornography is not optional. Unless you are of course Mastodon etc.

I don’t understand the article it quotes unnamed “former” employees who might very well could have been the ones who got fired for improper access.

If SnapChat is storing anything, they have to be sitting on one of the biggest collections of underaged nudity in the world. I've never figured out how they get around that problem without the FBI being at their throat.

Can you explain your statement about Mastodon? I’m out of the loop on that one

i think the implication is that a platform need not police its content if it is truly p2p and not actually storing or responsible for the content on it. with mastodon, the company is not running the servers people connect to in order to use mastodon, iirc.

Rumour is Snapchat is one of the world's biggest repositories of child porn, and they don't do much about it because it's mostly sent by the children themselves and core to their business.

I would estimate 100 million pictures of underage genitals go in or out of Snapchats account on Google servers every day.

Google nearly kicked them off the platform for it, but money spoke too loudly...

Of course they did.

paulcole 32 days ago [flagged]

Really shocked by the allegations. Has any unethical behavior like this ever happened in a Silicon Valley startup before? Would there have been any way to see this coming?

You're more than welcome to express an opinion about patterns of unethical behavior, but you'll have to do it much more substantively and thoughtfully than this. We've asked you many times to please increase the information in your posts—could you please try?


Uber and their "God Mode"/"God View" comes to mind. E.g.: https://www.forbes.com/sites/kashmirhill/2014/10/03/god-view...


> the good Uber is doing

(Edit: seems I'm a victim of Poe's Law. Oh well. In case anyone is sincerely wondering, I've left the below. Not sure I agree w/ such unmarked sarcasm though; I think there are a good number of people in SV trying to act ethically w/ consumer data.)

You're kidding me, right? I have nearly an opposite impression of Uber as a company:

Uber's self-driving car killed a woman while the human was not paying attention at the wheel[1]; IDK what the end result of this was, but at the time it was scandalous for a. the driver not paying attention and b. the car not noticing the human basically at all, until it was basically about to make impact. (Whatever sensors/sensor processing was happening failed entirely. IIRC, the Lidar company basically stated their stuff would have seen the human, and it was Uber's software that ignored that signal. The NTSB investigated it, but IDK what the resolution was.)

There was a long history of sexual workplace harassment scandals ("In August 2018, Uber agreed to pay a total of $7 million to 480 workers to settle claims of gender discrimination, harassment and hostile work environment."[3]; the former CEO resigned over similar allegations).

There's been numerous reports of them skirting or flat out ignoring the law in many jurisdictions.

The incident where a driver refused to service someone with a service animal.

Allegations over their treatment of drivers (that they're mislead in how much they can earn; that they're banned for even the slightest of transgressions; their classification as contractors and not employees, but they're not allowed to set their own rates by logging when the price isn't worth their while[2]).

The Greyball thing[3]:

> Uber developed an internal software tool called Greyball, which uses data collected from the Uber mobile app other means, to avoid giving rides to certain individuals. The tool was used starting in 2014. By showing "ghost cars" driven by fake drivers to the targeted individuals in the Uber mobile app, and by giving real drivers a means to cancel rides requested by those individuals, Uber was able to avoid giving rides to known law enforcement officers in areas where its service is illegal.

[1]: https://www.theguardian.com/technology/2018/mar/19/uber-self...

[2]: https://www.theregister.co.uk/2019/05/20/lyft_uber_surge_pri... (not sure if this is the best source)

[3]: https://en.wikipedia.org/wiki/Uber#Criticism

[4]: https://en.wikipedia.org/wiki/Poe%27s_law

Both of his posts are sarcastic.

Stronger audit controls are the way to go for deterring this kind of abuse. Having an audit log of all privileged access, and having a different department review it (employee X accessed user Y's data, which LE request was this for?) isn't necessarily a huge burden: LE requests aren't frequent enough to justify not doing this.

This post really needs a /s on it for full effect.

I think without an /s it acts as a great sieve, sorting between the idealists and the cynics. Personally, I got the satire right away (cynic).

Wasn't the ability to access Facebook users' profiles one of the (unofficial?) perks of working there in the early days?

Also, the CEO of Reddit was caught editing user comments. https://www.reddit.com/r/announcements/comments/5frg1n/tifu_...

Certain subreddits have changed their "edit" button to "spez" to remind people of this abuse.

They should have deleted their subreddits and move else where after that...

There's no other site with the large community that reddit has

I think the other comments under you are evidence of something like Poe's Law at work.

"Would there have been any way to see this coming?"

Stuff like this is pretty much guaranteed to happen in places that sit on a lot of data. The only question is whether it get noticed and then published.

Not sure why you're surprised. Startups often don't have much in the way of insider controls for data in their database at launch. Debugging production issues when you don't have root can be pretty inconvenient. Employees are trusted and insider threats tend not to be part of the threat model until they have more employees and more to lose.

But Snapchat has been around a while and clearly does have some internal controls over this. Not good enough, apparently.

Luckily Snapchat isn't in SV so the record of zero unethical behavior in SV remains in tact.

I think Hacker News should start displaying "(duh)" at the end of headlines about things that should have been obvious, or which could safely be presumed in lieu of evidence to the contrary.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact