Facebook to fill with (more!) kittens in Wickr’s message-hiding scheme

Top of Form

Bottom of Form

Imagine you’re the founder and CEO of a secure messaging app.

One day, your daughter starts pestering you to use – shudder! – Facebook, whose privacy policy just happens to give you hives, given that it requires users to sign away ownership of their content.

What do you do?

If you’re Nico Sell of Wickr, you slap some kittens on top of photos as decoys.

You let users upload their private images to Facebook, but you use a cute take on the censor’s pencil to obscure the image and carve a more private, kitten-shrouded space into the world’s largest social network.

With Wickr’s newly launched, private, timed feed – known as WTF – users can create photo albums that last just 24 hours.

Only people selected by the Wickr user can view the images. To everybody else, Facebook will just look even more kitten-filled than normal.

Given that Facebook itself won’t be able to see past the kitten to whatever image is lurking beneath, it can’t collect data for target-marketing purposes.

Facebook has granted Wickr access to its application programming interface (API) in order to link WTF to its users profiles. Here’s a YouTube video with Wickr’s demo.

Why the hard line against Facebook?

Sell told The Guardian that she wants to shield her daughter and other Wickr users not just from Facebook; in fact, she has issues with plenty of other messaging apps’ privacy policies:

If you read Facebook’s privacy policies, or those of WhatsApp, Snapchat, Instagram, Skype or Twitter, with all of them you’re granting control and ownership of whatever you post on that site to the service. We’re now seeing people’s Twitter photos being put on billboards without them getting paid. I think those people don’t need to, or don’t want to, lose this control of ownership of their baby pictures but they don’t realize its happening.

Wickr calls itself a “fun, anonymous end-to-end encrypted messaging app” that allows users to share text, photos, and videos, which can be drawn on, rated by friends, or stuck with stickers.

It’s hard to avoid all the services promising secure messaging that have sprung up in the wake of surveillance revelations: the list includes RetroShare, ChatSecure, Cryptocat, TextSecure, Signal, Silent Text, Telegram, TextSecure, Threema and even a specialized mobile device called the Blackphone.

Sell says that the difference between the bigger messaging companies and Wickr lies in the placement of encryption in the messaging chain.

From The Guardian’s interview:

The difference between us and what the big companies are doing is that they are encrypting messages between a device and their servers, whereas we are doing it device to device. So, we don’t know who our users are, who they’re talking to or what they’re saying. We can’t hand that information over: we don’t have it.

Besides the idea of secure messaging, the notion of so-called vanishing apps is another hot privacy-related topic.

Users are advised to exercise caution despite Wickr’s claims, particularly in the wake of finding out that Snapchat’s supposedly disappearing images don’t actually disappear.

Hopefully, Wickr’s lack of data retention on its servers will offer some degree of privacy, but bear in mind that it’s really easy to capture a screenshot of an incoming message, or even to snap a picture of it with another phone.

And if phone X takes a picture of phone Y’s screen, then no data retention policy in the software on phone Y can get control back over the image now stored out of reach on phone X.

The same old well-worn advice – don’t share anything online that you wouldn’t want to see published elsewhere – still holds true with Wickr.

Though it must be said: this obfuscation-through-kittenification scheme seems like a good way to keep Facebook postings from going viral in dangerous and destructive ways.

Private photos hidden by kittens – do you think it sounds promising?


Via: sophos

Save pagePDF pageEmail pagePrint page

Leave a Reply

Your email address will not be published. Required fields are marked *