For an app known mostly as a way to distribute pictures of genitals, Snapchat has a sort of strange relationship with the idea of privacy.
Yesterday on Snapchat’s blog, Micah Schaffer explained that unopened Snaps have been turned over to law enforcement under the requirements of the Electronic Communications Privacy Act.
"Since May 2013, about a dozen of the search warrants we’ve received have resulted in us producing unopened Snaps to law enforcement," Schaffer wrote. "That’s out of 350 million Snaps sent every day."
Given the deluge of stories of warrantless searching by the NSA, it’s actually kind of nice to know that someone in law enforcement still goes through the trouble of getting a search warrant. And it’s not hard to imagine scenarios when law enforcement has a legitimate reason to want to access a Snap—you don’t even have to imagine, really.
As Motherboard’s Meg Neal covered, one way to defend your privacy from the prying eyes of government goons or worse is through messages with a limited shelf life before they self-destruct. Services like Silent Circle’s "Burn Notice" and the similarly named "Burn Note" promise to make your messages disappear after a predetermined time.
In form they sound a lot like Snapchat, but if those apps are successfully doing what they purport to at all, they’re different. Even before publicly announcing that they turn over Snaps to law enforcement, Snapchat was going to give you away.
And while you can’t see pictures that were sent to people other than yourself, it’s easy to discover who your friends Snap at. As Nicholas Carlson explained at Business Insider, you just go to your friends list in the app, and hit your friend’s name and a list of their BFFs pops up—his was his wife and also a guy named Jay, whose relationship with Carlson is never explained.
And that’s not a hack or anything. It’s just how the app works. If you need to unfriend your parents, or if you’re a parent who needs to unfriend your kids, go ahead, I’ll wait.
Not only is Snapchat weirdly open about who you’re chatting with, with a minimal amount of trickery, Snapchat’s vanished videos and images can be recovered. Snapchat’s privacy upside—the fleeting nature of its content—is more of a mild inconvenience if you need to recover an image you already viewed for evidence, blackmailing, or whatever reason.
In May, Forbesreported that a forensics examiner named Richard Hickman had figured out how to recover opened Snapchats off of a device and his firm was going to offer this service for $300-$500 a device.
If you’re cash strapped, you can always just do it yourself by following the instructions in this Youtube video by a guy named Nick. The video isn’t even six minutes long and he figured out how to recover Snap videos while on his lunch break.
Thing is, Snapchat isn’t trying to make crypto-software; they admitted as much in a blog post from May that described how their service works, and noted that, "It’s not impossible to circumvent the Snapchat app and access the files directly." That's before they're opened, and even after they're gone, Snapchat knows they're still around:
... if you’ve ever tried to recover lost data after accidentally deleting a drive or maybe watched an episode of CSI, you might know that with the right forensic tools, it’s sometimes possible to retrieve data after it has been deleted. So… you know… keep that in mind before putting any state secrets in your selfies :)
Snapchat’s “deleting” isn’t the same thing as “wiping,” by their own admission. Nor does it go through the trouble of encrypting files as it deletes them, like privacy software would. Really, once its sent, the Snap exists.
After the summer of Snowden, yesterday’s revelation was more surprising because of the restraint mentioned—they came with warrants!—rather than the fact that Snapchat complies with law enforcement. Sure, Snapchat didn’t disown the idea that the NSA could have “back door” access somewhere—but then, Snapchat didn’t mention the NSA at all.
In spite of people using it for their privates, Snapchat isn’t privacy software. When a company warns you that its product isn’t for state secrets, it’s definitely best to listen, even the advice is followed by an emoticon.