Quantcast
Image: Lia Kantrowitz

The Motherboard Guide to Sexting Securely

Louise Matsakis

Louise Matsakis

These are the basic steps you can take to protect yourself while sending and receiving explicit pictures, videos, and messages online.

Image: Lia Kantrowitz

Once we attached cameras to computers, people predictably started sending each other nudes over the internet. Research now indicates the majority of Americans are sending and receiving explicit messages online: 88 percent of the 870 people who participated in a 2015 Drexel University study said they’ve sexted.

But there’s evidence that our messages are being seen by more than just the people they’re intended for. Nearly 25 percent of sext recipients say they’ve shared messages with someone else, according to a 2016 study that polled nearly 6,000 single adults.

It’s not just shitty significant others passing around nude photos to their friends. Poor cybersecurity can also cause sexts to end up in the wrong hands. In 2014 for example, hackers stole and then leaked over 500 explicit images of mostly female celebrities. The infamous hack was reportedly executed by phishing the victims and exploiting a flaw in iCloud. Similar hacks have continued to happen.

It’s often incredibly painful for someone to have their most intimate images and messages made public or shared with people they were never intended for. Acts of so-called revenge porn—when abusers share explicit photos and videos of their former partners—have serious emotional consequences for victims. The majority of US states now have some form of law against revenge porn.

Thankfully, there are steps you can take to make sexting safer. Before I get to it, it’s worth saying that there’s no such thing as 100 percent secure sexting. Sending and receiving explicit messages over the internet is always going to have some level of risk associated with it.

There are plenty of people who will rush to say that you should never sext, and blame those who face negative consequences for participating in the behavior in the first place. That’s not realistic or helpful advice. As long as you’re proactive and take steps to mitigate the risks, it’s perfectly fine to send and receive sexts with partners you trust.

There’s also no perfect solution that works for everybody. Nearly all of the experts I spoke to stressed that there’s not a single application or website that can be relied upon by everyone who wants to sext. What you ultimately choose to do depends on what you’re worried about.

In order to design a sexting plan, you’ll have to do a little “threat modeling,” or deciding what data you’re trying to protect and from whom. For example, are you most concerned about your nudes being leaked by a hacker, or spread by a former partner? Depending on the answer to questions like these, the apps and solutions you decide on will be different.

Before I get specific, there are a couple of best practices everyone should follow, regardless of your threat model. It’s also important, no matter what solution you choose, that you’re practicing good digital security generally. If you want a refresher on basics like choosing a secure password, you can check out Motherboard’s comprehensive guide to not getting hacked.

A quick warning: If you’re a minor, don’t send photos or videos of yourself naked to anyone, under any circumstances. It’s possible you or your partner may face legal consequences, even if you send photos or videos of yourself consensually.

Get consent and make a plan

No one in the history of the internet has enjoyed receiving an unsolicited dick pic. Before you start sexting, get explicit consent from your partner. Don’t just agree that you’re both comfortable with swapping nudes, also decide on the digital aspects of the arrangement.

“It’s important to remember to set the privacy and security rules before you engage in sharing—discuss how long images can be kept, where they can be stored, how long to retain chat history, and who has access to your devices,” independent cybersecurity expert Jessy Irwin told me in an email.

Make sure to also set clear expectations with your partner, and don’t assume they plan to abide by the same practices as you without asking. “Clear communication and consent is critical. If you expect your partner to delete your photos after looking at them, make sure they know that, and check in with them to make sure they're doing it,” Jacob Hoffman-Andrews, a technologist at the Electronic Frontier Foundation told me in an email.

Be wary of identifying details

Before you send a sext, consider whether you want to include identifying details like your face, tattoos, piercings, birthmarks, decorations (like posters), and furniture. It’s more secure to leave these details out of the photo in the first place, rather than blur them later. It’s not impossible to recreate blurred portions of images.

“Making sure that one’s face is obscured, or that identifying features like tattoos, piercings, clothing, and even home furnishings are out of the frame is important because if they are covered or out of frame, they can’t be used to identify you if the image is made public,” Irwin told me.

Turn off services that automatically backup photos

If you use iCloud Photo Library or Google Photos, your images and videos are automatically being synced to a library in the cloud, meaning they don’t just live on your device. Under normal circumstances, syncing can be a convenience, like if you lose your phone for instance.

But if you’re sexting, it’s an added security risk for your photos to auto-sync to the cloud. The feature is in part what allowed hackers to steal hundreds of nude celebrity images during the 2014 iCloud hack.

It’s also worth noting that if you have a passcode on your iPhone, the contents of your phone are encrypted and thus difficult to access without the passcode. But iCloud itself can be accessed by Apple because the company retains encryption keys for the service.

“Unless you use a strong, unique password and have set up two-factor authentication wherever possible, avoid using cloud-based apps that allow you to log in with a username and password from any device,” Irwin told me.

Here’s how to turn syncing off. On an iPhone, go to Settings > Photos > iCloud Photo Library. There, toggle the feature off. On Google Photos, go to Settings > Accounts > Accounts & Sync. Then uncheck the account you want to unsync.

Wipe your photos clean of EXIF data

Every time you snap a photo on your smartphone, something called EXIF data is embedded into the image file. Some of the information encoded is fairly benign, like what kind of camera you used.

But EXIF data also includes the precise location a photo was taken, which is potentially dangerous if you’re sexting with someone you don’t know well, or if you’re uploading explicit photos to a public website. By looking at the EXIF data, a sexting partner can potentially know exactly where you’re located.

"People should be very aware of EXIF data, which stands for Exchangeable Image File. This is a sort of data that is often stored on JPEG, RAW, and TIFF image files. It includes geolocation (if enabled), precise date/time photo was taken, and a host of technical information,” Joseph Jerome, a lawyer working on the Privacy & Data Project at the Center for Democracy and Technology told me in an email.

Thankfully, it’s fairly easy to remove this information from an image before you share it. On an iPhone, you will need a third-party app to complete the process, such as ViewExif. The app is an iOS extension, so you can use it without needing to leave the Photos app. It lets you strip the metadata from an image, and save the new clean version right to your Photos app. That way, a sexting partner will be unable to know where you are.

If you are uploading nude photos to a third-party image hosting site, some—but not all—automatically strip EXIF data, but it’s best if you do this yourself.

Choosing the right application for your threat model

Deciding which app is right for your threat model is a crucially important part of practicing safe sexting. Make sure you choose an application that you don’t normally use to communicate with friends and family. “To avoid accidental breaches of privacy, the most important thing that people can do to protect themselves is to limit photo or intimate video sharing to its own app,” Irwin told me.

If you’re worried about state-sponsored snoops or your sexts being stolen by hackers, you’ll want to choose an app that’s end-to-end encrypted, meaning only the people who are sending and receiving messages can view them. Neither the app’s developers, nor the government, can intercept or decrypt the messages.

The free messaging app Signal is a good choice. It’s considered to be one of the most trusted secure messaging apps by cybersecurity experts. If you’ve never used Signal before, the Electronic Frontier foundation has a guide, and The Intercept published tips for using the app in the most secure way possible.

Signal requires using your phone number rather than a screenname, but if you’d rather not give your real phone number to your sexting partner, there are workarounds available that will allow you to use a dummy phone number.

Signal also has a disappearing messages feature, which lets you set messages to self-destruct after a period of time of your choosing. To use it, open a chat and tap the recipient's name, then toggle Disappearing Messages on. One word of caution: Deleting messages on your mobile phone will not automatically delete them on the desktop version of the app.

There are other apps that offer similar encryption features, such as Wire.

WhatsApp, which is owned by Facebook, is also end-to-end encrypted by default, unlike Facebook Messenger. But I don’t recommend it for sexting, because you need to take extra steps to protect yourself when using it to sext.

When your partner sends you a photo on WhatsApp, for example, it is automatically saved to your camera roll on both iOS and Android. It’s easy to turn this feature off on iOS, but the process is more complicated on Android—making WhatsApp a poor choice.

iMessage is also end-to-end encrypted, but it backs up messages to iCloud by default, which is why you can iMessage from all your devices. You can turn this feature off, but it’s not good to choose an app for sexting that you and your partner need to adjust to work most securely. iMessage also does not have a disappearing messages feature.

Protecting against screenshots

No matter what app you use, it’s never going to be 100 percent possible to prevent someone from taking a screenshot or recording of the photo or video you’ve sent, thereby creating a second copy of it. For many sexting threat models, screenshots and recordings are the most likely attack you will want to guard against.

Abusers can take screenshots on their device, even if they risk notifying the sender that they have done so. They also always have the option to use another phone or camera to take a picture of the sexts they receive. Lastly, there no guarantee that a partner is alone when they’re viewing sexts—they can always be in the presence of other people.

With that said, there are a number of apps designed to deter against screenshotting and taking photos of sexts using additional devices. The problem with many of them is that they have not been updated to account for a new feature of iOS 11: screen recording. As part of its latest software update in late 2017, Apple made it possible for iPhones and iPads to record everything happening on the screen. Most apps designed to deter against screenshotting have not yet been updated to take this into account.

Snapchat is the only disappearing messages app we tested that notifies users when someone has recorded their messages using iOS 11’s built-in screen recording. Instagram’s disappearing messages feature notifies you that someone took a screenshot, but it does not yet differentiate between screen recording and screenshots.

Both Snapchat and Instagram should still be used cautiously for sexting, because they’re apps where many people already talk to their friends—increasing the odds of accidentally sending a sext to the wrong person. With that said, these are solid options if you are primarily concerned about screenshotting and screen recording.

Privates!, is another app that has a number of screenshot deterrents and security measures you can choose from. Users can set messages to disappear, require recipients to tap two circles on the screen simultaneously to view them, or make them hold the phone very still. You can also recall a message before it’s been viewed by its recipient. The app’s security features are customizable and you can change them on a per-message basis. Privates! is free and available only on iOS.

But again, it does not protect against Apple’s new screen recording feature yet.

Protecting against attacks that require physical access

Another concern you might have is other people, like a sibling or a roommate, having access to your sexts. If this is your threat model, you can consider an app that requires a passcode to open each time, like Disckreet.

In order to access your messages on the app, you and your partner need to enter a passcode at the same time. The app will also notify you if your partner takes a screenshot, and lock them out of the app for ten minutes (but it does not yet protect against screen recording). You can also delete your account and all of your files at any time, wiping them off not only your device, but also your partner’s. Disckreet costs $2.99, and is only available on iOS.

One note: Privates! and Disckreet have not received the same careful and public auditing from security researchers like Signal and WhatsApp have.

Whatever you do, do not use Telegram for sexting. Telegram is not a good tool for sensitive communications because the app doesn't encrypt messages end-to-end by default, and the quality of the encryption itself is suspect.

“If there was one app I had to say not to use, it would be Telegram. Avoid Telegram at ALL costs,” Irwin told me.

How to save your sexts securely

If you have consent from your partner to save the sexts they’ve sent to you, they should be locked inside an encrypted, password-protected folder on your computer. That way, if your laptop is stolen or otherwise no longer in your possession, no one will be able to access them. Setting up a folder on both a Mac and Windows desktop is fairly straightforward. Be mindful of where you backup this folder if you use a cloud backup service like Google Drive, Dropbox, or iCloud.

On a smartphone, you’ll need a separate app to encrypt your sexts and lock them behind a password. There are numerous options available in both the Google Play Store and Apple App Store. A word of warning: Make sure whatever app you choose for this task encrypts the files and does not upload them to third-party cloud services. Look for one that uses 256 AES encryption, and that has TouchID support if you’re on iOS. After you have saved them, make sure to delete them from your camera roll.

What to do if you’ve been the victim of revenge porn

If you discover that an abuser is spreading explicit images of you online, there are several steps you can immediately take to mitigate the damage. If you want to talk to someone directly about your options, the nonprofit Cyber Civil Rights Initiative (CCRI) has a 24-hour hotline that revenge porn victims can call in the US.

If the images are being spread on a social media platform, you can contact the company directly. Every major platform including Facebook, Instagram, Snapchat, Tumblr, and Twitter have guidelines for how to report images that violate their terms of service, including revenge porn. CCRI has a comprehensive set of instructions you can use to report images.

In April Facebook instituted a new anti-revenge porn feature aimed at stopping the spread of non-consensual images. If you report an image as revenge porn, the social network's moderators will tag it using photo-matching technology. Then, if someone tries to spread it further, Facebook will stop them. Facebook says it disables the account of whoever shared the image in the first place, "in most cases."

It can be exhausting to try and track down every place where your photos were posted. If you are overwhelmed, you can hire a takedown service to help remove images for you. CCRI recommends DMCA Defender and Copybyte. The services can be expensive, however.

Before you report anything, make sure you take screenshots. They can be used as evidence to show social media companies or law enforcement later. Don’t only screenshot the messages themselves. If they’re associated with your name in a search result, screenshot it as well. Document friend requests, comments, and messages you’ve received.

In the majority of US states, revenge porn is illegal. You can look at individual state laws here. Even if it’s not against the law where you live, you can still file a police report. Spreading non-consensual images with the intent of emotionally harming someone can still potentially qualify as harassment or stalking.

Happy sexting

That’s all for now. This set of guidelines is in no way meant to to be the be-all-end-all, but it’s a good place to start for people who want to have some peace of mind when sending explicit content over the internet.

Again, there’s never going to be such thing as 100 percent secure sexting, but by following some of the tips listed above, you will help to mitigate many of the risks.

Now go out there, and happy sexting!

Get six of our favorite Motherboard stories every day by signing up for our newsletter.