Posted by Kalyani M. on Oct 28, 2013
Snapchat is a photo sharing application that allows users to share images that disappear from devices after a set amount of time. You can take a picture or record a video, draw something on it and send it to your Snapchat pal. Once the receiver opens the photo or video, it will automatically disappear within 10 seconds or less. The photos will also be deleted from Snapchat’s server after the user has opened them. The unopened photos remain on the company’s server, which are run by Google for 30 days.
Given the short amount of time that images are available to the recipient it seems impossible that any third party could intercept them. However the company admitted in a blogpost that it will and had already handed over photos to US law enforcement agencies:
“Since May 2013, about a dozen of the search warrants we’ve received have resulted in us producing unopened snaps to law enforcement. That’s out of 350 million snaps sent every day.”
In the blogpost, Snapchat’s head of trust and safety, Micah Schaffer had explained how Snapchat handles user data. It is true that Snapchat deletes snaps from its servers after they are opened by the recipients. But what happens to the snaps before they are opened? Snapchat’s unopened photos are kept on Google’s cloud computing service, App Engine, and Snapchat is capable of retrieving snaps from the App Engine’s datastore. So, in order to deliver desired snaps to receiver they have to retrieve the snaps from the datastore. This whole process of data retrieval is automated and the company does not look at user data under ordinary circumstances. However under certain circumstances they have to retrieve the photos manually using an in-house tool:
“For example, there are times when we, like other electronic communication service providers, are permitted and sometimes compelled by law to access and disclose information. For example, if we receive a search warrant from law enforcement for the contents of Snaps and those Snaps are still on our servers, a federal law called the Electronic Communications Privacy Act (ECPA) obliges us to produce the Snaps to the requesting law enforcement agency”.
The blog posting also states that the company sometimes has to preserve some snaps for longer periods of time. It would do this in cases where law enforcement was considering whether or not to make a formal request to access the images via the search warrant procedure. Currently only two people in the company have access to the in-house tool used for manually retrieving unopened snaps- Micah Schaffer and the company’s CTO and co-founder, Bobby Murphy.
Also, even though Snapchat deletes your snaps within 10 seconds after somebody views them, but some tech savvy user can take a screenshot of the photos within the10 second timeframe and can post them on social media sites. This is a huge risk to the privacy of users using Snapchat for photo sharing.
Here are some of the steps you can take to maintain your privacy while using online photo sharing applications:
Protecting your photos with SpiderOak
SpiderOak allows you to conveniently store photos online without having to worry about attacks or monitoring. This truly private storage and sync service is 100% anonymous, meaning that no one, not even the company’s own employees, can access the plaintext data uploaded to its servers. SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access. SpiderOak offers amazing products likeSpiderOak Hive and SpiderOak Blue to secure consumer and enterprise data. You can signup for this product now