This week a report cited multiple sources from Snapchat describing the non-private nature of the apps’ back end. Both iPhone (iOS) and Android versions of the app notwithstanding, Snapchat user data (including Snaps) are accessible with a tool called SnapLion. The SnapLion software is supposedly only accessible by Snapchat employees – but as the rules of the internet state: If it’s data that exists, it can be shared.
Snapchat prides itself on privacy. They’ve built their entire business on the idea that when you send a photo or a video to a fellow Snapchat user, that data disappears after it’s been viewed. This would have been considered madness in the first several eras of the internet – why would someone want to make content if it was just going to disappear?
But here’s the thing: There’s a point at which this data (photos and videos, and more) exist on Snapchat’s servers. According to the report this week, current and former Snapchat employees have proof of a group of users (primarily or entirely comprised of Snapchat employees) gaining access to private Snapchat user data – including photos and/or videos.
You are supposed to feel safe sharing your words, images, and videos on Snapchat. That’s a major part of Snapchat’s enticing value proposition.
The tool SnapLion was originally created to assist in the retrieval of data to supply law enforcement officers in cases of court subpoena. But as all pessimistic realist internet denizens know, if a privacy-related software tool can be abused, it will be abused.
A related situation took place back in February of 2016, when Apple was asked by the United States government to create a key to bypass iPhone encryption security. Apple CEO Tim Cook wrote the following.
“In today’s digital world, the ‘key’ to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge,” wrote Cook. “The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices.”
Cook was speaking about iPhone encryption. The iPhone encryption system is far more secure than what Snapchat provides with (supposed) disappearing data. As long as Snapchat exists without end-to-end encryption of data, there’ll be a way for someone to view private, personal photos and videos sent via the internet.
You might not be well-known enough to be targeted – the chances are lower if you know nobody working at Snapchat. But as long as you use Snapchat and Snapchat does not guarantee end-to-end encryption, images and videos you capture and sent to friends and loved ones COULD be intercepted by a third party.
Snapchat is one level of “private” and “safe” – but those words are subjective until we’re talking about unbreakable encryption, the likes of which Snapchat does not yet use.
NOTE: There was a “My Eyes Only” feature rolled out in 2016 – but it could only really be used after Snaps were sent. Sent… to Snapchat’s servers… then to their intended recipient.