SnapChat – Implied Security?
Snapchat is a relatively new photo app for smartphones. It's a very basic one too. You can't edit images, place a filter on them, or put a border round. There are only two things you can really do with those images. Draw or write on them, and share them with your friends.
After a while trying the app, searching twitter and reading the privacy statements on the SnapChat website, I have five major questions users must ask themselves before using a service such as this one.
Are you prepared to see images from people you do not know?
I decided to search twitter for the work "Snapchat" to see what users were saying. Firstly I noticed a huge amount of young people happily broadcasting their SnapChat username to the world. "Snapchat me, I'm InsertUserNameHere" Surely opening them up to anyone sending any unthinkable image.
Anyone can send you an image if they know, or can work out your username. Only afterwards can you look to block them. It's also not at all intuitive to block a user. For the record, you swipe right on their name in your friends list.
Could you be emotionally hurting someone by creating and sharing an image?
Further to my research, I found numerous images also shared to twitter. Many of which had various words, or body parts scribbled all over them using the drawing tool. Although this issue is not simply restricted to SnapChat, it is sadly an avenue for cyberbullying.
Can you trust the recipient will not share the image?
Perhaps the biggest issue is one of implied safety. One of the unique selling points if you will of SnapChat, is that the image will only display to the person you sent it to for a maximum of ten seconds. You must press down on the screen to view the image sent, and once the timer has run out, it vanishes.
What would happen if this image was made public today, in a month, in a year, ten years?
Unfortunately, it's not very difficult to capture a screenshot. The image in this article is one that the SnapChatTeam sent me. I'd captured it within 5 of the ten seconds, on my first attempt. The SnapChat website points out that if you attempt a screens shot, the sender gets informed. To my mind that feature is of little use. Once is sent, you've lost any control you thought you had. Furthermore, the app cannot inform you if someone uses another camera, or a routed phone to capture the image.
Can you trust the company acting as middleman?
SnapChat explain on their website that they do not look at your pictures. The data is temporarily saved on their servers and deleted soon after the intended recipient has viewed the image. However if you look deeper into their privacy section you'll come across the following.
Although we attempt to delete image data as soon as possible after the message is transmitted, we cannot guarantee that the message contents will be deleted in every case.
These few issues are probably just the tip of the iceberg, and these issues are not limited to this one app. It does however seemed to have grabbed the attention of many users (it is currently higher in itunes picture apps chart than instagram) who may not be concidering all the dangers correctly.
I'd love to hear your thoughts.
When the cookie crumbles
I've blogged about the EU cookie law before, but as we enter this new era of cookie transparency, thing are moving quickly.
After researching the topic further, and in the interest of being totally compliant rather than relying on implied consent, I have installed a bit of code which prevents cookies from being set, until you agree to their existence. The code is made by CivicUK and you can get your own version here.
Further to this change, I have also created a Privacy and Cookie policy.
The Cookie Monster
Through bad planning of a difficult to implement scheme the ICO has managed to become the internet bad guy in the last few days.
Last year, the new cookie law was due to be implemented on the 26th May 2011. The idea behind the law is that any website based in the EU or serving the EU, must give the visitor the chance to opt out of small files (the cookie) being placed on their machine. These cookies are used for all kinds of things, reducing the logins required, tracking how often a visitor visits and what they might look at, that sort of thing. However a few hours before May 26th 2011, the ICO said we had another year in which to comply with the ruling.
Cookies can track you much further than from the site that issued the file. Facebook, google and many other big web names use them to track your journey and serve adverts on 'partner websites'.
This year, once more hours before the dawn of the new law, the ICO have reissued advice on the cookie law. Rather than get express permission for the use of cookies, permission can now be implied.
Implied consent is certainly a valid form of consent but those who seek to rely on it should not see it as an easy way out or use the term as a euphemism for “doing nothing”.
Some websites have decided to give visitors a pop up, an opportunity to opt-out (David Hopkins who I follow of twitter for example). Some sites are informing visitors through their privacy section or policy (like the BBC). Some sites have so far done nothing at all.
I'm taking a view similar to the BBC. I added some notes in my footer on Sunday (24 hours late, I know) to explain how this site uses cookies, and how you can avoid them if you would like to.
EU law states that I must inform you that this site may store a small 'cookie' file on your device. This should only happen if you comment on a post or join this site. If you do not agree, please do not comment or join, but feel free to read
As users we've always had the opportunity to opt-out of cookies. Browsers have an option to allow cookies, to ask, or to deny. So if cookies and what they contain do worry you, I think it is probably best you head for your browser, rather than rely on individual companies and web masters because it seems they are not really sure what to do!
Data Projectors
Projectors placed in the classroom create fantastic gateways to digital learning. Teachers and pupils alike are able to utilise software, the internet and other forms of media through a large shared image. Coupled with an interactive whiteboard the learning possibilities increase again. If a projector fails in my school teachers panic, and I think it is fair to say teaching and learning often suffers.
However, this same resource can also create it's own dangers.
A schools management information system contains everything the school needs to know about their pupils. It contains their name, address, email, phone, attendance, behaviour, exam results, special educational needs status, everything. Not only that, it will also contain the personal details of parents and carers, staff, and former pupils. Their databases can be massive.
But what happens when the two collide?
I often talk to my staff about ensuring that our management information system software is not shown on a projector. Displaying a pupils personal details, or a groups achievement marks to a class full of students is a data security breach punishable by law I tell them. Even completing a register on the projector, could expose more information to the class than a simple list of names.
Before breakfast I was searching the web as I often do for news stories on social media in regard to schools, technology and data security when I came across this article from the daily mirror. It gives the term data projector a whole different meaning!
The story highlights that not only can a data projector simply show personal and sensitive data on screen, it can give a good indication of a password too, at the very least it will give you the length. The pupil in the mirror article clearly made a mistake, his actions were illegal under the computer misuse act. Posting details on Facebook was inexcusable, but the teacher can't go without blame either. Log in and traverse your MIS on your classroom projector and you might as well go back to sticking your password on the side of your monitor!
I've talked about password security before; it's a really important part of data security, but people must also be aware of what they are projecting once they are logged in.
Image from Cirofono and licenced under creative commons
Digital Footprint Prezi
I've cobbled together another prezi. It is aimed at post 16 students and comes with a warning. Uncensored profanity and opinion included!
Feel free to comment
About
Licence
