Users tend to gravitate towards popular supposedly erasable social media in order to avoid leaving a digital trail. However, you wouldn’t be wrong to view claims of ephemeral messaging with suspicion. Few agree that information that you put out online can ever be completely wiped out. So what’s the verdict: Do self-destructing message apps work as well as they promise?
When it comes to self-destructing messaging tools, a simple copy-paste or screen grab, or even a photo taken using another device, would work to save the message. But even self-destruct message apps have proved fallible – the screenshot notification could be disabled, messages could be saved using third party apps, or could leave traces of metadata behind.
Loud claims of absolute privacy are usually countered by even louder claims of inadequate security systems. Experts suggest that the message, or relevant data from it, might not be as easy to delete as claimed by the countless self-destructing messaging services making the rounds today.
You should assume they don’t work.
Digital forensic researchers in 2013 tinkered with the .NoMedia file extensions of Snapchat – which claims to have over 200 million users – to prove that metadata is stored for these media files, disproving the popular app’s claim that they let their messages just disappear forever.
Experts say forensic recovery can, in fact, retrieve data – which is set to self-delete – from the recipient’s device. Data recovery software could also help recover these messages, as most of these apps work by overwriting the data after a selected amount of time. Not to mention, data can be recovered if the company is pressured by law and security agencies.
With over 50 million users, Telegram, from Russian social network VKontakte, challenges hackers to recover an encrypted text from its app – even offering them a cash reward if they can manage it. But reports suggest data from Telegram can be retrieved from the device – a claim the firm argues cannot be helped.
Snapchat was hit by a massive security breach in 2014, further fueling paranoia about the credibility of self-deleting messaging services. Snapchat messages could be previously saved using third party apps like Snapchat Saver, SaveMySnaps, snapkeep.tk etc – but the app has got wiser since the leak, and has banned these.
The app refuses to give users a guarantee about how long they retain messages in their backup. Slingslot, a Facebook operated ephemeral messaging tool which encourages recipients to react to the message instantly, claims to delete the messages that haven’t been viewed within 30 days. Privnote, a self-destructing messaging website, also claims to archive unread notes for 30 days, before deleting them.
Unlike apps that claim to delete messages from the servers after they are viewed, Wickr claims to never store messages on a company server, making the information impossible to retrieve later.
Wickr, despite its military-grade encryption, has raised concerns about its cryptography not being open source. This incessant need to doubt every ephemeral media service might be justified. In the age of digital permanence, no security is better than a flawed and, yes, self-destructing sense of security. Apps that encourage unsecured data exchange not only play foul in terms of individual privacy, but also put exchange of sensitive information at risk.