We’re shocked (shocked!) that White House staffers’ favorite secure messaging app is probably not that secure

 mashable.com  4/21/2017 8:11:02 PM   Jack Morse

Can anything typed into a smartphone really be considered private?

That question is at the heart of a lawsuit alleging that a messaging app beloved by White House staff isn't as secure as it claims to be.

Between shady apps, hackers, and screenshots, keeping a digital message away from snooping eyes is no easy task. The self-described "confidential messenger" app Confide, however, is trying. The company has gone out of its way to tout its "patent-pending" solution to a problem that has bedeviled everyone from nudie-sending Snapchatters to government staff leaking to the press: The screenshot. 

In addition to its so-called "military grade end-to-end encryption," Confide claims that it prevents users from screenshotting messages displayed on the app.

"Confide prevents screenshots on most of our platforms," the company's website explains. "Where prevention is not technically feasible, our patent-pending reading experience ensures that only a sliver of the message is unveiled at a time and that the sender’s name is not visible."

That last bit is key, as it means that even if someone figures out a way to capture an image of a message, he or she will only see a sliver of it at any one time — and not who sent it. 

Except, not really. Or so claims a lawsuit filed in the Southern District of New York which states that users can in fact take screenshots of the entire message right along with the sender's name. 

Image: Auman v. Confide

"Any Confide user accessing the platform through the Windows App can take screenshots of any and all received messages," reads the suit. "Those screenshots can include the entire content of the message as well as the identity of the sending party, despite Confide’s explicit claims that such information would not be visible at the same time (i.e., only a “sliver” of the text would be visible)."

And while a company allegedly misrepresenting the security of its product, intentionally or unintentionally, is definitely grounds to be pissed off, one has to wonder how Confide users talked themselves into believing the product truly provided the "same level of privacy and security as the spoken word," as its website claims.

That's a bold claim which just so happens to be questionable on its face. Because here's the thing, even if Confide does block screenshots it still doesn't prevent the message from being captured. All anyone has to do is take a photo of the phone screen with another cellphone camera.

Even Confide's much-ballyhooed sliver feature, which only reveals part of a message at a time, has a transparent workaround. Ever hear of a thing called video? A short 6-second recording, again from another smartphone, would be enough to capture the entire message — sender details and all. 

This critique isn't new. The entire premise of Confide's screenshot protection was roundly mocked on Twitter in March after a Wall Street Journal reporter tweeted out a criticism of another secure messaging app. 

"Signal doesn't notify you when someone is taking a screenshot your messages," wrote Erica Orden. "Have fun, everyone!"

People who gave Orden's observation a moment's thought delighted in pointing out the flaw in her logic. 

As things tend to do on the internet, the response to Orden even became a meme (albeit an incredibly nerdy one). 

The merits of the suit against Confide will have to be determined in court (Confide called the suit's claims "unfounded" in a statement provided to Recode), but even if the company's features work as advertised it is still no guarantee that your message isn't being recorded for internet posterity. 

The internet, after all, is forever, and no matter the precautions taken, anything flung into the digital void has the potential to be captured and leaked. It would serve us all well to remember that. 

« Go back