I just received a pitch from a PR company representing DSTRUX, an app described as helping you to:
… control the stuff you share on the web, by allowing you to set self-destruct timers on anything. If your share is forwarded you may track everyone who receives it, and designate which of these recipients may view it. Recipients are unable to save it or screen capture, and you can destroy the file at any time.You now have total control of your digital belongings on the web!
The pitch was hot on the heels of last weekend’s disclosure of a large number of images of various celebrities in various states of undress being published online. Most of the big name celebrities were horrified and outraged; Jennifer Lawrence vowed the set the dogs of law on anyone involved with the theft and distribution of her pictures though Becca Tobin (she's in Glee), whose pictures showed her dressing a Christmas tree undressed, tweeted:
It turns out that the images were all filched from Apple’s iCloud by hackers using depressingly simple attacks. Apple issued a media advisory today:
After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone.
I was intrigued by the DSTRUX pitch (“the free and critically acclaimed app and web-platform that lets anyone share their images and files with total confidence") so I did a little research and immediately discovered a review by James A. Martin over on CIO titled 'Dstrux' File-Sharing App for iOS Dramatically Disappoints … which completely put me off the idea of testing the app.
Nathan Hecht, the founder and CEO of DSTRUX, was quoted in the press release as saying:
The reason pictures are exposed is because they reside on non-encrypted servers and cannot be called back. With DSTRUX, EVERYTHING is encrypted and written over multiple times, so even if someone were to try and hack it, it would be impossible due to how many times the files are written over and over again.
This is hugely misleading because the problem is not inadequate encryption, it’s inadequate user understanding and management of security. Moreover, sure, DSTRUX can prevent screen captures but not if I point a camera at the screen of the device displaying content intended to be private.
Over on the Silent Circle blog (Silent Circle are the guys behind the Blackphone) they make much the same points regarding Cyberdust, a service that Mark Cuban has been hyping which, as Silent Circle points out, hasn’t substantiated its claims. As the blog notes “… let’s get past the snake-oil sales pitch and tell us why and how it is secure. Let’s see the proof.” The same can be demanded of every supposedly "secure" sharing product I've ever seen.
Here’s the big issue: In the 21st Century it’s impossible to guarantee that private content, particularly private digital content, will stay private and, indeed, it’s far more rational to assume that something that isn’t for public consumption shouldn’t just be protected, it shouldn’t be created in the first place.
Ricky Gervais pointed this out and got flak for it but isn’t it obvious? Would you, for example, try to drive a car or fly a plane without training? Of course not but, on the other hand, not all the blame can be placed on the shoulders of those whose accounts were hacked; the computer industry is also at fault for not providing better privacy tools and improving user awareness. Even so, caveat emptor; let the buyer beware …
I do feel sorry for the people whose privacy was violated but if you're famous and you haven't bothered to get around to making sure your privacy is effectively secured, you have made and are continuing to make a big mistake. Despite this event making the risks clear in the most public of ways, these won't be the last celebs to get hacked and, um, exposed.
So, if you're famous (or even if you're not) and you should decide to use your smartphone, pad, or computer to take photos or videos intended to be kept private you had better:
- know what you’re doing
- know where the images will be stored
- be capable of managing that content
- be willing to roll the dice
All it takes is one small mistake, one oversight, and suddenly, well, just ask Aubrey Plaza, Abby Elliott, Avril Lavigne, Amber Heard, Brie Larson, Candice Swanepoel, Cara Delevigne, Emily Ratjakowski, Farrah Abraham, Gabrielle Union, Hayden Pannettiere, Olivia Munn, Hope Solo, Hillary Duff, Jenny McCarthy, Kayley Cuoco, Kate Upton, Kate Bosworth, Keke Palmer, Kim Kardashian, Kirsten Dunst, Krysten Ritter, Lea Michele, Lizzy Caplan, Mary Kate Olsen, Mary Elizabeth Winstead, Rihanna, Scarlet Johansson, Selena Gomez, Vanessa Hudgens, Wynona Ryder, or Alison Brie what they think …