I didn't see this news in HN, but in Brazil a judge forbidded the app stores to let brazilian users download Secret anymore.
The app is being extensively used to bully people - non-authorized pics of naked people, messages with ofenses and etc. It was covered all over mainstream media and there is a consensus that it was a right decision (in this kind of press I mean).
The bigger story there is not that Brazil banned Secret, but that Google, Apple and Microsoft, all have the power to delete those apps from your device. That Orwellian power is the truly terrifying story there. And yes, personally, I've been aware for a while that they can do that, but I bet the vast majority of people don't know that.
When will these companies learn that "if you build it (the infrastructure for censorship/surveillance), they (the governments) will come"? It's inevitable, and they should know better by now.
I consider my phone to be my property. Typically, other people or corporations can't make changes to my property without my permission.
I guess by "mobile infrastructure" you can extend that to "every phone," in which case why not remotely remove programs from PCs as well? Why not just say outright that the coalition of your local government plus Apple/Microsoft own your computer, rather than you?
I can't tell if you're being sarcastic and advocating free software, or openly advocating for autocratic computer systems management.
(This is of course what RMS has been saying for literally decades, but for the people on HN who disagree with RMS, ... told you so.)
> other people or corporations can't make changes to my property without my permission.
IANAL but it seems you have given permission:
Notwithstanding any other provision of this Agreement, Apple and its principals reserve the right to change, suspend, remove, or disable access to any App and Book Products, content, or other materials comprising a part of the App and Book Services at any time without notice. In no event will Apple be liable for making these changes.
Well, I use an Android phone, but regardless, I've never given anyone permission. Maybe in a legal sense someone could claim that, but that's irrelevant to what's actually happened.
Stop letting game-riggers dictate your view of reality.
If this is really a problem for you, here's a solution:
1. Get a Nexus phone.
2. Flash to a custom ROM.
3. Don't flash Google Apps.
4. Sideload APKs or use an alternative store.
5. Enjoy.
The reason you can't have everything is that the app devs and most people prefer the store situation. If this is a particular problem for you, there will be sacrifices.
I can't tell if you're being sarcastic and advocating free software, or openly advocating for autocratic computer systems management
I am basically saying that the market can support both but is trending toward user acceptance of the latter. All those EULAs out there are the agreements that make all this possible. If people rejected those terms then we wouldn't be in this pickle.
At the same time, you don't generally get a choice about what laws are in effect in the land you live in, but you do get to choose whether to buy Google or Apple products and partake of their app stores, or whether to go F/OSS and keep your freedom.
It never says they can, it just says they have to. Completely separate meaning, in fact it calls it a "tall order" which means at the very least that's it's pretty difficult if not impossible.
Even if it's technically impossible now doesn't mean that it won't be technically impossible in the future.
It's plausible that future iterations of smart phones will make progress on this "feature", should it become a more stringent requirement for shipping in Brazil.
Interesting about why it was banned…the Brazilian constitution says "the expression of thought is free, and anonymity is forbidden;" (in other words, you can say what you want as long as it's accompanied by your name).
There is also a Tumblr called "Os Melhores Secrets" (The Best Secrets) which publishes secrets (no NSFW pics on the blog). If anyone speaks Portuguese, you can get an idea of what kinds of things are being passed around, though certainly there are worse secrets (w/ pics) on the app's network.
The Brazilian government is still, to me, a very reactionary one, especially when it comes to technology. It reminds me of the US government, but without the slowdown that causes most terrible/great ideas from making it through the legislative process.
I'm not sure the predominant use case is people posting their own secrets, so much as people posting gossip or secrets about others. I don't use Secret all that often, but I have a lot of friends who do. Most of them run in tech circles in SF. Most of their use of Secret seems to be "Heard X is happening," or "Heard Y is leaving Z," or "Heard A is working on B." This stuff isn't entrustment; it's the opposite. It's a willingness to divulge.
I find the gossipy aspect of Secret entertaining, occasionally useful, and maybe 25-50% reliable. It serves its purpose. I don't post anything to Secret, though, and I would certainly never post any of my own secrets.
I share the concerns over cyberbullying, libel, and other potentially dangerous issues with any service of this nature. I don't think banning a class of apps altogether is the right solution. More likely, it's a flagging system, combined with a very active moderation policy on Secret's part. There will come a time -- maybe it's triggered by government regulation or banning in some regions; maybe it's triggered by lawsuits in others -- when Secret decides it needs to get serious about moderation. IANAL. But I can't imagine that, in a hypothetical libel suit, Secret can mount a strong defense right now.
Why would Secret have liability in such a suit? If someone starts a blogger account and uses it to accuses someone of being a (for example) a neo-Nazi, then would the accused sue Google for libel?
It's tricky, but it would probably come down to a determination of whether Secret is a "publisher" or a "distributor" of its content. Case law is generally on Secret's side, in as much as online message boards and hosts are not considered responsible for the statements their users make. But I can see a scenario in which determining what, exactly, Secret is introduces complications to the "message board" category.
In your Google example, Google is in no way responsible for the content of someone's blog post. Google is not the publisher of that content, and is debatably not even the distributor.
>> "The app is being extensively used to bully people"
Sounds like ask.fm all over again. Afaik there were news stories about people getting bullied actually killing themselves on that site so I have no problem with apps being removed if they fail to moderate this stuff correctly.
The thing about this particular attack is... it's pretty obvious, isn't it?
I had never heard of this app before, but reading the article, as soon as they got to describing how it works (you give it emails/phone numbers of your friends, you only see secrets from them), I correctly guessed what the attack would be.
Now, maybe it wouldn't have been obvious to me without the setup (there's been a successful attack, and now we're going to describe how Secret works like this, setting you up to understand the attack).
But if Secret has security engineers, intimately familiar with their system, and trying to identify possible attacks -- how could they have not identified this? It makes one think the bug bounty program IS their security program. Which is probably true of much software, but this is software focused on secrets!
On the other hand, maybe it just seems that obvious in retrospect? Apparently they have already given out 42 security bounties, and this one wasn't identified until now, so I dunno. It sure seems obvious though.
It's not obvious in retrospect. It's obvious from the outset.
I installed the app once to check it out. The first thing it asked for in order to proceed was an E-mail or phone number. Again, THE FIRST SCREEN REQUIRES PERSONAL INFO. It should be plainly obvious to anyone who gets past the first screen that your use of the app is not anonymous.
It was a known attack, their defense against it is dummy account/bot detection systems, and they claim that they were broken somehow due to an infrastructure upgrade which is why it worked for this guy.
Google can't figure out dummy detection or what is a real person with all the data and smart people they have.
Secret don't stand a chance if that is the basis for their defense model.
Figuring out who is real or not is one of the current big problems with a huge opportunity. Were someone to figure it out, they'd do something in the ad industry and make billions before building an app like Secret.
See though, there's no way that dummy detection system is going to be good enough to prevent someone determined enough to figure out who made a damaging secret.
For example, remember that seriously hideous post to secret regarding a prominent GitHub employee?[1]. The post has since been removed, but a determined GitHub employee who could see that post could over time defeat the dummy detection with a method similar outlined in the post. Just continue to create new accounts on Secret and iterate on the friends in your contact list the way that git bisect works. Create an account with half your friends and see if the message pops up. If so, create a new account with half that list, and continue until you reach 7 and rotate in users you know aren't responsible. In the end the person who made that horrible post will be revealed.
Going back, it says.... they had automated attempts to identify bots like this in place, since May when Russian hackers attacked in the same way. The implication is not before then.
Yeah, this does not make me more confident in them having any sort of a security program whatsoever.
> “It’s our job to make sure people feel safe and in control,” he says.
So people just have to feel 'safe and in control,' rather than making sure they are actually safe and/or in control? It sounds like an admission that the whole anonymity thing is just a marketing gimmick: as long as you have a name like "Secret" and make people feel like they're safe, they'll share whether or not they have strong security at all.
> It sounds like an admission that the whole anonymity thing is just a marketing gimmick:
Post Snowden, there's an obvious market for "secure" and "anonymous" apps and startups, and the appearance of security is usually cheaper, quicker to implement and less annoying for end users than the real thing.
Having a bug bounty is nice and obviously security is hard even when you do try, but even that can be used to give the appearance about being aggressive about security while still making sure their network is just broken enough to return whatever value there is in being 'social' (which is usually antithetical to being secure or anonymous.)
You'll find this kind of wording a lot from companies. It's a sneaky way to make it sound like you're actually doing something to fix a problem, while technically being truthful by saying that it's basically just P.R.
"Social Network A wants users to feel like they control their privacy settings."
"Online Store B believes shoppers should feel like their credit card information is secure."
"Cable Company C's service goal is for customers to feel like their support issues are being addressed."
Maybe I have grown overly cynical over the years, but I was not aware that this kind of thing still works on most people. I pretty much sed 's/feel like/not/' as an habit without noticing.
All such proprietary "anonymous" or "private/self-destructing" apps are guilty of this. By far the worst offender is Facebook's "anonymous login". But at least Facebook has a well deserved bad enough reputation by now that not too many people fall for that one. Secret, on the other hand, sounds like it could be truly anonymous - even if it's far from it.
But more seriously, if there are bugs that can reveal the poster's identify in the first place, then it's not anonymous. It's very easy to make your servers not record any identifying information along with the text or pic. It's also easily possible to strip any exif data from an image. Clearly for usefulness/monetary value, the identity of the poster is being recorded.
The identity of the poster is recorded as a core conceit of the system. The app/network is explicitly for sharing secrets between friends. It has to record and store who the secrets came from, in order to determine who their friends are and thus which users to show it to.
Before you even sign up it's quite clear that there can't be anything anonymous about this at all. It delivers plausible-deniability at best.
Their claims may be fuzzy. People may not be paying too much attention when they sign-up or use it. But they're quite clearly not trying to make an actually anonymous secret sharing site.
Anonymous application that users install on their phones that identify them, using their personal email addresses and real-life social networks turns out to not be so anonymous.
mindblown.gif
As was pointed out when Secret launched by many, the model can never be secret. It has been interesting to watch the company feel their way around in the dark to a conclusion that anybody in infosec or who understands security/anonymity could have told them before they launched.
A few friends of mine were actually talking about this last week. Apparently some folks in our social network (literal, friend based social network, not software-based) were using Secret to trash-talk (as is its purpose). It was immediately obvious who it was.
When you don't know that many people who would even ever be on Secret, which is true right now about anybody who doesn't work in Silicon Valley, then it becomes almost completely transparent just because you know who your friends are. The anonymity model is a joke outside of the tech bubble.
> He turns the question back on me. If there was no Secret, or an app like it, where would this anonymous poster go for catharsis? Where would he share his struggle with mental illness?
Or by signing up to an anonymous account on Reddit (there are several good subreddits for people who suffer from mental illnesses such as r/depression), or any of a huge number of traditional forum sites for that purpose.
Or there's always 4chan.
Even in the app space Secret hasn't cornered the market, there's Whisper for example which doesn't ask for your email address and doesn't show you your friends' posts. It's ridiculous to claim that Secret is the only option for that person.
Some mental illnesses make directly talking about the problem you have difficult. There is actually a large lack of anonymous therapeutic solutions for emotional and mental disorders for those who need them.
Simply saying, "Use your brain and solve your problem." To a mental patient is very insulting and extremely marginalizing to their condition.
It is not easy to talk about mental health issues or any other stigmatizing or threatening matter. That is one of the reasons why people take recourse to anonymous chat sites like Omegle and sharing apps like Secret. This leaves them even more vulnerable to attacks. However, there are startups like 7 Cups of Tea that go one step beyond and connect people anonymously with trained active listeners. If creating a support mechanism is not possible, a partnership with a provider of such service could help these anonymous networks. A responsible website/app must actively provide some amount of support to users. Tumblr has implemented it really well.
Exactly. The very challenge of social anxiety, for example, is that asking for help is itself a terrifying experience. They might as well be telling a paraplegic to walk to the doctor.
No, telling someone to seek qualified help is the responsible thing to do whe one is unqualified to help. Providing untrained, unqualified, and anonymous help is both unethical and dangerous.
If Secret staffed trained professionals to provide anonymous help, that would e different. They don't.
>Providing untrained, unqualified, and anonymous help is both unethical and dangerous.
It's also sometimes the only help that people will ever get. Talking to people about their problems can't be declared as forbidden or irresponsible unless mediated by a doctor. That's both unrealistic and it implies an initial unqualified diagnosis over the internet by a stranger to decide that a statement constitutes mental illness rather than a simple sharing of internal states - making an absolute statement like the one you're making self-contradictory.
For example, I'm upset about a discussion that I had with my sister the other day. It makes me sad, and slightly worried. Should I continue to talk about it, or should I consult a doctor? If you answer that question, is it a diagnosis? Should all inter-human communications be routed through mental health professionals just in case?
If you're talking about the usual gripes and daily complaints, then sure, talk to whomever you want.
If you're talking about serious mental illness, which was the entire point of this comment, then it needs to be handled by professionals or at least someone with basic training.
My entire point is that you're making a diagnosis when you say that someone has serious mental illness. It's fine to say that one should encourage people to seek professional help. To condemn people who are not professional and give help is terrible IMO (and not supported by the science), especially considering that experimentally the outcomes of any talking therapy are equivalent regardless of content (from priests to psychoanalysts), and SSRIs generally perform no better than placebo.
That's unfortunate because I didn't make any diagnosis at all. I was reacting to the following in the article (as referenced by the comment to which I originally replied):
[I pick out one of the posts promoted to Secret’s homepage, and read it to Byttow over the phone: “At work I’m being given more and more responsibility. Silently I’m struggling with mental illness.” Does Secret provide enough anonymity for that user?
He turns the question back on me. If there was no Secret, or an app like it, where would this anonymous poster go for catharsis? Where would he share his struggle with mental illness? Facebook? Don’t make him laugh.]
Clearly, the interviewer and CEO David Byttow are talking about mental illness. They are not talking about someone having a bad day or even suffering from mild, common depression. They are talking about mental illness, and I am reacting to their discussion of mental illness. My original point, short as it was, is that someone with an actual mental illness ought to seek actual treatment rather than the faceless world of something akin to Secret.
This isn't to say that talking on Secret (our a diary for that matter) is a terrible thing. However, the assertion by Byttow is that his service provides a legitimate outlet for someone who may need real help and may pose a danger to themselves or others.
Perhaps the meaning of "mental illness" is where we differ in the discussion? How about I reveal a "secret" which is quite true and we see where this goes...
I do not know you, nor do you know me. I do not know if you or people you know suffer from mental illness. You do not know if I or people I know suffer from mental illness. I do not know if you or people you know have injured themselves or others as a result of their illness. You do not know if I or others I know have done likewise. However, I will reveal to you, that I have indeed known more than one person who suffered from serious mental illness. Some of these people have injured themselves and others as a result of this situation. Of this group, some received professional help. Most did not. Those who did not chose instead to keep it to themselves or to talk to unqualified people who had lots of supporting words but had absolutely no idea what they were actually dealing with.
The results? In two cases, suicide. In one case, murder. Another particular person has conducted a lifelong campaign of mental and physical abuse against family members resulting in another person's suicide. In these four cases, could the issue have been resolved with proper assistance? I think so, at least in three of the cases. Would something like Secret help? Unlikely. These individuals needed real help.
So, when I say that it is dangerous, it's because I have witnessed first hand how dangerous mental illness can be. It is dangerous for professionals and lay persons alike. It is dangerous for the individual suffering from the affliction and for those around them. Is this always the case? Of course, not. Perhaps your experience is different. I certainly hope so because it is a horrible thing to witness a person you know suffer in this manner and then cause injury to themselves or others. I wouldn't wish it on anyone.
A doctor would be ideal but I know a lot of people who just needed some reassurance they were not alone or broken or weird before they could get up the courage to see someone.
In the United States many insurance plans don't include coverage for psychiatric help; you're forced to pay out-of-pocket.
Perversely, many of the people with conditions that hamper them from earning much are the most in need of care. Lacking an "official" means of support, people are forced to find new ways to seek out help.
Actually in the US, mental health benefits are now a mandatory part of health insurance coverage. Which is great...if you have health insurance coverage.
It's important to note that people may not be aware of that because health care insurance has been in a bit of flux lately, to say the least, and there's been a lot of misinformation about the changes coming from a lot of directions.
This is definitely true for me: the last time (last year) we'd had a meeting regarding our insurances I specifically asked about mental health coverage and was given the information I'd mentioned above.
I'll accept the downvotes for my ignorance, but I feel like underlying message is still true: there's undoubtedly a lot of people without coverage still and those people need to seek help elsewhere.
In the US, individual purchase of health insurance is now mandatory (and in some cases subsidized), except for individuals above the threshhold for government provided health-insurance through Medicaid [1].
[1] This isn't exactly true in the few states that haven't expanded Medicaid eligibility as provided for in the ACA, since in those states there is a gap.
I could be wrong, but it seems that the way Secret is designed it cannot be truly anonymous. They need to be able to decrypt your secrets to show them to others, and they need to be able to associate them with your account to show them to you when you log in. This means that Secret knows who you are (to the extent that your login credentials reveal your identity) and what you've posted. If coerced or attacked there is no reason to believe that posts to Secret will in fact be kept a secret.
Well, all of your contact information is sent as a hash to the Secret servers. I'm not an expert on cryptography, but I think the idea is that if you send your information hashed, and all of your contacts hashed, and then all of your contacts send their info hashed, you only have to find out where the hashes match up and you won't actually need to know what the actual contact information is (the phone, email, whatever).
Everything sent over the wire to their apis is encrypted, but using an easily reversible fashion. The encryption key is a combination of a static salt and the user's session id. The session id is also sent to the api as an http header, so it's pretty easy to decrypt that anyway.
I'm not convinced there is any ultimate way to build a secret type app that allows for perfect secrecy. Ultimately anything build on top of the internet has a chain of IP address that have to exist in order to send message back and forth. Add a system with a server in the middle and it doesn't seem like there is any way to avoid someone (or a chain of someones) to figure out the far endpoint. If you can get at least some information leakage (cell phone connections, other IP accesses, etc) I would think you could eventually figure out the device on the other end. The only hope you have to keep the source secret is to make it too difficult or expensive to uncover so no one bothers.
It all depends on what are the powers your attackers have. If your attackers can monitor the whole web, inject packets as he wish and control every computer in the world - there probably isn't any way to offer secrecy.
On the other hand, if we're talking about an adversary with a more limited capabilities - maybe he can access only 50% of the computers in the world and that cannot crack encryption at will - Than there are papers talking about theoretically sound systems that can give you anonymity with very high reliability.
If they just store secret without anything else, that would be pretty hard to get back to the original author though. I don't know a lot about security, but if they remove the whole "linked friends" part, I would qualify it as safe.
On the other hand I guess the whole point is knowing your friends secrets, not just people secrets.
Anyway given how Secret works, if you are the only common contact between two people who receive the same secret, it is pretty easy to find the originator. It seems if would be pretty easy to create an app/website where you share you contact list and the secrets you receive, to find who the secret originator is. There is probably an opportunity here to create a "Reverse Secret" app. If this is really a secret, don't share it...
App is just extremely badly designed. If service is supposed to be anonymous it's good idea not to store any identifying information. If there's need to store some for legal reasons that can be encypted easily. So there's absolutely no way to recover it without the administrator. Even if the servers would be seized. Unfortunately world is full of such crappy broken by design services. Simply bad engineers and engineering does fail. That's how I do it. When you're anonymous use proxy tor and random wifi or anonymous clean cellphone. Even then be very careful about writing style analysis. Anyway it's worth of noting that absolutely nothing is private with Android or iPhones etc. If you're dealing with things which require privacy you're not using mainstream smart phone.
If they don't store identifiying information, the app can't perform it's main purpose, which is to share secrets _with people you know_. In fact, I don't think it's possible for this app to work without this vulnerability. For any set of rules they can provide, a set of sockpuppet accounts can be created to fulfill those rules and only track a single real person.
Yes, so say they make a rule like "You're account needs 5 friends and 20 secrets". So create a bunch of accounts with different sets of friends and find out where the intersections between friends and posted secrets are. Busted. This application is fundamentally flawed in it's current form.
To even approach feasibility you would need to give people the power to view and approve emails that are following them. Then social circles would naturally form within the app along with a form of self governance.
Secret should consider changing their algorithm. How about the following:
You need at least 7 contacts that use Secret, but approximately half (or 1/3 or 1/4, whatever gives the best experience) of your messages will come from people NOT on your contact list. That is, most of the posts will be from people you don't know. But enough will be from your contacts to keep it personal...
The allure of Secret is that you know that a given secret is from someone you know. Diluting the pool is harmful to that message.
What they could do instead is only share secrets if you have N contacts in common. This solves the bot problem - the target will not add the bots.
You could also have some sort of threshold before showing secrets as well.
That said, I've never used Secret so this may or may not work. It'd be interesting to play with the Secret data to see how the social circles overlap and what kind of traffic patterns they see.
If you know N+1 contacts of X, then you create N+1 bots. Each bot has only N of the N+1 contacts. So, each bot receive the secrets from everyone except one person.
It's still vulnerable to a binary search to find an author: create an account with the first half of your contacts and another with the second half, see which account has the secret (if it's in neither, it's from outside your network and you don't care) and repeat the process on that half. You'll figure the account with a dozen or two accounts created.
was never into this app nonsense, but installed Secret a week ago because a VC chided me for not having it (and therefore not being able to connect, generally, with the new mobile masses). How do I delete all my account info along with the BS that I "anonymously" posted?
This story is terrifying in the context of the recent attack on women game developers.
To put the attack in contexts, imagine all the epitaphs you've heard playing FPS games online, but much worse. Then imagine having those slipped under the door of your home, scrawled over a Polaroid of you sleeping in your bedroom. Now imagine that you have no safe place to complain about this invasion of your privacy, but that you have to keep it constantly bottled up in yourself. That's a mild version of what these developers are facing.
The app is being extensively used to bully people - non-authorized pics of naked people, messages with ofenses and etc. It was covered all over mainstream media and there is a consensus that it was a right decision (in this kind of press I mean).
Edit: here a TechCrunch about it: http://techcrunch.com/2014/08/20/brazil-court-issues-injunct... It was submitted to HN but got no comments or upvotes: https://news.ycombinator.com/item?id=8202444