Article Lead Image

Does Slingshot have the same privacy weaknesses as Snapchat?

Like its progenitor Snapchat, Slingshot might pose some pretty serious security risks. 

 

EJ Dickson

Tech

Posted on Jun 20, 2014   Updated on May 31, 2021, 2:28 am CDT

This week, there’s been a lot of discussion about Facebook’s new ephemeral messaging app Slingshot. While most of the talk has centered around whether Slingshot was borne out of Facebook’s envy of Snapchat’s mind-boggling success, some people are less concerned about whether the app is just another bogus Snapchat clone, and more concerned about its potentially serious security flaws.

The primary bone of contention with Slingshot seems to be that much like Snapchat, Slingshot does not provide an iron-clad way for users to avoid screengrabbing others’ photos. As HuffPo’s Bianca Bosker pointed out when Slingshot was released earlier this week, while Snapchat tries to prevent users from screengrabbing photos by essentially “tattling on anyone who, horror of horrors, takes a picture of someone else’s snap,” there is no such mechanism in place for Slingshot. Needless to say, the potential implications of this for sexters and others who use the app to send sensitive information are frightening.

The Naked Security blog also points that Snapchat doesn’t encrypt its photos and essentially stores them in a “hidden” memory folder, as discovered by a computer forensics expert who recovered Snapchat messages in a “received_image_snaps” directory last year. Because Snapchat has an embarrassing history of security breaches, including the leak of 4.6 million Snapchat users’ personal usernames and phone numbers after hackers infiltrated the app earlier this year, this is obviously cause for enormous concern.

So does Slingshot share Snapchat’s security weaknesses? Can a few key strokes from a savvy computer forensics expert easily recover any expired slings, long after the sender has assumed they’ve disappeared into the cyber-ether? It’s unclear. When Naked Security asked Facebook this question, Slingshot engineering lead Rocky Smith sent this cagey reply:

Slingshot is for sharing everyday moments with all of your friends at once, not a way to send sensitive information. We don’t see it as a messaging app but instead closer to a feed full of spontaneous moments.

So potential Slingshot sexters, let Smith’s non-answer serve as an implicit warning to you: Think twice before you sling your S.O. a “spontaneous moment,” or under-the-desk crotch shot, during work. That blurry photo of your junk could be in cyberspace for longer than you think.

H/T Naked Security | Photo via Slingshot

Share this article
*First Published: Jun 20, 2014, 1:22 pm CDT