The hack against Snapchat at the turn of the year appears to have done more awareness-raising than harm, but awareness – on the part of users and their parents as well as startups and young digital media companies – is crucial. The publishing of the screennames and partial phone numbers of 4.6 million users was a “white hat” hack, CNN reported, meaning that it was meant to expose a security vulnerability so Snapchat would fix it, and it came after a previous warning that the hackers claimed didn’t get enough of a response. It’s good that whoever created and published the list of user names blurred out two digits of the associated phone numbers, but the hack illustrates some important talking points for family discussions:
- How insecure data security is and how alert users need to be
- How even in services that are all about fast-disappearing content, the data we give them at signup sticks around and can potentially be exploited
- How much startups need to bake security, safety and privacy testing into the development not only of every product but of every product feature too (such as Snapchat’s “Find Friends” feature) – because of the hack, Snapchat now says it will allow users “to choose not to appear in the Find Friends feature after they’ve used their phone number for verification purposes,” TechCrunch reports
- How anonymity, or a degree of it, is protective in some services – e.g., it’s sometimes good when screennames are entirely different from real names, and it’s good to know when it’s good (i.e., protective).
About those last two points for family discussion: The Find Friends feature is popular – the whole point of a social app to many young social media users is to use it to pull together whole social circles so as to “hang out” there – so it’s unlikely people will take advantage of that opt-out. It’s better for parents to be aware and help kids use these services mindfully and openly than to try to control use, because if control gets heavy-handed it’s so easy for kids to move on to other free services that could be just as or more vulnerable to hacks.
Then there’s the anonymity and screenname issue. It’s so tempting for policymakers at any level (in homes, schools or legislatures) to focus on a single product, technology or even factor – for example, anonymity – as the cause of a problem, when that sort of target fixation does not make for either good policy or a good solution. “Real name culture” such as Facebook’s is protective, so policymakers are tempted to think that anonymity (or services that provide it, such as in Ask.fm) is dangerous. But here’s a case – Snapchat – where anonymity, in the form of screen names that don’t include real names, is protective. The New Year’s hack and exposure of screennames illustrates just that.
Users, regardless of age, play an increasingly important role in maintaining their security, privacy and safety, so it’s more helpful to think through how these work in specific cases and services than to make blanket pronouncements or policies – especially where kids are concerned.
- TechCrunch’s coverage of the Snapchat hack
- Time’s coverage of the hack offers some security advice
- “The anonymity factor” and revelations in a tragic case in the UK that involved anonymity (but a teen used the anonymity to mask self-harm)
- ConnectSafely.org’s A Parents’ Guide to Cybersecurity
- ConnectSafely’s Tips for Strong, Secure Passwords