The CEO of anonymous sharing app “Secret” wants users to know that they’re not guaranteed anonymity.
“We do not say that you will be completely safe at all times and be completely anonymous,” CEO David Byttow told Wired’s Kevin Poulsen.
Poulsen talked to Byttow after a hacker revealed to him that he could find out all the Secrets Poulsen shared on the app. The idea of the hack was simple, though the process was a bit arduous:
Secret pulls in information from your contact list, so you only see posts from your friends, or from friends of friends. So, if you delete your real contact list, make a bunch of dummy Secret accounts, add the email addresses you used to make them to your blank contact list, then added someone’s real email address to your contact list, the only real posts you’d see from “friends” in your Secret feed would expose the poster. Viola: You know all that one friend’s secrets.
Because the hacker, Ben Caudill, is “white hat” (a hacker who considers him or herself to be ethical), he revealed the flaw to Secret and Byttow’s team has since fixed the vulnerability — their algorithm now detects bots or other suspicious activity and will start being more vague, like labelling posts as from someone “in your circle” instead of from a “friend” or “friend of a friend.”
In fact, since Secret started offering a bounty for hackers that alerted the company about bugs in the app in February, it has learned about and fixed 42 different security holes. The numbers are a clear warning: Secret isn’t perfectly secure and the term “anonymous” should be taken with a grain of salt.
Here’s a look at some of the “popular” secrets being highlighted on Secret’s homepage right now:
“The thing we try to help people acknowledge is that anonymous doesn’t mean untraceable,” Byttow says.
In other words: Maybe think twice before you share that explicit image or scandalous detail.
Read the rest of the Wired piece here.
Business Insider Emails & Alerts
Site highlights each day to your inbox.