User:Arieltinglee/sandbox

Snapchat Privacy and Security On May 15, 2014, the Electronic Frontier Foundation (EFF) released their fourth annual "Who Has Your Back" report on companies' customer privacy policies. Snapchat, along with AT&T and Comcast, were given the lowest ratings but Snapchat was the only company that earned only one star. The six criteria the EFF used to rate technology companies are: 1. whether companies require a warrant in order to disclose any communications content generated through its service 2. whether companies inform users on government data requests 3. if companies publish transparency reports 4. if they fight for user's privacy rights in legal disputes 5. if they publicly resist mass surveillance 6. if companies publish law enforcement guidelines The only category Snapchat earned a star in was the sixth, for publicly disclosing the ways in which they respond to government data demands. Snapchat spokesperson Mary Ritti told the Washington Post that "the very nature of Snapchat means that we often don't have content to divulge" because the company deletes all content from its servers once all recipients have opened the Snap. But forensic researcher Richard Hickman has proved otherwise. He discovered that Snapchat photos, particularly on Android phones, aren't deleted but merely hidden and can be retrieved with proper forensic software. They do not "disappear forever" as Snapchat had many users believing and may be passed down to unknown third parties without users' consent or knowledge. To this day, Snapchat still claims that Snaps are not stored unless they have been viewed, in which case they remain on Snapchat servers for 30 days. Legal Issues According to Andrew Couts, Snapchat is the most controversial mobile app on the market. It enables users to send a "snap" to another individual with the user believing the snap is deleted after a set number of seconds while deceiving them into thinking that they can send embarrassing photos without them getting leaked into the Web. With Snapchat's contentious nature, it's not surprising that the company would run into legal issues. On May 8, 2014, Snapchat had accepted charges from the Federal Trade Commission (FTC) of the company misleading users on the level of privacy offered and collecting user information in a way that violated its privacy and security policies. Users could screenshot photos and download third party applications that record all the content that supposedly disappears. Users could even save videos by connecting their device to their computer because Snapchat didn't store videos in the private storage area on the device that other apps couldn't access. The FTC also accused Snapchat of collecting email contacts from users without their consent and failing to repair security flaws in the "Find Friends" feature. Because Snapchat never verified any phone numbers on this feature, users sent Snaps to complete strangers whom they believed to be their friends. Snapchat never admitted to or denied any of the allegations, but after being pressured by the FTC to change its policies and under strict surveillance for the next 20 years, Snapchat agreed to revise its privacy policy. Changes in Snapchat's Privacy Policy As stated by Andrew Cout, Snapchat's privacy policy as of December 16, 2012, was written in way that protected Snapchat from any legal disputes. Users can't hold Snapchat accountable for anything that might result due to its services. If users find some way to sue Snapchat, the limit may not exceed one US dollar. Snapchat's privacy policy also collects individual's username, password, email, phone number, and Facebook ID to find friends also using Snapchat. As well, it collects "usage information" that the company claims to be anonymous and this information could be shared with third parties. It's possible that the company could also view the photos sent through its servers but the policy states that Snapchat will "temporarily process and store [users'] images in order to provide [its] services". However, after being put in the spotlight by the FTC, Snapchat modified its privacy policy so it would be more specific and transparent for users. Last updated on May 1, 2014, Snapchat's privacy policy is organized into seven categories: collection of information, information we collect automatically when you use the services, information we collect from other sources, use of information, sharing of information, analytics services provided by others, security, children, and your choices.

 Collection of Information  Snapchat collects the information that users provide directly to the company, such as their username, password, email address, phone number, age, and any other information users choose to provide. Content, such as photos, chats, and/or videos, sent through Snapchat servers are also temporarily collected, processed, and stored in the company's servers as well as in the recipients' devices. The Snaps are only deleted from its servers and all devices after all recipients have viewed the Snap. However, there are ways the photos and messages temporarily stored in users' devices may still be accessed. Even when the content is deleted, forensic software may be able to recover the Snaps. While using its services, Snapchat automatically collects a number of information on users: 1. Usage information: the time, date, sender, and recipient of the Snap are noted; the number of messages sent to particular individuals and which individuals users communicate with most are of particular interest to the company 2. Log information: Users' use of Snapchat's websites including the browser type, access times, IP address, and priorly viewed websites before navigating to its website are stored in Snapchat's data servers 3. Device information: Information on the hardware model, operating system and version, MAC address, unique device identifiers, phone number, IMEI, and mobile network information of the computer or device users used to accessed Snapchat's websites may be collected. With user consent, Snapchat may also access their phonebook and image storage applications. 4. Location information: With user consent, Snapchat may record the location of the device users used to access Snapchat's services, calculate the speed at which their device is traveling, and add location-based filters to Snaps. 5. Information collected by cookies and other tracking technologies: Snapchat may send cookies or beacons to collected information on users in order to provide a better service and user experience. Additionally, Snapchat may obtain information from other sources and combine it with the user profile the company has created.

Use of Information Snapchat may use the information it has collected about users in any way the company sees fit. This includes using the information to provide, maintain, and improve its services and personalize and improve user experience by communicating to them about products, services, promotions, and events offered by Snapchat and others as well as providing users with information the company believes will interest them. Snapchat may also use the information to monitor and analyze trends, usage and activities in connection with its services, compile information about users to better understand their preferences and to personalize advertisements that will match their interests, and investigate or prevent illegal or fraudulent activities.

Sharing of Information Snapchat may share user information, such as their username and the content of the Snap, with whoever individuals are sending Snaps to in order to carry out the company's services, including the "Find Friends" feature and the "Best Friends" list. User information may also be shared with vendors, consultants, and other service providers who need access to this information to meet Snapchat's demands. Any information collected on users may be used in court, to protect the rights, property, and safety of the company and its users, and if a merger or sale of the company were to occur.

Analytics Services Provided by Others Other companies may provide analytics services that may use cookies and web beacons to collect information on users' use of Snapchat services and other websites, including but not limited to users' IP address, web browser, pages viewed, time spent on these pages, and links clicked. The information collected may be used to analyze data and to better understand users' online behavior. Snapchat achieves this primarily by working with Flurry, a mobile analytics and advertising company founded in 2005.

Security The only thing Snapchat states about its security policy is that the company will take reasonable measures to protect user information from theft, fraud, and destruction.

Children As far as Snapchat is concerned, it does not store any information from users under the age of thirteen. Snapchat does, however, have an application called "Snapkidz" that enables children under thirteen to take photos and draw on them, though they are unable to send the photos to other users.

Your Choices Snapchat users are allowed to change their privacy settings based on their own preferences. They can decide whether to accept Snaps only from users on their friends list or from any user that has their username. Users may also change or correct information about themselves in their account settings. It's often required that users gives Snapchat access to their phonebook and image applications to find friends and send photos from, or store them to, their camera roll. If users choose to do so, their phonebook will be transmitted to Snapchat servers. However, users can change their settings so Snapchat can no longer access their contacts and photos. Users also have the ability to stop the collection of location information, deactivate push notifications, and disable cookies that are accepted at default, though doing so may influence the availability and functionality of Snapchat.

Snap Spam
Shortly after the hack, Snapchat received countless complaints from its users about receiving snap spam that ranged from pornographic ads and dietary and weight loss ads to being the lucky winner of a sweepstakes. The flood of attacks can crash user's phones or give it a virus. One Spanish security researcher, Jaime Sanchez, revealed that he was able to "send 1,000 messages in five seconds to a reporter's iPhone, which caused the device to freeze, requiring a reboot". Because Snapchat uses tokens to authenticate users rather than passwords, scammers are able to use these tokens, which are created whenever users update their contact list, add a friend, or send a snap, to send snaps to hundreds of users at the same time. Sanchez suggests that this flaw resulted from Snapchat's "poor control over push notification requests". According to Josh Constine, Snapchat had been aware of this spam since April 2012, as they published a blog post called "Snap Spam (Ew.)" In the blog post, Snapchat acknowledged the unwanted snap complaints and informed users that the unwanted snaps originated from people sending snaps via multiple accounts. Snapchat also claimed that it is working on a longer term solution to prevent spam from entering users feeds and advises users to change their privacy settings. It's difficult to fight spam because users can't currently report it; they can only block it. This makes it increasingly hard for Snapchat to determine whether an account was blocked for amateur reasons or for sending snap spam, in which case their account should be shut down. On January, 2013, Snapchat posted an apology on its blog saying, "We want to apologize for any unwanted Snaps and let you know our team is working on resolving the issue. As far as we know, this is unrelated to the Find Friends issue we experienced over the holidays" to emphasize that the snap spam were unrelated to the recent data breach. The blog also stated that the attacks were a "consequence of a quickly growing service" and offered solutions to manage and prevent spam.