How to lie, cheat and steal like Snapchat — all the way to the bank

How to lie, cheat and steal like Snapchat — all the way to the bank

Summary: Snapchat's little FTC slap on the wrist shouldn't get in the way of its business model, but if you want to have your say, the period for public comment on Snapchat's FTC settlement is now open.


Two weeks ago the Federal Trade Commission announced a settlement agreement with Snapchat, formally acknowledging the app lied about user privacy and security, and took user data without consent.

The settlement amounts to little more than the "private" photo-sharing app being told to stop lying, and to submit privacy reports to the FTC every six months for 20 years.

No fines, restrictions or course-changing controls are to be imposed; under the settlement, Snapchat will be free to keep doing what it's good at.

Good job, FTC. That'll teach 'em.

The New York Times opined that the FTC's settlement for Snapchat is an easily ignored formality, saying that this kind of agreement follows the FTC tradition of empty gestures in holding tech companies accountable to privacy promises.

"It’s possible — and seems likely — that agreements with the government serve mainly to add a veneer of legitimacy over whatever moves the companies planned to make anyway."

But why should we care, it's all over and done with, right?

Not yet.

Snapchat isn't telling anyone, but the period for public comment on the FTC's settlement is now open.

The FTC will review the consent order on June 9 along with public comments, and decide if it's taking the correct action.

First, find out what people want. Then pretend to give it to them

The FTC's detailed complaint leads with a pretty basic falsehood, upon which Snapchat built its business model.

Snapchat promised users their photos disappeared "forever" — an impossible promise that exploits a populace not fully educated about mobile technology's functions and implementations.

"Is there any way to view an image after the time has expired?

No, snaps disappear after the timer runs out..."

Recipients of Snapchat messages could use their devices' screenshot function — or one of many Android or iOS apps, downloaded by millions of users worldwide — to capture an image of a snap while it appeared on their screens, the FTC said.

By the time the FTC looked into whether Snapchat user photos — widely-accepted to be of a very personal nature — were actually "ephemeral," there were over a dozen apps whose express business was to save and collect a user's "disappearing" photos.

The FTC said, "On Google Play alone, ten of these applications have been downloaded as many as 1.7 million times."

Snapchat announced through press outlets in May 2013 that it had added a "screengrab notification system" feature to the app, saying "users are notified if any of their recipients try to take a screenshot of any of your Snapchats."

"We’ll let you know if [recipients] take a screenshot!"

The FTC's settlement agreement notes that this was fiction: recipients were not notified when screenshots were taken, as apparently, "recipients can easily circumvent Snapchat’s screenshot detection mechanism."

Snapchat also told users their sent videos "disappeared" — when, in truth, the videos were actually automatically saved to the recipient's phone.

Until October 2013, recipients could browse their mobile phone via computer to find and save all video files they'd received. The FTC settlement acknowledged that this was because Snapchat stored its video files outside of the app's sandbox.

The great thing about users is that you can do anything you want to them, and they can't refuse.

Snapchat collected the contents of user address books without their consent, and its privacy policy flat-out lied about collecting a user's location information.

Snapchat secretly collected the private user information and shared it with unknown parties.

"Optional to the user, we also collect an email, phone number, and Facebook ID for purpose of finding friends on the service."

This was not optional. When you entered your phone number, Snapchat scraped your entire address book.

"We do not ask for, track, or access any location-specific information from your device at any time while you are using the Snapchat application."

Contrary to Snapchat’s privacy policy, from October 2012 to February 2013, the FTC said Snapchat's Android app "transmitted Wi-Fi-based and cell-based location information from users’ mobile devices to its analytics tracking service provider."

We can assume that little to no privacy protection (such as anonymization) was done with user information since this collection was done in secret.

What didn’t Snapchat lie about?

It's positive to see the FTC include in its report that Snapchat allowed mass-false user account creation.

But the FTC failed to understand the implications when it wrote, "Furthermore, Snapchat failed to implement any restrictions on serial and automated account creation." Plainly put, Snapchat's statements about user numbers were false and impossible to verify. Spam and abuse of users could be rampant.

"I am a young, white, educated male. I got really, really lucky. And life isn't fair. So if life isn't fair — it's not about working harder, it's about working the system."
— Snapchat CEO Evan Spiegel

Verifying user numbers is a problem for Snapchat's investors and partners. However, it also created a larger issue for news outlets and listings that have reported and indexed Snapchat's statements about its user numbers as if they were truthful.

The FTC included that Snapchat ignored the ease of user impersonation, and that this abuse could be done with little technical skill.

Among all the acknowledgements in the FTC's report, the implications for abuse, harassment and misrepresentation are both abundant and stomach-churning.

But the FTC brushed past it saying, "Snapchat could have prevented the misuse and unintentional disclosure of consumers’ personal information by verifying phone numbers using common and readily available methods."

With this settlement agreement, the FTC is sending a message — just not one that makes us feel any better about Snapchat, and all the other Snapchats out there.

And that message is: Party on with your bad self, Snapchat.

It's not like anyone's going to stop you.

ZDNet has reached out for comment to Snapchat and will update if we hear back. 


Topics: Security, Government US, Privacy, Tech Industry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • We need to punish them in the marketplace

    People should abandon SnapChat, plain and simple.

    But they won't.
    x I'm tc
    • And how would we know?

      If all humans abandoned SnatChap, the spam robots creating accounts would still cause user numbers to grow. Going by stats alone, SnapChat would still appear as a success.
      • Unless they start buying stuff

        These spam-bots are of no use to anyone. The advertisers will figure that out pretty quickly. And it is presumably SnapChat's long-term goal to sell ads.
        x I'm tc
  • Big boys

    No doubt if these indiscretions had been discovered before SnapChat became a Big Deal they would have been treated much more severely. As always, the Big Boys get treated differently than the smaller players.
    • Exactly

      This is basically no nothing for completely lying to everyone. Just because alot of people use it now.
  • Just imagine the dirt...

    ...that might be lurking under the rugs of Facebook, WhatsApp, Google Hangouts, and LinkedIn.

    Thousands of people will take great pleasure in saying, "I told you so!" But the tragedy is that millions of users will say, "So what?"
  • Getting sick and tired of whiny articles on ZDNet

    You wanted the FTC to take further action?

    Please cite the appropriate regulation or any other part of the legal code that gives them the authority to fine or otherwise punish a free service.

    Methinks you can't, so you'd rather whine instead.
    • FCC

      The FCC regulates all communication devices in this country, including cell phones, land lines, TV, radio and the Internet networks. Take a good look at the label of your cell or the documentation that came along with it. You will see FCC certification on it. The fact that Snapchat is sending or receiving data means that the FCC has to certify that.
      • No they don't.

        The only FCC certification is for the hardware to ensure that it does not cause interference with other communications devices like cell phones, land lines, TV, radio...

        Until the ISPs get certified as common carriers, they don't regulate much of anything on the internet.
    • FCC gets to regulate free radio and TV

      I don't need to pay for, or subscribe to FM radio, and the FCC gets to regulate them. Same for free over the air TV.

      Right there are two free services that are regulated by the FCC
      • The regulate a lot more than just "Free radio/TV".

        They also regulate air traffic communications devices, radar stations, amature radio, citizen band transceivers, and every wireless device with range greater than about 200 feet. This is usually limited by microwatt power limits at the antenna.

        (which is how the 50 mile range of wifi is achieved - using specialty directional antennas and high gain amps at the receiver).
  • Never used Snapchat

    So it makes no difference to me, one way or the other.

    If you use a free service, you KNOW if you have any brain at all, that they are going to get SOMETHING for their pains, and they have no obligation to tell you much of anything, since you're using it for free.

    The saying is, "Beggars can't be choosers."
    • Plain Deception

      It's not about FREE or NOT, it's about the hypocrisy of it's OFFICIAL statements.

      By your logic, "FREE motels for newly wedded"(claiming out of best wishes) and "FREE motels for homeless teens"(claiming the divine preached about helping the poor) while recording their stays and sold the streams online is OK with you.

      It's plain DECEPTION.
  • Has the FTC ever done more

    than slap a company on the wrist for privacy and/or security issues?
    Rabid Howler Monkey
  • Maybe someone should investigate snapchat for facilitating the transmission

    of child pornography. We know people, adults and minors alike, were using it to take compromising photos of themselves based on the idea that the pictures would disappear after a few seconds.

    But, whatever, FTC. What they did was just a minor invasion of privacy, right?
    • Bah. I want to reword it a bit.

      Not based on the idea. Based on the *promise* that pictures and videos would disappear. Shame on the developers. Wonder what else they've done.
    • the claim of having the images/data deleted automatically

      was obviously incorrect, even on the first announcement.

      Why wait a three years before complaining about it?
  • Government playing the hypocrite

    Businesses just want to sell me something.

    Government spying is far more dangerous.
    • Government Spying

      Jwebsmall, I tend to disagree with you. First of all, the government "spying" is facilitated by all of these companies such as Snapchat, Google, Yahoo, AT&T. The government is also enabled by the Patriot Act that Bush and company put into place after 9/11. It was a bad precedent and we are all paying for it. But, tell me this. What do you think the government is doing with all this information? It is too much to really use. Maybe in the future. But, all these "free" web services actually cost you something more and you must read the Terms of Service, the Privacy Policy, the FAQ's and the help documents to find out what these companies are really doing. Not only are they feeding information to the government on threat of Grand Jury indictment, they have the right to publicly display your information and many claim that they read EVERYTHING that you send or post through their services, such as GMAIL reading all of your mail. At least with most of these, they tell you what they do on their website. If you don't click on their tiny "Terms" links or privacy policy links, it is the consumers fault. You can't expect their business model to exist if they posted a warning every time you click "send", can you? So, they can do advertising and charge high rates for "directed" advertising by using your private information. And how do you think the PRIVATE tweets of that English couple got in the hands of the Department of Homeland Security (DHS) in the first place?
    • But I Do Agree on One Thing

      The issue with government spying has far reaching implications. While they claim this is part of "terrorism" prevention, exactly how do you define "terrorism"? Is blowing up a building 'terrorism' (McVey)? How about Mass Murder? How about murder of a few people? How about a single murder? How about a bank robery? Grand Theft Auto? How about littering? I mean, we have cameras all over that could catch someone spitting on the sidewalk. My personal belief is that you can't throw out parts of the constitution in order to fight crime. And that is on ANY level.