Latest in Anonymity

Image credit:

If Secret isn't anonymous, we're all screwed

Chris Velazco, @chrisvelazco
August 22, 2014
Share
Tweet
Share

Sponsored Links

People have been airing their dirty laundry and slinging shade on Secret -- an anonymous sharing app -- for months now. Who could blame them? It's fun, it's freeing and accountability basically doesn't exist there... or so some may believe. Kevin Poulson at Wired spoke to a security researcher named Ben Caudill and the takeaway is clear: your secrets aren't necessarily as secret as you think. And the kicker? The process of tying real people to the things they said was a shockingly simple one if you understand how Secret finds and displays people's messages.

You see, once you have at least seven people in your phone's contact list using Secret, the app will tag those posts as coming from a "friend". But what if only one of those contacts is actually real? That's what Caudill seized on: by clearing out his contact list, and adding the target's contact information along with a handful of dummy accounts he created, any secret the target posted would be properly tagged as a friend post. Voilà -- a relatively quick and easy way to unmask just about whoever you want... as long as you can scrounge up their email address and phone number.

As Wired points out, the trick definitely worked, but only in one direction. Thankfully, there's still no (publicly disclosed) way to suss out a user's identity starting from a secret they've already shared with the world. Secret CEO David Byttow confirmed that this particular issue has been taken care of, which makes it one of the latest in a long list of bugs (42, to be precise) that've been closed since Secret opened up its bug bounty program six months ago. Still, we can't help but wonder how long it'll be before someone without white-hat scruples stumbles upon some security flaw and starts going to town with it. Remember, Secret users: you can always unlink your comments if you start getting cold feet.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Garmin smartwatches are on sale at all-time low prices at Amazon

Garmin smartwatches are on sale at all-time low prices at Amazon

View
Facebook is banning Oculus owners with multiple VR headsets

Facebook is banning Oculus owners with multiple VR headsets

View
Samsung, Stanford make a 10,000PPI display that could lead to 'flawless' VR

Samsung, Stanford make a 10,000PPI display that could lead to 'flawless' VR

View
Samsung's influential chairman Lee Kun-hee dies at 78

Samsung's influential chairman Lee Kun-hee dies at 78

View
Redbox's Free Live TV comes to Xbox One consoles

Redbox's Free Live TV comes to Xbox One consoles

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr