Latest in Anonymity

Image credit:

If Secret isn't anonymous, we're all screwed

14 Shares
Share
Tweet
Share
Save

Sponsored Links

People have been airing their dirty laundry and slinging shade on Secret -- an anonymous sharing app -- for months now. Who could blame them? It's fun, it's freeing and accountability basically doesn't exist there... or so some may believe. Kevin Poulson at Wired spoke to a security researcher named Ben Caudill and the takeaway is clear: your secrets aren't necessarily as secret as you think. And the kicker? The process of tying real people to the things they said was a shockingly simple one if you understand how Secret finds and displays people's messages.

You see, once you have at least seven people in your phone's contact list using Secret, the app will tag those posts as coming from a "friend". But what if only one of those contacts is actually real? That's what Caudill seized on: by clearing out his contact list, and adding the target's contact information along with a handful of dummy accounts he created, any secret the target posted would be properly tagged as a friend post. Voilà -- a relatively quick and easy way to unmask just about whoever you want... as long as you can scrounge up their email address and phone number.

As Wired points out, the trick definitely worked, but only in one direction. Thankfully, there's still no (publicly disclosed) way to suss out a user's identity starting from a secret they've already shared with the world. Secret CEO David Byttow confirmed that this particular issue has been taken care of, which makes it one of the latest in a long list of bugs (42, to be precise) that've been closed since Secret opened up its bug bounty program six months ago. Still, we can't help but wonder how long it'll be before someone without white-hat scruples stumbles upon some security flaw and starts going to town with it. Remember, Secret users: you can always unlink your comments if you start getting cold feet.

Source: Wired
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
14 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's 2019 Back-to-School Guide

Engadget's 2019 Back-to-School Guide

View
Apple warns against storing its titanium credit card in leather

Apple warns against storing its titanium credit card in leather

View
Google's next Nest Mini speaker could be wall-mountable

Google's next Nest Mini speaker could be wall-mountable

View
Microsoft tests more control for apps that restart with Windows 10

Microsoft tests more control for apps that restart with Windows 10

View
Terminator T-800 and The Joker are coming to 'Mortal Kombat 11'

Terminator T-800 and The Joker are coming to 'Mortal Kombat 11'

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr