Some topics are less pleasant to write about than others, though at times far more important. It is with this in mind that I write today on a topic every parent needs to know about. In early October rumors started to surface regarding a database breach that revealed thousands of supposedly private messages and photographs sent via the social sharing app Snapchat. Over the weekend that has proved true.
Snapchat is heavily used by younger people - in fact, roughly half of all Snapchat accounts belong to children under 17 years old. The selling point behind Snapchat is that messages and photos can be seen by the intended recipient only, for a brief time only, and then disappear forever - much like old Mission: Impossible assignments ("this message will self-destruct in 10 seconds..."). As such, it has been used by many teenagers for "sexting" - sharing indecent photos of themselves, never suspecting that the photos might not actually disappear.
Snapchat has been in the news before for privacy breaches. This time however, it was not the service itself that was breached. Rather, some individuals figured out a way to save copies of supposedly vanishing photos received in Snapchat, while other individuals figured out a way to hack into the database of saved copies.
As a parent of teenage and preteen children, this scares the you-know-what out of me. I teach my children, and have technical controls in place appropriate to their respective ages, but ultimately they are individuals with their own free wills that cannot (and in my mind, should not) be watched 24x7. The possibility that my child could make a foolish decision today that might haunt her (or him) forever is worrisome.
As a human being, this disgusts me. Children will be children, and will at times make foolish choices. Today's foolish choices though have the potential to cause lasting harm. While perhaps not damaging in quite the same sense as physical sexual abuse, exploiting children in this manner is a form of sexual abuse. I've had a couple of close acquaintances that were abused as children, and know that the emotional damage is real and lasting. To take advantage of young ones whose maturity has not yet caught up with their curiosity and hormone-driven impulsiveness is the lowest of the low.
As a security practitioner though, I see this as a call to action. I should and do feel a sense of responsibility to educate those around me, because I am immersed in the field and am aware of the dangers. If you are in the infosec industry, you should share this responsibility. We should be volunteering to teach cyber awareness in our neighborhood schools, and to teach parents in our communities so they can in turn teach their kids.
Parents, please talk with your children and warn them of the dangers of sharing too much online. I talked about this with my children, and made three simple points:
- Once you share something, it's out of your control. You no longer have any control over what you just shared. Sometimes you may have a parting of ways with a trusted friend or significant other. Or maybe the person you shared with is so impressed they want to share it with their buddies or girlfriends. Even if the other party proves completely trustworthy, can you be certain the other party is as security/privacy-savvy as you? Might they make a mistake, choose an easy-to-guess password, or use a service that (through no fault of their own) is compromised? Assume that anything you share digitally might be seen by your parents, teachers, pastor, siblings, and the person at school you would be mortified to have see it. If you don't want what you are about to share to be seen by everyone, DON'T SHARE IT!
- You can never be 100% certain that you know who is on the other end of an online conversation. The friend request from "a cute boy that saw you in the cafeteria" may well be a dirty old man looking for someone to prey upon. Accounts belonging to real friends can be compromised. I've warned my children not to friend someone online that they don't know in the real world, and to be suspicious of any message coming from a known friend's account that seems out of character.
- Anything shared online is forever. What you share today can come back to haunt you in the future. Despite some services' promise otherwise, you can never be certain something shared online is truly gone. As an 11 / 13 / 15-year-old, you may not be thinking about college, job interviews, getting married, etc. One day you will though. If you don't want what you are about to share to be seen by everyone, DON'T SHARE IT!
One additional lesson I taught my own kids is this: as followers of Christ, think of whom they represent. I am well aware that not everyone shares my beliefs, and that without a foundation of faith this statement carries no weight. In my household though, my children do have a foundation in Christ. Their friends know they go to church, and are watching them to see if their actions match what they say they believe.
You'll notice I am not villainizing Snapchat itself. Our connected world and all its social platforms are a two-edged sword. They can be used for good, for foolishness, and for evil. It is up to us as parents to teach our kids how to protect themselves and use these swords responsibly; and it is up to us as security professionals to teach our communities and our friends.