Principles of safe sexting
Before I start on this - Lets make it clear Sexting is not a good idea. Putting ones private body parts into video or graphical form and sending them to an object of ones affections is not ever going to be one of the brightest things I expect someone to do. But then again neither are drugs, wars, fighting, smoking or a plethora of other things that we persistently try to educate ourselves from doing. So if we are unlikely to stop doing it, can we make it safer?
However sexting happens, it has become part of the modern courtship ritual, in an attempt to lure a mate for life, people lure potential mates by sending provocative photos of body parts. This has many corollary behaviours in the animal kingdom, however unusually in humans this is performed by both genders Technology enables us to do this over a longer distance, and keep ones naught photos for longer. Like many other things there will be no stop to sexting, but maybe it can be made safer.
Snapchat attempted to make sexting safer with their short term messaging service, however this was soon compromised as recipients learned that they could take a screenshot. The idea of self destruction also prevented the recipient from holding on to the photo.
The idea of security in this instance is to prevent the file from reaching unwanted people. The tricky part of this security situation is that frequently the unwanted people were originally in the wanted recipient list.
Brazilian anti-sexting advert, courtesy of http://www.womenshealthmag.com |
However sexting happens, it has become part of the modern courtship ritual, in an attempt to lure a mate for life, people lure potential mates by sending provocative photos of body parts. This has many corollary behaviours in the animal kingdom, however unusually in humans this is performed by both genders Technology enables us to do this over a longer distance, and keep ones naught photos for longer. Like many other things there will be no stop to sexting, but maybe it can be made safer.
Snapchat attempted to make sexting safer with their short term messaging service, however this was soon compromised as recipients learned that they could take a screenshot. The idea of self destruction also prevented the recipient from holding on to the photo.
The idea of security in this instance is to prevent the file from reaching unwanted people. The tricky part of this security situation is that frequently the unwanted people were originally in the wanted recipient list.
Threat analysis
The first threat in sexting is physical. The physical threat is in the act of taking the photograph, or video a dexter may be compromised. The likelihood of this is small but manageable. The dexter normally takes this concept into consideration, and takes sufficient measures to prevent this form occurring.
The second threat is also physical. Once the photo has been taken then it still exists on the device it has been taken on. The extreme solution to this would be to maintain a second device, or to secure the device that the picture has been taken on. On iOS phones the tendency is for the operating system to deposit photos and videos into the devices photographs, which allows these to be discovered by others who may be using the device for other purposes. This can be circumvented by devices keeping the photographs or videos created within a devices 'sandbox' and securing the sandbox. The disadvantage of this approach is that the photo needs to be sent to ones beau, that is the purpose of sexting.
The third threat is through transmission. There are already a number of strategies which can be employed here, mostly around encryption, and secure handshaking.
The fourth threat is where to send the picture to. Sending the picture to the recipients device in its entirety means handing over control of the photo to the second device, an alternative is to host the picture in a cloud solution, and grant access to the recipient. The key may be for the picture to be viewed in a secure sandboxed application on the second device with the picture being encrypted with keys for both the user, and the application.
The fifth threat is through viewing. Pretty much anything that can be viewed can be screenshot, or perhaps photographed on the screen with a second device.
The sixth threat is access control. The main source of loss of control of sexted material is what happens after a breakup. An app needs to be able to revoke access to screens hotted material after it has been viewed.
Solutions
Sandboxing the application, with a secure storage area, provides an answer to some of the issues of storage, and where to send the image to. The device would have to check the permissions of each photo is contained on startup, unless the photo was owned by the device owner. An extra pin may help here.
Transmission security technology is pretty good - you rarely hear of anyone intercepting phone calls from the media since digital transmission has become the norm, however in order to provide extra security images should be secured with both the senders public key, and the recipients public key. Also possibly with the applications key under that. I prefer to use third party OAuth accounts - just to keep the number of passwords down.
The key part of safe sexting is how to display the image in order that it can be viewed by the viewer, but not recorded. In order to achieve this there has been some suggestion that some application might be used which requires the users finger to be placed on the iPhones screen, or similar thing which embuggers the sending of the screenshot message to the device. This approach cannot work as any user input can be programatically repeated, therefore an unscrupulous person would still be able to take a photo of the sexted image.
One alternative That I would suggest would be to convert images to videos with some feature preventing the whole image being presented at once, but still enough to entice and titivate the viewer. Maybe a scrolling layer of visibility, eyeing ones object of desire, but not in its entirely, would be sufficient, this is not likely to prevent someone with a second device recording the photo in video form, but by adjusting frame rates this should be sufficient embuggerance to deter attempts.
The second key part is the ability to revoke a users permission to view an image. This can be achieved with controls similar to those employed by googles office suite. Any image document should have one owner, and everyone else has the ability to do as the owner allows them.
Conclusion
Risky behaviours such as sexting, can't be avoided - but they can, and should, be make safer. Risk education is not the only solution, but this could be a topic which leverages younger citizens into thinking about security and cryptography.
Comments
Post a Comment