There’s no such thing as a private message

Security & Privacy


You may have heard about Storify. A new tool that you can use to publish private conversations in Facebook. Scary, isn’t it? Or that’s at least the angle many headlines take. But the full picture is a lot less dramatic. In fact, Storify does not enable you to do anything that you couldn’t do before, it just makes it easier. And it is an excellent reminder about the risks with so called private messages.

Most legislations provide a fairly high level of protection for messages in transit. The goal is to prevent 3rd parties from eavesdropping and tampering with the messages. But what many forget is that the parties involved in the communication have rights to use the message. It means that the recipient has fairly free hands to use what you write as soon as the message hits the inbox. Your only protection is really your trust in the other part. You may write things that both parties understand should remain private, and it may be sufficient protection today. But what about the future? We all know that trust can change. Many who have gone through a divorce know that the person you trust the most of all may become your worst enemy.

So what about Facebook and Storify? It’s just a good reminder about what can happen to “private” messages. The same threat exists in any kind of messaging service. Not only on the Internet, phone calls can be recorded and misused as well. Letters on paper can be copied, scanned and published. Facebook didn’t provide tools for publishing private messages, but that never prevented users from using copy-paste or taking screenshots of the messages. And our good old e-mail is no better. It has a button called Forward for this purpose.

The only thing that can protect you from this kind of leaks is to not write things that would be embarrassing if published. Be polite and adopt a no-nonsense attitude even in private communications. Think twice before reveling secrets over electronic communication systems. Even if you use encryption it only protects you against 3rd parties, not against the recipient. And last but not least. Do not turn your friends into enemies. That’s probably the biggest reason for leaked private messages.


Photo by Sam Catanzaro @ Flickr


Rate this article

1 votes


[…] * Even “the exception” – encrypted mail, such as PGP, is vulnerable to on-disk and key cache attacks, client-side malware and the difficulty of ensuring that both sender and recipient have the necessary access to encrypt and decrypt the messages. Without which, you may as well be sending random zeroes and ones. Don’t get me wrong: PGP is awesome, I’m not knocking it – but it’s far more complex for the typical user (especially someone likely to send a password by email) than simply picking up the phone. And again, you have to be willing to risk that the recipient won’t abuse your trust. […]

This is a great point to be taken to publicity and not just only concerning facebook and pm’s in it. We all should remember that the private messages/private chats etc… go through third party platform and most likely are stored to sql database without any encryption. So all administrators/DBA’s/programmers of that company who hosts the service most likely will have full access to your data.

Cheers for bringing this up, as even myself easily forget something so easy to know when you work with web platforms. I would guess that someone has read my “love letters” on some service already 😉

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

You might also like