Snapchat Settles Federal Charges It Misled Users About Privacy

The FTC alleges that Snapchat's promises of messages that "disappear forever" after 10 seconds, and that users would be notified if a message recipient made a screen grab of that message, were misleading.

The FTC alleges that Snapchat’s promises of messages that “disappear forever” after 10 seconds, and that users would be notified if a message recipient made a screen grab of that message, were misleading.

One of the reasons people use the Snapchat messaging app, especially for messages that one may not want to have a permanent record of, is that those texts and photos supposedly disappear shortly after being received by another user.

But the Federal Trade Commission accused the service of not only over-promising and under-delivering on this notion of vanishing messages, but that it also deceived users about the amount of personal data it collected.

As evidence to that last point, the FTC cites the recent data breach at Snapchat, which resulted in the collection of usernames and phone numbers for 4.6 million users.

In its complaint [PDF] against Snapchat, the FTC took issue with the service’s marketing language that uses terms like “ephemeral” and statements that a message “disappears forever” after a user-determined period of time has passed (the default is 10 seconds).

“Despite these claims, several methods exist by which a recipient can use tools outside of the application to save both photo and video messages,” reads the complaint, “allowing the recipient to access and view the photos or videos indefinitely.”

The complaint gives the example of how, until Oct. 2013, when the service began encrypting videos, it was not too difficult for a Snapchat user to hook up a computer or other storage device to their phone and move Snapchat videos off the phone in order to keep a permanent record of it.

The FTC also points to the ability to log into Snapchat via a variety of third-party apps that allow the user to circumvent the timer function of Snapchat.

“Because the service’s deletion feature only functions in the official Snapchat app, recipients can use these widely available third-party apps to view and save snaps indefinitely,” says the FTC. “Indeed, such third-party apps have been downloaded millions of times.”

Another alleged half-truth from Snapchat: That the sender would be notified if a message’s recipient took a screenshot of a message.

“In fact, any recipient with an Apple device that has an operating system pre-dating iOS 7 can use a simple method to evade the app’s screenshot detection, and the app will not notify the sender,” contends the FTC.

The regulators also accuse Snapchat of ignoring warnings from security experts about the ease of permanently saving messages.

One last kick in the Snapchat pants: Because the early version of the service did not require verification of phone numbers used when registering with Snapchat, some people would put in other consumers’ phone numbers. So when someone used Snapchat’s “Find Friends” function, that looks up other Snapchat members you may know, people were mistakenly connected to complete strangers, and sometimes sent those strangers messages they believed were going to actual friends.

“If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises,” said FTC Chairwoman Edith Ramirez in a statement. “Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.”

Under the settlement with the FTC, Snapchat will be prohibited from misrepresenting the extent to which it maintains the privacy, security, or confidentiality of users’ information. The company will also be required to implement a comprehensive privacy program that will be monitored by an independent privacy professional for the next 20 years.