It has to be said, for a service supposedly designed around private communications, SnapChat is looking decidedly bad at protecting people's privacy. Designed as a tool to keep text and picture communication private by deleting messages from a user's phone up to ten seconds after it's viewed, users of SnapChat who value the service for its discreet, secret nature have often found themselves bitten in the ass with privacy-compromising bugs: First was the hack that SnapChat first denied, then later had to admit WAS a problem, whereby all but the last two digits of the phone number of all SnapChat users could be determined. This directly lead to a second problem whereby it was possible for people to determine you had SnapChat installed even if you didn't know the other party, forcing SnapChat to add a user-enabled "delist" option. That's without mentioning the controversial "second look" feature, recently added, that will allow one message per day to be viewed a second time at the recipent's request.
Apparently to try to encourage use of the system by legitimate users - and to curb the use of the service by automated services ("robots") to send spam to its users - Snapchat recently implemented a new verification system giving a simple test for its users to complete to verify they are human. The system takes the form of a visual identification test - users will be shown a grid of icons, each containing a white shape, some of which will be the iconic "ghost" shape that SnapChat uses in its logo; and just have to select the ones with the "ghost" in.
Now, visual tests to prevent bots are nothing new - Microsoft's own KittenAuth system is another such example. KittenAuth combines pictures of cats with those of dogs and other furry animals; and asks users to simply pick out all the cats from a randomly-generated selection. The reason KittenAuth works, but SnapChat's "Human Test" doesn't, is cats have hundreds of breeds and thousands of colour variations, leading to a whole variety of different looks. We humans are very good at recognising cats as cats no matter how different they look, but computers are not as intelligent at grouping together similar things when they look very different.
SnapChat's "Ghost" logo, however, is always a certain shape, size and colour, making it instantly very recognisable and the perfect thing for a "robot" to look for. To prove it, Georgia Institute of Technology student Steven Hickson spent less than 30 minutes and 100 lines of code to create a bot to do just that. Steven's proof of concept script compares the colour, pattern and distance between points of the white object in each icon on SnapChat's randomised authentication screen and works out from these which match a "ghost" and which do not, with extremely high accuracy. For the more technically minded, an detailed explanation of the bot and its source code can be found on Steven's Blogspot.
For those of you who prefer a simpler explanation of why this Account Verification is just another example of SnapChat not even trying: Pattern Recognition is a function of computing that has been possible now for many years, even decades; and is used for such things as working out the sounds to be made when a piece of music is played on a CD or MP3 file, to creating 3D models that can be used in architectural designs or sent to a 3D printer to make toys, tools and even food out of. As for colours, even popular artwork creation programs like Photoshop and GIMP have a "Select by Colour" option that can pick out parts of an image with the same or similar colour as what it's told to look for. So when a system designed to fool computers and let in humans can fail by the most simplest of computing abilities today... one has to wonder whether SnapChat give a damn about keeping their service secure and keeping spam out at all; and every user should question their faith in such a company who are quickly building up a sizeable list of negligent practices.
