Safer Sexting

In the wake of the widespread leaks of intimate personal photos this last week, many purportedly ripped from iCloud backups I’ve given some thought to the problem of how to safely share confidential and potentially embarrassing photos with as little risk of accidental or malicious exposure as possible.

I’m not here to judge, really. Some people want to share pictures of themselves in compromising situations, and it may be best to simply accept that. Even rich and famous people who get more than enough attention on a day to day basis want to have intimate relationships, and share things privately, despite the paparazzi. Now, the question we have before us is how to securely share our private moments with the people closest to us, without unduly risking future compromise?

Let’s apply security fundamentals to the problem and see how we can minimize risk and still provide for digitally mediated intimacy. Voice, Live Video and Pictures are the big three media types when it comes to private single-cast messaging, so how do we secure those modes of communication?

SEPARATION OF CONCERNS

The first security principal users should apply is don’t use a secure device for daily activities. We break the letter of this rule daily with our desktop, laptop and mobile devices, because generally it only becomes a problem when a system is compromised. Now, loosing control over your bank accounts, credit cards, etc, for a few days is a serious inconvenience but loosing control of compromising information is much more serious, once it’s out of the bottle it’s almost impossible to get back.

Therefore, I highly recommend getting a pair of devices dedicated to secure communication. Besides the security advantages there is the issue of discretion, the device can be powered off until it can be used in a private setting, preventing embarrassing notifications or mis-sends and iOS allow you to give such a device extensive restrictions including the crucial ability to remotely wipe the device.

iCLOUD TO THE RESCUE

While iCloud has caught a lot of flack for the recent celebrity photo leaks, further analysis shows that targeted fishing, social engineering and other techniques were used to acquire iCloud logins. While Apple may have some security work to do iCloud still offers a really unparalleled level of cloud security, especially if you are careful with operational security.

First, create separate iCloud account or accounts for your secure devices (I recommend a pair of hot-pink iPod touches), one account for both devices is sufficient for pictures, two accounts are needed for FaceTime audio and video. Create new accounts from the devices, don’t involve any other computers if possible. You want these to be completely unrelated to anything else you own, make up names, don’t recycle passwords, consider this your alter-ego that knows nothing of your day to day life.

DISABLE ALL THE THINGS!

Next, open Settings > General > Restrictions and disable everything except:

Camera: obviously we want to take naught pictures, so we need this

FaceTime: if you want to have audio and video chat between devices

Otherwise lock down every other setting on the device, no Apps, no Accounts, no Background App Refresh, no GPS, etc. only enable Photos and FaceTime. Lock the device with a pin which is different from the restrictions pin (use an anniversary date, they’ll never guess that). Give the device to your partner, but do not give them the pin just yet.

REMOTE WIPE

Most importantly, make sure the device is signed up for Find my iPod. This allows you to remotely lock and wipe the device the next time it is connected to the network, effectively deleting all the material on the device. If things end poorly with your photo sharing buddy, you can delete the device immediately and ask for it back later.

TESTING THE SYSTEM

In order to test that the system works, you will want to coerce your partner into using the lock-screen camera to take some pictures. Once you are confident they have done so, either by doing it together or by remotely confirming it you can give them the pin code to unlock the device.

They will then have to connect it to Wi-Fi and the photos will be uploaded to the photo-stream for this account, which you can view on your own secure device. You might want to stash one or two away, just in case.

GAPING, UM, SECURITY HOLES

While account creation can be turned off, having the iCloud accounts configured means that they can message any other account, and include any image or video. Attaching the device via USB to a computer will make it possible to extract the contents. There is no perfect security, to quote Benjamin Franklin, “Three can keep a secret if two are dead.” But you will see the messages sent out as soon as it happens, which should raise some serious red flags.

By using dedicated devices and accounts, compromise of your primary identity will not be catastrophic, and while it is a tedious process this illustrates how you can separate other privacy critical activities (such as working with crypto currencies and private keys) onto separate devices to help compartmentalize risks in the system.

Finally, even with the safeguards available you are still placing a lot of trust in the party holding the other device. While recent laws in some states clarify that it is illegal to post revealing images of someone without their consent, once an image is leaked there is almost no getting it off the internet.

[Edit: 16 September, 2014] Turn on Two Factor Authentication

Previously, two factor authentication only protected purchases, but it can now be used to protect backups.

Follow the instructions from Apple to set up two-factor authentication.

Safe sexting everyone!