Lawsuit Slams Security of Confide Messaging App

lawsuit-slams-security-of-confide-messaging-app photo 1

Confide users take note: a new lawsuit alleges that the encrypted messaging app reportedly favored by members of Donald Trump's administration isn't as secure as it claims to be.

Confide is advertised as an "encrypted, ephemeral and screenshot-protected messenger" that lets you "speak freely, without the risk of what you say being forwarded on or permanently stored, just like when you're talking in person." But, as was reported by Recode, a lawsuit filed yesterday in the Southern District of New York claims that the Windows version of Confide doesn't offer screenshot protection.

"Confide represents, in no uncertain terms, that its App blocks screenshots. But that isn't true," according to the complaint. "Any Confide user accessing the platform through the Windows app can take screenshots of any and all received messages."

Confide in a statement to PCMag denied those claims.

"The accusations set forth in the complaint are unfounded and without merit," Confide said. "We look forward to responding to this frivolous complaint and seeing this case swiftly thrown out of court."

On its website Confide says that "where [screenshot] prevention is not technically feasible, our patent-pending reading experience ensures that only a sliver of the message is unveiled at a time and that the sender's name is not visible." The suit says that's not the case. When taking a screenshot using the Windows app, the image can include "the entire content of the message as well as the identity of the sending party," the suit contends.

Related

  • DARPA Wants Help Developing a Secure Messaging PlatformDARPA Wants Help Developing a Secure Messaging Platform

Confide further promises to notify the sender if a screenshot has been attempted, and to "kick the recipient out of the message."

"In reality, Confide does not notify anyone when a screenshot was taken when the recipient uses the macOS or Windows app," the complaint notes. "Worse, the offending party taking the screenshot is never removed from the message, ensuring that the sender continues sending confidential or otherwise sensitive information."

The suit comes after researchers at security firm IOActive recently discovered multiple critical vulnerabilities in the Confide app. Those flaws could have allowed an attacker to impersonate a Confide user, sneakily sleuth people's contact details, alter the contents of a message or attachment in transit, or "become an intermediary in a conversation and decrypt messages." IOActive reported the flaws to Confide and the company has patched all the holes.

Recommended stories

Relax Lawsuit Slams Security of Confide Messaging App stories

Chrome Blocks Crafty URL Phishing Method

By using non-Latin Unicode characters, it's theoretically possible to register a domain name for a phishing website that looks nearly identical to the one it's trying to spoof.

How to Stay Anonymous Online

We live in a world of mass surveillance. Here are some tips for staying anonymous while still staying online.

More stories

Chrome Blocks Crafty URL Phishing Method

By using non-Latin Unicode characters, it's theoretically possible to register a domain name for a phishing website that looks nearly identical to the one it's trying to spoof.

Apple Aims to Use Only Recycled Materials

The company in its 2017 Environmental Responsibility Report said it aims to have a 'closed-loop' supply chain, 'where products are built using only renewable resources or recycled material.'