The Secret app FAQ raises more questions than it answers @getsecret

Secret is a new app that has been getting a lot of buzz recently. It purports to be another way to anonymously share text posts and images.

The app requires that you sign-in with an email and give it your phone number. When you first sign up "you’re automatically connected to the people in your Contacts who are also on Secret." According the FAQ:

Connections are made by matching on email address and/or phone number. On Secret, these are your “Friends”. We do this all without uploading contact details to our servers.

That seems a little misleading. If the app can "match" users by email address and/or phone number, then the app (client) must have sent those phone numbers / email addresses from your phone contacts to the server, at least for the "find matches" query, even if the server doesn't store all that data.

Also, is the above a one-time thing? What happens when a new user who happens to be in my Contacts joins Secret? When does the app become aware of this and how if the servers supposedly don't store my Contacts?

Perhaps what they mean by not uploading the "details" means Secret uploads one-way hashes for the phone numbers and email addresses and effectively every one of my contacts gets an "identity" on Secret, even if they are not signed up yet. Then, when they sign up, their account is matched to that email address and phone number (by hash), thus becoming associated with a "live" account. That would be consistent with how the app works, in that when you first sign up, there are already posts waiting for you, meaning that those posts were associated with my contact info even before I had an account on Secret - or i.e. that Secret "remembers" the post should be sent to me, based on on my email or phone number, even though I didn't exist on Secret at the time the post was created.

Is it really anonymous?

This also means that the Secret servers do maintain a direct relationship to your email and phone number (even if by hash), which suggests that Secret, the service / company, knows exactly who posts what.

This is how they answer this question on the Secret FAQ:

Does the Secret team know who posts what?

All of your posts are encrypted such that nobody, especially our team, can see your content. Your secrets are safe with us.

That is incredibly vague and utterly unsatisfactory. If every Secret app of every recipient iPhone that is allowed to see the post can display the content, then how is it encrypted, using what keys? How do all those apps get the keys? To satisfy security experts you're going to have to provide those details. And if you can't provide those details, then you're relying on "security through obscurity" which is a recipe for eventual hacks.

Let's ask this another way: would an author and the content of their posts be disclosed to law enforcement in the case of subpoena, court order, or similar legal action? If so, then the above FAQ answer is bogus.

My point is not that Secret, or any other app, should necessarily protect one from law enforcement. My point is that if Secret can obtain the data for law enforcement, then they also could technically obtain the data for whatever other purpose. And in that case, your posts are only "anonymous" as long as Secret decides so (or untiil Secret is hacked).

It's certainly interesting

All that said, the app itself is quite intriguing. I consider myself rather reserved and somewhat outside the loop. As a result, I expected to see nothing, or nearly nothing on Secret. Yet upon joining Secret, I have a timeline full of posts. I mean it is simply fascinating and scary at the same time. Who are these people? What is their connection to me? I suspect almost everything I'm seeing is via a small number of well-connected individuals, perhaps even a single individual.

Even if it were not anonymous, the algorithm and model for sharing is very interesting and potentially powerful.

Leave a Reply