By Ed Oswald | Tuesday, March 29, 2011 at 7:28 am
As if the Chicken Little “the sky is falling” privacy recriminations over the Color photo-sharing app since last week’s launch weren’t enough, privacy advocates are ready to pounce once again. This time a security researcher says that the application is vulnerable to “geolocation spoofing,” essentially meaning a user could fake his location to view images at that location.
Veracode chief technology officer Chris Wysopal is the man behind this latest statement, and said the spoof is done by use of a unofficial third-party app on a jailbroken iPhone. Of course, the whole flaw is dependent on that — normal iPhones would not be susceptible to this as Apple would never let such an app in the App Store. Most iPhones aren’t jailbroken.
Wysopal told Forbes of the possible uses of such a hole, including get this–by paparazzi. Big bad Color is just playing loose with our privacy now, aren’t they? I really don’t understand how this is even news: at no time has Color ever promised any privacy at all.
The whole concept of the app itself is that there is no such thing as private photos: it is intended to facilitate the sharing of photos between strangers and friends alike. If you are posting pictures that you don’t want to be public on this app, well then that’s your own stupid fault.
I will repeat what I have said on Twitter around the time of all the hubbub: Color would have never gotten this kind of coverage if it wasn’t for that $41 million in funding. It just drove the tech blogosphere into a frenzy, and a good portion of the coverage has been vitriolic. I’m beginning to think that some people are hellbent on seeing this company fail,.
So, if you’re worried about your privacy, here’s a suggestion: either watch what you’re putting on Color, or don’t download the app at all. The fix for this “flaw” is as easy as that.