Disappearing messages are that the recipient still captures the content before it disappears by taking a screenshot or using a screen recording tool. Most disappearing message platforms do not prevent the recipient from doing this. Some, like Snapchat, will notify the sender if a screenshot is taken, but the recipient still needs to capture and save the content. Some third-party apps and hacks allow users to secretly screenshot or record disappearing messages without the sender being notified. So, even if you trust the recipient, they could save the content without your knowledge. Once a screenshot or recording is made, the disappearing nature of the original message becomes irrelevant, and the content is permanently saved.
-
Cloud backups can store deleted messages
The pitfall is that if disappearing messages are backed up before they are deleted, the backup will contain the unencrypted message content even after it “disappears” to the sender and recipient. Many messaging platforms, like WhatsApp, back up your message history to the cloud by default. Even though the message may disappear from the app interface after the set time limit, an unencrypted copy is still saved indefinitely in the cloud backup. If an unauthorized party gained access to the backup, they could see the contents of the supposedly disappearing messages. To avoid this, you must turn off cloud backups or encrypt them with a private key you control.
-
Reveal conversation details
Even if the contents of messages disappear, records of the conversations, known as message metadata, are still retained by most platforms. Metadata includes information like which you messaged, when the messages were sent, and the approximate size of the messages. Metadata laws vary by country, but in many jurisdictions, government agencies request access to this metadata with a subpoena, even if they don’t have access to the contents of the messages. The metadata could be used to make inferences about the nature of the conversations. Regular conversations with a therapist or a substance abuse counsellor, for example, could imply sensitive health information even without the message’s contents.
-
Data can be recovered from device storage
Depending on the specifics of how the app implements disappearing messages online notes, traces of the deleted content could remain in temporary storage or caches on your device even after the message disappears from the app interface. For instance, Snapchat was shown to only partially delete disappearing photos and videos from device storage immediately.
Deleted content could be recovered later from the device storage by someone with physical access to the device or by law enforcement/government entities. The safest way to implement disappearing messages would be for the content never to touch local storage and only be stored ephemerally in the device’s RAM. But even then, sophisticated tools may be able to recover RAM contents in some cases.
Disappearing messages are a nice feature for casual, everyday conversations where you want to minimize digital clutter; it’s essential to be aware of their significant limitations regarding security and privacy. You’re better off using a secure messaging app with end-to-end solid encryption for any susceptible communications.