Remember when you first started using Facebook and it had that annoying “Poke” feature that allowed you to ping someone on Facebook with the word “poke”? Then you’d get a notification saying you’d been poked and it could go back and forth for days, bordering insanity. Ah, but now recently you’re hearing about Facebook’s new Poke app that they rolled out on December 21st and you’re like, what’s that? Oh wait…who cares? You don’t even bother to acknowledge it because it was so annoying like a gnat in the past that you’d rather swallow your own vomit than engage with that pointless app again, am I right?
But, you’d be mistaken to ignore it because it’s actually a new feature on the Facebook mobile app that was un-apologetically given the same name as a current feature on Facebook desktop version because the genius who came up with the name only had three names to choose from: poke, stories, and gifts (I am joking of course). Am I the only blogger who thinks this moron should be fired for lack of creativity? I mean Facebook now has two things called Poke that don’t even function the same way!
What is the new Facebook Poke app? First, unlike the old desktop only version pictured above, the new Facebook Poke app is a completely separate mobile app that you need to download and it’s not yet available on the desktop version. It’s a service which promises to self-destruct your message once you send it and your recipient reads it in a set amount of seconds (that you set).
The official description from Facebook is “With the Poke app, you can poke or send a message, photo, or video to Facebook friends to share what you’re up to in a lightweight way. You can poke an individual friend or several at once. Each message expires after a specific time you’ve set, either 1, 3, 5 or 10 seconds. When time runs out, the message disappears from the app.”
There’s been controversy as well around whether or not your messages, photos, or videos are actually deleted immediately. They’re not. Per TechCrunch they are kept for 2 days and then archived for 90 days with an encryption key. Recently, per a Business Insider source, they’re not actually deleted right away:
All Poke messages are stored in encrypted form and retained for two days after the last recipient receives the poke — a process that helps facilitate abuse reporting. After that period, a Poke’s encryption key is deleted. However, it may still be possible for Facebook to recover that key from logs or backups.
After a fixed time period, this key becomes inaccessible, rendering the content completely unreadable, unless it was copied for abuse reporting. Today, that fixed period can be up to 90 days, but we are working to significantly reduce that period over the next several weeks as we verify the stability of the Poke deletion system.
Yet people are still using it. And there will be more controversy, I am sure, as young people download the app and it gets used for sexting, bullying, and God knows what else. Facebook, however, does take these issues very seriously and has partnered with ConnectSafely.org to help you report and prohibit bullying, if a relationship with an adult is making you uncomfortable, or if someone is asking you to send nude or sexual photos of yourself. Amen!
You may have seen that they were plugging the Poke app for New Year’s Eve telling you to use Poke to send New Year’s Eve messages rather than texting your friends. But there was a security hole found by Jack Jenkins, a business IT student at Aberystwyth University who alerted Facebook by posting on his blog that after he made a small tweak to a web address it allowed him to view messages and photos sent by strangers using the new tool. Facebook has since fixed this hole.
More security holes
The other thing you should know is that although Facebook and Snapchat both warn you if a photo was snapped of your message or video or photo by the recipient, there’s a new security hole that just opened up where you actually will have no idea if someone snapped a photo or saved your video to their hard drive. BuzzFeed reported that because both services locally store copies of videos sent to users, which are easily accessible with a free iPhone file browser, they can be kept by the recipient forever. They further go on to explain, with screenshots, on how to do it.
In response to BuzzFeed’s discovery, Facebook issued this statement about their Poke app:
Poke is a fun and easy way to communicate with your friends and is not designed to be a secure messaging system. While Pokes disappear after they are read, there are still ways that people can potentially save them. For example, you could take a screenshot of a photo, in which case the sender is notified. People could also take a photo of a photo you sent them, or a video of a video, with another camera. Because of this, people should think about what they are sending and share responsibly.
Facebook issued a statement and said that they are working on fixing the video loophole asap, but still this begs the question on just how safe is your data with these apps? Judging by Facebook’s response, not very.
Have you tried the new Poke app or Snapchat? Would you try it given the security holes?