Confide, the (supposedly) secure messaging app reportedly favored by Trump White House staffers, has had a rocky few months trying to counter allegations that its app isn’t so secure. A new lawsuit filed this week in federal court is sure to further those headaches, alleging the app isn’t as good at protecting its users’ identities and messages as it claims to be.
After the initial burst of press coverage over its use by White House staffers and other GOP operatives, Confide stumbled a little when researchers and reporters began to publicly identify security flaws with the app. One researcher told Cyberscoop News that the app’s claim to have “military grade encryption” was a “triumph of marketing over substance.”
But this week’s lawsuit alleges even more security flaws. The suit, filed by Michigan resident Jeremy Auman, argues Confide’s claim that the content of messages and the identity of senders are secured is false. It’s a class action lawsuit on behalf of all Confide users who bought the premium service.
According to the suit, users can actually take screenshots of Confide messages in the Windows app if they turn off the operating system’s “enable desktop composition” feature, and users aren’t notified if their messages are captured in this way.
Confide also advertises a “sliver” feature, whereby only a small portion of the message can be seen by the recipient at once and the sender’s name is hidden, meaning even taking a photo of the screen with another camera wouldn’t incriminate the sender. The lawsuit alleges that feature also doesn’t work on Windows. And, compounding both these problems, the suit claims there’s no way for users to know whether the person they’re messaging is viewing the message on mobile or desktop, so they have no idea whether their messages are truly secure.
In an email, Confide CEO Jon Brod provided Gizmodo with the following statement:
We have now received the complaint and had an opportunity to review it. Not surprisingly, the accusations set forth in the complaint are unfounded and without merit. We look forward to responding to this frivolous complaint and seeing this case swiftly thrown out of court.
Either way, if you’re a White House staffer trying to leak to the press and you’re concerned about your privacy, maybe use Signal for now instead. Also, please quit your job and go work in your local homeless shelter until your sins are atoned for in approximately 600 years.