Puff Puff… Pass

Terrible response by the Puffchat guy: <a href="https://twitter.com/MikeSuppo" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;MikeSuppo</a> (Google Play&#x27;s dev listing goes to the Puffchat blogspot site, which links to this Twitter account.)<p><pre><code> &quot;This is a friendly message to advise that you remove all web based content about Puffchat&quot; &quot;Please remove within 1 hour.&quot; &quot;Puffchat will be fixed in due course. Every piece of content with the original author&#x27;s name attached to it after GMT scheduled will only provide evidence that can be used against him.&quot; </code></pre> Edit: Actually, this could just be a publicity stunt. Do something boneheaded like this, get some exposure. Take flak from users that don&#x27;t necessarily matter, and hope to score a lot more users. If you&#x27;re not getting the growth you hoped for, what do you have to lose?

<a href="https://twitter.com/sexysez95_sarah" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;sexysez95_sarah</a> - fake account promoting puffchat seems pretty sleazy. <a href="https://twitter.com/Queenselfie96" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;Queenselfie96</a> also seems suspicious

I&#x27;m not seeing where the &quot;intimidates security researcher&quot; part mentioned in the title comes in. Am I missing something?

You can read the founder&#x27;s response to the disclosures on Twitter <a href="https://twitter.com/MikeSuppo" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;MikeSuppo</a>

And it is all over the internet:<p><i>Blog’s going offline while we bump the specs so we can deal with all the traffic, bear with.</i><p>I expect to see some articles tomorrow.<p>First one: <a href="http://www.tuaw.com/2014/03/03/snapchat-competitor-puffchat-is-incredibly-insecure-founder-thr/" rel="nofollow">http:&#x2F;&#x2F;www.tuaw.com&#x2F;2014&#x2F;03&#x2F;03&#x2F;snapchat-competitor-puffchat-...</a>

I&#x27;m not too impressed with the blog&#x27;s author either. He documents breaking into another website in a previous blog post: <a href="http://faptrackr.org/blog/?p=45" rel="nofollow">http:&#x2F;&#x2F;faptrackr.org&#x2F;blog&#x2F;?p=45</a>

Take a look at vaportstream. They have ephemeral messaging that leverages vram to hide the messages from the kernel. Pretty secure.

They really need to make a secure version of this app. You&#x27;d be saving thousands of burner phones from entering landfills.

1. Create snapchat alternative to try to harvest sensitive content &amp; info. 2. Profit.<p>There is no platform or space, in someone else&#x27;s control, that you can or should trust this way.

From Founders twitter:<p>&gt; provide evidence that can be used against him.<p>So is the founder trying to mount a legal case against him for hacking?

@notacop See what great work you could be doing if you would participate in the year of code?

Ultimate Streisand effect - I have literally never heard of this app that seems geared towards drug users; and yet I learn about it from it&#x27;s incompetance.<p>How do people release public API&#x27;s without THE MOST BASIC OF SECURITY CHECKS. Really? You can add a friend without any checks and even send messages as someone else? Christ.<p>A) Who funds these guys?<p>B) How can I get a piece of that seemingly-easy-as-hell-to-get pie?

Hmm, did you just post this &quot;disclosure&quot; on your blog before informing the company? Well, now everyone is at risk if your claims are true. Poor form.<p>Proper course is to disclose to company first, then disclose after fix is in place in reasonable amount of time. Why risk everyone for your benefit?

This needs to be a part of ThatHigh.com :)<p>Except, you know, not sketchy.