SecureMac, Inc.

Checklist 283: Edit the Edit and Unsend Plans

June 17, 2022

Problems with edit and unsend in iOS 16, a data breach at a healthcare company, and a beer-based scam for Father’s Day.

Checklist 283: Edit the Edit and Unsend Plans

This week on The Checklist:

  • Problems with Apple’s new edit Messages feature?
  • Health data at risk
  • A Father’s Day scam

The law of unintended consequences, iOS edition

At last week’s Worldwide Developers Conference (WWDC), Apple announced a forthcoming upgrade to Messages. In iOS 16, users will be able to edit or unsend messages within 15 minutes of sending them.

It sounded like a great way to avoid miscommunication, fix typos, and prevent awkward situations. However, some commentators think the new feature may pose a security risk for vulnerable users.

Attorney Michele Simpson Tuegel sent a letter of concern to Apple CEO Tim Cook last week. In it, she argued:

…[T]his new feature — in particular the significant amount of time allowed to edit or delete messages – will expose victims of violence to additional harassment and bullying as the perpetrator will take advantage of these tools to send harmful content knowing they can destroy evidence of their misconduct … 

[A] perpetrator can send violent content to their victim, and then edit the messages within 15 minutes to hide evidence of their abuse. Victims of trauma cannot be relied upon, in that moment, to screenshot these messages to retain them for any future legal proceedings particularly when the abuser is engaging in a form of psychological warfare. 

Is there a better way?

Simpson Tuegel is not calling for Apple to abandon the edit and unsend feature altogether. Rather, she suggests a few basic changes that would make it safer for all users:

  • Decrease the edit/unsend window from 15 minutes to two minutes
  • Inform message recipients when a message has been edited or deleted
  • Clarify whether or not edited and unsent data is recoverable by Apple and users
  • Allow Messages users to opt out of the edit and unsend feature if they want

Simpson Tuegel says that by making such changes, Apple would demonstrate its willingness “to lead by example and influence how other messaging platforms should protect their users from harassment and abuse.”

Your health data for sale

Another week, another breach — this time at healthcare giant Kaiser Permanente. According to TechCrunch, a hack of an “employee’s emails led to breach of 70,000 patient records.” 

In a public statement, Kaiser said that the leaked data contained patient names, appointment dates, medical record numbers, and lab test results.

The company said that financial and credit card data was not stolen — but that’s not much comfort, considering how often bad guys use personally identifiable information (PII) to commit identity fraud

Kaiser did direct users to a helpful site (literally the least they could do, considering): IdentityTheft.gov. The site is maintained by the United States Federal Trade Commission (FTC), and contains a wealth of information designed to help people deal with identity theft.

Homer Simpson beware

The Register has word of a beer-related scam aimed at dads — just in time for Father’s Day.

There’s a contest making the rounds on WhatsApp. To enter, just provide your name, email address, phone number, and other personal information. If you’re one of 5000 lucky winners, Heineken will send you a free cooler of beer for Father’s Day!

Only problem is … it’s a scam. Heineken says they’re not giving away any free beer, and they don’t have anything to do with this “contest”. Alas, it’s just another way for bad guys to get their hands on your PII. D’oh! 

If you know any dads who love beer, take a second to warn them about this sudsy scam.

Do you have a topic you’d like us to hit on The Checklist? A security or privacy question you want answered on a future show? Write to us and let us know!

Get the latest security news and deals