Instagram can be described as a picture-sharing application that allows users to share pictures and videos with the public via various social networking platforms. Instagram was created by Kevin Systrom and Mike Krieger in October 2010 but quickly gained popularity in the wake of iOS 5 thanks to their newly implemented ability to upload pictures directly from mobile devices. The app is available for most mobile platforms, including Android and iOS, although some features are restricted to iOS. The application has enjoyed tremendous success, with over 100 million active users in under three years.
Users can visit Instagram’s website or download the app for free on their supported device. After installation, they are prompted to create an account by entering their email address and selecting a password or logging in via Facebook. Once the account is activated, users are presented with the camera interface to take pictures and videos and apply filters to alter the final result. These images and videos can then be shared with many social media platforms and saved on the device for later viewing.
By default, images and videos posted to Instagram will be visible to the public. However, users can change their account security settings to allow only certain people to view their posts, including friends, or a custom list of followers, including mutual connections and strangers. In addition, users have the option of keeping their accounts private (though some tools like instagram private profile viewer get around that). They must provide a username and password to view their pictures or make them public, allowing anyone access to Instagram and a browser to view the pictures.
From a security standpoint, Instagram has been called out for its reliance on SSL encryption. In November 2012, an independent researcher uncovered proof that user passwords were stored in plaintext rather than salted and hashed like most sensitive information sites. This is especially concerning considering Instagram’s insistence on emailing users their password in plaintext when they forget it, which could allow an attacker to easily compromise any account if the user happens to use the same password for multiple services (which many do because password complexity requirements are rarely enforced). But, of course, this isn’t the first time that a company has opted for convenience over security, and it certainly won’t be the last.
Instagram and Facebook Relation
As far as the relationship with Facebook, it’s important to note that Instagram has never claimed to be an independently owned company. It was purchased by Facebook in April of 2012 for $1 billion and continues to operate under its own steam. This makes it automatically tied to the security of other popular social media platforms such as Facebook, which later came under fire for their privacy concerns.
Since both Google and Facebook are now publicly traded companies that need to answer to stockholders and regulators, poor security practices will likely continue to be an issue in the future. The popularization of the mobile market also means that there are potentially millions more people to exploit and many new potential attack vectors that haven’t been well researched thus far simply because they’re so new.
Instagram has largely done a good job at staying out of the public eye for security reasons, but they’ve recently announced that they’ll be complying with court orders to turn over user data. This doesn’t mean that they’ll be handing over all user data, though; Instagram has stated in their official blog post, “Law enforcement demands are thoroughly reviewed, validated, and responded to under applicable law and policy, and we prioritize responses to emergency requests.” So while you shouldn’t assume that your account is 100% safe just because it’s small, there are still many other large social media platforms that are likely much more attractive targets than Instagram at the moment.