Yo, the two-letter message app raced out in a day, hits security iceberg

@xuki
@xuki

When 140 characters is too much, there is Yo.  In one sense, Yo is a new app that lets you send two characters to anyone in your contact list — bet you can guess what those two characters are.  In another sense, Yo is another sign of the apocalypse.

Yo might be simplest piece of software ever invented. Hey, there’s only one step smaller than two characters! In a race to the bottom, Yo won.

Yo’s inventors spent nary a day building the thing, somehow allegedly got $1 million in investments, placed a news story about the tool that went viral, and completely forgot about the security and privacy implications of what they were doing. Some kids quickly figured out they could hack Yo and get personal info on anyone who’s signed up. (TechCrunch had that scoop. Jason Dinh, an app developer, seemingly confirmed their work showing this example on Twitter.) Others figured out they could spoof Yo, so its mini-tweets could appear to be coming from other people.

As of Friday afternoon, inventor Or Arbel had stopped with the high-minded one-liners like “Yo is an example of context-based communications,” and started issuing apologies and calling in security experts.

This is how easy it is to insert yourself into the bubble that is Silicon Valley VC investment  — remember, all you need is a greater fool, and it’s a great investment — but more important, this is how easily companies can toy with our privacy.  It took SnapChat months to run into its security mea culpa moment.  Yo landed there in record time.   It’s often said that software firms worry first about features and last about securty. Yo might be the clearest example ever of this formula for disaster.

It goes without saying that Arbel unleashed his context-based communication tool on the world without proper testing, like someone who starts selling fast cars and forgets that the brakes better work.  This is the speed of innovation in America.  All factors incent reckless release of software and fixing the problems later.

As there always is, some will say that Yo critics just don’t get it — hey, Twitter initially sounded dumb, too.  But the cavalier attitude towards the security of users, and the speed with which a privacy disaster can occur, gets more alarming by the day.  Cut it out, yo. This stuff matters.

Sign up for Bob Sullivan’s free email newsletter.

 

About Bob Sullivan 1219 Articles
BOB SULLIVAN is a veteran journalist and the author of four books, including the 2008 New York Times Best-Seller, Gotcha Capitalism, and the 2010 New York Times Best Seller, Stop Getting Ripped Off! His latest, The Plateau Effect, was published in 2013, and as a paperback, called Getting Unstuck in 2014. He has won the Society of Professional Journalists prestigious Public Service award, a Peabody award, and The Consumer Federation of America Betty Furness award, and been given Consumer Action’s Consumer Excellence Award.