A messaging startup used by White House staff is getting sued for allegedly not being as secure as it promises

Confide, an “off the record” messaging service, has been mentioned several times as a tool that White House staff, as well as Republican insiders, use to privately send information.

But now the New York-based startup has a new headache: A lawsuit filed today in the Southern District of New York alleges that it’s possible under specific circumstances to capture information on who sent messages, as well as the content of those messages.

The suit isn’t about Confide’s servers or encryption technology, but instead it takes issue with a more manual problem: That messages sent on the platform are not always safe from being captured with a screenshot.

On Confide’s website, the company boasts its messages are “screenshot protected.”

“Confide prevents screenshots on most of our platforms,” its website says today. “Where prevention is not technically feasible, our patent-pending reading experience ensures that only a sliver of the message is unveiled at a time and that the sender’s name is not visible. We also kick the recipient out of the message and notify the sender that a screenshot has been attempted.”

But according to Chris Dore, an attorney with the law firm representing the plaintiff, it’s possible to toggle the settings on Windows so that when using the desktop version of the app, users can take a screenshot of the entire message, along with the sender’s name in full view. The app also fails to alert the sender that someone has taken a screenshot, the suit claims.

The suit further alleges that Confide’s “sliver” feature, which is supposed to only show a portion of the message at a time and hide the identity of the sender, doesn’t work on the desktop versions of the app.

Here’s a photo, cited in the lawsuit, that demonstrates how the sender’s name, as well as the contents of their message, is fully visible on both Windows and Mac versions of the desktop app:

Confide says it disagrees with the claims spelled out in the lawsuit.

“The accusations set forth in the complaint are unfounded and without merit,” Jon Brod, Confide’s co-founder and president, said in a statement to Recode. “We look forward to responding to this frivolous complaint and seeing this case swiftly thrown out of court.”

It’s also worth noting that — as with any “secure” app, screenshot alerts or not — it’s possible to take a picture or video of the “decrypted” message with another camera, like a second iPhone.

(Security researchers also found critical vulnerabilities in Confide earlier this year, but reported that they alerted Confide of the problems and that they were quickly resolved.)

Read the lawsuit against Confide here.

This article originally appeared on Recode.net.

We're here to shed some clarity

One of our core beliefs here at Vox is that everyone needs and deserves access to the information that helps them understand the world, regardless of whether they can pay for a subscription. With the 2024 election on the horizon, more people are turning to us for clear and balanced explanations of the issues and policies at stake. We’re so grateful that we’re on track to hit 85,000 contributions to the Vox Contributions program before the end of the year, which in turn helps us keep this work free. We need to add 2,500 contributions this month to hit that goal. Will you make a contribution today to help us hit this goal and support our policy coverage? Any amount helps.

One-Time Monthly Annual

$5/month

$10/month

$25/month

$50/month

Other

$

Yes, I'll give $5/month

Yes, I'll give $5/month

We accept credit card, Apple Pay, and Google Pay. You can also contribute via