Pressgram Just Another Instagram…Lame Sauce.

I was really excited when first came out. It was supposed to cut out the Instagram middle man.

I’ve had issues getting it work with my site, in particular it would upload the image put it would often not create the post. I started digging around, running TCPDUMP on my router to capture the XMLRPC requests that should have been going between my iPhone and my web server. But I could never capture the traffic I was expecting. As it turns out, there’s a reason:


It seems that, unlike the WordPress Mobile Apps, the password that you enter in Pressgram isn’t kept private on your own device. Without noting it on a Privacy Policy or in any way notifying you that Pressgram is doing it, your password is stored in plaintext on their server.

So what does this all mean?

Well, it means that Pressgram is storing your credentials in plaintext (or potentially encrypted alongside a decryption key) on your behalf, without notifying you or doing anything publicly to indicate that this is the case. No matter how high entropy your passwords may be, if you hand it to someone and they get hacked, it doesn’t matter. You are vulnerable – doubly so if you use that password for other accounts as well.

To some folks, this may be a worthwhile tradeoff. But as I look at it, I don’t see it as a necessary tradeoff. Your credentials could just as easily be kept private between the app on your phone, and your WordPress site. Just have your phone upload the photo directly to your WordPress install. It wouldn’t be difficult to do, it’s already making XMLRPC requests to the server. And it fulfills the initial Kickstarter promise of “your filtered photos published directly to your WordPress-powered blog”. It also would provide the added security that if Pressgram is eventually shut down or sold off, the app would still function, as it’s not needlessly dependent on the Pressgram Servers.

To protect yourself, you may want to consider making a seperate account for your WordPress site with the Author role, and using those credentials with Pressgram, and make sure you’re using a distinct password – as well as with any service that you provide a password to.

My data should be going directly to my server. But it’s not. And that’s, honestly, troubling for an app that promised “complete creative control and publishing freedom with the ability to publish filtered photos directly to your WordPress blog!”1

For the time being, I’ve deleted Pressgram and changed my password. On to looking for a better solution.

  1. Source: 

Where’s Andrew: An Update

Currently, I’ve been laying low with Mononucleosis. I got sick right after the first of the year with what I suspect was the flu. It came and went and then I got really tired. I did the tired thing for a couple of weeks, including a trip to San Diego. Eventually though it got to the point where I couldn’t sleep more than about two hours because my throat was so sore.

The ARNP thought it was strep, which I could totally see and would have actually been grateful for because I could have taken some antibiotics and been better within 48 hours. As it turned out, I got this letter instead1:

I was also busy with Christmas and now wedding planning and honestly, just life in general.

I’ve been struggling to figure out what to do with this space. Blogging is not as high a priority as it used to be, which I think is a good thing — it means there are other things that are really exciting. I still really want to share things though, I just don’t know how to best do that yet.

I’m going to try an experiment for the next month or so where I’m going to be posting more links to things I find interesting. I’m also hoping to post some more pictures…sort of like Instagram, but without all the Terms of Service drama.

  1. They actually called me and then sent the letter