close
  • Ar chevron_right

    WhatsApp “end-to-end encrypted” messages aren’t that private after all

    news.movim.eu / ArsTechnica · Wednesday, 8 September - 21:33

WhatsApp logo

Enlarge / The security of Facebook's popular messaging app leaves several rather important devils in its details. (credit: WhatsApp )

Yesterday, independent newsroom ProPublica published a detailed piece examining the popular WhatsApp messaging platform's privacy claims. The service famously offers "end-to-end encryption," which most users interpret as meaning that Facebook, WhatsApp's owner since 2014, can neither read messages itself nor forward them to law enforcement.

This claim is contradicted by the simple fact that Facebook employs about 1,000 WhatsApp moderators whose entire job is—you guessed it—reviewing WhatsApp messages that have been flagged as "improper."

End-to-end encryption—but what’s an “end”?

security and privacy page seems easy to misinterpret.' src='https://cdn.arstechnica.net/wp-content/uploads/2021/09/whatsapp-end-to-end-screenshot-640x141.png' >

This snippet from WhatsApp's security and privacy page seems easy to misinterpret. (credit: Jim Salter )

The loophole in WhatsApp's end-to-end encryption is simple: the recipient of any WhatsApp message can flag it. Once flagged, the message is copied on the recipient's device and sent as a separate message to Facebook for review.

Read 14 remaining paragraphs | Comments

index?i=mM8-5GQzxAI:A6MEMK1_Qo8:V_sGLiPBpWUindex?i=mM8-5GQzxAI:A6MEMK1_Qo8:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • chevron_right

    Avoid Windscribe VPN (Toronto-based)

    Mathias Poujol-Rost 🇫🇷 ✅ · Tuesday, 27 July - 16:20

Via https://nitter.fdn.fr/dangoodin001/status/1419799335206752260

#encryption

  • favorite

    1 Like

    adnan360

  • Ar chevron_right

    WhatsApp users must share their data with Facebook or stop using the app

    news.movim.eu / ArsTechnica · Wednesday, 6 January, 2021 - 20:29

In this photo illustration a Whatsapp logo seen displayed on

Enlarge (credit: Getty Images )

WhatsApp, the Facebook-owned messenger that claims to have privacy coded into its DNA, is giving its 2 billion plus users an ultimatum: agree to share their personal data with the social network or delete their accounts.

The requirement is being delivered through an in-app alert directing users to agree to sweeping changes in the WhatsApp terms of service. Those who don’t accept the revamped privacy policy by February 8 will no longer be able to use the app.

Image-from-iOS-640x1386.png

Share and share alike

Shortly after Facebook acquired WhatsApp for $19 billion in 2014, its developers built state-of-the-art end-to-end encryption into the messaging app. The move was seen as a victory for privacy advocates because it used the Signal Protocol, an open source encryption scheme whose source code has been reviewed and audited by scores of independent security experts.

Read 8 remaining paragraphs | Comments

index?i=qdQ4vxp-l4Q:_1rRNTcb1ps:V_sGLiPBpWUindex?i=qdQ4vxp-l4Q:_1rRNTcb1ps:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Ar chevron_right

    Kazakhstan spies on citizens’ HTTPS traffic; browser-makers fight back

    news.movim.eu / ArsTechnica · Saturday, 19 December, 2020 - 15:45

Surveillance camera peering into laptop computer

Enlarge (credit: Thomas Jackson | Stone | Getty Images )

Google, Mozilla, Apple, and Microsoft said they’re joining forces to stop Kazakhstan’s government from decrypting and reading HTTPS-encrypted traffic sent between its citizens and overseas social media sites.

All four of the companies’ browsers recently received updates that block a root certificate the government has been requiring some citizens to install. The self-signed certificate caused traffic sent to and from select websites to be encrypted with a key controlled by the government. Under industry standards, HTTPS keys are supposed to be private and under the control only of the site operator.

A thread on Mozilla’s bug-reporting site first reported the certificate in use on December 6. The Censored Planet website later reported that the certificate worked against dozens of Web services that mostly belonged to Google, Facebook, and Twitter. Censored Planet identified the sites affected as:

Read 3 remaining paragraphs | Comments

index?i=AHn7ZgcQCpU:qC6LRUctJCA:V_sGLiPBpWUindex?i=AHn7ZgcQCpU:qC6LRUctJCA:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA