Police can access suspects’ Facebook and WhatsApp messages in deal with US

WhatsApp, Facebook and other social media platforms will be forced to disclose encrypted messages from suspected terrorists, paedophiles and other serious criminals under a new treaty between the UK and the US.

Priti Patel, home secretary, will sign an agreement next month that compels US social media companies to hand over information to the police, security services and prosecutors. The data access agreement, which marks the culmination of four years of intense lobbying by the UK, is seen by Downing Street as an essential tool in the fight against terrorism and sexual abuse.

Ms Patel has previously warned social media companies that they risk empowering terrorists and urged them to take greater responsibility for criminal activity on their platforms. At present the security services are only able to obtain data if there is a need for an “emergency disclosure” due to an imminent threat to life. The police and prosecutors can also request data under the “mutual legal assistance” treaty but the process is highly bureaucratic and can take up to two years.

Under the new treaty, the police, prosecutors and the security services can submit requests for information to a judge, magistrate or “other independent authority”. The process will be overseen by the investigatory powers commissioner.

The UK has agreed it will not target people in the US and the US has agreed not to target people in the UK. The government is “confident” that the arrangement will comply with data protection regulations. Britain has also secured a guarantee that any information secured by the US from British companies cannot be used as evidence in cases that attract the death penalty, without the UK’s permission.

Last year Facebook was criticised by police investigating the murder of 13-year-old Lucy McHugh for refusing to release messages sent by Stephen Nicholson, the main suspect. After applying through the US courts for access to his account, prosecutors only received a log of his Facebook contacts with Lucy but not the content of any messages. It finally arrived the day that the trial started and Nicholson was convicted.

David Davis, the former Brexit secretary and a prominent campaigner on privacy issues, cautioned against the new powers. “The simple truth is that I’m afraid the US has a habit of using to the maximum extraterritorial laws to promote its own causes,” he said.

However, Richard Walton, a former head of counterterrorism at the Metropolitan Police, said: “US tech giants have been inadvertently putting a veil over serious criminality and terrorism. It has tilted the balance in favour of criminals and terrorists. This is very welcome, it will make a big difference.”

👉🏼 Read more (paywall)
https://www.thetimes.co.uk/article/police-can-access-suspects-facebook-and-whatsapp-messages-in-deal-with-us-q7lrfmchz

#UK #USA #Police #DeleteWhatsapp #DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

Whatsapp blamed own users for failure to keep phone number repo off Google searches

An infosec researcher reckons Whatsapp was a bit too quick off the mark to blame its users when hundreds of thousands of phone numbers, names and profile pictures were found to be easily accessible via Google.

Athul Jayaram, a self-described “full time bug bounty hunter”, published a blog post earlier this week highlighting that a large number of Whatsapp users’ mobile numbers could easily be found by searching Google for the domain “wa.me”.

That domain formed part of Whatsapp’s Click to Chat function. If you, the owner of a Whatsapp account, fancied letting world+dog add you as a new chat contact rather than going through the tedious process of tapping their phone number into yours, digit by digit, you could generate a QR code (yes, one of those things 🤦‍♂️…) for them to do so.

Billed as a feature for businesses wanting to make customer communication easier, Click to Chat QR shortcodes resolved to https://wa.me along with a unique URL string. The unique string just happened to be the full phone number of the user.

https://www.theregister.com/2020/06/12/whatsapp_google_search_results_blunder/

Earlier Post - HERE

#WhatsApp #deletewhatsapp

Don’t Use WhatsApp - I gathered 17 reasons why not to use WhatsApp (which you can send to friends & colleagues when they ask why you don't use WhatsApp)

💡 Reasons Why You Should Not Use WhatsApp:

❗️ The founder of WhatsApp – Brian Acton – tweeted on March 21st 2018: “It is time. #deletefacebook”

❗️ WhatsApp is forced to disclosed encrypted messages to authorities

❗️ Brian Acton admits: “I sold my users’ privacy to a larger benefit. I made a choice and a compromise. And I live with that every day.”

❗️ Jan Koum left Facebook over data privacy issues.

❗️ WhatsApp had a security issue with the way it handles video which allowed hackers to take control of your phone

❗️ WhatsApp commits major security errors on a regular basis, which are suitable for surveillance

❗️ Jeff Bezos, the richest man in the world, has been hacked due to WhatsApp’s security flaws

❗️ Facebook is collaborating with the NSA and FBI

❗️ WhatsApp was used to target 100 journalists and dissidents

❗️ United Nations officials are banned from using WhatsApp

❗️ WhatsApp disclosed 12 security flaws in 2019, including 7 classified as “critical”

❗️ EU Commission orders staff to switch from WhatsApp to Signal

❗️ Facebook’s executives proposed to weakening its encryption to enable easier access for businesses

❗️ Facebook is “the biggest surveillance-based enterprise in history”

❗️ WhatsApp ranked worst for user’s data privacy in internet snooping report

❗️ WhatsApp messages are stored unencrypted on iCloud or Google Drive

❗️ Telegram is banned in countries like Russia and Iran while WhatsApp is freely available

👉🏼 Read the entire version and find all sources 👈🏼

👉🏼 Reasons Why You Should Not Use WhatsApp:
https://www.reddit.com/r/privacy/comments/gdhrw9/i_gathered_17_reasons_why_not_to_use_whatsapp/

#wa #DeleteWhatsApp #fb #DeleteFacebook #DontUseWhatsApp
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Messenger service: BKA can also read your WhatsApp

Encrypted communication poses major problems for the security authorities. According to research by WDR and BR, however, the BKA has long been able to read chats via WhatsApp - via a regular function.

Only with a great deal of effort, such as the use of state spy software, the so-called "state Trojan", encrypted chats can be monitored by criminals - this is what the security authorities used to say. Monitoring communications via messenger services such as WhatsApp is one of the greatest challenges for law enforcement agencies, he says. Since the providers of the programs do not allow the authorities to read them secretly, they are in fact forced to use spy software.

According to research by BR and WDR, however, the Federal Criminal Police Office (BKA) has been able to monitor communications via WhatsApp for several years - even without having to install monitoring software on the target person's mobile phone.

Regular WhatsApp function used
According to this, the BKA department "Information Technology Surveillance" (OE 24) has apparently found a way to access encrypted WhatsApp chats. "The BKA has a method that can make it possible to trace text, video, image and voice short messages from a WhatsApp account in real time," according to an internal letter from the police authority. The WhatsApp contacts of a target person could also be "made public" in this way.

Apparently, investigators are using the possibility that WhatsApp can also be controlled via the Internet browser. This function is called "WhatsApp Web". It is a regular function, as the investigators emphasize in their letter. However, in order to be able to perform such an action, the investigators must have temporary access to the target's mobile phone and then synchronize the chats with the WhatsApp browser version. Only then can the investigators read along unnoticed.

In the opinion of the BKA, this method is surveillance in accordance with Section 100a of the Code of Criminal Procedure - i.e. regular telecommunications surveillance with a court order. Although chat histories can be read extensively, this is not surveillance as for example through the use of the so-called state Trojan.

👀 🇩🇪 👉🏼 https://www.tagesschau.de/inland/bka-whatsapp-101.html

#wa #DeleteWhatsApp #germany #BKA #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

WhatsApp Has Shared Your Data With Facebook for Years, Actually

A pop-up notification has alerted the messaging app's users to a practice that's been in place since 2016.

Some media outlets and confused WhatsApp users understandably assumed that this meant WhatsApp had finally crossed a line, requiring data-sharing with no alternative. But in fact the company says that the privacy policy deletion simply reflects how WhatsApp has shared data with Facebook since 2016 for the vast majority of its now 2 billion-plus users.

https://www.wired.com/story/whatsapp-facebook-data-share-notification/

#whatsapp #DeleteWhatsapp #facebook #DeleteFacebook #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Telegram 7.4 now allows import of WhatsApp chats (and others)

Telegram has a nice feature for users who want to switch from WhatsApp to Telegram, for example. With the new version 7.4, which is currently being distributed for iOS, you can quickly import messages from WhatsApp into Telegram. We have tested this and it works perfectly, at least for text messages.

In WhatsApp, you go to a chat and click on the contact at the top, which takes you to the contact info - where you will probably also find the item "Export chat". This can be done with or without media. This ensures that the chat can be exported - but if you select Telegram and the person in question as the storage location, the chat is imported from WhatsApp into Telegram.

What we noticed: Media is not displayed, only the file names. Text chats, on the other hand, are correctly ported from WhatsApp to Telegram. That could certainly help one or the other. And if not, you can export the chat and save it as a ZIP file locally - the archive will then contain the text file and the media. Telegram also mentions Line and Kakao Talk as possible export messengers in the changelog.

https://stadt-bremerhaven.de/telegram-7-4-erlaubt-import-von-whatsapp-chats-und-weiteren/

#telegram #tg #whatsapp #DeleteWhatsapp #messenger #importieren #chats
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

You should delete your WhatsApp ASAP

WhatsApp has always been a privacy nightmare. Use Signal and Matrix if you care about your privacy and security!

https://www.youtube.com/watch?v=shpiVm1qpnw

#DeleteWhatsApp #privacy #security #video #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Sudden New Warning Will Surprise Millions Of WhatsApp Users

A nasty new surprise for WhatsApp’s 2 billion users today, with the discovery of an alarming security risk. Using just your phone number, a remote attacker can easily deactivate WhatsApp on your phone and then stop you getting back in. Even two-factor authentication will not stop this. Here’s how the attack works.

This shouldn't happen. It shouldn't be possible. Not with a platform used by 2 billion people. Not this easily. When researchers, Luis Márquez Carpintero and Ernesto Canales Pereña, warned they could kill WhatsApp on my phone, blocking me from my own account using just my phone number, I was doubtful. But they were right.

“This is yet another worrying hack,” warns ESET’s Jake Moore, “one that could impact millions of users who could potentially be targeted with this attack. With so many people relying on WhatsApp as their primary communication tool for social and work purposes, it is alarming at what ease this can occur.”

Despite its vast user base, WhatsApp is creaking at the seams. Its architecture has fallen behind its rivals, missing key features such as multi-device access and fully encrypted backups. As the world’s most popular messenger focuses on mandating new terms of service to enable Facebook’s latest money-making schemes, these much-needed advancements remain “in development.”

https://nitter.pussthecat.org/0xDUDE

https://www.forbes.com/sites/zakdoffman/2021/04/10/shock-new-warning-for-millions-of-whatsapp-users-on-apple-iphone-and-google-android-phones/

#warning #whatsapp #DeleteWhatsapp #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

WhatsApp's new privacy policy is so bad it might be illegal

A German data protection agency has opened proceedings

WhatsApp has been facing one hell of a backlash ever since it shared that it wanted to update its privacy policy with changes that would allow Facebook to aggregate all of its users' data across all of its services. And now, the company might be in for some regulatory issues, as well. A German privacy regulator (via Bloomberg) has opened proceedings to stop the company from moving forward with the privacy policy update.

The Hamburg commissioner for data protection and freedom of information, Johannes Caspar, is looking to stop Facebook from aggregating the data from WhatsApp, fearing that the company would use it to expand its marketing and advertising business.

Caspar said in a statement: "Currently, there is reason to believe that the data sharing provisions between WhatsApp and Facebook are intended to be unlawfully enforced due to the lack of voluntary and informed consent. In order to prevent unlawful mass data sharing and to put an end to unlawful consent pressure on millions of people, a formal administrative procedure has now been initiated to protect data subjects."

The goal is to reach a decision before May 15, the date when users have to accept the new privacy policy or (presumably) stop using WhatsApp. It's highly possible that the order will only apply for German residents, but we can still hope that the proceedings will set a precedence for other countries and regulators.

The Hamburg commissioner previously successfully issued a similar order against Facebook four and a half years ago for updating WhatsApp's terms and services with changes regarding information sharing across Facebook companies. The order was confirmed by two instances after Facebook took legal action against it, and data sharing between Facebook and WhatsApp has been more limited in the EU than in other regions ever since.

https://www.androidpolice.com/2021/04/13/whatsapps-new-privacy-policy-is-so-bad-it-might-be-illegal/

#whatsapp #DeleteWhatsapp #privacy #policy #illegal #data #protection #germany
📡 @nogoolag 📡 @blackbox_archiv

How a WhatsApp status loophole is aiding cyberstalkers

Cyberstalkers typically like to collect as much information about their target as possible. They want to know where they are at any given moment; who they’re meeting; who they’re talking to; what their texts say; who they’re emailing; what they’re browsing for online. Knowledge is power, and having this level of power over someone is intoxicating, dangerous and profoundly unethical.

To combat the rise in cyberstalking behaviours, and to keep people safe, software developers are increasingly held to account for higher levels of privacy in their platforms and products. But the world of cyberstalking is a very grey one.

What one person regards as stalking, another may see as protecting a loved one. To this point, while Google has banned advertising for stalkerware on its app store, Google Play, countless tracking and monitoring apps get around this ban by claiming to help parents track and monitor their childrens’ online activity, location, messages and more.

https://traced.app/2021/04/13/whatsapp-status-loophole-is-aiding-cyberstalkers/

#whatsapp #DeleteWhatsapp #cyberstalkers #onlinestatus #tracker #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

Tracking the WhatsApp habits of 5000 random Smartphones

In the previous blog post, we have seen that this is quite simple to hack the WhatsApp online status of a contact. A simple Online or last seen yesterday at 19:00 insight can be reverse engineered to leak phone habits at a couple of seconds accuracy.

‼️ There is an even more silly thing not mentioned yet: You can track any mobile phone ! So let’s play and scale to track 5000 random numbers.

Like previously, I am sharing the source code as a PROOF OF CONCEPT. You can jump straight to the end if you are more curious about the results than by the technical stuff I’m about to resume. We are reusing the previous code with Node.js, Puppeteer & Grafana.

https://jorislacance.fr/blog/2021/04/16/whatsapp-tracking-2

💡 Hack the WhatsApp status to track contacts
https://jorislacance.fr/blog/2020/04/01/whatsapp-tracking

💡 How a WhatsApp status loophole is aiding cyberstalkers
https://t.me/BlackBox_Archiv/2018

💡 Sudden New Warning Will Surprise Millions Of WhatsApp Users
https://t.me/BlackBox_Archiv/1987

💡 All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers (PDF)
https://t.me/BlackBox_Archiv/2042

#DeleteWhatsapp #user #tracking #whatsapp #thinkabout #change
📡 @nogoolag 📡 @blackbox_archiv