#India Front page #whatsapp advertisements in all newspapers

WhatsApp to delay launch of update business features after privacy backlash

Facebook Inc’s WhatsApp is delaying an update aimed at increasing business transactions on the platform after a storm of concern from users who feared that the messaging platform was watering down its privacy policy in the process.

WhatsApp users received a notification this month that it was preparing a new privacy policy and terms, and it reserved the right to share some user data with the Facebook app.

That sparked global outcries and a rush of new users to competitor private messaging apps including Telegram and Signal.

WhatsApp on Friday said it would delay the new policy launch to May from February, that the update was focused on allowing users to message with businesses, and that the update does not affect personal conversations, which will continue to have end-to-end encryption.

https://www.reuters.com/article/BigStory12/idUSKBN29K2H8

#Facebook #Whatsapp #privacy #policy

Telegram 7.4 now allows import of WhatsApp chats (and others)

Telegram has a nice feature for users who want to switch from WhatsApp to Telegram, for example. With the new version 7.4, which is currently being distributed for iOS, you can quickly import messages from WhatsApp into Telegram. We have tested this and it works perfectly, at least for text messages.

In WhatsApp, you go to a chat and click on the contact at the top, which takes you to the contact info - where you will probably also find the item "Export chat". This can be done with or without media. This ensures that the chat can be exported - but if you select Telegram and the person in question as the storage location, the chat is imported from WhatsApp into Telegram.

What we noticed: Media is not displayed, only the file names. Text chats, on the other hand, are correctly ported from WhatsApp to Telegram. That could certainly help one or the other. And if not, you can export the chat and save it as a ZIP file locally - the archive will then contain the text file and the media. Telegram also mentions Line and Kakao Talk as possible export messengers in the changelog.

https://stadt-bremerhaven.de/telegram-7-4-erlaubt-import-von-whatsapp-chats-und-weiteren/

#telegram #tg #whatsapp #DeleteWhatsapp #messenger #importieren #chats
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Sudden New Warning Will Surprise Millions Of WhatsApp Users

A nasty new surprise for WhatsApp’s 2 billion users today, with the discovery of an alarming security risk. Using just your phone number, a remote attacker can easily deactivate WhatsApp on your phone and then stop you getting back in. Even two-factor authentication will not stop this. Here’s how the attack works.

This shouldn't happen. It shouldn't be possible. Not with a platform used by 2 billion people. Not this easily. When researchers, Luis Márquez Carpintero and Ernesto Canales Pereña, warned they could kill WhatsApp on my phone, blocking me from my own account using just my phone number, I was doubtful. But they were right.

“This is yet another worrying hack,” warns ESET’s Jake Moore, “one that could impact millions of users who could potentially be targeted with this attack. With so many people relying on WhatsApp as their primary communication tool for social and work purposes, it is alarming at what ease this can occur.”

Despite its vast user base, WhatsApp is creaking at the seams. Its architecture has fallen behind its rivals, missing key features such as multi-device access and fully encrypted backups. As the world’s most popular messenger focuses on mandating new terms of service to enable Facebook’s latest money-making schemes, these much-needed advancements remain “in development.”

https://nitter.pussthecat.org/0xDUDE

https://www.forbes.com/sites/zakdoffman/2021/04/10/shock-new-warning-for-millions-of-whatsapp-users-on-apple-iphone-and-google-android-phones/

#warning #whatsapp #DeleteWhatsapp #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

Your WhatsApp account can be suspended by anyone who has your phone number

http://telegra.ph/Your-WhatsApp-account-can-be-suspended-by-anyone-who-has-your-phone-number-04-13

https://www.androidpolice.com/2021/04/12/your-whatsapp-account-can-be-suspended-by-anyone-who-has-your-phone-number/

#WhatsApp

WhatsApp's new privacy policy is so bad it might be illegal

A German data protection agency has opened proceedings

WhatsApp has been facing one hell of a backlash ever since it shared that it wanted to update its privacy policy with changes that would allow Facebook to aggregate all of its users' data across all of its services. And now, the company might be in for some regulatory issues, as well. A German privacy regulator (via Bloomberg) has opened proceedings to stop the company from moving forward with the privacy policy update.

The Hamburg commissioner for data protection and freedom of information, Johannes Caspar, is looking to stop Facebook from aggregating the data from WhatsApp, fearing that the company would use it to expand its marketing and advertising business.

Caspar said in a statement: "Currently, there is reason to believe that the data sharing provisions between WhatsApp and Facebook are intended to be unlawfully enforced due to the lack of voluntary and informed consent. In order to prevent unlawful mass data sharing and to put an end to unlawful consent pressure on millions of people, a formal administrative procedure has now been initiated to protect data subjects."

The goal is to reach a decision before May 15, the date when users have to accept the new privacy policy or (presumably) stop using WhatsApp. It's highly possible that the order will only apply for German residents, but we can still hope that the proceedings will set a precedence for other countries and regulators.

The Hamburg commissioner previously successfully issued a similar order against Facebook four and a half years ago for updating WhatsApp's terms and services with changes regarding information sharing across Facebook companies. The order was confirmed by two instances after Facebook took legal action against it, and data sharing between Facebook and WhatsApp has been more limited in the EU than in other regions ever since.

https://www.androidpolice.com/2021/04/13/whatsapps-new-privacy-policy-is-so-bad-it-might-be-illegal/

#whatsapp #DeleteWhatsapp #privacy #policy #illegal #data #protection #germany
📡 @nogoolag 📡 @blackbox_archiv

How a WhatsApp status loophole is aiding cyberstalkers

Cyberstalkers typically like to collect as much information about their target as possible. They want to know where they are at any given moment; who they’re meeting; who they’re talking to; what their texts say; who they’re emailing; what they’re browsing for online. Knowledge is power, and having this level of power over someone is intoxicating, dangerous and profoundly unethical.

To combat the rise in cyberstalking behaviours, and to keep people safe, software developers are increasingly held to account for higher levels of privacy in their platforms and products. But the world of cyberstalking is a very grey one.

What one person regards as stalking, another may see as protecting a loved one. To this point, while Google has banned advertising for stalkerware on its app store, Google Play, countless tracking and monitoring apps get around this ban by claiming to help parents track and monitor their childrens’ online activity, location, messages and more.

https://traced.app/2021/04/13/whatsapp-status-loophole-is-aiding-cyberstalkers/

#whatsapp #DeleteWhatsapp #cyberstalkers #onlinestatus #tracker #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers

Contact discovery allows users of mobile messengers to conveniently connect with people in their address book.
In this work, we demonstrate that severe privacy issues exist in currently deployed contact discovery methods.

Our study of three popular mobile messengers (WhatsApp, Signal, and Telegram) shows that, contrary to expectations, largescale crawling attacks are (still) possible. Using an accurate database of mobile phone number prefixes and very few resources, we have queried 10 % of US mobile phone numbers for WhatsApp and 100 % for Signal. For Telegram we find that its API exposes a wide range of sensitive information, even about numbers not registered with the service.

https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1C-3_23159_paper.pdf

#contact #messenger #telegram #whatsapp #signal #crawling #attacks #study #pdf
📡 @nogoolag 📡 @blackbox_archiv

Tracking the WhatsApp habits of 5000 random Smartphones

In the previous blog post, we have seen that this is quite simple to hack the WhatsApp online status of a contact. A simple Online or last seen yesterday at 19:00 insight can be reverse engineered to leak phone habits at a couple of seconds accuracy.

‼️ There is an even more silly thing not mentioned yet: You can track any mobile phone ! So let’s play and scale to track 5000 random numbers.

Like previously, I am sharing the source code as a PROOF OF CONCEPT. You can jump straight to the end if you are more curious about the results than by the technical stuff I’m about to resume. We are reusing the previous code with Node.js, Puppeteer & Grafana.

https://jorislacance.fr/blog/2021/04/16/whatsapp-tracking-2

💡 Hack the WhatsApp status to track contacts
https://jorislacance.fr/blog/2020/04/01/whatsapp-tracking

💡 How a WhatsApp status loophole is aiding cyberstalkers
https://t.me/BlackBox_Archiv/2018

💡 Sudden New Warning Will Surprise Millions Of WhatsApp Users
https://t.me/BlackBox_Archiv/1987

💡 All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers (PDF)
https://t.me/BlackBox_Archiv/2042

#DeleteWhatsapp #user #tracking #whatsapp #thinkabout #change
📡 @nogoolag 📡 @blackbox_archiv

All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers (Interesting quotes and conclusion)

💡 All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers (PDF)
https://t.me/BlackBox_Archiv/2042

Both WhatsApp and Telegram transmit the contacts of users in clear text to their servers (but encrypted during transit), where they are stored to allow the services to push updates (such as newly registered contacts) to the clients. WhatsApp stores phone numbers of its users in clear text on the server, while phone numbers not registered with WhatsApp are MD5-hashed with the country prefix prepended (according to court documents from 2014 [2]).

Signal does not store contacts on the server. Instead, each client periodically sends hashes of the phone numbers stored in the address book to the service, which matches them against the list of registered users and responds with the intersection. The different procedures illustrate a trade-off between usability and privacy: the approach of WhatsApp and Telegram can provide faster updates to the user with less communication overhead, but needs to store sensitive data on the servers.

💡Signal:

Our script for Signal uses 100 accounts over 25 daysto check all 505 million mobile phone numbers in the US. Our results show that Signal currently has 2.5 million users registered in the US, of which 82.3 % have set an encrypted user name, and 47.8 % use an encrypted profile picture. We also cross-checked with WhatsApp to see if Signal users differ in their use of public profile pictures, and found that 42.3 % of Signal users are also registered on WhatsApp (cf. Tab. IV), and 46.3 % of them have a public profile picture there. While this is slightly lower than the average for WhatsApp users (49.6 %), it is not sufficient to indicate an increased privacy-awareness of Signal’s users, at least for profile pictures.

💡Telegram:

For Telegram we use 20 accounts running for 20 days on random US mobile phone numbers. Since Telegram’s rate limits are very strict, only 100,000 numbers were checked during that time: 0.9 % of those are registered and 41.9 % have a non-zero importer_count. These numbers have a higher probability than random ones to be present on other messengers, with 20.2 % of the numbers being registered with WhatsApp and 1.1 % registered with Signal, compared to the average success rates of 9.8 % and 0.9 %, respectively. Of the discovered Telegram users, 44 % of the crawled users have at least one public profile picture, with 2 % of users having more than 10 pictures available.

💡 Comparison WhatsApp | Signal | Telegram:

With its focus on privacy, Signal excels in exposing almost no information about registered users, apart from their phone number. In contrast, WhatsApp exposes profile pictures and the About text for registered numbers, and requires users to opt-out of sharing this data by changing the default settings. Our results show that only half of all US users prevent such sharing by either not uploading an image or changing the settings. Telegram behaves even worse: it allows crawling multiple images and also additional information for each user. The importer_count offered by its API even provides information about users not registered with the service. This can help attackers to acquire likely active numbers, which can be searched on other platforms.

💡 Conclusion:

Mobile contact discovery is a challenging topic for privacy researchers in many aspects. In this paper, we took an attacker’s perspective and scrutinized currently deployed contact discovery services of three popular mobile messengers: WhatsApp, Signal, and Telegram. We revisited known attacks and using novel techniques we quantified the efforts required for curious serv[...]

#contact #messenger #telegram #whatsapp #signal #crawling #attacks #comment #conclusion
📡 @nogoolag 📡 @blackbox_archiv

Facebook wants to analyze encrypted WhatsApp messages "for ads"

TL;DR
Facebook has hired a team of researchers for the purpose of analyzing WhatsApp encryption.
The goal would be to have ways to data-mine WhatsApp messages without actually decrypting them.
One report alleges that Facebook is doing this for ad purposes.

https://www.androidauthority.com/whatsapp-encryption-ads-2728774/


#WhatsApp #Facebook #fb #encryption

#WhatsApp Ordered To Help U.S. Agents Spy On Chinese Phones — No Explanation Required

https://www.forbes.com/sites/thomasbrewster/2022/01/17/whatsapp-ordered-to-spy-on-chinese-phones-by-america-no-explanation-given/

The Lockdown Files: The Telegraph has obtained more than 100,000 #WhatsApp messages sent between Matt #Hancock and other #uk ministers and officials at the height of the Covid-19 pandemic.

•Care Home Deaths
•Lockdowns
•Testing
•Face Masks
•School Closures

https://www.telegraph.co.uk/news/lockdown-files/

@childcovidvaccineinjuriesuk

How do You Hack #Whatsapp Chats? - 7 #Vulnerabilities Explained

https://hackernoon.com/how-to-hack-whatsapp-chats-9f203tq0

#WhatsApp using #microphone on Google Pixel 7, Galaxy S23 even when not in use

https://insiderpaper.com/whatsapp-using-microphone-on-google-pixel-7-galaxy-s23-even-when-not-in-use/

Paragon Graphite is a Pegasus spyware clone used in the US –

The US government banned the use of NSO’s Pegasus spyware 18 months ago, but a new report today says that at least one government agency is using very similar malware from a rival company: Paragon Graphite.

According to four [industry figures], the US Drug Enforcement and Administration Agency is among the top customers for Paragon’s signature product nicknamed Graphite.

The #malware surreptitiously pierces the protections of modern smartphones and evades the encryption of messaging apps like #Signal or #WhatsApp, sometimes harvesting the data from cloud backups – much like Pegasus does.

#spyware #US #Clone #Pegasus #NSO #DEA #ParagonGraphite #Paragon

#WhatsApp is working on complying with new #EU regulations by developing support for chat interoperability, and it will be available in a future update of the app

The European Union has recently reached an agreement on a significant competition reform known as the Digital Markets Act (DMA), which will impose strict rules on large tech companies that will have to offer users the ability to communicate with each other using different apps. WhatsApp is one of the companies that will be required to comply with the new regulations outlined in the European Union’s Digital Markets Act. This is because WhatsApp is considered a gatekeeper service since it’s a large tech platform with a substantial user base and falls within the criteria set by the DMA. With the latest WhatsApp beta for Android 2.23.19.8 update, which is available on the Google Play Store, we discovered that WhatsApp is working on complying with the new regulations:

As you can see in this screenshot, WhatsApp is working on a new section dedicated to the new regulations. Since it is still in development, this section is still not ready, it appears empty and it’s not accessible to users, but its title confirms to us that they are now working on it. WhatsApp has a 6-month period to align the app with the new European regulations to provide its interoperability service in the European Union. At the moment, it remains unclear whether this feature will also eventually extend to countries beyond the European Union.

Interoperability will allow other people to contact users on WhatsApp even if they don’t have a WhatsApp account. For example, someone from the Signal app could send a message to a WhatsApp user, even without a WhatsApp account. While this broader network can definitely enhance communication with those people who use different messaging apps and assist those small apps in competing within the messaging app industry, we acknowledge that this approach may also raise important considerations about end-to-end encryption when receiving a message from users who don’t use WhatsApp. In this context, as this feature is still in its early stages of development, detailed technical information about this process on WhatsApp as a gatekeeper is currently very limited, but we can confirm that end-to-end encryption will have to be preserved in interoperable messaging systems. In addition, as mentioned in Article 7 of the regulations, it appears that users may have the option to opt out when it will be available in the future.

https://wabetainfo.com/whatsapp-beta-for-android-2-23-19-8-whats-new/

Quiet

Encrypted p2p team chat with no servers, just Tor.

https://tryquiet.org/index.html

https://github.com/TryQuiet/quiet

Currently in developpement stage so be cautious of your data

Quiet is an alternative to team chat apps like Slack, Discord, and Element that does not require trusting a central server or running one's own. In Quiet, all data syncs directly between a team's devices over Tor with no server required.

No email or phone number required, Unlike #Slack, #Discord, #WhatsApp, #Telegram, and #Signal, no email or phone number is required to create or join a #community.

End-to-end encryption, All data is #encrypted end-to-end between member devices, using Tor.

Channels, Organize chats in Slack-like channels, so conversations don't get messy.

Images, Send and receive images, with copy/paste, drag & drop, and image previews.

Files, Send and receive files of unlimited size!

Notifications, Invite links, Keyboard controls, Desktop apps

Android, Quiet works on Android, and F-Droid support is on the way.

#E2E #Chat #Quiet #Tor

Judge Orders NSO Group to Surrender Pegasus Source Code to Meta | BitDefender - March 2024

A US Judge ordered the infamous spyware developer and vendor NSO Group to turn over its source code to Meta as part of an almost four-year lawsuit.

Meta sued NSO in 2019 after the American company discovered that a zero-day WhatsApp vulnerability was used to deploy the spyware. According to a Guardian report, the NSO's spyware was allegedly used against 1,400 people in the course of just two weeks.

#Pegasus #NSO vs #Meta #WhatsApp #SourceCode

#WhatsApp, #Signal and #Telegram among apps cut from #iPhone app store to comply with censorship demand

#China ordered #Apple to remove some of the world’s most popular chat messaging apps from its app store in the country, the latest example of censorship demands on the iPhone seller in the company’s second-biggest market.

https://www.wsj.com/tech/apple-removes-whatsapp-threads-from-china-app-store-on-government-orders-a0c02100