One can’t help but think that it could be done more quickly if it was more of a priority. It’s hard to reconcile Cathcart’s words with Facebook’s continued failure to fully encrypt Messenger. It is well documented that non encrypted forms of communication can be surveilled by law enforcement, app owners and even some third parties, so it is important to treat such apps with care and not to be used for private communication or to transfer sensitive data.” “It is a vital necessity for all communication tools, and any platform not yet secured with this layer of protection must be treated with caution. “End-to-end encryption is more than a fundamental right,” says ESET’s Jake Moore. “While we will continue to make progress on our move to end-to-end encryption,” a Facebook spokesperson told me this week, “it’s a big technical project and all of our messaging services won’t be fully end-to-end encrypted until sometime in 2022 at the earliest.” Encrypting Messenger has taken significantly longer and it has been much more complex than envisaged. WhatsApp Vs Messenger Apple Privacy Labels / said than done. Back in 2019, the company’s Jay Sullivan told a senate committee that “people should be able to communicate securely and privately with friends and loved ones without anyone-including Facebook-listening to or monitoring their conversations.” When it comes to Messenger, the answer to Cathcart’s question “should people be able to have a private conversation when they are not together in person?” is currently no.įor more than two years, Facebook has talked about expanding WhatsApp’s end-to-end encryption to include Messenger and even Instagram. ![]() But those 1.3 billion users don’t get the benefit of default end-to-end encryption, they don’t have “private and secure communication”. Its stablemate Facebook Messenger caters to more than 1.3 billion users-only WhatsApp is larger. But WhatsApp isn’t the only hyper-scale messaging platform under Facebook’s roof. “The lessons of the past five years make it absolutely clear that technology companies and governments must prioritize private and secure communication.”Ībsolutely right. “I believe the answer must be yes,” Cathcart responded to his own question. “Technical as encryption can be,” he asked, “it is really about something at the very core of how we live our lives today: Should people be able to have a private conversation when they are not together in person?” “End-to-end encryption is now the way most messages are sent globally,” he pointed out. End-to-end encryption is absolutely critical. In the past five years, WhatsApp has securely delivered over 100 trillion messages to over 2 billion users.” This was a technical achievement decades in the making. “Five years ago,” Cathcart wrote this week, “we completed our roll out of end-to-end encryption. WhatsApp’s defense against all this has been end-to-end encryption. WhatsApp found itself caught up in the Apple privacy label debacle, when it transpired that it was way out of step with its peers on data collection- an issue compounded by a mandatory change of terms to enable Facebook to generate more revenue from WhatsApp. Which takes us back to end-to-end encryption. Its welcome new privacy labels are a scary, striking reminder as to just how much data we surrender to use the free apps that run our lives. Meanwhile, on the privacy front, there’s a battle taking place between the world’s largest tech giants-they’re fighting over your privacy, or lack thereof. WhatsApp has not yet confirmed it will issue a fix- right now the vulnerability remains live and users should beware. I have just published details of a shocking WhatsApp flaw that would enable an attacker to remotely disable a user’s WhatsApp account, deregistering their phone and then preventing them from getting back in. There are echoes of that 2019 “unlikely problem” response from Facebook today. MORE FROM FORBES Instagram Confirms Security Issue Exposed User Accounts And Phone Numbers-Exclusive By Further irony, then, in Facebook using my 2019 story “as evidence that it publicly acknowledged the 2019 Facebook contact importer breach,” as reported by Wired. ![]() At the time, the company admitted the flaw but nothing more, telling me it was a complex and unlikely exploit. ![]() Facebook has been heavily criticized for playing down the seriousness of this data exposure and for not informing all of those impacted users.īack in 2019, I reported on a vulnerability that allowed user phone numbers to be pulled from Facebook databases at scale. ![]() The issue wasn’t so much the data exposure this time, but rather the response. The data in this latest breach escaped from Facebook some years ago- it has been documented before, as have other such hyper-scale Facebook breaches.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |