Forwarded from Pavel Durov
In May, I predicted that backdoors in WhatsApp would keep getting discovered, and one serious security issue would follow another, as it did in the past [1]. This week a new backdoor was quietly found in WhatsApp [2]. Just like the previous WhatsApp backdoor and the one before it, this new backdoor made all data on your phone vulnerable to hackers and government agencies. All a hacker had to do was send you a video – and all your data was at the attacker’s mercy [3].
WhatsApp doesn’t only fail to protect your WhatsApp messages – this app is being consistently used as a Trojan horse to spy on your non-WhatsApp photos and messages. Why would they do it? Facebook has been part of surveillance programs long before it acquired WhatsApp [4][5]. It is naive to think the company would change its policies after the acquisition, which has been made even more obvious by the WhatsApp founder’s admission regarding the sale of WhatsApp to Facebook: “I sold my users’ privacy” [6].
Following the discovery of this week’s backdoor, Facebook tried to confuse the public by claiming they had no evidence that the backdoor had been exploited by hackers [7]. Of course, they have no such evidence – in order to obtain it, they would need to be able to analyze videos shared by WhatsApp users, and WhatsApp doesn’t permanently store video files on its servers (instead, it sends unencrypted messages and media of the vast majority of their users straight to Google’s and Apple’s servers [8]). So – nothing to analyze – “no evidence”. Convenient.
But rest assured, a security vulnerability of this magnitude is bound to have been exploited – just like the previous WhatsApp backdoor had been used against human rights activists and journalists naive enough to be WhatsApp users [9][10]. It was reported in September that the data obtained as a result of the exploitation of such WhatsApp backdoors will now be shared with other countries by US agencies [11][12].
Despite of this ever-increasing evidence of WhatsApp being a honeypot for people that still trust Facebook in 2019, it might also be the case that WhatsApp just accidentally implements critical security vulnerabilities across all their apps every few months. I doubt that – Telegram, a similar app in its complexity, hasn’t had any issues of WhatsApp-level severity in the six years since its launch. It’s very unlikely that anyone can accidentally commit major security errors, conveniently suitable for surveillance, on a regular basis.
Regardless of the underlying intentions of WhatsApp’s parent company, the advice for their end-users is the same: unless you are cool with all your photos and messages becoming public one day, you should delete WhatsApp from your phone.
[1] – Why WhatsApp will never be secure
[2] – WhatsApp users urged to update app immediately over spying fears
[3] – WhatsApp Android and iOS users are now at risk from malicious video files
[4] – Everything you need to know about PRISM
[5] – NSA taps data from 9 major Net firms
[6] – WhatsApp co-founder Brian Acton: 'I sold my users' privacy'
[7] – Hackers can use a WhatsApp flaw in the way it handles video to take control of your phone
[8] – WhatsApp is storing unencrypted backup data on Google Drive
[9] – WhatsApp hack led to targeting of 100 journalists and dissidents
[10] – Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources
[11] – Police can access suspects’ Facebook and WhatsApp messages in deal with US
[12] – Facebook, WhatsApp Will Have to Share Messages With U.K.
WhatsApp doesn’t only fail to protect your WhatsApp messages – this app is being consistently used as a Trojan horse to spy on your non-WhatsApp photos and messages. Why would they do it? Facebook has been part of surveillance programs long before it acquired WhatsApp [4][5]. It is naive to think the company would change its policies after the acquisition, which has been made even more obvious by the WhatsApp founder’s admission regarding the sale of WhatsApp to Facebook: “I sold my users’ privacy” [6].
Following the discovery of this week’s backdoor, Facebook tried to confuse the public by claiming they had no evidence that the backdoor had been exploited by hackers [7]. Of course, they have no such evidence – in order to obtain it, they would need to be able to analyze videos shared by WhatsApp users, and WhatsApp doesn’t permanently store video files on its servers (instead, it sends unencrypted messages and media of the vast majority of their users straight to Google’s and Apple’s servers [8]). So – nothing to analyze – “no evidence”. Convenient.
But rest assured, a security vulnerability of this magnitude is bound to have been exploited – just like the previous WhatsApp backdoor had been used against human rights activists and journalists naive enough to be WhatsApp users [9][10]. It was reported in September that the data obtained as a result of the exploitation of such WhatsApp backdoors will now be shared with other countries by US agencies [11][12].
Despite of this ever-increasing evidence of WhatsApp being a honeypot for people that still trust Facebook in 2019, it might also be the case that WhatsApp just accidentally implements critical security vulnerabilities across all their apps every few months. I doubt that – Telegram, a similar app in its complexity, hasn’t had any issues of WhatsApp-level severity in the six years since its launch. It’s very unlikely that anyone can accidentally commit major security errors, conveniently suitable for surveillance, on a regular basis.
Regardless of the underlying intentions of WhatsApp’s parent company, the advice for their end-users is the same: unless you are cool with all your photos and messages becoming public one day, you should delete WhatsApp from your phone.
[1] – Why WhatsApp will never be secure
[2] – WhatsApp users urged to update app immediately over spying fears
[3] – WhatsApp Android and iOS users are now at risk from malicious video files
[4] – Everything you need to know about PRISM
[5] – NSA taps data from 9 major Net firms
[6] – WhatsApp co-founder Brian Acton: 'I sold my users' privacy'
[7] – Hackers can use a WhatsApp flaw in the way it handles video to take control of your phone
[8] – WhatsApp is storing unencrypted backup data on Google Drive
[9] – WhatsApp hack led to targeting of 100 journalists and dissidents
[10] – Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources
[11] – Police can access suspects’ Facebook and WhatsApp messages in deal with US
[12] – Facebook, WhatsApp Will Have to Share Messages With U.K.
Forwarded from GNU Propaganda (Archived)
Ten Years Reproducibility Challenge
Did you ever try to run an old code that you wrote for a scientific article you published years ago? Did you encounter any problems? Were you successful? We are curious to hear your story. This is the reason why we are editing a special issue of ReScience to collect these stories.
The ten years reproducibility challenge is an invitation for researchers to try to run the code they’ve created for a scientific publication that was published more than ten years ago. This code can be anything (statistical analysis, numerical simulation, data processing, etc.), can be written in any language and can address any scientific domain. The only mandatory condition to enter the challenge is to have published a scientific article before 2010, in a journal or a conference with proceedings, which contains results produced by code, irrespectively of whether this code was published in some form at the time or not.
https://rescience.github.io/ten-years/
Did you ever try to run an old code that you wrote for a scientific article you published years ago? Did you encounter any problems? Were you successful? We are curious to hear your story. This is the reason why we are editing a special issue of ReScience to collect these stories.
The ten years reproducibility challenge is an invitation for researchers to try to run the code they’ve created for a scientific publication that was published more than ten years ago. This code can be anything (statistical analysis, numerical simulation, data processing, etc.), can be written in any language and can address any scientific domain. The only mandatory condition to enter the challenge is to have published a scientific article before 2010, in a journal or a conference with proceedings, which contains results produced by code, irrespectively of whether this code was published in some form at the time or not.
https://rescience.github.io/ten-years/
Forwarded from TechGore (Marina 🐀)
Use IPv6, people
https://www.ripe.net/publications/news/about-ripe-ncc-and-ripe/the-ripe-ncc-has-run-out-of-ipv4-addresses
https://www.ripe.net/publications/news/about-ripe-ncc-and-ripe/the-ripe-ncc-has-run-out-of-ipv4-addresses
RIPE Network Coordination Center
The RIPE NCC has run out of IPv4 Addresses
Today, at 15:35 (UTC+1) on 25 November 2019, we made our final /22 IPv4 allocation from the last remaining addresses in our available pool. We have now run out of IPv4 addresses.
Forwarded from GNU Propaganda (Archived)
https://www.theroot.com/west-virginia-is-charging-its-inmates-0-03-cents-a-min-1840037907
Unrestricted, and unhindered OPEN ACCESS to all forms of literature and cultural media should be an inalienable right! It should not matter whether you are incarcerated or not!
#ResistPrisonExploitation #OpenAccess #SolidarityForever
Unrestricted, and unhindered OPEN ACCESS to all forms of literature and cultural media should be an inalienable right! It should not matter whether you are incarcerated or not!
#ResistPrisonExploitation #OpenAccess #SolidarityForever
The Root
West Virginia Is Charging Its Inmates $0.03 Cents a Minute to Read Free E-Books. Here's Why That Matters
On its face, it’s a welcome proposition: people incarcerated in West Virginia prisons will be given access to electronic tablets, allowing them to read books and articles, listen to music, write emails, and send photos and video chat with their friends and…
Forwarded from GNU Meme (Archived)
Thonk of the day:
You can't spell Python without "ytho".
🤔🤔🤔
You can't spell Python without "ytho".
🤔🤔🤔
Forwarded from GNU Propaganda (Archived)
Bad news: 'Unblockable' web trackers emerge. Good news: Firefox with uBlock Origin can stop it. Chrome, not so much • The Register
https://www.theregister.co.uk/2019/11/21/ublock_origin_firefox_unblockable_tracker/
https://www.theregister.co.uk/2019/11/21/ublock_origin_firefox_unblockable_tracker/
www.theregister.co.uk
Bad news: 'Unblockable' web trackers emerge. Good news: Firefox with uBlock Origin can stop it. Chrome, not so much
Ad-tech arms race continues: DNS system exploited to silently follow folks around the web
Forwarded from GNU Propaganda (Archived)
https://drewdevault.com/2019/11/29/dotorg.html
"Take action to save .org and prosecute those who sold out the internet"
"Take action to save .org and prosecute those who sold out the internet"
Forwarded from Hacker News
Forwarded from Pure & constructive mathematics in theory and use (GNU/Brett G.)
minicaml, a didactical OCaml-like functional programming language. :: 0x0f0f0f
https://0x0f0f0f.github.io/posts/2019/12/minicaml-a-didactical-ocaml-like-functional-programming-language./
https://0x0f0f0f.github.io/posts/2019/12/minicaml-a-didactical-ocaml-like-functional-programming-language./
0x0f0f0f.github.io
minicaml, a didactical OCaml-like functional programming language.
minicaml is a small, purely functional interpreted programming language with a didactical purpose. I wrote minicaml for the Programming 2 course at the University of Pisa, taught by Professors Gianluigi Ferrari and Francesca Levi. It is based on the teachers'…
Forwarded from Hacker News
Show HN: AI Dungeon 2 – AI-generated text adventure built with 1.5B param GPT-2 (Score: 104+ in 3 hours)
Link: https://readhacker.news/s/4dF5Y
Comments: https://readhacker.news/c/4dF5Y
Link: https://readhacker.news/s/4dF5Y
Comments: https://readhacker.news/c/4dF5Y