South Wales Police announced they were able to access a WhatsApp user's photos through a backdoor, then extract fingerprint data from a picture of a weed dealer's hand to help convict 11 involved people. Read the rest
The lifecycle of technology is fundamentally parasitic: successful technologies are ones that colonize their predecessors, devour them, and burst out of their limiting skins to and grow into new, more ambitious tools -- until they, too, are colonized by a more-evolved successor. Read the rest
Facebook spokespeople and cryptographers say that Facebook's decision to implement Open Whisper Systems' end-to-end cryptographic messaging protocol in such a way as to allow Facebook to decrypt them later without the user's knowledge reflects a "limitation" -- a compromise that allows users to continue conversations as they move from device to device -- and not a "defect." Read the rest
Update: Be sure to read the followup discussion, which explains Facebook's point of view, that this is a deliberate compromise, and not a defect, that makes the app more usable for a wide variety of users, while putting them to little additional risk (namely, that Facebook might change its mind; or be forced to spy on its users; or suffer a security breach or internal rogue employee).
When Facebook implemented Open Whisper Systems' end-to-end encrypted messaging protocol for Whatsapp, they introduced a critical flaw that exposes more than a billion users to stealthy decryption of their private messages: in Facebook's implementation, the company can force Whatsapp installations to silently generate new cryptographic keys (without any way for the user to know about this unless a deep settings checkbox had been ticked), which gives the company the ability to decrypt user messages, including messages that have already been sent in the past.. Read the rest
The mobile messaging app will soon begin sharing with Facebook the phone numbers and analytics data for its more than one billion users.
When messaging app WhatsApp was acquired by Facebook in 2014, WhatsApp co-founder Jan Koum promised the deal wouldn't affect users' privacy. Read the rest
A state judge in the Brazilian state of Sergipe has ordered all mobile phone operators in the country to block Facebook-owned WhatsApp for 72 hours, nationwide. Those five telecom providers put the ban into effect today, and it affects about 100 million people. In Brazil, WhatsApp is the most popular messaging app. Read the rest
This week, Whatsapp -- an instant messaging company that was founded on the principle of charging $1/year and preserving your privacy in exchange, but which sold to Facebook in 2014 for $19B -- sent users a message that their accounts would be free forevermore -- at the same time as the app quietly introduced a tickbox (optional, for now) to share your data with Facebook "to improve your Facebook experience." Read the rest
The Wall Street Journal just discovered what some of us have known for a long time: Moxie Marlinspike is really cool, and the work he does is important. Read the rest
Prior to Whatsapp's $19B acquisition by Facebook, the company sent a large number of spurious takedowns against projects on Github. In a DMCA notice served by Whatsapp's General Counsel to Github, a number of projects are targeted for removal on the basis that they are "content that infringes on WhatsApp Inc.'s copyrights and trademarks."
This is grossly improper. DMCA takedown notices never apply to alleged trademark violations (it's called the "Digital Millennium Copyright Act" and not the "Digital Millennium Trademark Act"). Using DMCA notices to pursue trademark infringements isn't protecting your interests -- it's using barratry-like tactics to scare and bully third parties into participating in illegitimate censorship.
The letter goes on to demand takedown of these Github projects on the basis that they constitute "unauthorized use of WhatsApp APIs, software, and/or services" -- again, this is not a copyright issue, and it is improper to ask Github to police the code its hosts on this basis. It is certainly not the sort of activity that the DMCA's takedown procedure exists to police.
So what about copyright infringement? In the related Hacker News thread, a number of the projects' authors weigh in on the censorship, making persuasive cases that they software did not infringe on any of Whatsapp's copyrights -- rather, these were tools that made use of the Whatsapp API, were proof-of-concept security tools for Whatsapp, or, in one case, merely contained the string "whatsapp" in its sourcecode.
There may well have been some legitimately infringing material on Github, but it's clear that Whatsapp's General Counsel did not actually limit her or his request to this material. Read the rest
As I wrote in my post when the news broke, it's all about growth.
Read Parmy Olson's Forbes story out today, which she began reporting long before the acquisition announcement: "The Rags-To-Riches Tale Of How Jan Koum Built WhatsApp Into Facebook's New $19 Billion Baby"