Login

Register

Login

Register

WhatsApp messages are not end-to-end encrypted – ProPublica | #macos | #macsecurity | #cybersecurity | #infosecurity | #hacker


Facebook has confirmed to me that all WhatsApp messages are end-to-end encrypted, and that a ProPublica report is based on an apparent misunderstanding.

The report said that Facebook moderators were able to ‘examine users messages, images and videos.’ However, this is in fact possible only in one circumstance: when a message is reported …

When a message recipient uses WhatsApp’s Report feature, the message is effectively auto-forwarded to Facebook. This is technically no different to manually Forwarding a message: at that point, the message is already decrypted. Filing a report creates a new end-to-end encrypted message to Facebook, which then holds the key as it is the intended message recipient.

ProPublica reports this as if message privacy is compromised.

[An] assurance automatically appears on-screen before users send messages: “No one outside of this chat, not even WhatsApp, can read or listen to them.”

Those assurances are not true. WhatsApp has more than 1,000 contract workers filling floors of office buildings in Austin, Texas, Dublin and Singapore, where they examine millions of pieces of users’ content. Seated at computers in pods organized by work assignments, these hourly workers use special Facebook software to sift through streams of private messages, images and videos that have been reported by WhatsApp users as improper and then screened by the company’s artificial intelligence systems. These contractors pass judgment on whatever flashes on their screen — claims of everything from fraud or spam to child porn and potential terrorist plotting — typically in less than a minute […]

Many of the assertions by content moderators working for WhatsApp are echoed by a confidential whistleblower complaint filed last year with the U.S. Securities and Exchange Commission. The complaint, which ProPublica obtained, details WhatsApp’s extensive use of outside contractors, artificial intelligence systems and account information to examine user messages, images and videos. It alleges that the company’s claims of protecting users’ privacy are false. “We haven’t seen this complaint,” the company spokesperson said. The SEC has taken no public action on it; an agency spokesperson declined to comment.

The confusion did, however, clarify one point which may not have been obvious to users. When you report a message, it is not just that message which is forwarded, but the four preceding messages within that same chat. This is to provide moderators with the context necessary to properly evaluate it. Users are informed that ‘recent interactions’ are included when making a report, but it’s fair to say that users in general may not have been aware of this.

Part of the confusion lays in Facebook’s own statement in response to the piece:

In written responses for this article, the company spokesperson said: “We build WhatsApp in a manner that limits the data we collect while providing us tools to prevent spam, investigate threats, and ban those engaged in abuse, including based on user reports we receive. This work takes extraordinary effort from security experts and a valued trust and safety team that works tirelessly to help provide the world with private communication.” The spokesperson noted that WhatsApp has released new privacy features, including “more controls about how people’s messages can disappear” or be viewed only once. He added, “Based on the feedback we’ve received from users, we’re confident people understand when they make reports to WhatsApp we receive the content they send us.”

The company didn’t directly state that only reported messages can be viewed, but has explicitly confirmed this to me. It subsequently issued a new statement to this effect:

WhatsApp provides a way for people to report spam or abuse, which includes sharing the most recent messages in a chat. This feature is important for preventing the worst abuse on the internet. We strongly disagree with the notion that accepting reports a user chooses to send us is incompatible with end-to-end encryption.

That reported messages can be viewed by moderators is, of course, entirely expected behavior. The only new information to emerge from this is that four preceding messages are automatically included in the report.


Check out 9to5Mac on YouTube for more Apple news:



Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW