Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Thursday October 29 2020, @04:57PM   Printer-friendly
from the insecurity-in-the-modern-age dept.

Why You Should Stop Using Your Facebook Messenger App:

If you're one of the billion-plus people using Facebook Messenger, then you'd be well-advised to switch to an alternative. Unlike its Facebook stablemate WhatsApp, Messenger is missing the critical security required to protect your content from prying eyes. Everything you send on Messenger passes through Facebook servers to which it has access. We know Facebook "spies" on this content to make sure you're following its rules, well a new security report claims it also downloads your private content to its own servers without any warning.

The team behind the report has good form in holding major tech platforms to account on security grounds. Tommy Mysk and Talal Haj Bakry pushed Apple into the clipboard access warnings that are such a famed part of iOS 14; their research also caught TikTok indiscriminately reading Apple users' clipboards, part of the technical backlash that ultimately led to U.S. action against the viral Chinese platform.

Mysk and Haj Bakry had initially set out to study how various messaging platforms handled so-called "link previews." When you send a link to a website, a news article or other online content—including private documents, the recipient of your message will often see a preview of that content. Clearly this requires the link to be followed somewhere and somehow, and its data returned. The way that's done, though, is critical. Get it wrong and messaging platforms can access private data, download personal information to their servers, even expose user locations.

[...] This new report shows what all that means in practice. And so, if you're sticking rigidly to a poorly secured messaging platform, including Facebook Messenger or, worse, SMS, then now's the time to switch. WhatsApp remains a good everyday choice with a huge user base and all the functionality you need, notwithstanding Facebook's monetization drive. But there are clearly even more secure options if you want to escape Facebook altogether.

"Apps that generate link previews on servers might leak the content of links," Mysk warns. "If the leaked content is deemed personal, then personal user data is definitely at risk. It is unclear for how long such servers store the data, and if these servers store the data securely or conform to the same privacy policy that the app states. Since Facebook didn't answer any of these privacy concerns, I'd refrain from sending links to private information in such apps. If you want to be on the safe side, just switch to an end-to-end encrypted app."


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 5, Informative) by Joe Desertrat on Thursday October 29 2020, @05:08PM (2 children)

    by Joe Desertrat (2454) on Thursday October 29 2020, @05:08PM (#1070437)

    You shouldn't use anything Facebook connected without the idea that whatever you post will be seen by far more than those you have intended to see it.

    • (Score: 2) by Thexalon on Thursday October 29 2020, @09:53PM

      by Thexalon (636) on Thursday October 29 2020, @09:53PM (#1070541)

      As a general rule, you should assume that anything traveling over the Internet will be read by somebody else. If you're transmitting in cleartext, it could be read by literally anybody. If you're transmitting using a well-known encryption system like TLS 1.3, then it will be collected decrypted by any third party service you're using as a clearinghouse for the message, and by some government agencies (not necessarily your own country's). If you're transmitting using a less-well-known encryption system, then it will be collected encrypted by those same government agencies, and they'll take note of your unusual activity and also consider decrypting it (if really necessary, using low-tech methods [xkcd.com]) if they think you're really up to something.

      I know some of those third party clearinghouse services swear up and down that they'd never even dream of storing your unencrypted data. Some of them will put it into their privacy policies and such. That doesn't mean you should believe them. Your handsomest politicians and doughy bureaucrats and alleged-tough-guys-in-suits will also swear up and down that they aren't conducting mass surveillance on the Internet, never mind the storage facilities and media leaks. That doesn't mean you should believe them either.

      --
      The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    • (Score: 0) by Anonymous Coward on Friday October 30 2020, @08:41PM

      by Anonymous Coward on Friday October 30 2020, @08:41PM (#1071021)

      do people here feel more educated about a post like that?

      this is a tech site. i am hoping by now people here are not ignorant of what facebook is, does, and what you are when you use it.

      i mean i've even stopped harping to my family about privacy because too many of them have demanded to know what I am trying to hide

      people all already know. either they already care or they dont, and they often don't care with a passion.

  • (Score: 0) by Anonymous Coward on Thursday October 29 2020, @05:14PM (11 children)

    by Anonymous Coward on Thursday October 29 2020, @05:14PM (#1070441)

    Wait. Forbes? Aren't the Rethuglicans the same fascists who want to backdoor encryption, which necessarily (the only way such a requirement could work) would require a centralized service that only supports hub to leaf encryption and so can store all messages unencrypted?

    Normal political bullshit. It's never about the ideas and systems, it's always about the specific actors.

    • (Score: 5, Insightful) by DannyB on Thursday October 29 2020, @05:34PM (6 children)

      by DannyB (5839) Subscriber Badge on Thursday October 29 2020, @05:34PM (#1070456) Journal

      I could be wrong, but I strongly suspect that all political parties want to backdoor encryption.

      The people against private strong encryption are the people in power. Not any particular party.

      Encryption lets the masses communicate privately.

      --
      People today are educated enough to repeat what they are taught but not to question what they are taught.
      • (Score: 2) by gtomorrow on Thursday October 29 2020, @07:11PM (4 children)

        by gtomorrow (2230) on Thursday October 29 2020, @07:11PM (#1070489)

        Bravo, Danny B! Tonight you are officially the Voice of Reason™.

        • (Score: 2) by DannyB on Thursday October 29 2020, @07:23PM (3 children)

          by DannyB (5839) Subscriber Badge on Thursday October 29 2020, @07:23PM (#1070495) Journal

          That sounds like a propaganda channel on shortwave. Oh, wait. People these days don't know about things like that.

          --
          People today are educated enough to repeat what they are taught but not to question what they are taught.
          • (Score: 2) by gtomorrow on Friday October 30 2020, @05:25AM (2 children)

            by gtomorrow (2230) on Friday October 30 2020, @05:25AM (#1070738)

            Y'know, just to make sure no one could subvert or misinterpret my reply, I was going to steal appropriate your occasional formatting to add the disclaimer:

            This post does not endorse any specific political beliefs.

            • (Score: 2) by DannyB on Friday October 30 2020, @02:17PM (1 child)

              by DannyB (5839) Subscriber Badge on Friday October 30 2020, @02:17PM (#1070845) Journal

              My post about people in power not wanting encryption also was not intended to endorse any specific political beliefs. Unless you consider the rich vs poor, or the proles vs inner party to be political belief, which it might be. But not the R vs D thing.

              --
              People today are educated enough to repeat what they are taught but not to question what they are taught.
      • (Score: 2) by legont on Thursday October 29 2020, @11:42PM

        by legont (4179) on Thursday October 29 2020, @11:42PM (#1070576)

        Yep. Use telegram.

        --
        "Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
    • (Score: 1, Flamebait) by NateMich on Thursday October 29 2020, @05:51PM (1 child)

      by NateMich (6662) on Thursday October 29 2020, @05:51PM (#1070465)

      Forbes is also owned by the Chinese, so you really have to think twice about anything you read there.

      • (Score: 2) by DannyB on Thursday October 29 2020, @07:08PM

        by DannyB (5839) Subscriber Badge on Thursday October 29 2020, @07:08PM (#1070487) Journal

        Forbes published Dan Lyons' (in)famous What SCO Wants, SCO Gets [forbes.com]. (but I don't see his name on it now.) A few years later when SCO was losing badly due to a complete lack of evidence, Lyons had to publish a very weak mea culpa, Snowed by SCO [forbes.com], and then suddenly moved on to a different news publisher. That was Sep 19, 2007, two days after SCO declared bankruptcy, after declaring loudly for years how they had such a strong case that that all Linux users would have to pay $1399 per CPU, but due to SCO's generosity, only $699 per CPU. SCO is still in bankruptcy to this very day. Yes, really. Thirteen years later, still in bankruptcy, thinking they will get $5 Billion from IBM and $699 / CPU from all Linux users.

        Therefore, IMO, Forbes has no credibility since that date. (2003-06-18)

        --
        People today are educated enough to repeat what they are taught but not to question what they are taught.
    • (Score: 1, Interesting) by Anonymous Coward on Thursday October 29 2020, @06:49PM (1 child)

      by Anonymous Coward on Thursday October 29 2020, @06:49PM (#1070484)

      I think it has more to do with the intelligence and law enforcement communities. They will come up with the best most sympathetic reason they can find to get the power and then it will be summarily abused by whoever gains access to it, republican or democrat. Power corrupts. It's easy to think that you or the people you admire are not going to be corrupted, but that is a naive and childish way to think. We are all corrupt/corruptible in some way or another. That's why we must have safeguards and power should never be given unless absolutely necessary.

      The ability to spy on anyone and everyone with very little effort is going to lead to mass spying as we have already seen and know to be the case.

      • (Score: 2) by Runaway1956 on Friday October 30 2020, @04:08AM

        by Runaway1956 (2926) Subscriber Badge on Friday October 30 2020, @04:08AM (#1070730) Journal

        It's easy to think that you or the people you admire are not going to be corrupted, but that is a naive and childish way to think.

        You forgot the most convincing reason to oppose government and police powers. Let us pretend the neither I nor my party corruptible. I know, it's a foolish dream, but let us pretend.

        In the next election, the other party wins, and now THEY have all that power at their disposal.

        So, even if my party is incorruptible, it is worth remembering that sometimes the dragon wins. When the dragon wins, we get barbequed to an excellent crunchiness, and garnished with cheap tomato sauce.

  • (Score: 5, Touché) by Snospar on Thursday October 29 2020, @05:37PM (1 child)

    by Snospar (5366) Subscriber Badge on Thursday October 29 2020, @05:37PM (#1070459)

    So I should drop Facebook Messenger because they are untrustworthy and instead I should trust Facebook WhatsApp? Wow. Thanks for tightening up my security there.

    I think I will stick with Signal and no Facebook account at all.

    --
    Huge thanks to all the Soylent volunteers without whom this community (and this post) would not be possible.
    • (Score: 2) by Runaway1956 on Thursday October 29 2020, @09:48PM

      by Runaway1956 (2926) Subscriber Badge on Thursday October 29 2020, @09:48PM (#1070539) Journal

      Very much what Phoenix666 said.

      I opened a Facebook account way back when Facebook was new. Never signed up for any games, but I did see one thing that interested me. You marked every city you've been in, and it included all the continents and islands. I filled it in just for fun. Some time later, I started getting crap from various places, advertising cruises, vacations, investment opportunities, etc. Figured out that all that spam was coming from that stupid app, so I deleted it.

      So then, Facebook Messenger? I have received FM messages from five or six people. I can't read those messages unless I sign up to use messenger. I actually looked at doing so, started reading the TOS etc, and said "Screw this!"

      Facebook already knows too much about me, I'm not giving them more information.

      Hey, if you already have it, and you like it, fine. But it ain't a benevolent service, any more than Google's various services are.

  • (Score: 3, Informative) by Phoenix666 on Thursday October 29 2020, @06:59PM (2 children)

    by Phoenix666 (552) on Thursday October 29 2020, @06:59PM (#1070486) Journal

    Why You Should Stop Using Your Facebook Messenger App

    Um, because it's Facebook?

    Talk to the people in your life instead. It's much healthier for everyone.

    --
    Washington DC delenda est.
    • (Score: 1, Funny) by Anonymous Coward on Thursday October 29 2020, @07:11PM (1 child)

      by Anonymous Coward on Thursday October 29 2020, @07:11PM (#1070488)

      It's a trick headline. How hard do you beat your wife?

      • (Score: 2) by Phoenix666 on Friday October 30 2020, @12:13AM

        by Phoenix666 (552) on Friday October 30 2020, @12:13AM (#1070593) Journal

        How hard do you beat your wife?

        Hmm, i'd call it spanking and only when she's in the mood...TMI?

        --
        Washington DC delenda est.
  • (Score: 3, Insightful) by Grishnakh on Thursday October 29 2020, @08:58PM (1 child)

    by Grishnakh (2831) on Thursday October 29 2020, @08:58PM (#1070520)

    And so, if you're sticking rigidly to a poorly secured messaging platform, including Facebook Messenger or, worse, SMS, then now's the time to switch.

    Good luck getting all the people you know to switch to something else. I use FBM a lot because some of my contacts are on it and use it, and it's a lot better than SMS for many reasons (reliability is the biggest one: SMS is inherently unreliable and messages get lost sometimes, or take a long time to be delivered). I'd rather use LINE, but I can't get any of my non-Asian friends or relatives to switch to it.

    It's very simple: the only reason I use FBM and SMS is because other people use them. I could just make my own super-secure chat app, but with myself being the only person using it, what utility would it have?

    (As for other options: 1) whatever Apple has: I don't have an iPhone, and don't want to restrict myself to iPhone users anyway; 2) WhatsApp: I don't know anyone who uses that: 3) something else someone might respond with: see #2.)

    • (Score: 2) by Grishnakh on Thursday October 29 2020, @09:00PM

      by Grishnakh (2831) on Thursday October 29 2020, @09:00PM (#1070523)

      Oh yeah, I forgot option #4: WeChat: only my Chinese friends use it (mainly for talking with their friends/family back home, because other options generally don't exist inside China), and it's actively monitored and censored by the Chinese government, so I don't see how FBM could possibly be worse than that.

  • (Score: 1) by pD-brane on Friday October 30 2020, @12:24PM

    by pD-brane (6728) on Friday October 30 2020, @12:24PM (#1070802)

    Unlike its Facebook stablemate WhatsApp, Messenger is missing the critical security required to protect your content from prying eyes.

    I stopped reading here. I don't know if WhatsApp is more secure than Facebook Messenger, but suggesting yet another proprietary application (or (centralised) service) is just wrong.

  • (Score: 2) by hendrikboom on Friday October 30 2020, @06:27PM (1 child)

    by hendrikboom (1125) Subscriber Badge on Friday October 30 2020, @06:27PM (#1070957) Homepage Journal

    I'm looking for a new phone. The Linux phones are attractive.
    But I also use Facebook Messenger Lite.
    And Google Calendar.
    These are essential apps that notify me when something might need to be done.

    Google calendar could perhaps be replaced by some other calendar app. Long ago I used to use GPE calendar on my Nokia N800. But that isn't networked across "all my devices". But I also use several organisations publicly accessible Google calendars to keep track of meetings and events. The replacement would have to have access to that.

    Facebook Messenger Lite ... That has come to be the way my family communicates and plans their activities. Without that -- or something compatible -- I'd be shut out of planning and fully participating in family activities.

    And it would be wonderful it all this could be networked so I'd have access to it from my computer, which runs GNU/Linux instead of Android/Linux or Chrome/Linux.

    Yes, some of this is available in a browser. But do I really want a browser running 24/7 just for the notifications?

    Any suggestions? Or do I have to continue using Android?

    -- hendrik

    • (Score: 0) by Anonymous Coward on Sunday November 01 2020, @02:22AM

      by Anonymous Coward on Sunday November 01 2020, @02:22AM (#1071523)

      Have you checked out the Librem 5 from Purism? [puri.sm]
      I don't have one yet, but I pre-ordered a long time ago and am waiting for Evergreen to ship (December?).

(1)