Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Wednesday September 08, @06:00PM   Printer-friendly [Skip to comment(s)]
from the well-well-well dept.

WhatsApp assures users that no one can see their messages — but the company has an extensive monitoring operation and regularly shares personal information with prosecutors.

WHEN MARK ZUCKERBERG unveiled a new "privacy-focused vision" for Facebook in March 2019, he cited the company's global messaging service, WhatsApp, as a model.

Zuckerberg's vision centered on WhatsApp's signature feature, which he said the company was planning to apply to Instagram and Facebook Messenger: end-to-end encryption, which converts all messages into an unreadable format that is only unlocked when they reach their intended destinations. WhatsApp messages are so secure, he said, that nobody else — not even the company — can read a word. As Zuckerberg had put it earlier, in testimony to the U.S. Senate in 2018, "We don't see any of the content in WhatsApp."

[...] Those assurances are not true. WhatsApp has more than 1,000 contract workers filling floors of office buildings in Austin, Texas, Dublin and Singapore, where they examine millions of pieces of users' content. Seated at computers in pods organized by work assignments, these hourly workers use special Facebook software to sift through streams of private messages, images and videos that have been reported by WhatsApp users as improper and then screened by the company's artificial intelligence systems. These contractors pass judgment on whatever flashes on their screen — claims of everything from fraud or spam to child porn and potential terrorist plotting — typically in less than a minute.

[...] A ProPublica investigation, drawing on data, documents and dozens of interviews with current and former employees and contractors, reveals how, since purchasing WhatsApp in 2014, Facebook has quietly undermined its sweeping security assurances in multiple ways. (Two articles this summer noted the existence of WhatsApp's moderators but focused on their working conditions and pay rather than their effect on users' privacy. This article is the first to reveal the details and extent of the company's ability to scrutinize messages and user data — and to examine what the company does with that information.)

The reference article gives a detailed account of how privacy is compromised ...

ProPublica

[ProPublica has added this clarification. - Fnord]

Clarification, Sept. 8, 2021: A previous version of this story caused unintended confusion about the extent to which WhatsApp examines its users' messages and whether it breaks the encryption that keeps the exchanges secret. We've altered language in the story to make clear that the company examines only messages from threads that have been reported by users as possibly abusive. It does not break end-to-end encryption.

[Also Covered By]: Gizmodo


Original Submission

Display Options Threshold/Breakthrough Reply to Article Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 0, Touché) by Anonymous Coward on Wednesday September 08, @06:13PM

    by Anonymous Coward on Wednesday September 08, @06:13PM (#1175952)

    So it is kinda like SN, then? Hi, jan!

  • (Score: 5, Insightful) by Beryllium Sphere (r) on Wednesday September 08, @06:20PM (3 children)

    by Beryllium Sphere (r) (5062) on Wednesday September 08, @06:20PM (#1175956)

    My first question was whether the process of reporting a post as problematic included forwarding it to the moderators. Some stories have said that's what's happening. The recipient has it in plaintext, duh, and then it goes wherever the recipient chooses.

    Even if a platform doesn't have forwarding as a feature, your recipient can always take a screen shot. If Alice doesn't trust Bob, no crypto will solve that.

    • (Score: 4, Insightful) by Runaway1956 on Wednesday September 08, @06:58PM

      by Runaway1956 (2926) Subscriber Badge on Wednesday September 08, @06:58PM (#1175965) Homepage Journal

      I'm seeing what you're seeing. If Joe and I are having an encrypted conversation, both Joe and I have the keys with which to decrypt the conversation. If I forward the unencrypted conversation to authorities, then naturally they can read the entire conversation.

      On the other hand, if I forward the keys, can Whatsapp go back and decrypt everything on their own? Probably, but why bother when I've already forwarded the decrypted convo?

      that have been reported by WhatsApp users

      That's about the same as two children whispering secrets to each other, then one of them tells Mommy everything afterward. When two or more people share a secret, there is no secret.

      --
      alles in Ordnung
    • (Score: 5, Informative) by PiMuNu on Wednesday September 08, @10:00PM (1 child)

      by PiMuNu (3823) on Wednesday September 08, @10:00PM (#1176006)

      I didn't get to the end of TFA. It was pretty heavy on BS. However, buried quite deep is this:

      > The company does not provide a regular accounting of how WhatsApp polices the platform. WhatsApp’s FAQ page and online complaint form note that it will receive “the most recent messages” from a user who has been flagged.

      which may indicate darkness and sinister evil (it is unclear).

      I guess the point is that it is very vague, what is going on. Who knows if WhatsApp sends your private key back to base, it is an obfuscated code blob. Who knows if WhatsApp stores your encrypted messages on a server somewhere for brute force attack. At the very least, WhatsApp could publish a clear statement of what and how the moderation is done. As it is, we have to guess - and history tells us that pessimism is not a bad guess with these sorts of things.

  • (Score: 3, Funny) by Anonymous Coward on Wednesday September 08, @06:31PM (10 children)

    by Anonymous Coward on Wednesday September 08, @06:31PM (#1175960)

    Look at Mark Zuckerberg's face! Look at that honest face! He'd never undermine anything to suit the bureaucrats of D.C.!

    WhatsApp was marked untrusted from day 1, and marked definitely compromised when they bought it. I am struggling to explain why this might be construed as news.

    • (Score: 2, Informative) by Anonymous Coward on Wednesday September 08, @06:36PM (2 children)

      by Anonymous Coward on Wednesday September 08, @06:36PM (#1175961)

      " I am struggling to explain why this might be construed as news."
      One word:
      Normies.

      • (Score: 0) by Anonymous Coward on Thursday September 09, @12:49AM (1 child)

        by Anonymous Coward on Thursday September 09, @12:49AM (#1176054)

        Also misogynerds.

        As usual, the problem is never with the marketing department where all the sexual harassment, old boys clubs, and probably sexual assault is too. You know, the ones responsible for giving you the impression that the product was in any way secure.

        If you had listened to the "dorks" and "incels" who "can't get laid" (i.e. they engage in sexual relationships not involving at least one menstrual woman), they had probably been saying to use GnuPG or similar for years. Maybe you should have listened to them and their experience. No they're not going to get themselves fired spilling the trade secret beans to a misandrist journalist. They're probably thinking about their husband and adopted children first. They tell you ways to evade the eyes, software you can use, and you don't listen. You just throw sexual harassment at them.

        Additionally, virgin shaming is a form of sexual harassment. It is the cognate of slut-shaming.

        The MSM publishes this garbage instead of giving RMS a column. The MSM should be promoting the Fediverse instead.

        • (Score: 0) by Anonymous Coward on Thursday September 09, @12:53AM

          by Anonymous Coward on Thursday September 09, @12:53AM (#1176055)

          generic you, not GP you

    • (Score: 4, Interesting) by Opportunist on Wednesday September 08, @07:03PM (3 children)

      by Opportunist (5545) on Wednesday September 08, @07:03PM (#1175968)

      I'll trust him as far as a trebuchet can throw him.

      We need an empiric test of that, of course.

    • (Score: 5, Insightful) by Freeman on Wednesday September 08, @07:05PM (1 child)

      by Freeman (732) on Wednesday September 08, @07:05PM (#1175969) Journal

      https://en.wikiquote.org/wiki/Mark_Zuckerberg [wikiquote.org]

      Zuck: They "trust me"
      Zuck: Dumb fucks

      I mean, that just screams trust me. 4Realz this time!

      --
      Forced Microsoft Account for Windows Login → Switch to Linux.
      • (Score: 2, Touché) by Anonymous Coward on Wednesday September 08, @08:05PM

        by Anonymous Coward on Wednesday September 08, @08:05PM (#1175981)

        Why does that scene from Animal House come to mind. "You fucked up. You trusted us."

    • (Score: 0) by Anonymous Coward on Wednesday September 08, @08:31PM

      by Anonymous Coward on Wednesday September 08, @08:31PM (#1175989)

      DC? Langley or Ft. Meade, surely?

  • (Score: 5, Insightful) by SomeGuy on Wednesday September 08, @06:41PM (20 children)

    by SomeGuy (5632) on Wednesday September 08, @06:41PM (#1175963)

    Why does anyone still believe anything that fucker Zuckerberg says? Everything he is about is about spying on people and raping your privacy in the ass.

    There is simply no reason for anyone to go anywhere within a million miles of anything that even remotely involves that turd.

    • (Score: 1, Interesting) by Anonymous Coward on Wednesday September 08, @07:16PM (18 children)

      by Anonymous Coward on Wednesday September 08, @07:16PM (#1175970)

      Schools worked long and hard, training human young to unquestioningly believe any "authority". Now the benefits of universal education are making themselves felt.

      • (Score: 3, Interesting) by Anonymous Coward on Wednesday September 08, @08:10PM (17 children)

        by Anonymous Coward on Wednesday September 08, @08:10PM (#1175982)

        Another incorrigable deplorable? Education, especially liberal education, is all about freedom to think for yourself. If all you got out of it was "respect ma authoritay!", you did not understand anything you were taught, so you couldn't think for yourself, and resented your teachers. Reacting against that by claiming education is "brainwashing" is just stupid.

        • (Score: -1, Flamebait) by Anonymous Coward on Wednesday September 08, @08:31PM (10 children)

          by Anonymous Coward on Wednesday September 08, @08:31PM (#1175988)

          Ah, the person who cannot spell telling others they are uneducated.

          • (Score: 0) by Anonymous Coward on Wednesday September 08, @09:38PM

            by Anonymous Coward on Wednesday September 08, @09:38PM (#1175999)

            Yeah, you tossing looser! Why don't you walk like a tree and leave?

          • (Score: 3, Informative) by Tork on Wednesday September 08, @10:00PM (8 children)

            by Tork (3914) on Wednesday September 08, @10:00PM (#1176007)
            Fun fact: Typos are not failed spelling tests.
            --
            Slashdolt Logic: "24 year old jokes about sharks and lasers are +5, Funny." 💩
            • (Score: -1, Offtopic) by Anonymous Coward on Wednesday September 08, @10:40PM (7 children)

              by Anonymous Coward on Wednesday September 08, @10:40PM (#1176015)

              Fun fact: when the letters are on opposite sides of the keyboard, it's not a typo.

              • (Score: 1, Offtopic) by Tork on Wednesday September 08, @11:23PM (6 children)

                by Tork (3914) on Wednesday September 08, @11:23PM (#1176026)
                Nope, still just a typo. Now if you can pull up footage from a spelling bee where they got it wrong...
                --
                Slashdolt Logic: "24 year old jokes about sharks and lasers are +5, Funny." 💩
                • (Score: -1, Offtopic) by Anonymous Coward on Wednesday September 08, @11:38PM (2 children)

                  by Anonymous Coward on Wednesday September 08, @11:38PM (#1176030)

                  Sure, whatever you have to tell yourself, buddy...

                  • (Score: -1, Offtopic) by Anonymous Coward on Wednesday September 08, @11:58PM (1 child)

                    by Anonymous Coward on Wednesday September 08, @11:58PM (#1176041)
                    (it's not like I don't know you triple-checked your spelling before posting that. hee hee ;) )
                    • (Score: -1, Flamebait) by Anonymous Coward on Thursday September 09, @12:24AM

                      by Anonymous Coward on Thursday September 09, @12:24AM (#1176047)

                      (Keep on pretending to laugh, we know you cry yourself to sleep, hee hee ;))

                • (Score: 0) by Anonymous Coward on Wednesday September 08, @11:46PM (2 children)

                  by Anonymous Coward on Wednesday September 08, @11:46PM (#1176034)

                  typo is from mistaken execution; spelling error is from an intent;

                  • (Score: 2) by Tork on Wednesday September 08, @11:55PM (1 child)

                    by Tork (3914) on Wednesday September 08, @11:55PM (#1176038)
                    Most browsers put squiggly lines under spelling errors, if you're really going to try to infer intent from that then the result was likely "This isn't an exam and I don't give a shit." Likening it to knowing how to spell is like someone telling you you're posting anonymously because you're too underpowered to remember a password.

                    A spellchecker is not 'A.I.'.
                    --
                    Slashdolt Logic: "24 year old jokes about sharks and lasers are +5, Funny." 💩
                    • (Score: 0) by Anonymous Coward on Thursday September 09, @08:43AM

                      by Anonymous Coward on Thursday September 09, @08:43AM (#1176172)

                      using a browser with squiggly line capability just makes it more so a case of intentional misspelling. "I don't give a shit" speaks to not spelling on purpose.

        • (Score: -1, Troll) by Anonymous Coward on Wednesday September 08, @09:59PM (5 children)

          by Anonymous Coward on Wednesday September 08, @09:59PM (#1176005)

          Education, especially liberal education, is all about freedom to think for yourself.

          On which planet? When on this planet Earth a student expresses disagreement with teacher, especially about something dictated by politics du jour, what happens to the student then?

          From your outburst I see that your "especially liberal education" taught you brazen lying, clumsy bullying, and nothing else. Q.e.d.

          • (Score: 2) by Tork on Wednesday September 08, @10:07PM (4 children)

            by Tork (3914) on Wednesday September 08, @10:07PM (#1176010)

            When on this planet Earth a student expresses disagreement with teacher, especially about something dictated by politics du jour, what happens to the student then?

            Could I talk you into filling me in on what you expect to happen to that student? I didn't go the typical college route.

            --
            Slashdolt Logic: "24 year old jokes about sharks and lasers are +5, Funny." 💩
            • (Score: 0) by Anonymous Coward on Wednesday September 08, @11:05PM (3 children)

              by Anonymous Coward on Wednesday September 08, @11:05PM (#1176021)

              Search engine can elucidate the situation quite well, if that is the case. Ask Bing "student expelled/failed for disagreeing" and enjoy the spread.

              • (Score: 2) by Tork on Wednesday September 08, @11:29PM (2 children)

                by Tork (3914) on Wednesday September 08, @11:29PM (#1176028)
                Thank you! So in this case you're upset that the teacher stood their ground. Okie doke. So what's your take on employees of Google demanding the management not take on certain projects?
                --
                Slashdolt Logic: "24 year old jokes about sharks and lasers are +5, Funny." 💩
                • (Score: -1, Flamebait) by Anonymous Coward on Thursday September 09, @01:33AM (1 child)

                  by Anonymous Coward on Thursday September 09, @01:33AM (#1176061)

                  Is lying an obsessive-compulsive disorder peculiar to all lefties, or have you all been taught from same particularly inept trolling manual?

                  Be that as it may, as to your unrelated question, selling oneself to Google is a voluntary act of a consenting adult, and I personally cannot care less what happens to said adult after as a consequence of that life choice. Satisfied now?

                  • (Score: 0) by Anonymous Coward on Friday September 10, @05:54AM

                    by Anonymous Coward on Friday September 10, @05:54AM (#1176503)

                    So, the student gets failed for a failure to learn, interprets that as a disagreement, and screams about bloody liberal bias in higher education, when actually they are a failure who cannot comprehend what was going on. Sad, really. Charlie Kirk levels of sad.

    • (Score: 0) by Anonymous Coward on Wednesday September 08, @09:54PM

      by Anonymous Coward on Wednesday September 08, @09:54PM (#1176004)

      Well, when he goes before Congress again and asked about THIS one, I am sure he will be very very sorry and pledge that they will strive to do much better in the future.

  • (Score: 5, Touché) by digitalaudiorock on Wednesday September 08, @08:29PM (5 children)

    by digitalaudiorock (688) on Wednesday September 08, @08:29PM (#1175987)

    Is it just me? How would anyone actually believe that "no one can see their messages"? How the hell could that possibly be true?

    This one reminds me of when Dropbox got called out by the FTC for claiming that they couldn't decrypt your content if they wanted to, when they control the keys, and are provably decrypting you shit when you download it.

    • (Score: 2) by Thexalon on Wednesday September 08, @10:38PM (1 child)

      by Thexalon (636) on Wednesday September 08, @10:38PM (#1176014)

      I'm reminded of a more recent incident, where there was a new, "completely secure" means of communication marketed to the kinds of people that were likely to engage in violence, and it turned out that "completely secure" means of communication was an FBI sting operation.

      --
      The inverse of "I told you so" is "Nobody could have predicted"
      • (Score: 0) by Anonymous Coward on Friday September 10, @05:56AM

        by Anonymous Coward on Friday September 10, @05:56AM (#1176504)

        You mean Gab? Or Parler? Or the Miller one?

    • (Score: 2) by MostCynical on Wednesday September 08, @11:40PM

      by MostCynical (2589) on Wednesday September 08, @11:40PM (#1176032) Journal

      The most data hungry, deep-data diving privacy ignoring monster organization on the planet buys a messaging app.
      ...and people somehow think it wouldn't be used to add more data and links to and about people and to learn more about them, track them and decrease their privacy?

      What else would explain the purchase?

      "suddenly, we'd like to have one part of our company look after your privacy"... as if!

      --
      Books are a poor substitute for female companionship, but they are easier to find. P Rothfuss “The Wise Man's Fear"
    • (Score: 1, Touché) by Anonymous Coward on Thursday September 09, @11:31AM (1 child)

      by Anonymous Coward on Thursday September 09, @11:31AM (#1176214)

      How would anyone actually believe that

      How, after knowing that people believe things like microchips in vaccines, can you still wonder what people believe?

      • (Score: 0) by Anonymous Coward on Thursday September 09, @12:40PM

        by Anonymous Coward on Thursday September 09, @12:40PM (#1176230)

        Microchips in vaccines is at least possible with modern technology, a better example would be religion.

  • (Score: 4, Informative) by PiMuNu on Wednesday September 08, @09:44PM (1 child)

    by PiMuNu (3823) on Wednesday September 08, @09:44PM (#1176001)

    I did try to run WhatsApp without giving it permission to view my contact list and WhatsApp failed to work.

    Anyone in Europe who uses WhatsApp is in breach of GDPR, because they are giving FriendFace access to personal information (unless you know that all of your contacts have given WhatsApp permission to "process" their data).

    • (Score: 1) by surjeon on Thursday September 09, @07:18AM

      by surjeon (9954) on Thursday September 09, @07:18AM (#1176157)

      It might be nitpicking, but most individuals would be ok GDPR-wise if they use Whatsapp purely for personal ('domestic') purposes. There are some (tiny) limits to the scope of GDPR. See eg. https://www.termsfeed.com/blog/gdpr-exemptions/ [termsfeed.com] ; sorry no time to trace a primary source.

  • (Score: 2) by inertnet on Wednesday September 08, @10:28PM (6 children)

    by inertnet (4071) on Wednesday September 08, @10:28PM (#1176012)

    Messages are said to be end to end encrypted, but that's total bullshit if the middleman has the keys. The 'end to end encrypted' claim can therefore only be to give users a misleading sense of security.

    • (Score: 0) by Anonymous Coward on Wednesday September 08, @11:48PM

      by Anonymous Coward on Wednesday September 08, @11:48PM (#1176035)

      the company and their clients are merely inside your circle of trust.

    • (Score: 1, Informative) by Anonymous Coward on Wednesday September 08, @11:55PM (4 children)

      by Anonymous Coward on Wednesday September 08, @11:55PM (#1176039)

      Yup. I've never been on WhatsApp, or even been tempted, because the first time I was invited to join it (8 years back?) the word "WhatsApp" was followed immediately followed by "Group", and I know enough crypto to be SURE that there was no way they were implementing N-to-N endpoint-to-endpoint key exchange and encryption because it's just too darn complex. And if they were implementing it, it's so darn complex that their implementation would have a bug. Either way - it's not endpoint-to-endpoint secure, and their security claims are bullshit. I'm of course missing the thirrd posibility of a perfect implementation with an additional deliberate backdoor, but the conclusion's the same. And Ockham strongly favoured the first of the three.

      So I brushed it aside as a completely unnecessary replacement for the messaging I'd been using for nearly 2 decades, and knew was insecure. Better to not kid yourself.

      • (Score: 1) by shrewdsheep on Thursday September 09, @09:23AM (3 children)

        by shrewdsheep (5215) Subscriber Badge on Thursday September 09, @09:23AM (#1176189)

        If that is your concern, you can be reassured. A straightforward implementation would use a key per group which can be exchanged N-to-N in a secure way. Matrix offers secure group chat too, so there are verified implementations (I do not know exactly what Matrix does BTW). The more critical thing to me is that the encryption scheme is not documented to begin with and how initial trust is established. Disclore: I am a WhatsApp user the use case being to stay in touch with the wider family.

        • (Score: 2) by FatPhil on Thursday September 09, @02:25PM (2 children)

          by FatPhil (863) <reversethis-{if.fdsa} {ta} {tnelyos-cp}> on Thursday September 09, @02:25PM (#1176267) Homepage
          You may have been right in ~2005, but Bresson broke Bresson et al.'s algorithm, so you can't use that any more. Generalise purpose GKE with PFS is hard. Even getting it O(N) is non-trivial. And by the time you've got an O(N) algorithm, the complexity of each round is necessarily higher, and complexity is the enemy of security. And PFS is just a killer, every time anyone joins or leaves the group, you need to renegotiate keys with clients who may or may not be responding. What do you do with the ones that are not responding and who keep using the old key? This is an absolute quagmire.

          Strangely, this is one situation where something blockchainy can help. Technically, a hashgraph, one which can prove consensus (as per Hedera, for example).
          --
          I know I'm God, because every time I pray to him, I find I'm talking to myself.
          • (Score: 1) by shrewdsheep on Thursday September 09, @03:49PM (1 child)

            by shrewdsheep (5215) Subscriber Badge on Thursday September 09, @03:49PM (#1176283)

            I was thinking of something much simpler. The group creator simply sends a symmetric group key to each member using their public keys. Maybe renew the symmetric key once in a while. No fancy additional cryptography needed.

(1)