Categories
Computing

WhatsApp now lets you control who can see your profile

WhatsApp is now letting you decide who gets to view certain aspects of your profile.

This week, Meta’s popular messaging and calling app announced via a tweet that it is offering new privacy options for its users, including the ability to choose “who from your contact list can see your Profile Photo, About, and Last Seen status.

🔒 To further protect your privacy online, we’re rolling out new options to your privacy control settings 🔒

Now you can select who from your contact list can see your Profile Photo, About, and Last Seen status. For more information follow this link: https://t.co/UGMCx2n70h

— WhatsApp (@WhatsApp) June 15, 2022

According to a WhatsApp’s Help Center page on the matter, your privacy settings, unless they are reconfigured, allow the following: All users can add you to groups. Contacts can view your status updates. All users can view your read receipts, profile picture, Last Seen, and About information.

But if you choose to configure WhatsApp’s new privacy settings, you’ll have more control over who can view the aforementioned profile information. Profile information such as your photo, Last Seen, About, and status can all be adjusted to one of four privacy options: Everyone, My Contacts, My Contacts Except, and Nobody. Essentially all of these options let you choose the visibility of your profile information based on the audience you’d like to have access to it.

It is worth noting, however, that these new privacy settings do come with some caveats: Not sharing your Last Seen means you can’t see the Last Seen of others. WhatsApp does not offer a way to adjust “who can see when you’re online or typing …”

In addition to selecting who can view your profile information, WhatsApp also lets you decide who can can view your read receipts and who can add you to groups. Not sharing read receipts also results in you not being able to view others’ read receipts. Group chats still offer read receipts regardless of your settings. If one of your friends doesn’t have read receipts enabled, that also stops you from seeing “if they’ve viewed your status updates.”

On Android and iOS, you can access these settings by navigating to Settings > Account > Privacy.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Security

Security experts fear the DMA will break WhatsApp encryption

On March 24th, EU governing bodies announced that they had reached a deal on the most sweeping legislation to target Big Tech in Europe, known as the Digital Markets Act (DMA). Seen as an ambitious law with far-reaching implications, the most eye-catching measure in the bill would require that every large tech company — defined as having a market capitalization of more than €75 billion and a user base of more than 45 million people in the EU — create products that are interoperable with smaller platforms. For messaging apps, that would mean letting end-to-end encrypted services like WhatsApp mingle with less secure protocols like SMS — which security experts worry will undermine hard-won gains in the field of message encryption.

The main focus of the DMA is a class of large tech companies termed “gatekeepers,” defined by the size of their audience or revenue and, by extension, the structural power they are able to wield against smaller competitors. Through the new regulations, the government is hoping to “break open” some of the services provided by such companies to allow smaller businesses to compete. That could mean letting users install third-party apps outside of the App Store, letting outside sellers rank higher in Amazon searches, or requiring messaging apps to send texts across multiple protocols.

But this could pose a real problem for services promising end-to-end encryption: the consensus among cryptographers is that it will be difficult, if not impossible, to maintain encryption between apps, with potentially enormous implications for users. Signal is small enough that it wouldn’t be affected by the DMA provisions, but WhatsApp — which uses the Signal protocol and is owned by Meta — certainly would be. The result could be that some, if not all, of WhatsApp’s end-to-end messaging encryption is weakened or removed, robbing a billion users of the protections of private messaging.

Given the need for precise implementation of cryptographic standards, experts say that there’s no simple fix that can reconcile security and interoperability for encrypted messaging services. Effectively, there would be no way to fuse together different forms of encryption across apps with different design features, said Steven Bellovin, an acclaimed internet security researcher and professor of computer science at Columbia University.

“Trying to reconcile two different cryptographic architectures simply can’t be done; one side or the other will have to make major changes,” Bellovin said. “A design that works only when both parties are online will look very different than one that works with stored messages …. How do you make those two systems interoperate?”

Making different messaging services compatible can lead to a lowest common denominator approach to design, Bellovin says, in which the unique features that made certain apps valuable to users are stripped back until a shared level of compatibility is reached. For example, if one app supports encrypted multi-party communication and another does not, maintaining communications between them would usually require that the encryption be dropped.

Alternatively, the DMA suggests another approach — equally unsatisfactory to privacy advocates — in which messages sent between two platforms with incompatible encryption schemes are decrypted and re-encrypted when passed between them, breaking the chain of “end-to-end” encryption and creating a point of vulnerability for interception by a bad actor.

Alec Muffett, an internet security expert and former Facebook engineer who recently helped Twitter launch an encrypted Tor service, told The Verge that it would be a mistake to think that Apple, Google, Facebook, and other tech companies were making identical and interchangeable products that could easily be combined.

“If you went into a McDonald’s and said, ‘In the interest of breaking corporate monopolies, I demand that you include a sushi platter from some other restaurant with my order,’ they would rightly just stare at you,” Muffett said. “What happens when the requested sushi arrives by courier at McDonald’s from the ostensibly requested sushi restaurant? Can and should McDonald’s serve that sushi to the customer? Was the courier legitimate? Was it prepared safely?”

Currently, every messaging service takes responsibility for its own security — and Muffett and others have argued that by demanding interoperability, users of one service are exposed to vulnerabilities that may have been introduced by another. In the end, overall security is only as strong as the weakest link.

Another point of concern raised by security experts is the problem of maintaining a coherent “namespace,” the set of identifiers that are used to designate different devices in any networked system. A basic principle of encryption is that messages are encoded in a way that is unique to a known cryptographic identity, so doing a good job of identity management is fundamental to maintaining security.

“How do you tell your phone who you want to talk to, and how does the phone find that person?” said Alex Stamos, director of the Stanford Internet Observatory and former chief security officer at Facebook. “There is no way to allow for end-to-end encryption without trusting every provider to handle the identity management… If the goal is for all of the messaging systems to treat each other’s users exactly the same, then this is a privacy and security nightmare.”

Not all security experts have responded so negatively to the DMA. Some of the objections shared previously by Muffett and Stamos have been addressed in a blog post from Matrix, a project geared around the development of an open-source, secure communications standard.

The post, written by Matrix co-founder Matthew Hodgson, acknowledges the challenges that come with mandated interoperability but argues that they are outweighed by benefits that will come from challenging the tech giants’ insistence on closed messaging ecosystems.

“In the past, gatekeepers dismissed the effort of [interoperability] as not being worthwhile,” Hodgson told The Verge. “After all, the default course of action is to build a walled garden, and having built one, the temptation is to try to trap as many users as possible.”

But with users generally happy to centralize trust and a social graph in one app, it’s unclear whether the top-down imposition of cross-platform messaging is mirrored by demand from below.

“iMessage already has interop: it’s called SMS, and users really dislike it,” said Alex Stamos. “And it has really bad security properties that aren’t explained by green bubbles.”

Repost: Original Source and Author Link

Categories
Security

WhatsApp starts a private beta test of multi-device support

Until now, using WhatsApp web on your desktop or any other device has required having a phone that’s powered on and connected, but a new beta test is trying out support for multiple devices without needing a phone in the mix. In a June interview, WhatsApp head Will Cathcart and his boss, Facebook CEO Mark Zuckerberg, commented on the technical challenge of maintaining end-to-end encryption. With a blog post today, Cathcart explains more about what has been done behind the scenes to maintain security.

WhatsApp’s message architecture.
Image: Facebook

As the image comparing the legacy and new systems (above) tries to explain, previously, a user’s phone managed the key determining their identity and ability to encrypt/decrypt messages. The encrypted synchronization also applies to message history, contact names, and other data, with keys maintained on the individual devices.

To start, the beta is going out to a limited group of testers who are already in WhatsApp’s beta program, while the team says it’s working on improving performance and adding more features.



Repost: Original Source and Author Link

Categories
Tech News

WhatsApp betas for Android brings updates to video and image quality

Android users of the popular chat app WhatsApp have a couple of updates to look forward to. The updates are currently in beta and have been submitted to the Google Play Beta Program. The app moves to version 2.21.14.6 in the first update submitted earlier this month.

The big change in this version of the update is an option to choose video quality. The update is currently under development and will be rolled out broadly to users in the future. Currently, the feature is unavailable since it’s still under development.

The video quality update is something that users of the app have wanted for years and will allow users to choose video quality to use in their uploads. Users will have the option between allowing the app to choose video quality under the Auto mode, or they can choose best quality or data saver modes. Naturally, the data saver mode will result in poorer video quality compared to best quality and provide smaller file sizes that are easier to upload.

Another WhatsApp beta has also been submitted under version 2.21.14.16. This version of WhatsApp offers improvements in image quality and is currently under development. Since it’s also in beta, end-users won’t see the feature at this time. Like the update for video quality, the photo quality update adds auto, best quality, and data saver options for uploaded photos.

The update will come with the same caveats, and Auto is recommended. Best quality photos will be larger and can take longer to send and download. Data saver images will be smaller and quicker to send but lack quality compared to other settings. There is no clear indication of when these features might exit beta and be available for users on current stable versions of the app.

Repost: Original Source and Author Link

Categories
Tech News

WhatsApp on Android to make flash calls to verify logins

There are different systems these days for securing accounts beyond fragile and weak passwords. While authenticator apps are often the recommended method, others also use your phone number as a sort of a second authentication factor. That’s especially true for services that use your phone number as your account number anyway, like WhatsApp. It seems that Facebook’s messaging service is going to use that number to implement another layer of security, making a flash call to verify the number that you gave for login is a valid one.

This upcoming feature, if it does make it out the door, is for both security and convenience. With the currently existing system, WhatsApp sends OTPs via SMS when logging into their accounts. Users either type in the numbers or, depending on the permissions granted to the WhatsApp Android app, is automatically entered by the app itself.

This method, while better than just a password, has also been criticized for offering no real security because of the vulnerability of the SMS protocol. WABetaInfo, which often leaks upcoming or in-development WhatsApp features, reveals that the network is working on yet another method to verify logins. Instead of sending an OTP, it will call you and immediately drop the call and will then scan your call history to check if the phone’s number and the number it called, which would have been the number it would send the OTP to, is one and the same.

The catch is that to perform this action, WhatsApp needs permission to read your phone’s call history log. This is something it will ask Android users once when setting up the app for the first time and WhatsApp promises the data won’t be used for any other purpose. Given the recent scandal the network is under due to its new Facebook-friendly privacy policy, that’s a rather big promise to make.

That requirement is also one reason why this feature will never make it to iOS since Apple’s platform doesn’t give third-party apps access to call history. It is also an optional verification method so those with privacy concerns can keep using the older methods, presuming they still use WhatsApp, of course.

Repost: Original Source and Author Link

Categories
Tech News

WhatsApp might soon call you to verify your account

When you buy a new phone and restore your WhatsApp account, the app verifies by sending you a six-digit code through SMS. However, the company’s working on another method to verify your account: flash calls.

According to a report by reliable WABetaInfo, the chat app is testing this ability on Android. Here’s how it’ll work: you can opt-in to receive a call for verification instead of an SMS code. WhatsApp will call you for a brief moment and end the call; you don’t need to pick it up.

Even when this feature is rolled out, it’ll be limited to Android, as iOS doesn’t allow apps to read call history. WABetaInfo said that while the app will access your call log to compare the last entry, it won’t use the data for anything else.

Credit: WhatsApp
Categories
Tech News

How to play irritating WhatsApp voice messages faster

Welcome to TNW Basics, a collection of tips, guides, and advice on how to easily get the most out of your gadgets, apps, and other stuff.

Voice messages are a divisive form of communication. Their devotees say they create a more personal connection, feel more natural than writing, and convey emotion better than mere text. They’re also helpful for people who have difficulties texting (who are obviously exempt from the criticisms that are coming).

Despite these advantages, voice notes have manifold detractors. The critics argue that they’re slow to scan, susceptible to rants, and disruptive to whatever else you’re doing. They’re also awkward to rewind on the rare occasions when someone says something important that you didn’t quite catch the first time.

I personally hate them. They were a constant cause of conflict with an ex-girlfriend who adored them. Not quite the reason we broke up, but they may have played a part.

The folks at WhatsApp must have heard my cries of frustration, as they’ve finally made it possible to at least abbreviate the misery.

[Read: This dude drove an EV from the Netherlands to New Zealand — here are his 3 top road trip tips]

The app now has a Fast Playback option, which lets you listen to a message at 1.5x or 2x speed, without changing the pitch of the sender’s voice.

Telegram has had a similar feature for years. But for people still on WhatsApp, Fast Playback provides a simple way to accelerate those torturously rambling voice messages. Here’s how to use it:

  1. Hit Play on the voice message you want to speed up.
  2. When the message starts playing, tap the 1x icon to increase the speed to 1.5x or 2x.

The feature might have arrived too late to salvage my relationship, but it could still save countless others.



Repost: Original Source and Author Link

Categories
Tech News

Facebook backtracks, won’t limit WhatsApp over privacy policy

WhatsApp’s new privacy policy rollout has been messy and confusing, and it doesn’t look like that’ll change any time soon. The new policy finally rolled out on May 15 — after Facebook had said that while it wouldn’t delete accounts that didn’t accept the new policy, those accounts would eventually lose access to some features. Now, only a couple of weeks later, the company has changed its mind.

Facebook announced the new WhatsApp privacy policy back in January, kicking off concerns about privacy and a mass exodus to alternative platforms like Telegram and Signal. The number of users who abandoned the platform seemed to kick Facebook into damage control mode, and that’s when the confusing mess started.

In the latest update, it turns out that Facebook won’t limit users who fail to accept its new privacy policy. The company said in a statement that it made this decision following ‘recent discussions with various authorities and privacy experts.’

However, this appears to only be a temporary decision, with the company noting that it doesn’t ‘currently’ have plans to limit WhatsApp functionality for these users. Instead, Facebook says it “will continue to remind users from time to time about the update as well as when people choose to use relevant optional features, like communicating with a business that is receiving support from Facebook.”

The move appears to be one intended to placate both governments and users who have taken issues with the new privacy policy. For example, India recently asked the company to retract its new privacy policy, with the nation’s Ministry of Electronics and Information Technology claiming that it violates multiple laws.

Repost: Original Source and Author Link

Categories
Tech News

WhatsApp feature update will migrate chat history to a new platform

One of the more popular messaging apps for smartphone users on the market right now is WhatsApp. The app is widely used, and as people upgrade smartphones every few years, many have been asking for a way to move their chat histories to a new device. As it stands now, you can use the same WhatsApp account on a new device on the same platform, but chat histories aren’t carried over for different platforms.

WhatsApp is working on a feature that will allow users to transfer chat history to a different platform, and it’s expected the land in a future update for iOS and Android devices. The update will address an issue preventing users from restoring their chat history after buying a new device that’s not on the same operating system. Currently, a user who moves from an Android device to an iPhone cannot restore their chat history from backups to the Apple device.

WhatsApp is working on a solution to address this problem. Screenshots have surfaced showing WhatsApp requesting to update a user’s device to transfer their chat history. With the new feature in place, users will be able to move their chat history between device platforms in either direction. The feature is also being polished to allow chat history to be transferred to a different phone number.

Caveats include that you can only start the chat migration process when you link a new device to your WhatsApp account. The feature will also migrate all media within the chat history to the new device. A process to change phone numbers while keeping the chat history and media is offered as well. The feature is currently under development for WhatsApp on Android and iOS and will be offered in a future update. Unfortunately, there is no timeline for the update, so we have to wait for more information on a potential launch date in the future.

Repost: Original Source and Author Link

Categories
Tech News

WhatsApp ‘flaw’ lets anyone lock you out of the app — but it’s complicated

A new loophole in WhatsApp‘s authentication system allows an attacker to lock you out of the app, or in other words, deactivate your account. This sounds scary if you use the app frequently, but it’s worth noting the process to pull this off is fairly complicated and takes about 36 hours to execute.

Earlier this week, security researchers Luis Márquez Carpintero and Ernesto Canales Pereña shared their discovery of this flaw through an article in Forbes. Here’s how it works:

  • After installing WhatsApp, the attacker tries to login through your number by requesting authentication codes.
  • WhatsApp blocks sending codes for 12 hours after a certain number of attempts.
  • Meanwhile, the attacker sets up a new email and sends “a lost/stolen phone request” to WhatsApp support to deactivate your account.
  • WhatsApp support doesn’t really verify that if the email address is associated with your account, so it locks you out of the app.
  • After this, the attacker has to repeat the 12-hour cycle twice.
  • At the end of these three cycles, you and the attacker both will see “Try again after -1 seconds.” message, while trying to login through your number.
  • Now, you’ll have to contact WhatsApp support to recover this account.

This whole rigmarole sounds cumbersome like way too much work for an attacker to go through, simply to lock you out of your account. No data or money is extracted this way.

But the worrying part is that there’s no mechanism — like receiving an OTP — in WhatsApp support that asks you to verify yourself as the owner of your account. Plus, this method is successful in locking you out even if you’ve set up two-factor authentication.

WhatsApp said in a statement that “providing an email address with your two-step verification helps our customer service team assist people should they ever encounter this unlikely problem.”

To do that, head to Account > Two-step verification, and after entering the secure PIN, you could provide an email ID to recover it. But you might have to still email WhatsApp support if you’re locked out. Bummer.



Repost: Original Source and Author Link