• Privacy is Priceless, but Signal is Expensive

    Signal est un service centralisé et ne peut alors pas satisfaire toutes les exigences d’une communication parfaitement privée. Pourtant Signal permet une communication assez protégée sous condition d’utiliser un portable qui n’espionne pas ses utilisateurs. Malheureusement il n’ y a que peu de smartphones dans cette catégorie. GrapheneOS est une bonne solution - en connaissez vous d’autres ? Des systèmes Android sécurisés qui ne transmettent pas de données à Google et d’autres vampires de données ?

    Meredith Whittaker and Joshua Lund on 16 Nov 2023

    Signal is the world’s most widely used truly private messaging app, and our cryptographic technologies provide extra layers of privacy beyond the Signal app itself. Since launching in 2013, the Signal Protocol—our end-to-end encryption technology—has become the de facto standard for private communication, protecting the contents of billions of conversations in WhatsApp, Google Messages, and many others. Signal also continues to invest in research and development in the pursuit of extending communications privacy. This commitment underlies our recent work to add a layer of quantum resistance to the Signal Protocol, and our previous work on metadata protection technologies that help keep personal details like your contact list, group membership, profile name, and other intimate information secure. This singular focus on preserving the ability to communicate privately is one reason that we work in the open, documenting our thinking and making our code open source and open to scrutiny—so you don’t have to take our word for it.

    Signal is also a nonprofit, unlike almost every other consumer tech company.

    This provides an essential structural safeguard ensuring that we stay true to our privacy-focused mission. To put it bluntly, as a nonprofit we don’t have investors or profit-minded board members knocking during hard times, urging us to “sacrifice a little privacy” in the name of hitting growth and monetary targets. This is important in an industry where “free” consumer tech is almost always underwritten by monetizing surveillance and invading privacy. Such practices are often accompanied by “growth hacking” and engagement maximization techniques that leverage dark patterns to keep people glued to feeds and notifications. While Signal is also free to use, we reject this kind of manipulation, focusing instead on creating a straightforward interpersonal communications app. We also reject business models that incentivize such practices.

    Instead of monetizing surveillance, we’re supported by donations, including a generous initial loan from Brian Acton. Our goal is to move as close as possible to becoming fully supported by small donors, relying on a large number of modest contributions from people who care about Signal. We believe this is the safest form of funding in terms of sustainability: ensuring that we remain accountable to the people who use Signal, avoiding any single point of funding failure, and rejecting the widespread practice of monetizing surveillance.

    But our nonprofit structure doesn’t mean it costs less for Signal to produce a globally distributed communications app. Signal is a nonprofit, but we’re playing in a lane dominated by multi-billion-dollar corporations that have defined the norms and established the tech ecosystem, and whose business models directly contravene our privacy mission. So in order to provide a genuinely useful alternative, Signal spends tens of millions of dollars every year. We estimate that by 2025, Signal will require approximately $50 million dollars a year to operate—and this is very lean compared to other popular messaging apps that don’t respect your privacy.

    Here we review some of these costs and where this money goes, in the name of providing more transparency into Signal. But we hope to do more than that. Where money goes and how it’s made is a bit of a taboo in tech, something that most tech companies avoid talking about. The actual costs of consumer tech are generally hidden behind stories of innovation and the word “free,” and the connection between the product marketing of a highly profitable tech industry and the ingress and egress of profit and revenue is usually unclear. We believe a material map of these dynamics can help clarify just what is required to fulfill the dream of privacy-preserving alternative technology, and contribute to establishing a solid foundation from which we can grow alternatives that contest tech surveillance and the incentives behind it.

    This is not a comprehensive overview—this post isn’t meant to provide a full accounting or to review every line item in detail. Instead, we focus on illustrative examples, looking at infrastructure and labor in particular. We’ll also explore average costs that in practice vary dynamically in relation to factors that are often outside of our control.

    Infrastructurally Different

    We’ll start with an overview of some of Signal’s biggest infrastructural costs—what we pay for the utilities and services that let Signal reach you. These include the temporary storage of end-to-end encrypted data for message delivery; the global server network that processes billions of requests every day; the registration fees that cover the delivery of verification codes during the sign-up process to help verify phone numbers and prevent spam accounts; the bandwidth that is required to efficiently route end-to-end encrypted messages and calls around the world; and some of the additional services that keep everything running smoothly. We’ll dive into each of these in more detail, but here’s a quick breakdown:

    Storage: $1.3 million dollars per year.
    Servers: $2.9 million dollars per year.
    Registration Fees: $6 million dollars per year.
    Total Bandwidth: $2.8 million dollars per year.
    Additional Services:

    $700,000 dollars per year.

    Current Infrastructure Costs (as of November 2023): Approximately $14 million dollars per year.
    The Cost of Storing Nothing and Serving Everyone

    Data is profitable, and we’re a nonprofit focused on collecting as little data as possible.

    Most tech companies collect and create as much data as they can. They build large data warehouses, and then later invent new terms like “data lake” when their unquenchable thirst for more of your private information can no longer fit within the confines of a single warehouse. Their default move is to store everything for as long as they can in an easily accessible and unencrypted format, suffering data breach, after data breach, after data breach, hoping to monetize this data by indirectly (or directly) selling it to advertisers or using it to train AI models. Again, data is profitable.

    In contrast, Signal’s default move is to end-to-end encrypt everything that we possibly can and to store as little as possible—all while making sure your messages are delivered promptly and your calls are clear and free of delays. We do this by taking advantage of globally distributed hosting infrastructure and by paying for significant amounts of bandwidth from some of the top providers in the world.

    Just like everything else in Signal, messages and files are always end-to-end encrypted. When you send a message, the Signal service temporarily queues that message for delivery. As soon as your message is delivered, that small bundle of encrypted data (i.e. your message) can be dropped from the queue. The storage of end-to-end encrypted files is temporary too, and any undelivered end-to-end encrypted data is automatically purged after a period of inactivity. Even though everything is only temporary, this storage still costs Signal around $1.3 million dollars per year.

    This is a lot of money, although it’s less than it would cost if we stored everything forever. But unlike the tech companies that collect and store everything, we don’t have (and do not want to have) any surveillance data to sell or use to recoup these costs. We can’t read or access any end-to-end encrypted messages because the keys that are required to decrypt them are in your hands, not ours. And it’s not just about your messages. Signal also uses our metadata encryption technology to protect intimate information about who is communicating with whom—we don’t know who is sending you messages, and we don’t have access to your address book or profile information. We believe that the inability to monetize encrypted data is one of the reasons that strong end-to-end encryption technology has not been widely deployed across the commercial tech industry.

    In order to provide a globally accessible, reliable, and high-performance communications service for the many millions of people around the world who depend on Signal, it’s necessary for Signal’s servers to be globally distributed. Having a geographically distributed network of servers is particularly important for end-to-end encrypted voice and video calls, because latency can result in audio delays or degraded video connections that quickly make the app unusable for real-time communication.

    Because everything in Signal is end-to-end encrypted, we can rent server infrastructure from a variety of providers like Amazon AWS, Google Compute Engine, Microsoft Azure, and others while ensuring that your messages and calls remain private and secure. We can’t access them, and neither can the companies that provide any of the infrastructure we rent. As a small nonprofit organization, we cannot afford to purchase all of the physical computers that are necessary to support everyone who relies on Signal while also placing them in independent data centers around the world. Only a select few of the very largest companies globally are still capable of doing this, which is a hallmark of a troublingly concentrated industry.

    Signal’s addition of novel privacy-preserving features also affects our server costs. To pick one example, we developed a new approach to private contact discovery in 2017 that uses a trusted execution environment. This made us the first large-scale messaging app to let people automatically find their friends and contacts without revealing their address book to us, keeping these connections private. Because other mainstream apps don’t have this layer of privacy protection in place, they can often access details about your network and relationships without restrictions, and many of them store this highly sensitive information for later use.

    When we first deployed this system in 2017, only a few servers were necessary. But as the number of people using Signal increased, the number of servers required to support private contact discovery also rose. At its peak, nearly 600 servers were dedicated to private contact discovery alone, at a total cost of more than $2 million dollars per year.

    This significant cost would have continued to rise. However, thanks to algorithmic research advances and hardware updates, we’ve been able to reduce the total number of private contact discovery servers to around 10 total—despite the fact that the service is handling more traffic than ever. A significant amount of money and engineering resources have been dedicated to ensuring that your address book remains completely inaccessible to us, and Signal will continue to push the envelope and introduce new techniques to enhance your privacy even when the initial costs are high.
    Registration Fees

    Signal incurs expenses when people download Signal and sign up for an account, or when they re-register on a new device. We use third-party services to send a registration code via SMS or voice call in order to verify that the person in possession of a given phone number actually intended to sign up for a Signal account. This is a critical step in helping to prevent spam accounts from signing up for the service and rendering it completely unusable—a non-trivial problem for any popular messaging app.

    Signal’s registration service routes registration codes over multiple telephony providers to optimize delivery across the globe, and the fees we pay to third-party vendors for every verification code we send can be very high. This is in part, we believe, because legacy telecom operators have realized that SMS messages are now used primarily for app registration and two-factor authentication in many places, as people switch to calling and texting services that rely on network data. In response to increased verification traffic from apps like Signal, and decreased SMS revenue from their own customers, these service providers have significantly raised their SMS rates in many locations, assuming (correctly) that tech companies will have to pay anyway.

    The cost of these registration services for verifying phone numbers when people first install Signal, or when they re-register on a new device, currently averages around $6 million dollars per year.

    These costs vary dramatically from month to month, and the rates that we pay are sometimes inflated due to “toll fraud”—a practice where some network operators split revenue with fraudulent actors to drive increased volumes of SMS and calling traffic on their network. The telephony providers that apps like Signal rely on to send verification codes during the registration process still charge their own customers for this make-believe traffic, which can increase registration costs in ways that are often unpredictable. Of course, Signal does everything we can to reduce or eliminate the impact of toll fraud. We work closely with our voice and SMS verification providers to detect and shut down fraudulent registrations as quickly as possible. But it’s still a game of cat and mouse, with unavoidable expenses along the way.
    The Going Rate for Transfer Rates

    You are probably familiar with the concept of paying for bandwidth in the form of buying a data plan from your cellular provider or signing up with an Internet Service Provider (ISP) for your home. But it may surprise you to learn that every website, app, and service also pays for the bandwidth they use whenever you connect to them.

    Some pay more than others. Most of the major tech companies (like Amazon, Google, and Microsoft) own and operate their own data centers. After spending billions of dollars to build massive hosting facilities, they install their own fiber optic cables and custom networking equipment. This also means they get to earn a lot of money by charging others for the privilege of using that equipment.

    Smaller organizations like Signal can’t afford to build matching infrastructure from scratch, so we (along with almost every startup and tech company) pay rent to the big players in order to access the bandwidth we need.

    Millions of people use Signal every day, and it takes a lot of bandwidth to provide a fast and reliable service. Signal spends around $2.8 million dollars per year on bandwidth to support sending messages and files (such as photos, videos, voice notes, documents, etc.) and to enable voice and video calls.

    Voice and video calls require significantly more bandwidth than text messages, and Signal’s end-to-end encrypted calling functionality is one of the most expensive services that we provide. Signal also goes far beyond other messaging apps when it comes to protecting your privacy during voice and video calls, and we do this in ways that substantially increase how much bandwidth we use in order to provide a high-quality calling experience.

    To take one example, Signal always routes end-to-end encrypted calls from people who aren’t in your contacts through a relay server that obscures IP address information.

    Almost none of our competitors do this, and Signal’s default behavior is much more expensive than the alternative. Automatically relaying 1-on-1 voice and video calls from unknown contacts (instead of always using a peer-to-peer connection whenever possible) provides an extra layer of privacy, but results in considerably higher bandwidth costs for Signal’s calling-related relay servers. At current traffic levels, the amount of outbound bandwidth that is required to support Signal voice and video calls is around 20 petabytes per year (that’s 20 million gigabytes) which costs around $1.7 million dollars per year in bandwidth fees just for calling, and that figure doesn’t include the development costs associated with hiring experienced engineers to maintain our calling software, or the cost of the necessary server infrastructure to support those calls.
    The Human Touch

    Signal isn’t just a collection of privacy-preserving services that route end-to-end encrypted messages and calls around the world. It’s also a set of cross-platform apps and modular development components (commonly called libraries) that make this type of private communication possible in the first place. Because the norm is surveillance, we’re often required to create or modify our own libraries from scratch, swapping in privacy instead of using more common frameworks that assume surveillant defaults. Swimming against the tide of an ecosystem whose incentives and infrastructure promote surveillance and privacy invasions is, of course, more time-intensive and more expensive, and requires dedicated and experienced people.

    First, we have three distinct client teams, one for each platform (Android, Desktop, and iOS). These teams are constantly working: adjusting to operating system updates, building new features, and making sure the app works on a wide variety of devices and hardware configurations. We also have dedicated engineering teams that handle the development and maintenance of the Signal Server and all of its infrastructure, our calling libraries like RingRTC, and core libraries like libsignal. These also need constant development and monitoring.

    Product and design teams help shape the future of the app and determine how it will look and function, while our localization team coordinates translation efforts across more than sixty languages. We even have a full-time, in-house support group that interfaces with people who use Signal and provides detailed technical feedback and real-time troubleshooting information to every other team. This is an essential function, particularly at Signal, because we don’t collect analytics or telemetry data about how people are using Signal.

    This is a lot of work, and we do it with a small and mighty team. In total, around 50 full-time employees currently work on Signal, a number that is shockingly small by industry standards. For example, LINE Corporation, the developers of the LINE messaging app popular in Japan, has around 3,100 employees,
    while the division of Kakao Corp that develops KakaoTalk, a messaging app popular in Korea, has around 4,000 employees. Employee counts at bigger corporations like Apple, Meta, and Google’s parent company (Alphabet) are much, much higher.

    To sustain our ongoing development efforts, about half of Signal’s overall operating budget goes towards recruiting, compensating, and retaining the people who build and care for Signal. When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.

    We are proud to pay people well. Our goal is to compensate our staff at as close to industry wages as possible within the boundaries of a nonprofit organization. We know that we can’t provide equity, expensive playpen offices, or other benefits common to large tech companies. We also know that we need to recruit and retain a highly experienced and specialized workforce in an extremely competitive industry if we’re going to offer a service that provides a meaningful alternative to apps with far more people and resources. And we don’t believe that precarity should be the cost of doing good. Compared to most tech companies, Signal’s numbers are a drop in the bucket.

    Growth in Signal translates into increased infrastructure costs, and having more infrastructure requires more labor. As of November 2023, Signal’s server network is regularly responding to around 100,000 requests per second, and we routinely break our previous records. A funny thing happens when a globally accessible service starts handling billions of requests every day. Suddenly one-in-a-million possibilities are no longer unique or rare, and unlikely situations become more and more common as Signal grows. It’s not unusual for our engineers to do things like write custom code to reproduce an esoteric and complicated IPv6 connectivity issue that’s affecting people running an arcane operating system configuration in specific regions, but only when connected via a certain set of internet service providers.

    Troubleshooting such infrastructure issues can be very expensive, because isolating a problem and developing a fix can take a lot of time and expertise.

    Identifying and fixing arcane problems is not the only thing that takes time and skill. In the context of building for privacy, adding a common feature or service in a way that avoids surveillance frequently requires significant work and creativity. To take one example, profile pictures and profile names are always end-to-end encrypted in Signal. This means that Signal does not have access to your profile name or chosen profile photo. This approach is unique in the industry. In fact, it has been more than six years since we first announced this additional layer of protection, and as far as we know none of our competitors have yet adopted it. Other messengers can easily see your profile photo, profile name, and other sensitive information that Signal cannot access. Our choice here reflects our staunch commitment to privacy, but it also means that it took Signal more effort to implement support for profile photos. Instead of a weekend project for a single engineer, our teams were required to develop new approaches and concepts within the codebase (like profile keys), which they worked to roll out across multiple platforms after an extended testing period.

    The same dynamic played out again when Signal introduced support for animated GIF searches on Android and iOS. Instead of quickly and easily integrating the standard GIF search SDK that most other apps were using, engineers spent considerable time and creativity developing another unique privacy-preserving technique that hides GIF search terms from Signal’s servers, while also hiding who is searching for those terms from the GIF search engine itself. We later expanded those techniques to further obfuscate GIF search information by obscuring the amount of traffic that passes through the proxied connection.

    When Meta acquired GIPHY, and many other apps were scrambling to contend with the privacy implications of the deal, Signal employees slept soundly knowing that we had already built this feature correctly several years earlier.

    Even more recently, Signal has started taking steps to protect today’s conversations from future threats by adding post-quantum resistance to the Signal Protocol. The financial costs associated with these research and development initiatives are substantial. They’re also essential for building privacy-preserving technology in a dynamic industry where surveillance is the norm.

    By offering a competitive compensation package, Signal helps make it easy for people to choose to develop privacy-preserving technology that benefits the world instead of going to work for the surveillance-advertising-industrial complex. We’re proud of our healthcare plans, family-friendly policies like extended parental leave, flexible schedules, and the many other benefits that help make Signal a great place to work.

    These things cost money, but a world where Signal can attract talented people to work on privacy-preserving technology is a world that looks a lot more attractive.
    Future Tense

    We hope that this cursory tour of some of Signal’s operations and costs helps provide a greater understanding of Signal’s unique place in the tech ecosystem, and of the tech ecosystem itself.

    Our goal of developing an open source private messenger that is supported and sustained by small donations is both highly ambitious and, we believe, existentially important. The cost of most consumer technology is underwritten by surveillance, which has allowed people to assume that “free” is the default, and a handful of industry players have accrued eye-watering amounts of personal data and the unprecedented power to use that data in ways that are shaping our lives and institutions globally.

    To put it another way, the social costs of normalized privacy invasion are staggeringly high, and maintaining and caring for alternative technology has never been more important.

    Signal is working to show that a different approach is possible—an approach that puts privacy at the center, and where organizations are accountable to the people who use and rely on their services, not to investors, or to the endless pursuit of growth and profit.

    Thank you for your support. It’s an honor and privilege to work on Signal every day, and we—very literally—couldn’t do it without you. Please consider donating to Signal via our website or learn how to give using the app.

    #communication #sécurité #messenger #Android #vie_privée #internet

  • Les employés de Facebook ne peuvent pas entrer dans les bureaux – les badges ne fonctionnent pas non plus Sénégal direct - Moussa Gaye

    Certains des employés qui se sont précipités dans les bureaux pour évaluer personnellement l’étendue des dégâts n’ont pas pu accéder aux bâtiments car leurs badges numériques ont cessé de fonctionner, ce qui les a empêchés d’accéder aux zones de serveurs et d’agir personnellement sur les machines des bâtiments.

    Il n’y a pas que les réseaux sociaux qui ne fonctionnent pas : toute l’entreprise de Mark Zuckerberg est hors ligne. Le pépin qui empêche des millions d’utilisateurs dans le monde d’accéder à Facebook, Instagram et WhatsApp empêche également les travailleurs du géant de Menlo Park de résoudre la situation et même d’entrer dans leurs bureaux. Le New York Times rapporte cela, citant des sources internes de Facebook selon lesquelles l’ampleur de l’accroc technique serait si grande qu’elle impliquait également des systèmes internes. Y compris les lecteurs de badges qui, ne reconnaissant pas les employés, n’ouvrent pas les portes. Ainsi, les premiers ingénieurs qui se sont précipités sur le site n’ont pas pu entrer car les systèmes physiques ne fonctionnaient pas.

    La plupart des systèmes internes ont cessé de fonctionner, y compris les services de messagerie et de partage d’informations. Les calendriers, les outils de liste de tâches et d’autres services utilisés par les employés ont cessé de répondre, tout comme certains appareils liés aux systèmes informatiques de l’entreprise, notamment les lecteurs de badges. Les travailleurs ont expliqué qu’ils avaient des difficultés à passer des appels depuis les téléphones de l’entreprise et à recevoir des courriels de personnes extérieures à l’entreprise. La plateforme de collaboration interne, Workplace, a également cessé de fonctionner. Beaucoup se sont donc tournés vers la concurrence, utilisant LinkedIn, Zoom et Discord pour continuer à travailler.

    Certains des employés qui se sont précipités dans les bureaux pour évaluer personnellement l’étendue des dégâts n’ont pas pu accéder aux bâtiments car leurs badges numériques ont cessé de fonctionner, ce qui les a empêchés d’accéder aux zones de serveurs et d’agir personnellement sur les machines des bâtiments. Selon le responsable des opérations de sécurité de Facebook, le problème actuel est un risque élevé pour les personnes, un risque modéré pour les actifs de l’entreprise et un risque élevé pour la réputation de Facebook. Une petite équipe d’employés a été envoyée au centre de données de Santa Clara pour réinitialiser manuellement les serveurs de l’entreprise.

     #facebook #Messenger #Instagram #WhatsApp #data_centers #algorithme #surveillance #bigdata #publicité #données #instagram #marketing #gafam #sécurité #serveurs

    • Vidéo : voici ce qui a provoqué la panne de Facebook (et Instagram, et WhatsApp) zdnet.fr

      Technologie : Ne vous attendez pas à une solution immédiatement, ça risque de durer un bon moment. On vous explique, tout ceci est lié à un mystérieux protocole nommé BGP.

      Maj 05/10/2021 à 06h38  : Les différents services de Facebook touché par la panne sont désormais rétablis, la panne aura duré 6 heures. L’entreprise a commencé à communiquer sur la panne. Il s’agit d’un changement de configuration des routeurs principaux" qui a provoqué un effet en cascade de paralysie des datacenters de l’entreprise.

      Le vieux dicton du dépannage de réseau dit que si quelque chose ne va pas, "c’est le DNS". Et bien cette fois, le serveur de noms de domaine (DNS) semble être un simple symptôme de la cause fondamentale de la panne globale de Facebook. La véritable cause est qu’il n’y a pas de routes Border Gateway Protocol (BGP) fonctionnelles vers les sites de Facebook.

      BGP est le protocole de passerelle extérieure standardisé utilisé pour échanger des informations de routage et d’accessibilité entre les systèmes autonomes (SA) de premier niveau d’Internet. La plupart des gens, et même la plupart des administrateurs réseau, n’ont jamais besoin d’utiliser BGP.

      Beaucoup de gens ont remarqué que Facebook n’était plus répertorié dans le DNS. En effet, il y a même eu des messages humoristiques proposant de vous vendre le domaine Facebook.com.

      Le vice-président de Cloudflare, Dane Knecht, a été le premier à signaler le problème BGP qui est sous-jacent à cette panne géante. Cela signifie, comme l’a tweeté Kevin Beaumont, responsable du centre des opérations de sécurité de Microsoft, qu’en l’absence d’annonces BGP pour vos serveurs de noms DNS, le DNS s’effondre. Et donc personne ne peut vous trouver sur Internet. Même chose pour WhatsApp. Facebook s’est en quelque sorte déplateformisé de sa propre plateforme."


      Aussi ennuyeux que cela puisse l’être pour vous, cela peut être encore plus ennuyeux pour les employés de Facebook. Selon certaines informations, les employés de Facebook ne peuvent pas entrer dans leurs bâtiments parce que leurs badges et portes "intelligentes" ( ahah, peut-être est il temps de remplacer enfin intelligent par connecté ) ont également été désactivés par cette panne de réseau. Si cela est vrai, les employés de Facebook ne peuvent littéralement pas entrer dans le bâtiment pour tenter de réparer la ou les pannes.

      Facebook a depuis précisé que ces difficultés techniques ont également affecté ses outils internes, rendant d’autant plus difficile son travail pour résoudre la situation.

      Plus tard dans la nuit, Facebook a communiqué sur les origines de panne. “Nos équipes d’ingénierie ont appris qu’un changement de configuration des routeurs principaux qui coordonnent le trafic entre nos centres de données a entraîné des difficultés techniques aboutissant à l’arrêt de toute communication. Cette interruption des échanges du réseau a eu des effets en cascade sur la façon dont nos centres de données communiquent, provoquant la panne de nos services” expliquait l’entreprise.

      Quelques heures avant, l’utilisateur de Reddit u/ramenporn, qui prétendait être un employé de Facebook travaillant à ramener le réseau social d’entre les morts, avait signalé, avant de supprimer son compte et ses messages, que "le DNS pour les services de FB a été affecté et c’est probablement un symptôme du problème réel, à savoir que l’échange de trafic BGP avec les #routeurs d’échange de trafic de Facebook a été interrompu, très probablement en raison d’un changement de #configuration entré en vigueur peu de temps avant que les pannes ne surviennent)". 

      Un changement de configuration erroné effectué via une interface web
      Il poursuit : "Des personnes essaient maintenant d’accéder aux routeurs d’échange de trafic pour mettre en œuvre des correctifs, mais les personnes ayant un accès physique sont distinctes de celles qui savent comment s’authentifier auprès des systèmes et de celles qui savent ce qu’il faut faire, de sorte qu’il y a maintenant un défi logistique pour unifier toutes ces connaissances. Une partie de cette situation est également due à la diminution des effectifs dans les centres de données en raison des mesures de lutte contre la pandémie."

      Ramenporn a également déclaré qu’il ne s’agissait pas d’une attaque, mais d’un changement de configuration erroné effectué via une interface web. Ce qui est vraiment dégoûtant — et pourquoi Facebook est toujours hors service quelques heures plus tard — c’est que, puisque BGP et DNS sont hors service, "la connexion au monde extérieur est hors service, l’accès à distance à ces outils n’existe plus, donc la procédure d’urgence est d’obtenir un accès physique aux routeurs d’échange de trafic et de faire toute la configuration localement". Bien sûr, les techniciens sur place ne savent pas comment faire et les administrateurs réseau principaux ne sont pas sur place. En bref, c’est un grand gâchis.

      Conséquence de cette panne, le cours de Facebook a perdu plus de 6 % à la bourse de New York. Selon l’entreprise, il n’y a aucun signe montrant que les données des utilisateurs aient pu être compromises.
      Pour rappel, le réseau social le plus populaire du monde s’est effondré lundi 4 octobre 2021 vers 8h45, heure californienne (soit 17h45, heure française). Mais il n’y a pas que Facebook : Instagram, WhatsApp et Facebook Messenger ont également été touchés par la panne.

      Les services de statut de sites web comme DownForEveryoneOrJustMe et DownDetector signalaient alors que Facebook était hors service. Le problème touchait l’intégralité des services de l’entreprise dans le monde entier. En France également, les différents sites avaient cessé de fonctionner, tout comme les applications du groupe.

      #BGP #DNS

  • « L’image dégradée de Facebook n’a pas arrêté sa course au sommet »

    L’augmentation du prix de leurs annonces publicitaires en période de très forte demande a offert à Google et Facebook une croissance inespérée. Mais ce modèle économique, à son apogée, est remis en cause par les attaques d’Apple, explique Philippe Escande, éditorialiste économique au « Monde ».

    Ce pourrait être le chiffre de 2021. Près d’un quart des humains, 1,9 milliard, se sont connectés sur Facebook en mars. Au total, 3,45 milliards de personnes sont utilisateurs réguliers du réseau et de ses satellites Messenger, WhatsApp et Instagram. Vive la crise ! Le chiffre d’affaires du groupe a bondi de 48 % au premier trimestre de cette année par rapport à la même période de 2020, avant que la pandémie de Covid-19 ne touche l’Amérique. Et ses profits ont bondi de 94 %.

    Créée en 2004, la société engrange désormais 26 milliards de dollars chaque trimestre pour plus de 9 milliards de profits. Et Google fait mieux encore, avec un profit net en hausse 162 % à 18 milliards de dollars sur les seuls trois premiers mois de cette année. La raison de cette explosion soudaine, que même les plus enthousiastes des analystes n’avaient pas anticipée, tient en un seul mot, la publicité.

    Les deux entreprises dégagent l’essentiel de leurs revenus de cette activité. Or, face à la demande d’entreprises en mal de notoriété dans un monde confiné, les deux sociétés ont augmenté le prix de leurs annonces publicitaires – de 30 % pour Facebook. De quoi renforcer la suprématie du duo qui contrôle entre la moitié et les deux tiers du marché mondial de la publicité numérique.

    Monstre plus puissant encore

    De quoi faire oublier les tracas quotidiens de Mark Zuckerberg, désormais habitué à fréquenter les salles d’audition du Congrès de Washington ou celles des instances antitrust du monde entier. Son image dégradée de prédateur de la vie privée de ses milliards d’« amis » n’a manifestement pas handicapé la course au sommet de son entreprise.

    Un nouveau souci à l’horizon va pourtant le contraindre à infléchir sa route. Face à lui, un monstre plus puissant encore a décidé de lui faire payer son succès, bâti entièrement sur la qualité des informations sur ses membres qu’il monnaye à ses clients annonceurs. Apple a décidé de demander aux utilisateurs de ses iPhone s’ils voulaient continuer à être pistés par les publicitaires.

    On imagine leur réponse. Une menace majeure, la fin annoncée de la publicité ciblée, qui pousse aujourd’hui Facebook et Google à accélérer d’urgence la diversification de leurs ressources. Vers le commerce pour Facebook, vers le cloud pour Google. Deux domaines déjà bien occupés par Amazon ou Microsoft. L’apogée de 2021 ouvre des temps qui promettent d’être plus difficiles.

    #Apple #Google #Facebook #Instagram #Messenger #WhatsApp #domination #bénéfices (...)


  • Private #messengers : what can they really see ?

    This article aims to provide a fair and thorough #comparison of the current #private_messaging #apps in terms of their #privacy, #security, and #anonymity†. However, it must be abundantly clear that this post is written by Status (one of the above messengers). We strongly encourage you to verify our sources, do your own due diligence, and correct us if we are wrong.

    Bien structuré, intéressant.

    De base, toujours se souvenir que celui qui a la main sur le serveur a la possibilité de mentir et de ne pas respecter sa parole quand il dit qu’il n’utilise pas nos données personnelles, par exemple.

    #TODO : comprendre comment Status permet de garantir la protection sur les metadonnées réseau et sur l’identification coté serveur = lire l’article au complet et tester Status

  • Facebook #Messenger : ce graphique montre à quel point l’app espionne votre #vie_privée

    Apple est parvenu à mettre #Facebook et #WhatsApp face à leurs responsabilités avec cette obligation d’afficher les droits d’accès des applications sur l’App Store. Soudainement, les utilisateurs ont pu constater que WhatsApp et Messenger récupèrent vos #contacts, vos #données commerciales lorsque vous utilisez les services Facebook, votre #adresse_IP et votre #localisation, ou encore vos #enregistrements vocaux.

    Dans la foulée, WhatsApp a essayé tant bien que mal de justifier la collecte d’une si grande quantité de données : “Nous devons collecter certaines informations pour fournir un service de communication mondial fiable […] Par principe, nous prenons des mesures pour restreindre l’accès à ces informations”, assure l’entreprise.

    forbes whatsapp apple
    Crédits : Forbes

    #espionnage #RGPD

  • Sexiste, homophobe, anti-handicapés... Un chatbot sud-coréen mis hors-ligne après avoir déraillé

    Un logiciel conversationnel disponible sur Facebook Messenger s’est imprégné des propos nauséabonds de certains internautes, avant d’être désactivé. Un très populaire chatbot sud-coréen, un robot conversationnel permettant aux internautes de papoter avec ce qui serait une étudiante de 20 ans, a été désactivé cette semaine après avoir tenu des propos sexistes, homophobes et irrespectueux vis-à-vis des handicapés. Lee Luda, développé par la startup basée à Séoul Scatter Lab pour fonctionner via Facebook (...)

    #algorithme #Microsoft #Facebook #Messenger #Twitter #racisme #sexisme #biais #LGBT

  • WhatsApp : quelles sont les données personnelles stockées par l’application ?

    Les doutes et la défiance à l’égard de Facebook ont jeté une ombre sur l’usage de WhatsApp. Ces derniers jours, un grand nombre d’utilisateurs de WhatsApp ont commencé à s’interroger sur le traitement de leurs données par la messagerie possédée, depuis 2014, par Facebook. A l’origine de ces questionnements se trouve l’annonce de nouvelles conditions d’utilisation, qui entreront en vigueur le 15 mai : elles redéfinissent en partie le périmètre des données WhatsApp qui sont partagées avec Facebook pour ses (...)

    #Facebook #Instagram #Messenger #Signal #WhatsApp #géolocalisation #[fr]Règlement_Général_sur_la_Protection_des_Données_(RGPD)[en]General_Data_Protection_Regulation_(GDPR)[nl]General_Data_Protection_Regulation_(GDPR) (...)

    ##[fr]Règlement_Général_sur_la_Protection_des_Données__RGPD_[en]General_Data_Protection_Regulation__GDPR_[nl]General_Data_Protection_Regulation__GDPR_ ##données

  • Signal : tout comprendre à l’application de messagerie sécurisée à très fort succès

    Disponible sur Android comme sur iOS, l’application est prisée pour être particulièrement bien sécurisée, et n’avoir aucun lien avec Facebook, propriétaire de WhatsApp. Signal est une application de messagerie sécurisée, disponible sur Android comme sur iOS. Elle permet d’échanger par écrit, entre deux personnes ou en groupe, de passer des appels audio ou vidéo, d’envoyer des fichiers… Bref, elle fonctionne comme à peu près toutes les messageries populaires, mais elle est aussi réputée pour être, depuis (...)

    #Google #Apple #Facebook #Instagram #Messenger #Parler #Signal #Twitter #cryptage #écoutes (...)


  • WhatsApp Doesn’t Read Your Messages, It Doesn’t Need To - Pen Magnet

    As of this writing, WhatsApp released a newer version of its privacy policy on Jan 4, 2021. Among other things, it mentions : We are one of the Facebook Companies. You can learn more further below in this Privacy Policy about the ways in which we share information across this family of companies. When I opened WhatsApp yesterday, I was greeted with a prompt to read the fine print. Among other things, it talks highly about “End to end encryption.” WhatsApp even has a ridiculous (...)

    #NSA #CIA #FBI #Facebook #Messenger #Signal #Skype #WhatsApp #Zoom #algorithme #cryptage #Android #payement #WiFi #iOS #données #écoutes (...)


  • Le Havre : une employée de McDonald’s licenciée après avoir dénoncé un harcèlement sexuel

    Une salariée d’un McDonald’s du Havre (Seine-Maritime), qui avait dénoncé des faits de harcèlement et d’agression sexuels, avant d’être licenciée, va saisir les prud’hommes. Une salariée d’un McDonald’s du Havre (Seine-Maritime), qui avait dénoncé des faits de harcèlement et d’agression sexuels, avant d’être licenciée, va saisir les prud’hommes, a-t-on appris vendredi auprès de l’intéressée. Mathilde, 21 ans, affirme avoir été victime de harcèlement sexuel de la part d’un salarié, aujourd’hui délégué du (...)

    #McDonald's #Facebook #Messenger #racisme #sexisme #délation #écoutes #harcèlement #LGBT #surveillance #travail (...)


  • WhatsApp va exclure les utilisateurs qui ne veulent pas livrer leurs données à Facebook

    La messagerie chiffrée, filiale de Facebook, déploie une mise à jour de ses conditions d’utilisation, qui concerne les utilisateurs du monde entier. Malgré les plaintes visant Facebook pour ses supposées pratiques anticoncurrentielles, le réseau social se rapproche un peu plus de sa filiale WhatsApp. La messagerie chiffrée, qui s’était jusque-là distinguée par sa relative protection des données personnelles des utilisateurs, va livrer davantage d’informations à sa maison-mère. Les utilisateurs (...)

    #Facebook #Instagram #Messenger #WhatsApp #données #publicité #conditions


  • Here’s what that WhatsApp privacy policy pop-up means for you

    If you use WhatsApp, you probably spotted a pop-up on your phone sometime in the last 24 hours, suggesting that the service has updated its privacy policy — and promptly clicked the button at the bottom to proceed. If you read more closely, you’ll have learned that and users have until February 8 to read and agree to the new terms. Failure to do so would lead to WhatsApp deleting your account. You’re probably not the only one who may have skipped reading the new terms. However, changes in (...)

    #Facebook #Messenger #Instagram #WhatsApp #données #conditions #publicité


  • Facebook, QAnon and the world’s slackening grip on reality

    The coronavirus pandemic has left us living more and more of our lives online. But the place where we chat with friends, get our news and form our opinions is full of vile and dangerous conspiracy theories. Is the world’s biggest social network doing enough to combat them ? As with many others in Britain, lockdown hit Rachel and her husband, Philip, hard. Almost overnight, the couple, both in their early 50s, found themselves cut off from friends, family and colleagues. Before the Covid-19 (...)

    #Facebook #Instagram #Messenger #WhatsApp #manipulation #modération #QAnon #SocialNetwork


  • Big Tech Continues Its Surge Ahead of the Rest of the Economy

    Amazon, Apple, Facebook and Alphabet reported the latest in a string of enormous quarterly profits on Thursday. While the rest of the U.S. economy languished earlier this year, the tech industry’s biggest companies seemed immune to the downturn, surging as the country worked, learned and shopped from home. On Thursday, as the economy is showing signs of improvement, Amazon, Apple, Alphabet and Facebook reported profits that highlighted how a recovery may provide another catalyst to help (...)

    #Alphabet #Apple #Google #Amazon #Facebook #Instagram #Messenger #Twitter #WhatsApp #YouTube #iPhone #domination #bénéfices #CloudComputing #GAFAM (...)


  • ‘Five Eyes’ alliance demands ways to access encrypted apps

    The “Five Eyes” intelligence alliance demanded Sunday (11 October) that tech companies insert “backdoors” in encrypted apps to allow law enforcement agencies the access they say they need to police online criminality. The top justice officials of the United States, Britain, Australia, Canada and New Zealand said in a statement that the growth of end-to-end encrypted apps that make official oversight impossible – like Signal, Telegram, FaceBook Messenger and WhatsApp – “pose significant (...)

    #Facebook #Messenger #Signal #Telegram #WhatsApp #algorithme #backdoor #smartphone #écoutes #surveillance #FiveEyes (...)


  • Now You Can Use Instagram to Chat With Friends on Facebook Messenger

    Facebook began integrating its Instagram and Messenger apps, allowing users of the services to directly communicate with each other. SAN FRANCISCO — Facebook began allowing people to use the photo-sharing app Instagram and the messaging app Messenger to communicate with each other on Wednesday, as part of a planned integration of the social network’s major messaging applications. With the changes, people who use Instagram can now send photo, video or text messages to those who use Facebook (...)

    #Apple #Facebook #iMessage #Instagram #Messenger #Signal #WhatsApp #iPhone #smartphone #technologisme #domination #FTC #Tencent (...)


  • Whatsapp, Twitter, Facebook, Snapchat : qui chiffre les messages privés des utilisateurs ?

    Le chiffrement de bout en bout peut protéger d’un piratage de grande ampleur, comme celui qu’a subi récemment Twitter, mais n’est pas mis en place partout. Deux semaines après que des comptes Twitter de personnalités de premier plan ont été utilisés frauduleusement pour diffuser des arnaques liées au bitcoin (une monnaie virtuelle), les conséquences pourraient être de long terme pour le réseau social. Selon les sources de Bloomberg, les pirates à l’origine de cette fraude ont piégé au moins un employé (...)

    #Microsoft #TikTok #Facebook #Instagram #Messenger #Skype #Snapchat #Tinder #Twitter #WhatsApp #écoutes #surveillance #Slack (...)


  • Facebook wants to help register 4 million voters this year with new ‘Voting Information Center’

    Facebook aims to improve the resources it providers American voters and will attempt to help more people register to vote ahead of the 2020 US election, according to a new op-ed by CEO Mark Zuckerberg published in USA Today on Tuesday evening. Zuckerberg says the company set a goal of helping 4 million people register to vote, up from 2 million four years ago, through resources provided across Facebook, Instagram, and Messenger. Facebook will also introduce a new “Voting Information Center” (...)

    #CambridgeAnalytica/Emerdata #Facebook #Instagram #Messenger #manipulation #élections (...)

    ##CambridgeAnalytica/Emerdata ##modération

  • Facebook Says Very Little on Privacy of Messenger Rooms

    Earlier this month, Facebook debuted its group video chat offering, Messenger Rooms, to a world under widespread pandemic lockdown, one that’s in large part replaced face-to-face meetings with streamed conversations. The chief beneficiary of this shift, Zoom, has spent months as a punching bag for privacy advocates, so Facebook was quick to assure users that it had “built Rooms with privacy in mind” and that “we don’t watch or listen to your audio or video calls.” But today, well over a week (...)

    #Facebook #Zoom #Messenger #écoutes #métadonnées #BigData #conditions #MessengerRooms

  • Après Google, Facebook s’attaque avec Shops à Amazon

    Les entreprises pourront présenter et vendre leurs produits sur Facebook et Instagram. Facebook et Google tentent de rattraper leur retard sur le leader de l’e-commerce. Facebook cherche à saisir l’occasion du confinement pour tenter de se développer dans l’e-commerce. « La crise actuelle nous fait vivre et consommer davantage en ligne et cela va continuer ensuite à plus long terme », a déclaré Mark Zuckerberg, le fondateur de Facebook, pour justifier le lancement de Shops, mardi 19 mai. Cette (...)

    #Amazon #Facebook #Instagram #Messenger #WhatsApp #smartphone #domination #consommation (...)


  • Giphy, la start-up qui veut monétiser les GIF animés

    Véritable phénomène sur les réseaux sociaux et les applications de messagerie, les GIF animés pourraient bientôt aussi devenir un business. C’est le pari de Giphy, une start-up installée à New York, qui vient de lever 55 millions de dollars (49 millions d’euros). Trois ans après sa création, et toujours sans générer le moindre dollar de chiffre d’affaires, la voilà désormais valorisée à 300 millions de dollars. C’est près de quatre fois plus que lors de son précédent tour de table, il y a tout juste un an. (...)

    #Microsoft #Facebook #Giphy #Messenger #outlook.com #Tinder #Tumblr #Twitter #YouTube #émotions #bénéfices #marketing #profiling #publicité (...)

    ##publicité ##SocialNetwork

  • L’acquisition de Giphy sur Facebook déclenche une alarme antitrust au Congrès

    Vendredi, un groupe bipartite de sénateurs a sonné l’alarme sur l’application des lois antitrust sur l’acquisition récemment annoncée de Facebook de Giphy, un site Web de création et de partage de GIF. Vendredi, Facebook a annoncé qu’il allait acquérir Giphy pour le prix annoncé de 400 millions de dollars. Giphy est l’un des plus grands sites GIF sur Internet et les médias sociaux et les services de messagerie comme Twitter, Tinder, Slack et iMessage ont déjà intégré Giphy dans leurs applications. Dans (...)

    #Facebook #Giphy #iMessage #Instagram #Messenger #Tinder #Twitter #domination #métadonnées #bénéfices #BigData #DataBrokers #profiling (...)


  • Giphy chez Facebook : inquiétudes sur la confidentialité et la gestion des données

    L’acquisition surprise de Giphy par Facebook sonne comme une mauvaise nouvelle aux oreilles des amateurs de GIF qui ne supportent pas les manières du réseau social. Impossible de donner le bénéfice du doute à l’entreprise de Mark Zuckerberg, tant on ne compte plus le nombre de coups de canif qu’elle a donnés dans la confidentialité et le respect de la vie privée. Côté pile, cet achat va permettre aux utilisateurs d’Instagram et des autres applications de Facebook de partager plus facilement des GIF avec (...)

    #Facebook #Giphy #Instagram #Messenger #SDK #domination #métadonnées #BigData #profiling #DataBrokers (...)


  • Buying Giphy Could Help Facebook Monetize its Messaging Services — And Others

    Giphy monetizes its GIF and sticker-sharing platform via sponsored GIFs that can be shared on Facebook’s apps, as well as on third-party platforms such as Twitter and iMessage. Facebook’s deal to buy Giphy should serve as one more example of how cash-rich tech firms are using their balance sheets to strengthen their long-term competitive hands in the current environment. At least provided regulators let it happen. According to Axios, Facebook is paying around $400 million to buy Giphy, (...)

    #domination #métadonnées #bénéfices #BigData #DataBrokers #FTC #Giphy #Messenger #Instagram (...)


  • “I became a pariah.” Coronavirus victims’ data is leaked on social media in Pakistan - Coda Story

    Using cellphone tracking and mobile apps to curb the spread of the coronavirus, the government is surveilling millions of ordinary citizens On February 26, hours before Pakistan’s health authorities confirmed the country’s first coronavirus case, the patient’s photograph and personal details, including his home address, were leaked on social media. Yahyah Jaffery eventually recovered and wrote a newspaper column about his experience. “My photo was all over social media and I became a pariah,” (...)

    #Google #Facebook #Messenger #WhatsApp #algorithme #contactTracing #smartphone #GPS #biométrie #géolocalisation #consentement #FAI #COVID-19 #santé #surveillance #délation #BigData (...)

    ##santé ##NADRA