Image ▻https://regmedia.co.uk/2016/08/19/smartphone_user_photo_via_s...
▻https://diasp.eu/p/9126478
Germany mulls giving end-to-end chat app encryption das boot: Law requiring decrypted plain-text is in the works • The Register
▻https://www.theregister.co.uk/2019/05/28/german_government_encryption
Germany mulls giving end-to-end chat app encryption das boot: Law requiring decrypted plain-text is in the works Officials want to upgrade rules from device searching to message interception
]]>Spies with that ? Police can snoop on McDonald’s and Westfield wifi customers
▻https://www.theguardian.com/business/2019/may/28/spies-with-that-police-can-snoop-on-mcdonalds-and-westfield-wifi-custom
Documents reveal rushed encryption legislation allows police to compel wifi providers to turn over information about users People accessing the internet at McDonald’s and Westfield in Australia could be targeted for surveillance by police under new encryption legislation, according to the home affairs department. A briefing by the department, obtained under freedom of information, reveals that police can use new powers to compel a broad range of companies including social media giants, (...)
#McDonald's #Facebook #GoogleSearch #cryptage #WiFi #surveillance #web #Westfield
▻https://i.guim.co.uk/img/media/aec376894417749d113f606bff707feb1e6325ae/0_12_2000_1200/master/2000.jpg
]]>Why You Should Never Save #passwords on #chrome or Firefox
▻https://hackernoon.com/why-you-should-never-save-passwords-on-chrome-or-firefox-96b770cfd0d0?so
Extracting Your Passwords in Cleartext with 12 Lines of CodeIn this article I will demonstrate how easy it is for hackers to extract every username and password saved on your Chrome profile. One would think that Chrome would have safety measures to encrypt your password, but apparently that is not the case — sorta. My Chrome profile, like many others, is set up so that there is another encryption password that I have to enter in order to sync all my passwords, bookmarks, settings, browser history, and etc. so it was pretty shocking to me how easy it was for me to extract and decrypt my passwords. Twelve lines of code easy.Demonstration and Proof of ConceptBefore we get started, I should mention that I have not tested this on macOS or any Linux distributions. To replicate this demonstration, (...)
]]>Facebook stored hundreds of millions of passwords unprotected
▻https://www.theguardian.com/technology/2019/mar/21/facebook-admits-passwords-unprotected
Facebook mistakenly stored “hundreds of millions” of passwords in plaintext, unprotected by any encryption, the company has admitted. The mistake, which led to user passwords being kept in Facebook’s internal servers in an insecure way, affects “hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users”, according to the social networking site. Facebook Lite is a version of Facebook created for use in nations where mobile (...)
▻https://i.guim.co.uk/img/media/29e9ff1463be05fb947bcee875c35d2345431154/0_276_4134_2480/master/4134.jpg
]]>Switching from #bcrypt to SHA2 may save your CPU…and your sanity!
▻https://hackernoon.com/switching-from-bcrypt-to-sha2-may-save-your-cpu-and-your-sanity-80673376
Here’s the reality, billions of credentials have been leaked or stolen and are now easily downloaded online by anyone. Many of these databases of identities include passwords in plain text, while others are one-way hashed. One-way hashing is better (we’ll get to why in a second), but it is only as secure as is mathematically feasible. Let’s take a look at one-way hashing algorithms and how computers handle them.HashingA hash by definition is a function that can map data of an arbitrary size to data of a fixed size. SHA2 is a hashing algorithm that uses various bit-wise operations on any number of bytes to produce a fixed sized hash. For example, the #sha-256 algorithm produces a 256 bit result. The algorithm was designed specifically so that going from a hash back to the original bytes is (...)
]]>How #whatsapp’s #security Mechanism Stands Out From Other Encryptions
▻https://hackernoon.com/how-whatsapps-security-mechanism-stands-out-from-other-encryptions-6dd4b
“It is found that WhatsApp security is the highest-notch of encryption that doesn’t allow hackers to glide into individual and group chats”The world’s largest messaging app in terms of the user base has updated its security feature “End-to-End Encryption” for its 1 billion users worldwide. WhatsApp encompasses tricky elements of security ranges where the encryption for group chatting and individual is quite hard and trickiest encryption.When WhatsApp added the highest degree of security, it raised to encounter the privacy of digital communication worldwide.The History of Encryption at a GlanceWhatsApp rolled out the information that it has joined “Facebook” in the year 2014 which turned to be one of the most historic changes that a social application experienced.Later, in the year 2016, (...)
]]>A Privacy-Focused Vision for Social Networking | Mark Zuckerberg, Facebook, 6 mars 2019
▻https://www.facebook.com/notes/mark-zuckerberg/a-privacy-focused-vision-for-social-networking/10156700570096634
Over the last 15 years, Facebook and Instagram have helped people connect with friends, communities, and interests in the digital equivalent of a town square. But people increasingly also want to connect privately in the digital equivalent of the living room. As I think about the future of the internet, I believe a privacy-focused communications platform will become even more important than today’s open platforms. Privacy gives people the freedom to be themselves and connect more naturally, which is why we build social networks.
Today we already see that private messaging, ephemeral stories, and small groups are by far the fastest growing areas of online communication. There are a number of reasons for this. Many people prefer the intimacy of communicating one-on-one or with just a few friends. People are more cautious of having a permanent record of what they’ve shared. And we all expect to be able to do things like payments privately and securely.
Public social networks will continue to be very important in people’s lives — for connecting with everyone you know, discovering new people, ideas and content, and giving people a voice more broadly. People find these valuable every day, and there are still a lot of useful services to build on top of them. But now, with all the ways people also want to interact privately, there’s also an opportunity to build a simpler platform that’s focused on privacy first.
I understand that many people don’t think Facebook can or would even want to build this kind of privacy-focused platform — because frankly we don’t currently have a strong reputation for building privacy protective services, and we’ve historically focused on tools for more open sharing. But we’ve repeatedly shown that we can evolve to build the services that people really want, including in private messaging and stories.
I believe the future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won’t stick around forever. This is the future I hope we will help bring about.
We plan to build this the way we’ve developed WhatsApp: focus on the most fundamental and private use case — messaging — make it as secure as possible, and then build more ways for people to interact on top of that, including calls, video chats, groups, stories, businesses, payments, commerce, and ultimately a platform for many other kinds of private services.
This privacy-focused platform will be built around several principles:
Private interactions. People should have simple, intimate places where they have clear control over who can communicate with them and confidence that no one else can access what they share.
Encryption. People’s private communications should be secure. End-to-end encryption prevents anyone — including us — from seeing what people share on our services.
Reducing Permanence. People should be comfortable being themselves, and should not have to worry about what they share coming back to hurt them later. So we won’t keep messages or stories around for longer than necessary to deliver the service or longer than people want them.
Safety. People should expect that we will do everything we can to keep them safe on our services within the limits of what’s possible in an encrypted service.
Interoperability. People should be able to use any of our apps to reach their friends, and they should be able to communicate across networks easily and securely.
Secure data storage. People should expect that we won’t store sensitive data in countries with weak records on human rights like privacy and freedom of expression in order to protect data from being improperly accessed.
Over the next few years, we plan to rebuild more of our services around these ideas. The decisions we’ll face along the way will mean taking positions on important issues concerning the future of the internet. We understand there are a lot of tradeoffs to get right, and we’re committed to consulting with experts and discussing the best way forward. This will take some time, but we’re not going to develop this major change in our direction behind closed doors. We’re going to do this as openly and collaboratively as we can because many of these issues affect different parts of society.
Résumé en français : « Mark Zuckerberg veut recentrer Facebook sur les échanges privés » ▻https://www.lesechos.fr/tech-medias/hightech/0600849596938-mark-zuckerberg-veut-recentrer-facebook-sur-les-echanges-priv
]]>Mark Zuckerberg’s Plans to Capitalize on Facebook’s Failures | The New Yorker
▻https://www.newyorker.com/tech/annals-of-technology/mark-zuckerbergs-plans-to-capitalize-on-facebooks-failures
On Wednesday, a few hours before the C.E.O. of Facebook, Mark Zuckerberg, published a thirty-two-hundred-word post on his site titled “A privacy-focused vision for social networking,” a new study from the market research firm Edison Research revealed that Facebook had lost fifteen million users in the United States since 2017. “Fifteen million is a lot of people, no matter which way you cut it,” Larry Rosin, the president of Edison Research, said on American Public Media’s “Marketplace.” “This is the second straight year we’ve seen this number go down.” The trend is likely related to the public’s dawning recognition that Facebook has become both an unbridled surveillance tool and a platform for propaganda and misinformation. According to a recent Harris/Axios survey of the hundred most visible companies in the U.S., Facebook’s reputation has taken a precipitous dive in the last five years, with its most acute plunge in the past year, and it scores particularly low in the categories of citizenship, ethics, and trust.
While Zuckerberg’s blog post can be read as a response to this loss of faith, it is also a strategic move to capitalize on the social-media platform’s failures. To be clear, what Zuckerberg calls “town square” Facebook, where people post updates about new jobs, and share prom pictures and erroneous information about vaccines, will continue to exist. (On Thursday, Facebook announced that it would ban anti-vaccine advertisements on the site.) His new vision is to create a separate product that merges Facebook Messenger, WhatsApp, and Instagram into an encrypted and interoperable communications platform that will be more like a “living room.” According to Zuckerberg, “We’ve worked hard to build privacy into all our products, including those for public sharing. But one great property of messaging services is that, even as your contacts list grows, your individual threads and groups remain private. As your friends evolve over time, messaging services evolve gracefully and remain intimate.”
This new Facebook promises to store data securely in the cloud, and delete messages after a set amount of time to reduce “the risk of your messages resurfacing and embarrassing you later.” (Apparently, Zuckerberg already uses this feature, as Tech Crunch reported, in April, 2018.) Its interoperability means, for example, that users will be able to buy something from Facebook Marketplace and communicate with the seller via WhatsApp; Zuckerberg says this will enable the buyer to avoid sharing a phone number with a stranger. Just last week, however, a user discovered that phone numbers provided for two-factor authentication on Facebook can be used to track people across the Facebook universe. Zuckerberg does not address how the new product will handle this feature, since “town square” Facebook will continue to exist.
Once Facebook has merged all of its products, the company plans to build other products on top of it, including payment portals, banking services, and, not surprisingly, advertising. In an interview with Wired’s editor-in-chief, Nicholas Thompson, Zuckerberg explained that “What I’m trying to lay out is a privacy-focused vision for this kind of platform that starts with messaging and making that as secure as possible with end-to-end encryption, and then building all of the other kinds of private and intimate ways that you would want to interact—from calling, to groups, to stories, to payments, to different forms of commerce, to sharing location, to eventually having a more open-ended system to plug in different kinds of tools for providing the interaction with people in all the ways that you would want.”
L’innovation vient maintenant de Chine, en voici une nouvelle mention
If this sounds familiar, it is. Zuckerberg’s concept borrows liberally from WeChat, the multiverse Chinese social-networking platform, popularly known as China’s “app for everything.” WeChat’s billion monthly active users employ the app for texting, video conferencing, broadcasting, money transfers, paying fines, and making medical appointments. Privacy, however, is not one of its attributes. According to a 2015 article in Quartz, WeChat’s “heat map” feature alerts Chinese authorities to unusual crowds of people, which the government can then surveil.
“I believe the future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won’t stick around forever,” Zuckerberg tells us. “This is the future I hope we will help bring about.” By announcing it now, and framing it in terms of privacy, he appears to be addressing the concerns of both users and regulators, while failing to acknowledge that a consolidated Facebook will provide advertisers with an even richer and more easily accessed database of users than the site currently offers. As Wired reported in January, when the merger of Facebook’s apps was floated in the press, “the move will unlock huge quantities of user information that was previously locked away in silos.”
Le chiffrage des messages est loin d’être une panacée pour la vie privée, ni pour la responsabilité sociale des individus.
Zuckerberg also acknowledged that an encrypted Facebook may pose problems for law enforcement and intelligence services, but promised that the company would work with authorities to root out bad guys who “misuse it for truly terrible things like child exploitation, terrorism, and extortion.” It’s unclear how, with end-to-end encryption, it will be able to do this. Facebook’s private groups have already been used to incite genocide and other acts of violence, suppress voter turnout, and disseminate misinformation. Its pivot to privacy will not only give such activities more space to operate behind the relative shelter of a digital wall but will also relieve Facebook from the responsibility of policing them. Instead of more—and more exacting—content moderation, there will be less. Instead of removing bad actors from the service, the pivot to privacy will give them a safe harbor.
#facebook #Cryptographie #Vie_privée #Médias_sociaux #Mark_Zuckerberg
]]>CounterMail - protecting your privacy - encrypted pgp email webmail
▻https://countermail.com
CounterMail is a secure and easy to use online email service, designed to provide maximum security and privacy without any unnecessary complexity.
You can access your email account at any time, from anywhere in the world. Your account will always be encrypted and anonymous.
An Interview with Simon Persson - Founder of Secure Email Provider CounterMail - Unfinished ManUnfinished Man
▻https://www.unfinishedman.com/interview-simon-persson-founder-countermail-secure-email-provider
We are under Swedish jurisdiction and swedish laws, Sweden still have better privacy laws than many other countries
We don’t log IP-addresses
You can pay anonymously if you follow our instructions, or simply just use Bitcoin
Incoming email will be encrypted to your public key, which means no emails will be stored as plaintext on our server, only in encrypted format
Web based OpenPGP encryption with no possibility to disable the end-to-end encryption, passwords and decrypted texts is never sent to our server
We have an USB-key option, which gives you two factor authentication, and increased protection
Our webmail server do not have any hard drives, only CD-ROM, which means no “leakage” to any hard drive is possible
Our customers never have any direct connection to our mailserver, regardless how they connect to their account, IMAP/SMTP/webmail always connects to a diskless server (tunnel)
You can delete the private key from our server (but we recommend this only for advanced users, your private key is always encrypted on our server anyway)
We have an additional encryption layer to protect against man-in-the-middle attacks
If anyone can find any other established provider that have all our privacy and security features, we will give that person $10k as a reward!
]]>Quantum Computing — Can Blockchain be Hacked?
▻https://hackernoon.com/quantum-computing-can-blockchain-be-hacked-19c2ec7bac85?source=rss----3a
Quantum Computing — Can Blockchain be Hacked?“Cryptography is the field concerned with linguistic and mathematical techniques for securing information, particularly in communications” and the security characteristic of Distributed Ledger Technology. Quantum computers have long been dubbed as the Achilles’ heel of Bitcoin and the whole cryptocurrency industry. Due to their overwhelming advantage in computing speed, quantum computers could theoretically be used to disrupt the activity not only of a decentralized system or a blockchain but of any software using any kind of encryption.In Germany, you probably call that ‘Bauernfänger’ (since in Germany we have a single word for almost everything), in English perhaps ‘hornswoggle people’s attention by plotting an attention-grabbing headline’ or (...)
#distributed-ledgers #legacy-systems #quantum-computing #quantum-computer #quantum-computing-hacks
]]>KDE is adding Matrix to its IM framework | KDE.news
▻https://dot.kde.org/2019/02/20/kde-adding-matrix-its-im-framework
However, our search for a better solution has finally come to an end: as of today we are officially using Matrix for collaboration within KDE! Matrix is an open protocol and network for decentralized communication, backed by an open standard and open source reference implementations for servers, clients, client SDKs, bridges, bots and more. It provides all the features you’d expect from a modern chat system: infinite scrollback, file transfer, typing notifications, read receipts, presence, search, push notifications, stickers, VoIP calling and conferencing, etc. It even provides end-to-end encryption (based on Signal’s double ratchet algorithm) for when you want some privacy.
]]>JSON Web Tokens (JWT) Demystified
▻https://hackernoon.com/json-web-tokens-jwt-demystified-f7e202249640?source=rss----3a8144eabfe3-
JSON Web Token (JWT, often pronounced “jot”) is a powerful tool for confidently transmitting data between two parties through tokens. These parties can consist of users, servers, or any other combination of services. Based on an open standard (RFC-7519), JWTs are digitally signed with an encryption algorithm, so the receiving party can trust the information contained within. In computer #security this concept is known as Data Integrity.One main benefit of using a #jwt is that it’s very compact (assuming the issuer uses JWS Compact Serialization, which is recommended). They are generally small enough to be sent through a POST request, in an HTTP Header, or even as a query string within a URL. However, the more claims you add to a JWT, the more bloated it becomes. You could theoretically (...)
]]>Asymmetric #cryptography In Blockchains
▻https://hackernoon.com/asymmetric-cryptography-in-blockchains-d1a4c1654a71?source=rss----3a8144
Asymmetric cryptography, also known as public-key cryptography, is one of the key components of #blockchain technology. This form of cryptography allows everyone to verify the integrity of transactions, protect funds from hackers and much more. But how does it work?What is asymmetric cryptography?To understand asymmetric cryptography it is important to first understand the meaning of cryptography.Cryptography is a method of using advanced mathematical principles in storing and transmitting data in a particular form so that only those for whom it is intended can read and process it. Encryption is a key concept in cryptography — It is a process whereby a message is encoded in a format that cannot be read or understood by an eavesdropper. The technique is old and was first used by Caesar to (...)
]]>Can We End Data Exploitation in #google and #facebook?
▻https://hackernoon.com/can-we-end-data-exploitation-in-google-and-facebook-7ee3ba888ea9?source=
One Company Believes They CanIn the age of WhatsApp, Signal, and other messaging apps, questions over data security or sharing have arisen. True, apps like WhatApp and Signal boast end to end #encryption, chances are your data is being used in a variety of ways.One indication that WhatsApp (owned by the now bad boy of user data -Facebook) utilizes its users’ data is that it has rolled out an ads platform. If data was not being culled from messages to enhance targeting I think I and many others would be shocked.But It’s Encrypted — So Why Are You Worrying?WhatsApp and Signal and Google may be encrypted between sender and receiver, but the data is actually stored on the phone and this data is not encrypted, which leaves a back door to either the app itself using the data to sell to others or (...)
]]>Why Signal and not Threema ? : signal
▻https://www.reddit.com/r/signal/comments/852qor/why_signal_and_not_threema
Signal is open source, Threema is not, so that disqualifies Threema as a secure app in my opinion. You could as well continue using WhatsApp since it’s also end to end encrypted but closed source. Wire is another great alternative, and it’s German.
Hacker erklären, welche Messenger-App am sichersten ist - Motherboard
▻https://motherboard.vice.com/de/article/7xea4z/hacker-erklaren-welche-messenger-app-am-sichersten-ist
Passons sur les exigences plus poussées, je ne vois que Signal qui satisfait tous ces besoins. Après on peut toujours utiliser plusieurs « messenger apps » afin de rester au courant des « updates » de tout le monde - à l’exception des apps de Facebook (Whatsapp), Wechat et Google parce que leur utilistion constitue une menace de votre vie privée simplement par l’installation sur votre portable.
Roland Schilling (33) und Frieder Steinmetz (28) haben vor sechs Jahren begonnen, an der TU Hamburg unter anderem zu dieser Frage zu forschen. In einer Zeit, als noch niemand den Namen Edward Snowden auch nur gehört hatte, brüteten Schilling und Steinmetz bereits über die Vor- und Nachteile verschiedener Verschlüsselungsprotokolle und Messenger-Apps. So haben sie beispielsweise im vergangenen Jahr geschafft, die Verschlüsselung von Threema per Reverse Engineering nachzuvollziehen.
Ihre Forschung ist mittlerweile zu einer Art Aktivismus und Hobby geworden, sagen die beiden: Sie wollen Menschen außerhalb von Fachkreisen vermitteln, wie elementar die Privatsphäre in einer Demokratie ist. Im Interview erklären sie, auf was man bei der Wahl des Messengers achten soll, welche App in punkto Sicherheit nicht unbedingt hält, was sie verspricht und warum Kreditinstitute sich über datenhungrige Messenger freuen.
...
Roland Schilling: Bei mir ist es anders. Ich bringe die Leute einfach dazu, die Apps zu benutzen, die ich auch nutze. Das sind ausschließlich Threema, Signal und Wire. Wenn Leute mit mir reden wollen, dann klappt das eigentlich immer auf einer von den Dreien.
...
Frieder: ... Signal und WhatsApp etwa setzen auf die gleiche technische Grundlage, das Signal-Protokoll, unterscheiden sich aber in Nuancen. Threema hat ein eigenes, nicht ganz schlechtes Protokoll, das aber beispielsweise keine ‘Perfect Forward Secrecy’ garantiert. Die Technik verhindert, dass jemand mir in der Zukunft meinen geheimen Schlüssel vom Handy klaut und damit meine gesamte verschlüsselte Kommunikation entschlüsseln kann, die ich über das Handy geführt habe. Signal und WhatsApp haben das.
...
Roland: Ein gutes Messenger-Protokoll ist Open Source und ermöglicht damit Forschern und der Öffentlichkeit, eventuell bestehende Schwachstellen zu entdecken und das Protokoll zu verbessern. Leider gibt es auf dem Messenger-Markt auch viele Angebote, die ihre vorgebliche „Verschlüsselung“ diesem Prozess entziehen und geheim halten, oder das Protokoll zwar veröffentlichen, aber auf Kritik nicht eingehen.
Secure WhatsApp Alternatives – Messenger Comparison
▻https://www.boxcryptor.com/en/blog/post/encryption-comparison-secure-messaging-apps
Threema and Telegram under Control of Russia’s Government ?
▻https://medium.com/@vadiman/threema-and-telegram-under-control-of-russias-government-f81f8e28714b
WhatsApp Exploited by NSA and US Secret Services?
Go to the profile of Vadim An
Vadim An
Mar 7, 2018
This is the end of era centralized communication!
The 2017/2018 years are hot and saturated with cybersecurity challenges. Almost every week, a major media source reported hacking incidents or backdoor exploits in popular communication and messaging services. Some of which granted government agents unauthorized access to private and confidential information from within the communications industry.
According to mass-media reports, one of the most popular Swiss secure messaging apps Threema moved under the control of the Russian government and has been listed in the official registry with a view to controlling user communications.
This can be seen on regulatory public website ▻https://97-fz.rkn.gov.ru/organizer-dissemination/viewregistry/#searchform
This knockout news was commented by Crypviser — innovative German developer of the most secure instant communication platform based on Blockchain technologies, of the point of view, what does it mean for millions of Threema users?
To answer this question, let’s understand the requirements for getting listed in this registry as an “information-dissemination organizers” according to a new Russian federal law, beginning from 01 June 2018.
The law requires that all companies listed in internet regulator’s registry must store all users’ metadata (“information about the arrival, transmission, delivery, and processing of voice data, written text, images, sounds, or other kinds of action”), along with content of correspondence, voice call records and make it accessible to the Russian authorities. Websites can avoid the hassle of setting aside this information by granting Russian officials unfettered, constant access to their entire data stream.
This is very bad news for Threema users. Threema officials have reported that they are not aware of any requirements to store, collect, or provide information. Maybe not yet though since there is still some time until 01 June 2018 when the new law kicks in and Threema will be obligated to provide direct access to sensitive user’s data.
It’s possible that Threema is fully aware of this despite claiming otherwise. They may realize that the most popular messenger in Russia, Telegram, has been under pressure since refusing to officially cooperate with Russian secret services. If Russia takes steps to block Telegram as a result, then Threema would become the next best alternative service. That is assuming they’re willing to violating the security and privacy rights of its users by giving in to the new law’s requirements.
Based on the reports of Financial Time magazine, the Telegram founder agreed to register their app with Russian censors by the end of June 2017. This, however; is not a big loss for Telegram community because of the lack of security in Telegram to date. During the last 2 years, its security protocol has been criticized many times and many security issues were found by researchers. Although there is no direct evidence showing that Telegram has already cooperated with the Russian government or other governments, these exploitable bugs and poor security models make Telegram users vulnerable victims to hackers and secret services of different countries.
The same security benchmark issues have been explored in the biggest communication app WhatsApp. The security model of WhatsApp has been recognized as vulnerable by the most reputed cryptographic experts and researchers worldwide. According to the Guardian, a serious “backdoor” was found in encryption. More specifically, the key exchange algorithm.
A common security practice in encrypted messaging services involves the generation and store of a private encryption key offline on the user’s device. And only the public key gets broadcasted to other users through the company’s server. In the case of WhatsApp, we have to trust the company that it will not alter public key exchange mechanism between the sender and receiver to perform man-in-the-middle attack for snooping of users encrypted private communication.
Tobias Boelter, security researcher from the University of California, has reported that WhatsApp’s end-to-end encryption, based on Signal protocol, has been implemented in a way that if WhatsApp or any hacker intercepts your chats, by exploiting trust-based key exchange mechanism, you will never come to know if any change in encryption key has occurred in the background.
The Guardian reports, “WhatsApp has implemented a backdoor into the Signal protocol, giving itself the ability to force the generation of new encryption keys for offline users and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered. The recipient is not made aware of this change in encryption.”
But on the other hand, the developer of Signal messaging app Open Whisper Systems says, ”There is no WhatsApp backdoor”, “it is how cryptography works,” and the MITM attack “is endemic to public key cryptography, not just WhatsApp.”
It’s worth noting that none of the security experts or the company itself have denied the fact that, if required by the government, WhatsApp can intercept your chats. They do say; however, WhatsApp is designed to be simple, and users should not lose access to messages sent to them when their encryption key is changed. With this statement, agrees on a cybersecurity expert and CTO of Crypviser, Vadim Andryan.
“The Man-in-the-Middle attack threat is the biggest and historical challenge of asymmetric cryptography, which is the base of end-to-end encryption model. It’s hard to say, is this “backdoor” admitted intentionally or its became on front due lack of reliable public — key authentication model. But it definitely one of the huge disadvantages of current cryptographic models used for secure instant communication networks, and one of the main advantage of Crypviser platform.”
Crypviser has introduced a new era of cryptography based on Blockchain technologies. It utilizes Blockchain to eliminate all threats of Man-in-the-Middle attack and solves the historical public key encryption issue by using decentralized encryption keys, exchanges, and authorization algorithms. The authentication model of Crypviser provides public key distribution and authorization in peer-to-peer or automated mode through Blockchain.
After commercial launch of Crypviser unified app, ”messenger” for secure social communication will be available on the market in free and premium plans. The free plan in peer-to-peer authentication mode requires user interaction to check security codes for every new chat and call. The full-featured premium plan offers Blockchain based automated encryption model and powerful professional security features on all levels.
You can see the comperisation table of Crypviser with centralized alternatives in the below table
]]>Design sprint federated chat ecosystem
▻http://constantvzw.org/site/Design-sprint-federated-chat-ecosystem.html
XMPP is a long standing protocol for libre federated chat which in recent years brought the federated chat ecosystem to modern mobile clients, cross device chat and end-to-end encryption based on Signal. Running up to FOSDEM, the XMPP community (with support of OSP) is hosting a design sprint for federated chat ecosystem. More info + how to join: ▻https://discourse.opensourcedesign.net/t/design-sprint-for-federated-chat-ecosystem-xmpp-30-1-and-01-2-bruxelles/830
And more...
#And_more...
]]>The Crypto Anarchist Manifesto
▻https://www.activism.net/cypherpunk/crypto-anarchy.html
Précurseur de la très romatique Declaration of the Independence of Cyberspace et du Manifeste du web indépendant plus raisonnable et pragmatique le manifeste des anars cryptograhiques sera encore d’actualité en 2019.
From: tcmay@netcom.com (Timothy C. May)
Subject: The Crypto Anarchist Manifesto
Date: Sun, 22 Nov 92 12:11:24 PST
Cypherpunks of the World,
Several of you at the “physical Cypherpunks” gathering yesterday in Silicon Valley requested that more of the material passed out in meetings be available electronically to the entire readership of the Cypherpunks list, spooks, eavesdroppers, and all. <Gulp>
Here’s the “Crypto Anarchist Manifesto” I read at the September 1992 founding meeting. It dates back to mid-1988 and was distributed to some like-minded techno-anarchists at the “Crypto ’88” conference and then again at the “Hackers Conference” that year. I later gave talks at Hackers on this in 1989 and 1990.
There are a few things I’d change, but for historical reasons I’ll just leave it as is. Some of the terms may be unfamiliar to you...I hope the Crypto Glossary I just distributed will help.
(This should explain all those cryptic terms in my .signature!)
–-Tim May
...................................................
The Crypto Anarchist Manifesto
Timothy C. May <tcmay@netcom.com>
A specter is haunting the modern world, the specter of crypto anarchy.
Computer technology is on the verge of providing the ability for individuals and groups to communicate and interact with each other in a totally anonymous manner. Two persons may exchange messages, conduct business, and negotiate electronic contracts without ever knowing the True Name, or legal identity, of the other. Interactions over networks will be untraceable, via extensive re- routing of encrypted packets and tamper-proof boxes which implement cryptographic protocols with nearly perfect assurance against any tampering. Reputations will be of central importance, far more important in dealings than even the credit ratings of today. These developments will alter completely the nature of government regulation, the ability to tax and control economic interactions, the ability to keep information secret, and will even alter the nature of trust and reputation.
The technology for this revolution—and it surely will be both a social and economic revolution—has existed in theory for the past decade. The methods are based upon public-key encryption, zero-knowledge interactive proof systems, and various software protocols for interaction, authentication, and verification. The focus has until now been on academic conferences in Europe and the U.S., conferences monitored closely by the National Security Agency. But only recently have computer networks and personal computers attained sufficient speed to make the ideas practically realizable. And the next ten years will bring enough additional speed to make the ideas economically feasible and essentially unstoppable. High-speed networks, ISDN, tamper-proof boxes, smart cards, satellites, Ku-band transmitters, multi-MIPS personal computers, and encryption chips now under development will be some of the enabling technologies.
The State will of course try to slow or halt the spread of this technology, citing national security concerns, use of the technology by drug dealers and tax evaders, and fears of societal disintegration. Many of these concerns will be valid; crypto anarchy will allow national secrets to be trade freely and will allow illicit and stolen materials to be traded. An anonymous computerized market will even make possible abhorrent markets for assassinations and extortion. Various criminal and foreign elements will be active users of CryptoNet. But this will not halt the spread of crypto anarchy.
Just as the technology of printing altered and reduced the power of medieval guilds and the social power structure, so too will cryptologic methods fundamentally alter the nature of corporations and of government interference in economic transactions. Combined with emerging information markets, crypto anarchy will create a liquid market for any and all material which can be put into words and pictures. And just as a seemingly minor invention like barbed wire made possible the fencing-off of vast ranches and farms, thus altering forever the concepts of land and property rights in the frontier West, so too will the seemingly minor discovery out of an arcane branch of mathematics come to be the wire clippers which dismantle the barbed wire around intellectual property.
Arise, you have nothing to lose but your barbed wire fences!
–-
..........................................................................
Timothy C. May | Crypto Anarchy: encryption, digital money,
tcmay@netcom.com | anonymous networks, digital pseudonyms, zero
408-688-5409 | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power: 2^756839 | PGP Public Key: by arrangement.
]]>▻https://www.hrw.org/everyday-encryption
EVERYDAY ENCRYPTION
This game is about the everyday choices you make about your security, and the role encryption plays in those choices. Digital security is always about making compromises and tradeoffs—what do you want to protect, and from whom? You can never be 100 percent secure, but encryption can help reduce your digital security risks.
#informatique #didactique #jeu #surveillance #chiffrement #autodéfense #numérique
]]>What’s Shor’s Algorithm? (Quantum Computing Weekly News for Dec 11 2018)
▻https://hackernoon.com/whats-shor-s-algorithm-quantum-computing-weekly-news-for-dec-11-2018-721
What’s Shor’s Algorithm? | Quantum Computing Weekly Roundup Dec 11 2018This is a syndicated version of my weekly e-mail round-up of news about Quantum Computing. Visit the homepage to subscribe to updates and check out previous issues.? Hi there, and thank you for taking a look at lucky issue #7!Last week we had a great profile on Anastasia Marchenkova, and I highly recommend checking it out if you missed it, and I’m excited to say that we already have a new guest lined up for January! ?Looking for a particular area of quantum computing you’d like to see covered in the next issue? Ping me and let me know!Tiny Fact of the weekWhat’s this Shor’s algorithm thing I keep on hearing about? In short, it’s a quantum algorithm which is able to answer a very computationally difficult question relatively (...)
#encryption #cryptography #quantum-computer #quantum-computing
]]>Australia’s war on encryption : the sweeping new powers rushed into law
▻https://www.theguardian.com/technology/2018/dec/08/australias-war-on-encryption-the-sweeping-new-powers-rushed-into-law
Australia has made itself a global guinea pig in testing a regime to crack encrypted communication Telecommunications providers have argued that compromising a messaging system, website or cloud storage system to get at a targeted user may put others at risk. Photograph : Alamy Stock Photo In the hit US TV series The Wire police are initially baffled when the criminal suspects they are investigating begin to communicate through photographic messages of clock faces. After several seasons (...)
▻https://i.guim.co.uk/img/media/016b42ef5b3365037da639af246c11a0b8ad800a/0_374_5616_3370/master/5616.jpg
]]>The unbelievable tale of a fake hitman, a kill list, a darknet vigilante... and a murder | WIRED UK
▻https://www.wired.co.uk/article/kill-list-dark-web-hitmen
There are no hitmen in this story. There are no sharply dressed assassins screwing silencers on to their Glocks, no operatives assigned, nor capos directing them.
There is a website, though – a succession of websites, to be precise – where all those things are made out to be true. Some people fall for it. Looking for a hitman, they download Tor, a browser that uses encryption and a complex relaying system to ensure anonymity, and allows them to access the dark web, where the website exists. Under false names, the website’s users complete a form to request a murder. They throw hundreds of bitcoins into the website’s digital purse.
The website’s admin is scamming them: no assassination is ever executed. The admin would dole out a hail of lies for why hits had been delayed, and keep the bitcoins.
But, elsewhere, someone called Chris Monteiro has been disrupting the website’s operations for years, triggering its admin’s wrath.
Au fond l’histoire suit la partition écrite pour les musiciens des orchestres rouges et noires. Il ne faut faire confiance à personne. Il ne faut pas commetre d’erreur car chaque erreur se paie. Au mieux on arrive à changer de trottoir quand un espion croise ton chemin sans égard du côté pour lequel il prétend se battre.
]]>Deepin 15.8 Promo Video Proves Distro Deserves ‘Blingiest Desktop’ Crown
▻https://www.omgubuntu.co.uk/2018/11/deepin-15-8-promo-video
The recent Deepin 15.8 release impressed many on its arrival — now a new promo video published by the team behind demonstrates precisely why. The five-minute clip, which we’ve embedded above, showcases the distro’s recent crop of UI changes and UX tweaks, including a new boot menu, disk encryption feature, and optional ‘dark mode’. And call me sucker […] This post, Deepin 15.8 Promo Video Proves Distro Deserves ‘Blingiest Desktop’ Crown, was written by Joey Sneddon and first appeared on OMG! Ubuntu!.
]]>15 Most Popular Payment Gateway Solutions
▻https://hackernoon.com/15-most-popular-payment-gateway-solutions-ad49342298b9?source=rss----3a8
A payment gateway is an application that authorizes payment for e-businesses, online retails, brick and mortar businesses and more. It is virtual equivalent to the physical point of sale established in many retail outlets.It encrypts confidential information, such as credit & debit card numbers to make you sure that the data which is passed between the customer and merchant is confidential and secure.How does a payment gateway work?A customer places an order on website or mobile by just pressing submit button or equivalent button to reach payment gateway and enters card details in the specified spaces.The customer’s web browser encrypts the detail which is to be sent between the browser and the web server. This is to be done via SSL(Secure Socket Layer) encryption technique. The (...)
#mobile-app-development #ecommerce #payments #magento #paypal
]]>#ransomware Is a Dangerous Reality
▻https://hackernoon.com/ransomware-is-a-dangerous-reality-edb9a597a42d?source=rss----3a8144eabfe
Source: Progress Software.Does paying a ransom sound like something from out of a movie? People may tend to associate ransoms with people being kidnapped. However, the threat of ransom malware, or ransomware, is a real one ravaging the web today.Ransomware is any dangerous virus which can attack and encrypt the files on a PC or within an entire network, transcoding the files so that they become inaccessible to the creators. At this point in the process, the victim knows something has happened, and the cybercriminal demands a ransom for allowing the victim access to his lost files which are being held hostage by the user of the malware.Once hacked, the odds for the victim reobtaining control of his files and/or device without paying the cybercrook are not too good. The dilemma is overly (...)
]]>Coders of the world, unite: can Silicon Valley workers curb the power of Big Tech?
►https://www.theguardian.com/news/2017/oct/31/coders-of-the-world-unite-can-silicon-valley-workers-curb-the-power-of-
neveragain.tech
►http://neveragain.tech
Write a list of things you would never do. Because it is possible that in the next year, you will do them. —Sarah Kendzior [1]
Our pledge
We, the undersigned, are employees of tech organizations and companies based in the United States. We are engineers, designers, business executives, and others whose jobs include managing or processing data about people. We are choosing to stand in solidarity with Muslim Americans, immigrants, and all people whose lives and livelihoods are threatened by the incoming administration’s proposed data collection policies. We refuse to build a database of people based on their Constitutionally-protected religious beliefs. We refuse to facilitate mass deportations of people the government believes to be undesirable.
We have educated ourselves on the history of threats like these, and on the roles that technology and technologists played in carrying them out. We see how IBM collaborated to digitize and streamline the Holocaust, contributing to the deaths of six million Jews and millions of others. We recall the internment of Japanese Americans during the Second World War. We recognize that mass deportations precipitated the very atrocity the word genocide was created to describe: the murder of 1.5 million Armenians in Turkey. We acknowledge that genocides are not merely a relic of the distant past—among others, Tutsi Rwandans and Bosnian Muslims have been victims in our lifetimes.
Today we stand together to say: not on our watch, and never again.
We commit to the following actions:
We refuse to participate in the creation of databases of identifying information for the United States government to target individuals based on race, religion, or national origin.
We will advocate within our organizations:
to minimize the collection and retention of data that would facilitate ethnic or religious targeting.
to scale back existing datasets with unnecessary racial, ethnic, and national origin data.
to responsibly destroy high-risk datasets and backups.
to implement security and privacy best practices, in particular, for end-to-end encryption to be the default wherever possible.
to demand appropriate legal process should the government request that we turn over user data collected by our organization, even in small amounts.
If we discover misuse of data that we consider illegal or unethical in our organizations:
We will work with our colleagues and leaders to correct it.
If we cannot stop these practices, we will exercise our rights and responsibilities to speak out publicly and engage in responsible whistleblowing without endangering users.
If we have the authority to do so, we will use all available legal defenses to stop these practices.
If we do not have such authority, and our organizations force us to engage in such misuse, we will resign from our positions rather than comply.
We will raise awareness and ask critical questions about the responsible and fair use of data and algorithms beyond our organization and our industry.
Don’t Panic, You Can Boot Linux on Apple’s New Devices
▻https://www.omgubuntu.co.uk/2018/11/apple-t2-chip-cant-boot-linux
Does Apple stop Linux from booting on its newly refreshed Mac Mini PC or MacBookAir laptops? That’s the claim currently circling the web’s collective drain, with posts stating that the new T2 ‘secure enclave’ chip Apple has baked in to its new models (to help to beef up device security, encryption, manage touch ID, and ensure the microphone […] This post, Don’t Panic, You Can Boot Linux on Apple’s New Devices, was written by Joey Sneddon and first appeared on OMG! Ubuntu!.
]]>The default #OpenSSH #key #encryption is worse than plaintext
▻https://latacora.micro.blog/2018/08/03/the-default-openssh.html
That’s a fair argument to say that standard password-encrypted keys are about as good as plaintext: the encryption is ineffective. But I made a stronger statement: it’s worse.
How do you fix this? OpenSSH has a new key format that you should use. “New” means 2013. This format uses bcrypt_pbkdf, which is essentially bcrypt with fixed difficulty, operated in a PBKDF2 construction. Conveniently, you always get the new format when generating Ed25519 keys, because the old SSH key format doesn’t support newer key types. That’s a weird argument: you don’t really need your key format to define how Ed25519 serialization works since Ed25519 itself already defines how serialization works. But if that’s how we get good KDFs, that’s not the pedantic hill I want to die on. Hence, one answer is ssh-keygen -t ed25519. If, for compatibility reasons, you need to stick to RSA, you can use ssh-keygen -o. That will produce the new format, even for old key types. You can upgrade existing keys with ssh-keygen -p -o -f PRIVATEKEY . If your keys live on a Yubikey or a smart card, you don’t have this problem either.
]]>#cryptoeconomics is THE revolution !
▻https://hackernoon.com/cryptoeconomics-is-the-revolution-6fd7de8e7da0?source=rss----3a8144eabfe
Most of the mechanisms used in a blockchain network existed before Satoshi’s whitepaper. Peer to peer network, Cryptographic Hashing, Asymmetric key encryption, Merkle Tree, for instance, have been well known for a long time. The true revolution brought about by the Bitcoin in 2009 is cryptoeconomics and it is paramount to understand it if you want to grasp the real value of the blockchain revolution.The purpose of cryptoeconomics is to build strong protocols that will be able to govern and securely develop peer-to-peer decentralized networks.Peer to peer networks exist for some time. “Torrents” for instance, that many people used to share folder online, are peer to peer networks. However, they lake efficiency because members are happy to download content, but have no interests in (...)
#blockchain-technology #cryptography #consensus #cryptocurrency-news
]]>Behind the Messy, Expensive Split Between Facebook and WhatsApp’s Founders
▻https://www.wsj.com/articles/behind-the-messy-expensive-split-between-facebook-and-whatsapps-founders-152820
After a long dispute over how to produce more revenue with ads and data, the messaging app’s creators are walking away leaving about $1.3 billion on the table
By Kirsten Grind and
Deepa Seetharaman
June 5, 2018 10:24 a.m. ET
How ugly was the breakup between Facebook Inc. FB 0.49% and the two founders of WhatsApp, its biggest acquisition? The creators of the popular messaging service are walking away leaving about $1.3 billion on the table.
The expensive exit caps a long-simmering dispute about how to wring more revenue out of WhatsApp, according to people familiar with the matter. Facebook has remained committed to its ad-based business model amid criticism, even as Facebook Chief Executive Mark Zuckerberg has had to defend the company before American and European lawmakers.
The WhatsApp duo of Jan Koum and Brian Acton had persistent disagreements in recent years with Mr. Zuckerberg and Chief Operating Officer Sheryl Sandberg, who grew impatient for a greater return on the company’s 2014 blockbuster $22 billion purchase of the messaging app, according to the people.
Many of the disputes with Facebook involved how to manage data privacy while also making money from WhatsApp’s large user base, including through the targeted ads that WhatsApp’s founders had long opposed. In the past couple of years especially, Mr. Zuckerberg and Ms. Sandberg pushed the WhatsApp founders to be more flexible on those issues and move faster on other plans to generate revenue, the people say.
Once, after Mr. Koum said he “didn’t have enough people” to implement a project, Mr. Zuckerberg dismissed him with, “I have all the people you need,” according to one person familiar with the conversation.
Facebook CEO Mark Zuckerberg testified about privacy issues and the use of user data before a Senate committee in April.
Facebook CEO Mark Zuckerberg testified about privacy issues and the use of user data before a Senate committee in April. Photo: Alex Brandon/Press Pool
WhatsApp was an incongruous fit within Facebook from the beginning. Messrs. Acton and Koum are true believers on privacy issues and have shown disdain for the potential commercial applications of the service.
Facebook, on the other hand, has built a sprawling, lucrative advertising business that shows ads to users based on data gathered about their activities. Mr. Zuckerberg and Ms. Sandberg have touted how an advertising-supported product makes it free for consumers and helps bridge the digital divide.
When Facebook bought WhatsApp, it never publicly addressed how the divergent philosophies would coexist. But Mr. Zuckerberg told stock analysts that he and Mr. Koum agreed that advertising wasn’t the right way to make money from messaging apps. Mr. Zuckerberg also said he promised the co-founders the autonomy to build their own products. The sale to Facebook made the app founders both multibillionaires.
Over time, each side grew frustrated with the other, according to people in both camps. Mr. Koum announced April 30 he would leave, and Mr. Acton resigned last September.
Big Bet
Facebook paid substantially more for WhatsApp than any other deal.
Facebook’s five largest deals*
WhatsApp (2014)
$21.94 billion
Oculus VR (2014)
$2.30 billion
Instagram (2012)
$736 million
Microsoft† (2012)
$550 million
Onavo (2013)
$120 million
*price at close of deal †approximately 615 AOL patents and patent applications
Source: Dealogic
The WhatsApp co-founders didn’t confront Mr. Zuckerberg at their departures about their disagreements over where to take the business, but had concluded they were fighting a losing battle and wanted to preserve their relationship with the Facebook executive, people familiar with the matter said. One person familiar with the relationships described the environment as “very passive-aggressive.”
Small cultural disagreements between the two staffs also popped up, involving issues such as noise around the office and the size of WhatsApp’s desks and bathrooms, that took on greater significance as the split between the parent company and its acquisition persisted.
The discord broke into public view in a March tweet by Mr. Acton. During the height of the Cambridge Analytica controversy, in which the research firm was accused of misusing Facebook user data to aid the Trump campaign, Mr. Acton posted that he planned to delete his Facebook account.
Within Facebook, some executives were surprised to see Mr. Acton publicly bash the company since he didn’t seem to leave on bad terms, according to people familiar with the matter. When Mr. Acton later visited Facebook’s headquarters, David Marcus, an executive who ran Facebook’s other chat app, Messenger, confronted his former colleague. “That was low class,” Mr. Marcus said, according to people familiar with the matter. Mr. Acton shrugged it off. Mr. Marcus declined to comment.
Staff at Facebook headquarters in Menlo Park, Calif. Small cultural disagreements between Facebook and WhatsApp staffs, involving issues such as noise, size of desks and bathrooms, created friction.
Staff at Facebook headquarters in Menlo Park, Calif. Small cultural disagreements between Facebook and WhatsApp staffs, involving issues such as noise, size of desks and bathrooms, created friction. Photo: Kim Kulish/Corbis/Getty Images
The posts also prompted an angry call from Ms. Sandberg to Mr. Koum, who assured her that Mr. Acton didn’t mean any harm, according to a person familiar with the call.
When Mr. Acton departed Facebook, he forfeited about $900 million in potential stock awards, according to people familiar with the matter. Mr. Koum is expected to officially depart in mid-August, in which case he would leave behind more than two million unvested shares worth about $400 million at Facebook’s current stock price. Both men would have received all their remaining shares had they stayed until this November, when their contracts end.
The amount the two executives are leaving in unvested shares hasn’t been reported, nor have the full extent of the details around their disagreements with Facebook over the years.
“Jan has done an amazing job building WhatsApp. He has been a tireless advocate for privacy and encryption,” Mr. Zuckerberg said in May at the company’s developer conference about Mr. Koum’s departure. He added he was proud that Facebook helped WhatsApp launch end-to-end encryption a couple of years after the acquisition.
In many ways, Facebook and WhatsApp couldn’t have been more different. Facebook from its beginning in 2004 leveraged access to user information to sell targeted advertising that would be displayed as people browsed their news feeds. That business model has been hugely successful, driving Facebook’s market value past half a trillion dollars, with advertising accounting for 97% of the firm’s revenue.
A sign in WhatsApp’s offices at Facebook headquarters. Some Facebook employees mocked WhatsApp with chants of ‘Welcome to WhatsApp—Shut up!’
A sign in WhatsApp’s offices at Facebook headquarters. Some Facebook employees mocked WhatsApp with chants of ‘Welcome to WhatsApp—Shut up!’
It is also the antithesis of what WhatsApp professed to stand for. Mr. Koum, a San Jose State University dropout, grew up in Soviet-era Ukraine, where the government could track communication, and talked frequently about his commitment to privacy.
Mr. Koum, 42, and Mr. Acton, 46, became friends while working as engineers at Yahoo Inc., one of the first big tech companies to embrace digital advertising. The experience was jarring for both men, who came to regard display ads as garish, ruining the user experience and allowing advertisers to collect all kinds of data on unsuspecting individuals.
WhatsApp, which launched in 2009, was designed to be simple and secure. Messages were immediately deleted from its servers once sent. It charged some users 99 cents annually after one free year and carried no ads. In a 2012 blog post the co-founders wrote, “We wanted to make something that wasn’t just another ad clearinghouse” and called ads “insults to your intelligence.”
Text MeWorld-wide monthly active users for popularmessaging apps, in billions.Source: the companiesNote: *Across four main markets; iMessage, Google Hangoutsand Signal don’t disclose number of users.
WhatsAppFacebookMessengerWeChatTelegramLine*00.511.52
The men are also close personal friends, bonding over ultimate Frisbee, despite political differences. Mr. Koum, unlike Mr. Acton, has publicly expressed support for Donald Trump.
When Facebook bought WhatsApp in February 2014, the messaging service was growing rapidly and had already amassed 450 million monthly users, making it more popular than Twitter Inc., which had 240 million monthly users at the time and was valued at $30 billion. WhatsApp currently has 1.5 billion users.
The deal still ranks as the largest-ever purchase of a company backed by venture capital, and it was almost 10 times costlier than Facebook’s next most expensive acquisition.
Mr. Zuckerberg assured Messrs. Koum and Acton at the time that he wouldn’t place advertising in the messaging service, according to a person familiar with the matter. Messrs. Koum and Acton also negotiated an unusual clause in their contracts that said if Facebook insisted on making any “additional monetization initiatives” such as advertising in the app, it could give the executives “good reason” to leave and cause an acceleration of stock awards that hadn’t vested, according to a nonpublic portion of the companies’ merger agreement reviewed by The Wall Street Journal. The provision only kicks in if a co-founder is still employed by Facebook when the company launches advertising or another moneymaking strategy.
Mr. Acton initiated the clause in his contract allowing for early vesting of his shares. But Facebook’s legal team threatened a fight, so Mr. Acton, already worth more than $3 billion, left it alone, according to people familiar with the matter.
Some analysts in the tech community said a clash was inevitable. Nate Elliott, principal of Nineteen Insights, a research and advisory firm focused on digital marketing and social media, said the WhatsApp founders are “pretty naive” for believing that Facebook wouldn’t ultimately find some way to make money from the deal, such as with advertising. “Facebook is a business, not a charity,” he said.
At the time of the sale, WhatsApp was profitable with fee revenue, although it is unclear by how much. Facebook doesn’t break out financial information for WhatsApp.
David Marcus, vice president of messaging products for Facebook, spoke during the company’s F8 Developers Conference in San Jose on May 1.
David Marcus, vice president of messaging products for Facebook, spoke during the company’s F8 Developers Conference in San Jose on May 1. Photo: David Paul Morris/Bloomberg News
Facebook’s hands-off stance changed around 2016. WhatsApp topped one billion monthly users, and it had eliminated its 99 cent fee. Facebook told investors it would stop increasing the number of ads in Facebook’s news feed, resulting in slower advertising-revenue growth. This put pressure on Facebook’s other properties—including WhatsApp—to make money.
That August, WhatsApp announced it would start sharing phone numbers and other user data with Facebook, straying from its earlier promise to be built “around the goal of knowing as little about you as possible.”
With Mr. Zuckerberg and Ms. Sandberg pushing to integrate it into the larger company, WhatsApp moved its offices in January 2017 from Mountain View, Calif., to Facebook’s Menlo Park headquarters about 20 minutes away. Facebook tried to make it welcoming, decorating the Building 10 office in WhatsApp’s green color scheme.
WhatsApp’s roughly 200 employees at the time remained mostly segregated from the rest of Facebook. Some of the employees were turned off by Facebook’s campus, a bustling collection of restaurants, ice cream shops and services built to mirror Disneyland.
Some Facebook staffers considered the WhatsApp unit a mystery and sometimes poked fun at it. After WhatsApp employees hung up posters over the walls instructing hallway passersby to “please keep noise to a minimum,” some Facebook employees mocked them with chants of “Welcome to WhatsApp—Shut up!” according to people familiar with the matter.
Some employees even took issue with WhatsApp’s desks, which were a holdover from the Mountain View location and larger than the standard desks in the Facebook offices. WhatsApp also negotiated for nicer bathrooms, with doors that reach the floor. WhatsApp conference rooms were off-limits to other Facebook employees.
“These little ticky-tacky things add up in a company that prides itself on egalitarianism,” said one Facebook employee.
Mr. Koum chafed at the constraints of working at a big company, sometimes quibbling with Mr. Zuckerberg and other executives over small details such as the chairs Facebook wanted WhatsApp to purchase, a person familiar with the matter said.
In response to the pressure from above to make money, Messrs. Koum and Acton proposed several ideas to bring in more revenue. One, known as “re-engagement messaging,” would let advertisers contact only users who had already been their customers. Last year, WhatsApp said it would charge companies for some future features that connect them with customers over the app.
None of the proposals were as lucrative as Facebook’s ad-based model. “Well, that doesn’t scale,” Ms. Sandberg told the WhatsApp executives of their proposals, according to a person familiar with the matter. Ms. Sandberg wanted the WhatsApp leadership to pursue advertising alongside other revenue models, another person familiar with her thinking said.
Ms. Sandberg, 48, and Mr. Zuckerberg, 34, frequently brought up their purchase of the photo-streaming app Instagram as a way to persuade Messrs. Koum and Acton to allow advertising into WhatsApp. Facebook in 2012 purchased Instagram, and the app’s founders initially tried their own advertising platform rather than Facebook’s. When Instagram fell short of its revenue targets in its first few quarters, Facebook leadership pushed the founders to adopt its targeted advertising model, and the transition was relatively seamless, according to current and former employees. Today, analysts estimate that Instagram is a key driver of Facebook’s revenue, and its founders, Kevin Systrom and Mike Krieger, remain with the company. The men didn’t respond to requests for comment.
“It worked for Instagram,” Ms. Sandberg told the WhatsApp executives on at least one occasion, according to one person familiar with the matter.
Attendees used Oculus Go VR headsets during Facebook’s F8 Developers Conference.
Attendees used Oculus Go VR headsets during Facebook’s F8 Developers Conference. Photo: Justin Sullivan/Getty Images
Other high-profile acquisitions such as developer platform Parse, ad tech platform LiveRail and virtual-reality company Oculus VR have fallen short of expectations, people familiar with those deals say.
The senior Facebook executives appeared to grow frustrated by the WhatsApp duo’s reasons to delay plans that would help monetize the service. Mr. Zuckerberg wanted WhatsApp executives to add more “special features” to the app, whereas Messrs. Koum and Acton liked its original simplicity.
Mr. Zuckerberg and Ms. Sandberg also wanted Messrs. Koum and Acton to loosen their stance on encryption to allow more “business flexibility,” according to one person familiar with the matter. One idea was to create a special channel between companies and users on WhatsApp to deal with issues such as customer-service requests, people familiar with the matter said. That setup would let companies appoint employees or bots to field inquiries from users and potentially store those messages in a decrypted state later on.
Last summer, Facebook executives discussed plans to start placing ads in WhatsApp’s “Status” feature, which allows users to post photo- and video-montages that last 24 hours. Similar features exist across Facebook’s services, including on Instagram, but WhatsApp’s version is now the most popular with 450 million users as of May.
Mr. Acton—described by one former WhatsApp employee as the “moral compass” of the team—decided to leave as the discussions to place ads in Status picked up. Mr. Koum, who also sat on Facebook’s board, tried to persuade him to stay longer.
Mr. Koum remained another eight months, before announcing in a Facebook post that he is “taking some time off to do things I enjoy outside of technology, such as collecting rare air-cooled Porsches, working on my cars and playing ultimate Frisbee.” Mr. Koum is worth about $9 billion, according to Forbes.
The next day, Mr. Koum said goodbye to WhatsApp and Facebook employees at an all-hands meeting in Menlo Park. An employee asked him about WhatsApp’s plans for advertising.
Mr. Koum responded by first alluding to his well-documented antipathy for ads, according to people familiar with his remarks. But Mr. Koum added that if ads were to happen, placing them in Status would be the least intrusive way of doing so, according to the people.
Some people who heard the remarks interpreted them as Mr. Koum saying he had made peace with the idea of advertising in WhatsApp.
In his absence, WhatsApp will be run by Chris Daniels, a longtime Facebook executive who is tasked with finding a business model that brings in revenue at a level to justify the app’s purchase price, without damaging the features that make it so popular.
Among WhatsApp’s competitors is Signal, an encrypted messaging app run by a nonprofit called the Signal Foundation and dedicated to secure communication, with strict privacy controls and without advertising. Mr. Acton donated $50 million to fund the foundation and serves as its executive chairman.
Corrections & Amplifications
Facebook Messenger has 1.3 billion monthly users. An earlier version of a chart in this article incorrectly said it had 2.13 billion users. (June 5, 2018)
Write to Kirsten Grind at kirsten.grind@wsj.com and Deepa Seetharaman at Deepa.Seetharaman@wsj.com
]]>#cryptography + Malware = #ransomware
▻https://hackernoon.com/cryptography-malware-ransomware-36a8ae9eb0b9?source=rss----3a8144eabfe3-
Cybersecurity must deal with RansomwareWhen you combine cryptography with malware, you get a very dangerous mix of problems. This is a type of computer virus that goes by another name, “ransomware”. This type of virus is part of a field of study called “cryptovirology”. Through the use of techniques called phishing, a threat actor sends the ransomware file to an unknowing victim. If the file is opened it will execute the virus payload, which is malicious code. The ransomware runs the code that encrypts user data on the infected computer or host. The data are user files like documents, spreadsheets, photos, multimedia files and even confidential records. The ransomware targets your personal computer files and applies an encryption algorithm like RSA which makes the file unaccessible. The (...)
]]>Does #vpn Slow Down Internet?
▻https://hackernoon.com/does-vpn-slow-down-internet-4ba14ae60e3?source=rss----3a8144eabfe3---4
VPN is a technology that is used for #security; however, it degrades the speed of the internet to a certain level. But with some VPNs, you have to face high fluctuation of speed which occurs mostly with the inefficient VPN service or sometimes on the reputable VPN services too.It is worth noting that the legitimate VPN providers will generally give you an adequate speed with a slight reduction, mostly 5% to 6% of the regular internet speed. This reduction in speed is due to the encryption process of your internet data which a VPN implements to make everything safe and secure. Yet, there are various causes of speed reduction when there is a major drop down.There is not a pinpoint answer to the question that, does VPN slow down internet speed. But yes, there are probably factors which (...)
]]>French goverment will use Matrix Riot to replace Whatsapp (http://w...
▻https://diasp.eu/p/7172792
French goverment will use Matrix Riot to replace Whatsapp
According to a recent report, the French government is currently developing an end-to-end encrypted alternative to WhatsApp and Telegram that its officials could use without worrying about foreign spying. Although the French government’s spokesperson said that the government’s app will be ...
[ #privacy #surveillance #encryption #chat #messenger #matrix #riot ]
]]>Attention PGP Users : New Vulnerabilities Require You To Take Action Now | Electronic Frontier Foundation
▻https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now
A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.
The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific). In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication.
Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.
]]>Managing #encryption Keys With #aws KMS In Node.js
▻https://hackernoon.com/managing-encryption-keys-with-aws-kms-in-node-js-c320c860019a?source=rss
itsgoingdown.orgSecurity is very important when developing applications. How do you encrypt data and manage encryption keys in your application? Successful key management is critical to the #security of a cryptosystem. This is where KMS’s come into play. Let’s first see what a KMS really is.Key Management System (KMS)According to Wikipedia,A key management system (KMS), also known as a crytographic key management system (CKMS), is an integrated approach for generating, distributing and managing cryptographic keys for devices and applications. Compared to the term key management, a KMS is tailored to specific use-cases such as secure software update or machine-to-machine communication. In an holistic approach, it covers all aspects of security — from the secure generation of keys over the (...)
]]>There is no middle ground on encryption (►https://rationalreview.com...
▻https://diasp.eu/p/7112268
There is no middle ground on encryption
Source: Electronic Frontier Foundation by David Ruiz
“Encryption is back in the headlines again, with government officials insisting that they still need to compromise our security via a backdoor for law enforcement. Opponents of encryption imagine that there is a ‘middle ground’ approach that allows for strong encryption but with ‘exceptional access’ for law enforcement. Government officials claim that technology companies are creating a world where people can commit crimes without fear of detection. Despite this renewed rhetoric, most experts continue to agree that exceptional access, no matter how you implement it, weakens security. The terminology might have changed, but the essential question has not: should technology companies be forced to (...)
]]>WhatsApp founder plans to leave after broad clashes with parent Facebook
▻https://www.washingtonpost.com/business/economy/whatsapp-founder-plans-to-leave-after-broad-clashes-with-parent-facebook/2018/04/30/49448dd2-4ca9-11e8-84a0-458a1aa9ac0a_story.html
The billionaire chief executive of WhatsApp, Jan Koum, is planning to leave the company after clashing with its parent, Facebook, over the popular messaging service’s strategy and Facebook’s attempts to use its personal data and weaken its encryption, according to people familiar with internal discussions. Koum, who sold WhatsApp to Facebook for more than $19 billion in 2014, also plans to step down from Facebook’s board of directors, according to these people. The date of his departure isn’t (...)
]]>What does #privacy mean on a public blockchain?
▻https://hackernoon.com/what-does-privacy-mean-on-a-public-blockchain-1243776df22f?source=rss---
Strict new laws have come into effect for organisations dealing with personal data. What does that mean for businesses that store information on transparent, open and permanent ledgers?News of Cambridge Analytica’s misappropriation of data from some 87 million Facebook users has brought the issue of data protection squarely back into the spotlight. For years, consumers have effectively traded personal data for online services: data is considered the ‘oil’ of the internet, and the users of social networks, e-commerce platforms and almost every other free service have upheld this tacit bargain.In the last few weeks, we have seen where this leads — where, in fact, it was always and inevitably going to lead. It has become abundantly clear what the price of our personal data might be: freedom and (...)
]]>Chinese Government Forces Residents To Install Surveillance App With Awful Security
▻https://motherboard.vice.com/en_us/article/ne94dg/jingwang-app-no-encryption-china-force-install-urumqi-xinjiang
Last year, authorities told residents of a Muslim-populated part of China to install JingWang, an app that scans for certain files. Now, researchers have found it transfers the collected data with no encryption. In Xinjiang, a part of western China that a Muslim minority population calls home, the government forces residents to install an Android app that scans devices for particular files. Now, cybersecurity researchers have found that the so-called JingWang app has horrendous security (...)
#Jingwang/CleanWebGuard #Islam #surveillance #spyware #hacking
]]>Encryption helps protect the privacy of people you communicate with...
▻https://diasp.eu/p/6971840
Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn how with our Email Self Defense guide: ▻https://u.fsf.org/1df
]]>Subverting Backdoored Encryption (▻https://www.schneier.com/blog/arc...
▻https://diasp.eu/p/6966288
Subverting Backdoored Encryption | #steganography #backdoor #encryption #resilience
]]>