73
submitted 10 months ago by clot27@lemm.ee to c/privacy@lemmy.ml
top 22 comments
sorted by: hot top controversial new old
[-] nachtigall@feddit.de 58 points 10 months ago

When someone sends a message to another WhatsApp user, their device creates a different session key for each device the receiver is using, thus telling the sender how many devices the receiver is using.

So like any other service using the Signal protocol, or am I wrong?

[-] technologicalcaveman@kbin.social 32 points 10 months ago

I knew my brother got a new phone because signal told me their usual device had changed.

[-] Anticorp@lemmy.world 5 points 10 months ago

What are some good reasons for this? My initial thought is that it's intrusive and violates a user's privacy.

[-] technologicalcaveman@kbin.social 15 points 10 months ago

Well, I knew my brother was getting a new phone soon anyways so getting notified his device changed wasn't a surprise. Otherwise, getting notified hia device changed without that knowledge may have triggered me to contact him elsewhere to ask if he did. Signal is mostly going to be conversations between close/trusted individuals. It doesn't tell you what they changed to, the message basically tells you that if this person didn't legitimately change devices then it might be a bad actor.

[-] Anticorp@lemmy.world 3 points 10 months ago

Oh, so it's not like "person is on their computer" or "person is on their iPhone"? That's what I was imagining and that can obviously be problematic, since some devices would be location bound, and you might not want someone to know your location. Also if it identifies your device, then it's another avenue for bullying (apparently kids get bullied for not having iPhones) and some potential security risks.

[-] Redredme@lemmy.world 37 points 10 months ago

In other news, water is wet. I only see FUD here.

[-] ErKaf@feddit.de 13 points 10 months ago

Water is actually not wet. It only makes other materials/objects wet. Wetness is the ability of a liquid to adhere to the surface of a solid. So if you say something is wet we mean the liquid is sticking to the surface of the object

[-] ErKaf@feddit.de 7 points 10 months ago

Where is the good old water is not wet bot from reddit times when we need him.

[-] nachtigall@feddit.de 4 points 10 months ago

Be the change you want to see!

[-] ErKaf@feddit.de 2 points 10 months ago

Sadly the people here dont seem to know this copy pasta. I got downvotes.

[-] BearOfaTime@lemm.ee 0 points 10 months ago

You forgot either quotes around the whole thing, a reference, or "/s"

[-] ErKaf@feddit.de 0 points 10 months ago

Thats not how copy pastas work

[-] Neon@lemmy.world 4 points 10 months ago

Yes, but what about wet ice?

That's wet Water as well.

[-] ErKaf@feddit.de 0 points 10 months ago* (last edited 10 months ago)

Yes true. Ice is an non liquid object. So if you have a thin layer of still liquid water on the ice then the Ice is wet.

[-] sneezycat@sopuli.xyz 3 points 10 months ago

Water sticks to itself, that's why we have surface tension, so I'd say water is indeed wet.

[-] UnfortunateShort@lemmy.world 7 points 10 months ago

Jokes on you, I don't

[-] autotldr 7 points 10 months ago

This is the best summary I could come up with:


Tal Be’ery, the co-founder and CTO of crypto wallet maker ZenGo, found that it’s possible to determine whether a user on WhatsApp is using more than just the mobile app.

Be’ery demonstrated and proved his findings in tests performed with WhatsApp numbers controlled by TechCrunch.

“[It] could be useful for information gathering and plotting an attack,” Runa Sandvik, a digital security expert, told TechCrunch, referring to how hackers could figure out that their target is using WhatsApp on a desktop, which is generally an easier target to compromise than a mobile phone.

“It at least tells you more about the devices they use and how ‘accessible’ their WhatsApp setup may be,” said Sandivk, who is the founder of Granitt, a startup that aims to train at-risk people like journalists, activists, and politicians.

Meta’s spokesperson Zade Alsawah told TechCrunch that the company received Be’ery’s research and concluded that the app’s current design “is what users want and expect.”

Anyone can find out this kind of information by using WhatsApp on the web and inspecting traffic with a browser’s developer tool, Be’ery explained.


The original article contains 533 words, the summary contains 181 words. Saved 66%. I'm a bot and I'm open source!

[-] RedWizard@lemmygrad.ml 5 points 10 months ago
[-] FriendBesto@lemmy.ml 0 points 10 months ago

It means you have even less privacy than the already abysmal notion that you thought you had.

Or,

That Whatsapp users are an even bigger set of Meta's removed. 'Cause they are just raping yet another previously unknown data point.

[-] RedWizard@lemmygrad.ml 0 points 10 months ago* (last edited 10 months ago)

This isn't new, interesting or noval information. If you run whats app from the desktop app or from web.WhatsApp.com on you're browser on a PC then no shit they know your on your PC

Why does it matter if the people I'm chatting with know if in onnmy PC?

[-] FriendBesto@lemmy.ml 0 points 9 months ago

I see the issue. The issue is that you seemingly did not bother to read the link. Since that is not what is being discussed. It is not that you cannot tell whether someone is using a PC or a phone, but rather which PC or phone or peripheral you are using if you have number of them. Your point has literally nothing to do with the post.

"Be’ery wrote in his blog post explaining the data leak that it is a consequence of the way WhatsApp is designed: When someone sends a message to another WhatsApp user, their device creates a different session key for each device the receiver is using, thus telling the sender how many devices the receiver is using."

[-] ArcaneSlime@lemmy.dbzer0.com 1 points 10 months ago

This is a security feature to let you know that the sender may be an imposter, right? Like matrix's verified sessions, if my friend gets a new phone or pc it's unverified and I have to verify the new session through another means, like in person or phone.

this post was submitted on 17 Jan 2024
73 points (86.1% liked)

Privacy

31992 readers
469 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS