WhatsApp adds fingerprint lock for Android to stop friends sneaking a look at your private messages - Daily Mail

WhatsApp adds fingerprint lock for Android to stop friends sneaking a look at your private messages - Daily Mail

WhatsApp adds fingerprint lock for Android to stop friends sneaking a look at your private messages - Daily Mail

Posted: 31 Oct 2019 07:51 AM PDT

WhatsApp is introducing a new feature for Android users – a fingerprint lock that will prevent your friends and family from sneaking a look at your private messages when you leave the room.  

If Android users choose to enable the new feature on their phone, then anyone attempting to open WhatsApp will be required to scan their fingerprint before they can read the messages stored in the app. 

A similar feature was introduced on WhatsApp for iOS earlier this year, giving iPhone users the ability to protect their messages using either the phone's fingerprint reader (Touch ID) or Apple's facial recognition system (Face ID).

However, this is the first time the feature will be available on Android devices, providing an 'extra layer of security' for WhatsApp users who own devices running Google's software. 

WhatsApp users who enable the feature will have to authenticate their identity using the fingerprint reader on their Android smartphone

WhatsApp users who enable the feature will have to authenticate their identity using the fingerprint reader on their Android smartphone

Users of WhatsApp for Android can enable the new feature by opening the WhatApp app and going to Settings > Account > Privacy > Fingerprint lock. 

Here they can turn on the 'Unlock with fingerprint' feature, and choose whether the lock activates immediately, after one minute, or after 30 minutes.

As well as preventing nosy friends from reading your private messages, the new feature could potentially make it harder for police, intelligence and other law enforcement agencies to read messages sent by criminals and terrorists.

The app has already been criticised in the past for its 'unbreakable' end-to-end encryption system, meaning only people in conversations can see their contents.

The app has already been criticised for its unbreakable end-to-end encryption system, meaning only the user can see the content (file photo)

 The app has already been criticised for its unbreakable end-to-end encryption system, meaning only the user can see the content (file photo)

The security system blocks governments and law enforcement from intercepting messages from people who might be using the platform for illegal activities.

Last year, WhatsApp admitted that its encryption software could be abused by criminals and terrorists.  

This followed revelations that security services were powerless to access Westminster attacker Khalid Masood's messages after his death in 2017.

The then-Home secretary Amber Rudd vowed to 'call time' on internet firms who give terrorists 'a place to hide'.

'We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don't provide a secret place for terrorists to communicate with each other,' Ms Rudd told BBC's Andrew Marr shortly after the attack, in which five people were killed.

The new print authentication could now make it even harder for security services to access encrypted communications from possible criminals.

HOW CAN USERS DOWNLOAD THEIR WHATSAPP REPORT?

After updating its privacy settings in line with GDPR, WhatsApp is added a feature to increase transparency for its users.

Called 'Request Account Info', this feature enables WhatsApp users to download their account information.

It allows people to access all the data that WhatsApp has on them.

This information is stored on WhatsApp's servers and includes information such as profile photos and even names of group chats.

Other information includes the make and model of the device they used, their contacts and any blocked numbers.

It is important to note that the report will not contain any messages, although that option is also available through a separate feature.    

How to request a report

  1. Go to WhatsApp Settings
  2. Select the Account option 
  3. Press the new option that says 'request account info'
  4. Tap Request report
  5. The screen will update to Request sent

WhatsApp claims the report will be available approximately 3 days after the date requested.

Once the report has been created and is ready, users will be able to download it.

How to download the report

  1. Go to WhatsApp Settings 
  2. Click on Account 
  3. Select the 'request account info' button 
  4. Download report. 

A ZIP file will then be downloaded to the device and will include an HTML file.

Once successfully downloaded, WhatsApp users will be able to export their report.

Everything You Need To Know About DNS Encryption – And Why Google May Not Be Doing Evil - AdExchanger

Posted: 08 Oct 2019 12:00 AM PDT

Google's Chrome and Mozilla's Firefox are both separately advocating the move to a new encrypted internet protocol called DNS over HTTPS aimed at improving cybersecurity on the web.

But internet service providers (ISPs) are up in arms, and Congress is dubious of the motivation, at least in Google's case.

What's going on and what does it mean for ISPs?

The internet's (insecure) phonebook

Taking a step back, an internet protocol is an agreed-upon set of rules that allows data to be transferred from one computer to another over the internet, hence the term "IP address."

One of the oldest and most widely used protocols on the internet is called DNS, which stands for domain name system, and is how a human-readable domain is entered into a browser and connected to a numerical IP address. Think of it is as the internet's phone book.

Unencrypted DNS has been in use for decades and it's an entrenched part of how the internet functions, but there's a problem: "It's wildly insecure," said David Holmes, a senior analyst at Forrester focused on cybersecurity.

The DNS protocol is particularly vulnerable to distributed denial of service attacks, for example. Among other things, bad actors have also been known to take advantage of DNS to typosquat, which is the practice of registering URLs for common misspellings of popular domains usually for the purpose of redirecting traffic to phishing sites.

And because DNS queries are rarely encrypted, ISPs can track the browsing habits of their subscribers, including which sites people visit and how long they spend there.

And ISPs can monetize this information primarily by selling it to advertisers looking to serve personalized ads.

"ISPs also know your IP address, of course, because they're the one that issued it to you," said Gregg Siegfried, a research director on Gartner's cloud and IT operations team.

The move to DNS over HTTPS

What Google and Mozilla are proposing is to start encrypting DNS requests, aka, DNS over HTTPS (also known as DoH), although their approaches are slightly different.

For Mozilla, DNS over HTTPS is the default in Firefox as of September and all requests are automatically routed through web infrastructure company Cloudflare, which supports the encrypted DNS protocol.

Chrome, which plans to start testing the encrypted protocol this month, is taking a less nuclear option by keeping the DNS provider as is and only upgrading to DNS over HTTPS if that provider offers it.

If there's an error or some other issue with a DNS over HTTPS lookup, both Chrome and Firefox will fall back to regular DNS so as not to disrupt the user experience.

ISPs in an uproar

In theory, DNS over HTTPS will stop ISPs from knowing what sites someone is browsing.

ISPs are worried they'll be cut off from their "traditional middleman position between the browser and the end DNS server," said Hugo Loriot, US managing director of You & Mr Jones-owned data agency fifty-five.

Although Google's DoH GitHub documentation makes no mention of ISPs or tracking, "depriving ISPs from data about what website subscribers are visiting has a lot to do with tracking," Loriot said.

But ISPs are cloaking their displeasure with other complaints.

For example, ISPs are fearful that if they lose visibility into what people are querying on the internet, they won't be able to filter or block problematic or objectionable sites, like pedophilia.

There are also antitrust concerns. According to The Wall Street Journal, a coalition of ISPs and telecom trade groups griped in a Sept. 19 letter to lawmakers that there could be a competition issue if Chrome and/or Android moves to DNS over HTTPS, because Google would then be able to leverage Chrome's outsize market share to become the internet's main DNS lookup provider and get even more access to user data across networks.

The Journal also reports that the House Judiciary Committee, which is running its own antitrust investigation into big tech platforms, sent a request to Google in mid-September for more information on how data is collected through the new protocol and whether it'll be used for commercial purposes.

For its part, Google claims it has no intention to force users onto its own DNS encrypted servers, and that moving to DNS over HTTPS is a long overdue shoring up of DNS-related security flaws.

Reality check

It's easy to raise a suspicious eyebrow when Google professes to have no ulterior motives behind its actions.

"Putting Firefox aside, a cynic would say that a move to DoH means Google is the only company who's going to know about people's surfing habits," said Forrester's Holmes.

But Google doesn't actually need another source for that data – it already has access to all your browsing info through Chrome, Holmes said. The fear, then, is that Google would attempt to deny that data to other parties, like ISPs. "You could think of it as a competition issue at that point," he said.

Yet, the move toward encryption is a positive thing, and that Google and Mozilla actually agree on something "appears to speak to the fact that this really is about privacy and protecting users," Holmes said.

It's also important to separate the policy from the mechanism, said Gartner's Siegfried. "The more you encrypt the internet the better, and I think ISPs share that perspective," he said. "What they don't want is the policy, because there are so few DNS over HTTPS servers out there right now."

Once the standards get more established and ISPs have their own DoH servers in place, "there will be less of an outcry," Siegfried said.

But in terms of ISPs looking to monetize their data at all, the writing might be on the wall regardless of what policies Chrome or Firefox institute.

The Federal Trade Commission is starting to look into the privacy and data collection practices of advertising subsidiaries owned by broadband companies, such as Oath (now Verizon Media) and AppNexus.

It's not a full-blown investigation, more of an early-stage fact-finding exercise – but it does speak to growing scrutiny of how ISPs collect, use and share data.
-

Comments

Post a Comment

Popular Posts

Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET

Image
Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET Posted: 19 Feb 2021 04:00 AM PST Brent Lewin/Bloomberg/Getty Images If your choice of encrypted messaging app is a toss-up between Signal , Telegram and WhatsApp , do not waste your time with anything but Signal. This isn't about which has cuter features, more bells and whistles or is most convenient to use -- this is about pure privacy . If that's what you're after, nothing beats Signal. By now you probably already know what happened. On Jan. 7, in a tweet heard 'round the world, tech mogul Elon Musk continued his feud with Facebook by advocating people drop its WhatsApp messenger and use Signal instead. Twitter CEO Jack Dorsey retweeted his call. Around the same time, right-wing social network Parler went dark following the Capito
Read more

VPN browser extensions: Why you shouldn't use then - Tech Advisor

VPN browser extensions: Why you shouldn't use then - Tech Advisor VPN browser extensions: Why you shouldn't use then - Tech Advisor Google Fi calls between Android subscribers will soon be end-to-end encrypted - 9to5Google How to encrypt your computer (and why you should) - Mashable How to encrypt and decrypt a folder on Android with SSE Universal Encryption - TechRepublic 4 ways to send encrypted messages on Android - TechRepublic WhatsApp “end-to-end encrypted” messages aren’t that private after all - Ars Technica ciphertext feedback (CFB) - TechTarget What Is the Windows Encrypting File System (EFS) and How Do You Enable or Disable It? - MUO - MakeUseOf Encrypting your online life is important - Telangana Today Keeper Password Manager Review – Forbes Advisor - Forbes [Update: Screenshot] Google Messages preparing end-to-end encryption for RCS messages - 9to5Google The iOS 15 priva
Read more

Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com

Image
Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com Posted: 11 Mar 2021 12:00 AM PST Cybercrime , Encryption & Key Management , Endpoint Security Investigators Report Recently 'Unlocking' 170,000 Users' 3 Million Daily Messages Mathew J. Schwartz ( euroinfosec ) • March 11, 2021     Source: Sky ECC website Police say they have disrupted Sky ECC, a global encrypted communications network allegedly used by numerous criminals to plan their operations. See Also: Live Webinar | The Role of Passwords in the Hybrid Workforce Law enforcement authorities say Sky's cryptophone service, which includes both infrastructure and apps, is run from the United States and Canada, using infrastructure and private servers based in Europe as well as the service's own SIM cards. Sky ECC devices are available via vari
Read more