WhatsApp leaks private information to advertisers

WhatsApp communication are end-to-end encrypted, right?

>Well, yes, but it still leaks confidential information. Here's an interesting story that happened to me this morning...

>This morning, I was chatting with my friend @morrisonbrett on WhatsApp about laptops. He was telling me how he was excited about the new Dell he bought, and I told him how much I liked the one I got recently.

>Anyway, just some random chatting as friends do, not anyone else's business, especially advertisers, which is why that conversation was had on WhatsApp, given that it's encrypted. Right? Right?

>Well, think again. Almost immediately after that, I started getting exclusively Dell XPS ads on YouTube. WTAFF? How is that possible? Also, why would the Facebook-owned, fully encrypted app give confidential information to the competition?

>Here's how... My friend had included a YouTube search link for reviews of the model he had ordered. Note that I did not even click on the link. All I "did" was receive it. And just like that, my friend had successfully, albeit involuntarily hacked my YouTube account.

>More specifically, what happened is that WhatsApp rendered a rich preview of the link in my chat feed. That required that a request went out to YouTube with enough information for them to know it was me, and to proceed to use that leaked data to serve "relevant ads" to me.

>Conclusion: WhatsApp, despite being end-to-end encrypted, still leaks private information by making non-sandboxed queries to external web sites. It should not do that.

>Any external queries from the WhatsApp client needs to be strictly sandboxed and anonymized. Otherwise, its privacy claims are a joke.

threader.app/thread/1127281591112196096

Attached: index.png (300x168, 2K)

Other urls found in this thread:

en.wikipedia.org/wiki/Signalling_System_No._7#Protocol_security_vulnerabilities
kaspersky.com/blog/ss7-hacked/25529/
twitter.com/SFWRedditVideos

>botnet app does botnet shit
no shit sherlock

>facebook app leaks confidential information

it's usually actually scarier than that.
rather than 'listening' to you the behavioural prediction algorithm predicts ahead of time what you will be speaking to your friends about based on similar behavior from similar humans.
Not fucking rocket science if you had just got a new Dell yourself fuckface, your recent online behaviour will make that more obvious than your bait shitpost...

also your conclusion is bullshit and you are shit.
> non-sandboxed queries to external websites
do you even listen to yourself or do you just watch CSI bullshit and spout fake 'techspeak' - bet you use that dell to 'hack' dont you numbnuts...

What's much more likely is that the guy is using a botnet keyboard for Android.
>required that a request went out to YouTube with enough information for them to know it was me
It's literally the same as taking a video url and typing it into a browser. It parses the HTML it receives as a response to generate the link preview.
I fail to see how this is leaking private information. If you are sending and YouTube video to someone, chances are you already opened that link in your web browser. There's no loss of privacy for the receiving person, as the preview is part of the message and doesn't need to be created again in their side.

Attached: 1537753256110.jpg (2893x4092, 971K)

What operating system and hardware did you use?

Hm getting a YouTube video thumbnail and title isn't a huge deal, it should be really simple, without the need to get information from the user.
It's probably from Gboard.

How is it not yet commonly accepted to not use closed-source messengers (or Open source, non E2E Encrypted messengers) on Jow Forums, of all places.

Just use Signal, for Christ's sake. I genuinely don't get how it isn't as common on Android as iMessage is on iOS.

This was known for ages, fuck off op.

Cuz nobody's entire friend group is gonna do that. WhatsApp just werks

>Downloading something from a server lets that server know I downloaded if from them

Attached: 1556453278517.png (800x480, 208K)

So does Signal.

have those reditors ever considered what gooooogle's voice recognition really is for

I have gotten all but one of my IRL friends and family to switch to signal, at least when they communicate with me.

I am using Whatsapp on a device with no GAPPS installed and never ever have I experienced something like this. Then again, I don't have a Facebook account and use adblockers everywhere. Then again, who the fuck uses Whatsapp for confidential information anyways (all my good friends use Signal, WA is just to stay in touch with tech-illiterate family members)

Attached: DCT14.jpg (2560x1440, 2.54M)

The majority of users already have their full data backups on Google Drive or whatever. And of course it's not client-side encrypted. If you don't treat WhatsApp as a public conversation channel for speaking to clueless normies, you're retarded.

I set up literally everyone I know with Signal as their default messenger if they have an android. Most people actually appreciate the boost in call quality when using the app. "Sounds like you're in the room with me."

I use an iPhone not because I enjoy them, but simply so I can use FaceTime Audio with the fucks that insist on sticking with iOS, while still using Signal for Android. Sucks that I have to go to the library to do encrypted backups, though (because fuck iCloud).

Yup. btw brb, disabling automatic embedding of YT links.

No one uses Signal. For example, in my country WhatsApp is the default means of communication (aside from Snapchat etc.)

Who do you literally know besides your mum?

does anyone need my messeges for mother?

Congratulations. It is tough trying to persuade normalfags to try new apps or software. People are unbelievably lazy nowadays, in addition to having extremely short attention spans.

And I care why? I have several friends over in Europe. Every last one of them has Signal installed for me. It's not a resource-intensive app, so it's no skin off their nose to use it.

You keep using your proprietary closed source messenger app, despite the fact that the people who created WhatsApp have gone on record saying you should ditch everything facebook touches.

Every one of my 12 coworkers, for starters. I've also got all of my non-iOS using friends to join.

My parents are actually holdouts, as they think using Signal gets them an increase in spam.

...

I literally set it up for them. I ask for their phone, and do all the legwork for them, and make it their default messenger. So long as they can keep getting texts from people who don't use it, they don't care, as it shuts up their tinfoiler friend.

The squeaky wheel always gets greased first. Both the political left and the political right have taught me that.

Holy shit! I'm scared now, bro's. Also pretty suspicious. I'm sure it's unlikely but it feels like FB is selling their data too, what do you think?

So? Who cares? As long as they don't leak out all the sex talk I have with my harem of girls I do not care.

Just because you don't care doesn't mean they don't care about you.

Is this you?

Attached: 683BBE60C5B64A1C9051BEDB9EF31B4D.gif (640x480, 1.26M)

They can't do shit about it lol, they'd get fucked in the ass and go down permanently if they leaked private convos just like that.

daily reminder signal takes ~a minute to send a message to a groupchat with ~10 people

riot key verification makes you click hundreds of buttons when you add a new device to a groupchat with ~10 people

other matrix clients don't do e2e

wire notifications are broken and has a space-wasting UI

xmpp only sends messages to one of your devices and has bad UX (especially with otr)

rocket.chat's mobile client doesn't do e2e

tox doesn't have multi-client sync

whatsapp is the only usable e2e messenger

>botnet doing botnet things
wow

>receive google link
>load preview from google servers
>receive targeted google adsense ads on google's video platform Youtube
>"Facebook somehow hacked my whatsapp"
Really makes you think

>Dev at Microsoft / Xamarin. Orchard CMS founder. Entered the US with a H1B, won Diversity Visa lottery, then became citizen. Opinions expressed here are my own.
Hmmmmmmm

That's not proof tho...how do you know you wouldn't have gotten a Dell ad if you hadn't talked about the laptop? You could have received the same ad but ignored it since you weren't thinking of Dell

who cares?

have sex ya virgins

imagine thinking for a split second that an app owned by facebook respects privacy?! my fucking sides are in orbit heading toward the space station at the speed of light
this wouldn't happen at all, ever, if people weren't such fucking retards and used ad blockers and noscript. not using cancer owned by facebook is helpful too.
> use signal! *
> * requires a phone number
get fucked. any private messaging service that needs a phone number is NOT private and the SMS codes sent via various apps can be intercepted via the phone network due to the frightening inherent weaknesses of SS7 network used by phone companies around the globe to route messages and calls.

real secure using apps that send messages via sms. lmao. i thought you faggots here had at least a basic understanding of telecommunications systems? looks like i was fucking dead wrong about that.

en.wikipedia.org/wiki/Signalling_System_No._7#Protocol_security_vulnerabilities
kaspersky.com/blog/ss7-hacked/25529/

enjoy your false sense of security, faggots.. because it's all an illusion.

>> use signal! *
>> * requires a phone number
>get fucked. any private messaging service that needs a phone number is NOT private and the SMS codes sent via various apps can be intercepted via the phone network due to the frightening inherent weaknesses of SS7 network used by phone companies around the globe to route messages and calls.
This...

I just don't even talk to people anymore.

That's why I use Privacy Badger.

>Parents, Brother
>Have 100% tracking
>For brother, even more accurate as he uses Vivaldi (obscure) and Android and consumed in the Google ecosystem (sans Chrome)

>Me
>Firefox/FreeBSD with Privacy Badger
>Trackers are hard to attach to me
>Still uses Android, but uses LineageOS with Privacy Guard enabled (still GApps), and avoids Chrome, Google Drive and official Gmail client

I just want my internship to let me not have to use the official Gmail client

>That's why I use Privacy Badger.

Attached: 1556666730995.png (245x252, 90K)

>Dev at Microsoft / Xamarin. Orchard CMS founder. Entered the US with a H1B, won Diversity Visa lottery, then became citizen.

So this post confirms that this retard, that's a Dev at Microsoft and other crap, is a fucking moron. Everyone and their grandma knows that anything you do on any app/service related to Facebook will leak shit. The same goes if you search shit on Google and you start getting Google ads related to your search.
Why is this even news, thread worthy or a surprise to anyone living in 2019?
And I want to add, how come a fucking retard with no common sense like that got a degree, citizenship, and a job at a big company wasn't the actual news worthy piece of information?
We are living in dark times, not because of the corporations taken over our private lives but because we are handing free jobs and degrees to fucking dolts that could do more for our society flipping burgers than being mistaken as a capable person.

Attached: miserable_fuck.gif (600x366, 822K)

It's a combo of things, Whatsapp "leaks" shit more effectively if the Facebook app is installed for example. The same goes for the Instagram app.