Facebook has been ordered to stop collecting data on Whatsapp

11

October

2016

No ratings yet.

Germany has ordered Facebook to stop collecting and storing data on Whatsapp-users in their country. This is unusual, since it’s the first challenger that confronted the controversial data-sharing scheme that Facebook has announced in August. In a statement published a couple of weeks ago, Germany said that sharing WhatsApp user data with Facebook constitutes an infringement of the ”national data protection law”. Germany’s regulators are also forcing Facebook to delete all data that has been transferred from Whatsapp.

Jan Koum assured users that their privacy would not be compromised. This statement has been closely monitored by privacy groups across Europe, since Facebook’s acquirement of Whatsapp in 2014. Nonetheless, WhatsApp will inevitably share some user data, for example phone numbers, with Facebook and plans to allow businesses to contact users directly through its app.

Whatsapp states that the arrangement will allow Facebook to deliver more targeted advertising and friends suggestions, and that analytics data will prevent spam and fraud. However, privacy advocates blame Facebook and Whatsapp for not being transparent about the change. Electronic Frontier Foundation explained in a blog post that the move is ”a clear threat to users’ control of how their WhatsApp data is shared and used.”

Johannes Caspar elaborated on these concerns in a statement on Tuesday and said that Facebook has not ”obtained effective approval” of the policy change from Whatsapp users. He also said that Facebook will probably try to collect more data from a broader range of users, including those listed in Whatsapp contact lists who are not connected to Facebook.

France data protection authority and a group of privacy regulators across Europa also stated that privacy watchdogs will be monitoring the change to Whatsapp’s policy with great care. Britain’s data privacy regulator also said that it would definitely monitor how data is shared across the two platforms, but does not have the authority to block the scheme altogether.

Facebook has stated that the company will appeal the order from Germany’s privacy watchdog and that it complies with EU Data protection law. Therefore, they will appeal this order and will work with the Hamburg DPA in an effort to address their questions and help people with their concerns.

 

Please rate this

NSA could put “trapdoors” in crypto keys

11

October

2016

5/5 (1)

Researchers have found a way to place undetectable backdoors in the cryptographic keys that protect websites, virtual private networks, and internet servers. These backdoors offer the possibility for hackers to passively decrypt hundreds of millions of encrypted communications as well as cryptographically impersonate key owners. The technique puts  a so-called ”Trapdoor” in the 1,024-bit keys used in the Diffie-Hellman key exchange, which is a specific method of securely exchanging cryptographic keys over a public channel. People that are familiar with the trapdoor, can easily decrypt Diffie-Hellman-protected communications over extended periods of time. As with all public key encryption, the security of the Diffie Hellman key exchange builds on theoretic computations involving prime numbers so large, that the problems are hard for attackers to solve. As a second line of defense, the parties that use these encryptions can also conceal secrets within the results of these computations. However, researchers developed a special prime containing certain invisible properties that make secret parameters unusually susceptible to discovery.

The the user of a trapdoored prime, it just looks like any other 1,024-bit key. However, to attackers with knowledge of the weakness, makes it’s security about 10.000 times easier to solve. This makes the trapdoored prime ideal for NSA, according to the documents Edwards Snowden exposed in 2013. If the NSA succeeded in getting a trapdoored prime als de industry standard, the agency would have a way to flawlessly decrypt communications of end users.

If this would happen, it wouldn’t be the first time the NSA intentionally weakened codes so it could more easily bypass encryptions. For example, in 2007 NIST backed NSA-devloped code for generating random number generators. It was suspected that NSA deliberately designed weaknesses into the code that allowed the agency to decrypt the algorithm that used these random number generators. This was all confirmed by the documents leaked by Snowden.

All in all, the current batch of 1,024-bit primes might not cut it anymore. The time has come to replace 1,024-bit primes with 2,048-bit or even 4,096-bit replacements, since some 1,024-bit primes can’t be verified as truly random.

Please rate this