1. Forum
  2. tqwNet
  3. TQW GENTECH

  • WhatsApp has fixed its "View once" feature but has left more of

    From TechnologyDaily@1337:1/100 to All on Tuesday, December 10, 2024 17:30:05
    WhatsApp has fixed its "View once" feature but has left more of your data at risk

    Date:
    Tue, 10 Dec 2024 17:17:46 +0000

    Description:
    A bug previously let WhatsApp users bypass the privacy protection. Here's all you need to know.

    FULL STORY ======================================================================

    WhatsApp appears to have fixed issues with its "View Once" privacy feature that previously let users bypass the protection.

    First introduced in 2021, WhatsApp's View Once allows you to send self-destructing messages, photos, and videos for maximum privacy. The
    feature also prevents the receiver from forwarding or saving the messages, with screenshots being blocked as well.

    Last August, however, a security researcher found a bug that let people using WhatsApp's desktop app save the disappearing messages, de-facto bypassing the View Once feature . On Friday, December 6, 2024, the company confirmed to TechCrunch it "rolled out a longer-term fix that resolved the issue."

    WhatsApp's solution is welcomed but "isn't perfect" as it increases the
    amount of unencrypted metadata which might bring further privacy risks for users. A "great improvement," but an impact on metadata

    "Were constantly building in layers of privacy protection, and that includes rolling out key updates to view once on web," WhatsApp spokesperson Zade Alsawah told TechCrunch.

    Alsawah recommends everyone update the encrypted messaging app to the latest version which addresses the security vulnerability. He also suggests sending View Once messages only to people you know and trust.

    Tal Beery, the security researcher who first reported the issues with the
    View Once feature, welcomed WhatsApp's update with a post on X (see tweet below).

    He wrote: "The fix indeed addresses the root cause properly, so we are happy we were able to make the world a little safer!" 1/ @WhatsApp has silently fixed the View Once issue we reported a few months ago.The fix indeed addresses the root cause properly, so we are happy we were able to make the world a little safer! The fix itself is technically interesting... https://t.co/a4dhgl8o96 December 9, 2024

    However, as Beery explains, the provider managed to fix the privacy flaw by adding a "View Once" flag to the messages' unencrypted metadata.

    This means that the provider's solution de facto increases the amount of unencrypted metadata exposed to the WhatsApp Server. This could open up other potential privacy risks, noted the expert.

    "The fix highlights the known, yet often overlooked, fact that E2EE protects messages content but not their metadata," wrote Beery . "WhatsApp traded-off user increased privacy against receiver unauthorized View Once content
    access, against reduced privacy for unauthorized View Once metadata access on WhatsApp server."

    We've previously reported on how metadata collection may be a problem for WhatsApp's users' privacy as surveillance techniques get increasingly more sophisticated. That said, "While this fix is not perfect, we still consider
    it as a great improvement with respect to the original starting point," concluded Beery.



    ======================================================================
    Link to news story: https://www.techradar.com/vpn/vpn-privacy-security/whatsapp-has-fixed-its-view -once-feature-but-has-left-more-of-your-data-at-risk


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)