Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Facebook messenger. Show all posts

Meta Rolls Out Default End-to-End Encryption on Messenger Amid Child Security Concerns

 

Meta Platforms (META.O) announced on Wednesday the commencement of the rollout of end-to-end encryption for personal chats and calls on both Messenger and Facebook. This heightened security feature, ensuring that only the sender and recipients can access messages and calls, is now immediately available. 

However, Meta acknowledges that the process of implementing default end-to-end encryption may take some time to be fully carried out across all Messenger accounts. While users previously had the option to activate end-to-end encryption for individual messages, Meta's latest update aims to establish this advanced privacy measure as the default setting for all users. This signifies a noteworthy enhancement in safeguarding user data. 

Privacy Safety Issues 

In introducing encryption, Meta emphasized that the content of messages is now inaccessible to everyone, including the company itself, unless a user opts to report a message, as mentioned by Loredana Crisan, the head of Messenger, in a post unveiling this update. To make this decision, Meta collaborated with external experts, academics, advocates, and governmental entities. Their joint efforts aimed to pinpoint potential risks, ensuring that the enhancement of privacy goes hand-in-hand with maintaining a safe online environment, as highlighted in Crisan's announcement. 

Why Law Agencies Criticizing the Move? 

Meta Platforms' move to introduce default encryption on Messenger has drawn criticism from various quarters, with notable voices such as Home Secretary James Cleverly and James Babbage, director general for threats at the National Crime Agency, expressing concerns about its potential impact on detecting child sexual abuse on the platform. 

In a disappointed tone, Home Secretary James Cleverly highlighted the significance of Meta's decision as a setback, particularly in light of collaborative efforts to address online harms. Despite this disappointment, he stressed a continued commitment to working closely with Meta to ensure the safety of children in the online space. 

James Babbage, director general for threats at the National Crime Agency, echoed this sentiment, characterizing Meta's choice to implement end-to-end encryption on Facebook Messenger as highly disappointing. He emphasized the increased challenges their team now faces in fulfilling their role of protecting children from sexual abuse and exploitation due to this development. 

Let’s Understand E2EE 

End-to-end encryption (E2EE) in messaging ensures the confidentiality of messages for all parties involved, including the messaging service. Within the framework of E2EE, a message undergoes decryption exclusively for the sender and the designated recipient, symbolizing the two "ends" of the conversation and giving rise to the term "end-to-end." 

"When E2EE is default, we will also use a variety of tools, including artificial intelligence, subject to applicable law, to proactively detect accounts engaged in malicious patterns of behaviour instead of scanning private messages," the company wrote. 

While numerous messaging services claim to provide encrypted communications, not all genuinely offer end-to-end encryption. Typically, a message undergoes encryption as it travels from the sender to the service's server and subsequently from the server to the intended recipient. Nevertheless, in certain instances, the message may be briefly decrypted when it reaches the server before undergoing re-encryption. 

The nomenclature "end-to-end" encryption is apt because it renders it practically impossible for any intermediary to decrypt the message. Users can place confidence in the fact that the messaging service lacks the technical capability to read their messages. To draw a parallel, envisage sending a letter secured in a locked box, of which solely the sender and the recipient possess the key. This physical barrier for anyone else mirrors the digital functionality of E2EE.

Facebook official Twitter and Instagram accounts hacked!


"Well, even Facebook is hackable but at least their security is better than Twitter.", this opening statement was posted on Facebook's official Twitter account by the hacking group OurMine.



Though the accounts have now been restored, the hacking group OurMine posted the same on Facebook's Twitter, messenger and Instagram accounts.

OurMine says its hacks are to show the sheer vulnerability of cyberspace. In January, they attacked and hijacked dozens of US National Football League teams accounts.

They posted the following on Facebook's Twitter page-

Hi, we are O u r M i n e,
Well, even Facebook is hackable but at least their security is better than twitter. 

 to improve your account security
 Contact us: contact@o u r m In e.org 

 For security services visit: o u r m In e.org 

On Instagram, they posted OurMine logo whereas Facebook's own website was left alone. Twitter has confirmed that the accounts were hacked albeit via a third-party and the accounts were then locked.

"As soon as we were made aware of the issue, we locked the compromised accounts and are working closely with our partners at Facebook to restore them," Twitter said in a statement.

These attacks followed the same trend as they did in the attack on the teams of the National Football League.

The accounts were accessed by Khoros, a third-party platform. Khoros is a marketing platform, a software that allows people to manage their social media accounts all in one space. It can be used by businesses to manage their social media communications. These platforms like Khoros, have the login details of the customers. OurMine seemed to have gained access to these accounts through this platform.

OurMine is a Dubai based hacking group known for attacking accounts of corporations and high profile people. It has hacked social media accounts of quite a few influential individuals like Twitter's founder Jack Dorsey, Google's chief executive Sundar Pichai, and the corporate accounts of Netflix and ESPN. According to OurMine, their attacks are intended to show people cybersecurity vulnerabilities and advises it's victims to use its services to improve security.

Facebook Messenger Kids ‘Technical Error’ exposed kids unauthorized users.







A technical error in Facebook’s messaging app for kids, has exposed thousands of children to join chats with unauthorized users.

The Messenger Kids was launched in 2017 for kids under 13 years, the app gives a private” chat space for kids to talk with contacts that are approved by their parents.

According to a report from The Verge, the flaw allowed a  friend of a child to create a group chat in the app which  invited one or more of the second child’s parent-approved friends — that means a a friend can add secondary contacts to the chat without the approval by the parents of the first child. 

However, the company did not make a public disclosure of the safety issue. 

'We recently notified some parents of Messenger Kids account users about a technical error that we detected affecting a small number of group chats,' a Facebook representative said in a statement. 

'We turned off the affected chats and provided parents with additional resources on Messenger Kids and online safety.'


Facebook to launch a new digital cryptocurrency





Social media giant Facebook is set to roll out a new digital cryptocurrency, Libra, next year, which would let users’ buy things as well as send money to people without any process fees. 

People would be able to make payments with the currency via    third-party wallet apps or Facebook’s own Calibra wallet that will be built into WhatsApp, Messenger and its own app. 

It is said that firms such as Uber and Visa will accept it in future.

From next year, Facebook users’ will be able to buy Libra from its platforms and then it will be stored in a digital wallet called Calibra.

The user can make payments and send money to other  users, and this whole process would instant and as easy as texting. 

"In time, we hope to offer additional services for people and businesses, such as paying bills with the push of a button, buying a cup of coffee with the scan of a code, or riding your local public transit without needing to carry cash or a metro pass,” it said. 

However, there is a big concern over how users’ money and data will be protected. 

The firm stressed that Libra would not be managed solely by the Facebook, but it would be independent, and run by a group of companies and charities- called the Libra Association.

Group of companies that are likely to accept Libra, includes
  • Payments firms such as Mastercard and PayPal
  • Digital businesses including eBay, Spotify and Uber
  • Telecoms firms such as Vodafone
  • And charities such as the microfinance group Women's World Banking.


Facebook to redesign Messenger, WhatsApp, and Instagram



Facebook is coming up with a series of changes to all its social media networks including Instagram and Whatsapp.

According to its boss Mark Zuckerberg the new designs and features will focus on privacy first. The company decided to change its apps after facing widespread criticism for handling users data.

"We don’t exactly have the strongest reputation on privacy right now, to put it lightly," Zuckerberg said.

Here is list of changes in the app:

  • All the messages sent via Messenger will be end-to-end encrypted by default, and the platform will be fully integrated with WhatsApp
  • Instagram will hide like counts, but not the account owner
  • A WhatsApp secure payment service would be introduced in other countries later this year.
  • The Facebook app is being redesigned to make community groups central to the newsfeed - and the distinctive blue branding is going. The redesign is rolling out in the US and then more widely straight away.
  • Users will be able to post text, stickers or drawings on their Instagram post rather than starting it with a photo or a video. 

Other than this, Facebook has introduced a new feature called Secret Crush, which is a part of Facebook Dating. This feature will let Facebook members to tag up to nine of their crushes. 

If the recipient of the crush is also using the feature and nominates them as well, then both parties will receive a message to say they have matched.

Facebook Dating will roll out in 14 new countries, but will not be available in Europe or the US.


Facebook says outage was a result of incorrect server configuration

Facebook has said that a "server configuration change" was to blame for the worst outage in its history. Facebook and its apps Instagram, Facebook Messenger and WhatsApp suffered outages for a considerable time on Thursday, affecting users for some 12 hours in most areas of the world, with the biggest impact in North America and Europe, according to the tracking website downdetector.com.

Facebook has only just offered an explanation for the problems it has experienced over the past 24 hours.

The company hasn't elaborated on what the server configuration change exactly meant nor has it said how many users were affected or why the outage took so long to fix. In a tweet, Facebook just apologised and thanked people for their patience. It said it had "triggered a cascading series of issues" for its platforms, including WhatsApp and Instagram.

"Yesterday, as a result of a server configuration change, many people had trouble accessing our apps and services," a Facebook tweet said. "We've now resolved the issues and our systems are recovering. We're very sorry for the inconvenience and appreciate everyone's patience."

The outage was believed to be the worst ever for the internet giant that reaches an estimated 2.7 billion people with its core social network, Instagram and messaging applications. It took the social network giant a full day from when the problems began to offer any explanation. It added that everything was now back to normal.

The outage brought fresh attention to the embattled social networking leader. It is yet another publicity problem for a company already dealing with privacy issues and regulatory probes.

The disruption isn’t likely to hurt advertisers much since they usually pay for ads per click or impression. But they lose potential customers who might have seen their ads when the site and apps were down. Longer term, Facebook’s reputation with advertisers and investors could be damaged, said Wedbush Securities managing director Dan Ives. It didn’t help that it took Facebook so long to explain what was going on, he said. Facebook said on Wednesday that the problem was not related to a “distributed denial of service” or DDoS attack, a type of attack that hackers use to interrupt service to a site, but didn’t provide any other details until Thursday. “In these situations, a lack of transparency is not a good look,” Ives said. “The longer something like this lasts, the more questions there are.”

Facebook Messenger vulnerability exposed your private texts




A new security flaw in the web version of Facebook Messenger could be allowing any website to see the names of people to whom you have been texting.

The security researcher Ron Masas from Imperva, an online privacy monitoring website, reported the vulnerability as “Cross-Site Frame Leakage” (CSFL)—a side-channel attack,  performed on an end user’s web browser', which was first spotted in November.

“As happens with applications I regularly use, I felt the need to understand how Facebook Messenger works,” Masas wrote in a blog post.

The flaw exploits an element called 'iframe', it is used to see notice whether a user is active or passive on the Facebook messenger.

“I started poking around the Messenger Web application and noticed that iFrame elements were dominating the user interface,” he continued. “The chat box, as well as the contact list, were rendered in iFrames, opening the possibility for a CSFL attack.”

"This lets an attacker reliably distinguish between the full and empty states. This could let him remotely check if the current user has chatted with a specific person or business, which would violate those users’ privacy.'

'By recording the frame count data over time, I found two new ways to leak cross-origin information.

'By looking at patterns instead of a static number, I was able to leak the “state” of a cross-origin window.'

Facebook messenger has now removed all the active iFrames from its website.

'The bug is a browser issue related to how they handle content embedded in webpages and could affect any site, not just Messenger.com,' a Facebook spokesperson told MailOnline.

'We already fixed the issue for Messenger.com last year to safeguard our users and made recommendations to browser makers to prevent this type of issue from happening.'

Facebook Messenger activates dark mode for Android and iOS users





Facebook has finally launched dark mode for its messenger app on Android as well as iOS. Last year, during F8 developer conference, the company had announced a dark theme.

The feature is now available to all users. Users can activate Facebook Messenger’s secret dark-mode theme that changes the colored background of the app to white-text-on-black-background look, which makes it more easier to read messages from the app in the evening.

To activate Facebook Messenger Dark Mode, the user has to send the crescent moon emoji (🌙) to one of your Facebook friends in a Messenger chat.

Here are the steps to follow:

1)  Open the Facebook Messenger app on your smartphone and select any of your friend with whom you want to talk.

2) After opening the chat window, go to the Emoji tab and click on the  Crescent moon emoji and send it over.

3) Once you are done, you will see an animation of the Crescent moon emoji dropping like rain over your chat. When the animation is over, a message pops up notifying that “You found dark mode” at the top.

4) You will be redirected to the Settings page where it will ask you to turn off or on the dark mode. If you didn't see the animation, then try to resend the Crescent moon emoji, even though you didn't able to activate your dark mode, just update your messenger.