• nachtigall@feddit.de
    link
    fedilink
    arrow-up
    60
    arrow-down
    1
    ·
    11 months ago

    When someone sends a message to another WhatsApp user, their device creates a different session key for each device the receiver is using, thus telling the sender how many devices the receiver is using.

    So like any other service using the Signal protocol, or am I wrong?

        • technologicalcaveman@kbin.social
          link
          fedilink
          arrow-up
          15
          ·
          11 months ago

          Well, I knew my brother was getting a new phone soon anyways so getting notified his device changed wasn’t a surprise. Otherwise, getting notified hia device changed without that knowledge may have triggered me to contact him elsewhere to ask if he did. Signal is mostly going to be conversations between close/trusted individuals. It doesn’t tell you what they changed to, the message basically tells you that if this person didn’t legitimately change devices then it might be a bad actor.

          • AwkwardLookMonkeyPuppet@lemmy.world
            link
            fedilink
            arrow-up
            3
            ·
            11 months ago

            Oh, so it’s not like “person is on their computer” or “person is on their iPhone”? That’s what I was imagining and that can obviously be problematic, since some devices would be location bound, and you might not want someone to know your location. Also if it identifies your device, then it’s another avenue for bullying (apparently kids get bullied for not having iPhones) and some potential security risks.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    7
    ·
    11 months ago

    This is the best summary I could come up with:


    Tal Be’ery, the co-founder and CTO of crypto wallet maker ZenGo, found that it’s possible to determine whether a user on WhatsApp is using more than just the mobile app.

    Be’ery demonstrated and proved his findings in tests performed with WhatsApp numbers controlled by TechCrunch.

    “[It] could be useful for information gathering and plotting an attack,” Runa Sandvik, a digital security expert, told TechCrunch, referring to how hackers could figure out that their target is using WhatsApp on a desktop, which is generally an easier target to compromise than a mobile phone.

    “It at least tells you more about the devices they use and how ‘accessible’ their WhatsApp setup may be,” said Sandivk, who is the founder of Granitt, a startup that aims to train at-risk people like journalists, activists, and politicians.

    Meta’s spokesperson Zade Alsawah told TechCrunch that the company received Be’ery’s research and concluded that the app’s current design “is what users want and expect.”

    Anyone can find out this kind of information by using WhatsApp on the web and inspecting traffic with a browser’s developer tool, Be’ery explained.


    The original article contains 533 words, the summary contains 181 words. Saved 66%. I’m a bot and I’m open source!

    • FriendBesto@lemmy.ml
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      11 months ago

      It means you have even less privacy than the already abysmal notion that you thought you had.

      Or,

      That Whatsapp users are an even bigger set of Meta’s removed. 'Cause they are just raping yet another previously unknown data point.

      • Red Wizard 🪄@lemmygrad.ml
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        edit-2
        11 months ago

        This isn’t new, interesting or noval information. If you run whats app from the desktop app or from web.WhatsApp.com on you’re browser on a PC then no shit they know your on your PC

        Why does it matter if the people I’m chatting with know if in onnmy PC?

        • FriendBesto@lemmy.ml
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          11 months ago

          I see the issue. The issue is that you seemingly did not bother to read the link. Since that is not what is being discussed. It is not that you cannot tell whether someone is using a PC or a phone, but rather which PC or phone or peripheral you are using if you have number of them. Your point has literally nothing to do with the post.

          “Be’ery wrote in his blog post explaining the data leak that it is a consequence of the way WhatsApp is designed: When someone sends a message to another WhatsApp user, their device creates a different session key for each device the receiver is using, thus telling the sender how many devices the receiver is using.”

  • ArcaneSlime@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    1
    ·
    11 months ago

    This is a security feature to let you know that the sender may be an imposter, right? Like matrix’s verified sessions, if my friend gets a new phone or pc it’s unverified and I have to verify the new session through another means, like in person or phone.