followers 0 popularity
1
following 1

following  view all

Groups
signalapp is not in any groups
signalapp

WhatsApp Security Flaws: Switch to Signal Private Messenger Now

Mar 5th 2020 at 2:50 AM

With a whopping 1.5 billion user base, WhatsApp is one of the largest messaging service. But over recent months, a number of complaints have been reported against the app’s security.

Though WhatsApp is end-to-end encrypted but recent incidents of data breaches through WhatsApp do not justify that aspect of the app. In addition to this, recently a flaw has been discovered when search engines were indexing links to WhatsApp group chats intended to be private.

In the wake of this incident, WhatsApp owner Facebook has made quiet changes to prevent the conversations being indexed by Google crawlers. The links to WhatsApp chats are still available on other search engines. The security researcher who had found this flaw had been told by the Facebook that the problem is an “intentional product decision”, and group administrators “can invalidate the link if so desired.”

Despite of Facebook’s efforts, this issue is not going away anytime soon. This week, a multimedia journalist has revealed that more than sixty thousand groups are still accessible online. 1000 randomly selected unique links were tested out which nearly half were active chats.

An article posted on a reputed tech site reads, ‘Even without actively joining a group, its title, description, image and creator’s phone number are available for all’. It will be worse on entering a group, ‘it is possible to also see the phone numbers of up to 256 participants, as well as other information, and adding these numbers to one’s contacts can reveal their names in the app.’

On the other hand, WhatsApp said in a statement: “We show all numbers in groups for people’s safety, that way they know who will receive their messages.”

After this incident, users are considering this hidden flaw a new reason to Switch to Signal Private Messenger. In fact, big organizations have already started to move away from WhatsApp. In case you use the group function for work chats, you would be smart to look elsewhere. The EU commission has already banned WhatsApp and instructed its staff to switch from WhatsApp to Signal Private Messenger to have secure digital communications.

Signal offers private groups which mean the service has no record of your group memberships, group avatars, group titles, or group attributes. Moreover, the Signal developers are working on new private group technology that will allow group administrators and access control, improve group scalability, and prepare the stage for a much richer group experience – all without compromising with Signal’s unique group privacy and security properties.

With Signal Private Messenger, you cannot send a message to everyone in a group unless you know who is in it. Group members also need to be able to retrieve the recent group state in order to render it: group image, group name, group membership as well as any other optional elements like pinned group welcome message.

Signal has built a system that stores group information privately and to support private groups where membership information is readily available to all group members but hidden from the service provider or anyone outside the group. In the proposed solution, a central server stores the group membership in the form of encrypted entries. Members of the group authenticate to the server in a way that reveals only that they correspond to some encrypted entry, then read and write the encrypted entries.

Authentication in Signal design uses a primitive called a keyed-verification anonymous credential (KVAC), and a new KVAC scheme has been constructed based on an algebraic MAC, instantiated in a Group G of prime order. The benefit of the new KVAC is that attributes may be elements in G, whereas previous schemes could only support attributes that were integers modulo the order of G. This enables Signal to encrypt group data using an efficient Elgamal-like encryption scheme, and to prove in zero-knowledge that the encrypted data is certified by a credential. Because encryption, authentication, and the associated proofs of knowledge are all instantiated in G the system is efficient, even for large groups.

The Time Is Now: Switch to Signal Private Messenger now!

0 comments
Please to comment

sign in

Username
Password
Remember Me


New to IM faceplate? join free!

Lost Password? click here