as much as one hates whatsapp, the headline is not the most accurate. the article states that it's not specifically a vulnerability in whatsapp itself that exposes a correlation between a sender of a message and probable recipients.
this is a flaw that can be used regardless of your choice of messaging platform. but, yeah, even if whatsapp itaelf didnt drop the ball in this particular instance, still don't use it.
Almost every messenger is vulnerable to this attack. This is also how Tor users can ger deanonymised.
There are solutions to this problem, but they involve a significantly worse user experience combined with sending traffic back and forth even when there aren't any messages to exchange, or message delivery to take very long.
The underlying problem has been known for very long, but there's no easy fix for it. Few messenger services are going to spend the extra bandwidth costs on dummy traffic to obfuscate messenge exhange and users will first and foremost notice that their phones are draining like crazy because of all the dummy notifications waking up their device's SoC.
This sounds like just standard traffic analysis. Nothing to do with WhatsApp or any other messaging platform. It's been in use since at least WWII.
Who is talking to whom? How often? Under what circumstances? How do patterns of communication correlate with events? Who are the hubs of communication (ie leaders)?
The big difference between then and now is that instead of needing rooms full of people drawing graphs by hand, there is software to handle it. In turn, that means it's not really important to have initial suspects to get started, because the computers are quite happy to tease out interesting signals from total communications. That also increases the likelihood of false positives, but the kinds of people who do traffic analysis at this level aren't usually the kinds of people who worry about a little collateral damage.
It seems like a pretty tall order to construct a system of communication that is useful for coordinating activities, affordable to operate, and secure against traffic analysis. At best, you'll end up back in a situation where other intelligence will be required to identify a manageable pool of suspects.
Tapping a massive pool of data about the Strip’s 2.3 million inhabitants, Lavender algorithmically assigns “almost every single person in Gaza a rating from 1 to 100, expressing how likely it is that they are a militant,” the report states, citing six Israeli intelligence officers.
The report indicated WhatsApp usage is among the multitude of personal characteristics and digital behaviors the Israeli military uses to mark Palestinians for death, citing a book on AI targeting written by the current commander of Unit 8200, Israel’s equivalent of the NSA.
It was only after the publication of the Lavender exposé and subsequent writing on the topic that a wider swath of Meta staff discovered the March WhatsApp threat assessment, said the four company sources, who spoke on the condition of anonymity, fearing retaliation by their employer.
The internal warning notes that these attacks require all members of a WhatsApp group or both sides of a conversation to be on the same network and within the same country or “treaty jurisdiction,” a possible reference to the Five Eyes spy alliance between the U.S., Australia, Canada, U.K., and New Zealand.
Asked what steps the company has taken to shore up the app against traffic analysis, Meta’s spokesperson told The Intercept, “We have a proven track record addressing issues we identify and have worked to hold bad actors accountable.
The report warns that adding an artificial delay to messages to throw off attempts to geolocate the sender and receiver of data, for instance, will make the app feel slower to all 2 billion users — most of whom will never have to worry about the snooping of intelligence agencies.
The original article contains 2,092 words, the summary contains 274 words. Saved 87%. I'm a bot and I'm open source!