• @[email protected]
    link
    fedilink
    5410 months ago

    When someone sends a message to another WhatsApp user, their device creates a different session key for each device the receiver is using, thus telling the sender how many devices the receiver is using.

    So like any other service using the Signal protocol, or am I wrong?

      • AwkwardLookMonkeyPuppet
        link
        510 months ago

        What are some good reasons for this? My initial thought is that it’s intrusive and violates a user’s privacy.

        • technologicalcaveman
          link
          fedilink
          1510 months ago

          Well, I knew my brother was getting a new phone soon anyways so getting notified his device changed wasn’t a surprise. Otherwise, getting notified hia device changed without that knowledge may have triggered me to contact him elsewhere to ask if he did. Signal is mostly going to be conversations between close/trusted individuals. It doesn’t tell you what they changed to, the message basically tells you that if this person didn’t legitimately change devices then it might be a bad actor.

          • AwkwardLookMonkeyPuppet
            link
            310 months ago

            Oh, so it’s not like “person is on their computer” or “person is on their iPhone”? That’s what I was imagining and that can obviously be problematic, since some devices would be location bound, and you might not want someone to know your location. Also if it identifies your device, then it’s another avenue for bullying (apparently kids get bullied for not having iPhones) and some potential security risks.

            • @muntedcrocodile
              link
              210 months ago

              I would assume its notifying u of new encryption keys etc for security reasons etc

  • @Redredme
    link
    3510 months ago

    In other news, water is wet. I only see FUD here.

  • AutoTL;DRB
    link
    fedilink
    English
    710 months ago

    This is the best summary I could come up with:


    Tal Be’ery, the co-founder and CTO of crypto wallet maker ZenGo, found that it’s possible to determine whether a user on WhatsApp is using more than just the mobile app.

    Be’ery demonstrated and proved his findings in tests performed with WhatsApp numbers controlled by TechCrunch.

    “[It] could be useful for information gathering and plotting an attack,” Runa Sandvik, a digital security expert, told TechCrunch, referring to how hackers could figure out that their target is using WhatsApp on a desktop, which is generally an easier target to compromise than a mobile phone.

    “It at least tells you more about the devices they use and how ‘accessible’ their WhatsApp setup may be,” said Sandivk, who is the founder of Granitt, a startup that aims to train at-risk people like journalists, activists, and politicians.

    Meta’s spokesperson Zade Alsawah told TechCrunch that the company received Be’ery’s research and concluded that the app’s current design “is what users want and expect.”

    Anyone can find out this kind of information by using WhatsApp on the web and inspecting traffic with a browser’s developer tool, Be’ery explained.


    The original article contains 533 words, the summary contains 181 words. Saved 66%. I’m a bot and I’m open source!

  • @[email protected]
    link
    fedilink
    110 months ago

    This is a security feature to let you know that the sender may be an imposter, right? Like matrix’s verified sessions, if my friend gets a new phone or pc it’s unverified and I have to verify the new session through another means, like in person or phone.