Privacy

2913 readers

333 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago

MODERATORS

Ategon@programming.dev

danielintempesta@programming.dev

3.5 Billion Accounts: Complete WhatsApp Directory Retrieved and Evaluated (www.heise.de)

submitted 1 day ago by IceFoxX@lemmy.world to c/privacy@programming.dev

7 comments fedilink hide all child comments

top 7 comments

sorted by: hot top controversial new old

[–] ICastFist@programming.dev 13 points 1 day ago* (last edited 1 day ago)

“Well, scientists now know a lot of phone numbers,” the responsible parties might have thought, “So what?” (...) a surprising amount can be read from the data, and for some users, it can be life-threatening. (...)
And then there are several classes of data that can be uncomfortable to life-threatening for users

From further down in the article:

Approximately 30 percent of users have entered something in the “Info” field of their profile, and some reveal a lot: political views, sexual or religious orientation, confessions of drug abuse are found there, as are drug dealers who advertise their product range in this very field.

The easy accessibility of the photos would therefore have allowed the compilation of a database that, through facial recognition, often leads to the phone number and vice versa.

That isn't dystopic at all

Meta classifies the researchers' approach as "scraping" (...) We had already been working on industry-leading anti-scraping systems

Oh, the irony

[–] curiousfurbytes@programming.dev 3 points 1 day ago (1 children)

I do agree that, to a certain point, this shouldn't be possible in this volume, but also, when you add a phone number as a contact, it would show up on WhatsApp as long as the profile has public data. Anyone that saves every possible phone number would have the same result (although this could take ages, thus the issue with the scraping)

[–] IceFoxX@lemmy.world 1 points 1 day ago

What would help immediately if something like this were prohibited by law is if the account used a phone number for identification instead of an account with login details. Then the issue of phone numbers would be off the table, and with it many other issues as well. The information about when and where a device was paired does not have to be public (devices should actually be removed when no longer in use instead of being kept in the logs).

What about SIM spoofing? The mere existence of SIM spoofing should ensure that phone numbers are not used for authentication and then displayed elsewhere... regardless of whether they are set to public or private, whereby Meta should not offer this as an option at all, but strictly refrain from storing the number in plain text anywhere, let alone publicly.

[–] BroBot9000@lemmy.world 4 points 1 day ago (1 children)

That’s horrible but also wtf is up with that websites toxic popup. I thought you are supposed to be able to reject all within 2 click.

[–] IceFoxX@lemmy.world 2 points 1 day ago* (last edited 1 day ago)

Unfortunately, I don't think about things like that. Pihole + Adblock, etc. I block all ads/pop-ups, etc., so I don't notice it.

Btw if you unhappy with a popup... dont check all the tracking on that side. 0:)

[–] Blaze@piefed.zip 8 points 1 day ago (1 children)

Wow

[–] IceFoxX@lemmy.world 8 points 1 day ago

Yep. Meta's response with "basic publicly available information" is also really bad... Consider the parallel introduction of age verification with facial recognition... To protect children and so on...

The "public" data is not a problem... Now you could create a database with profile pictures and phone numbers of children worldwide... and Meta says no problem, because it's publicly accessible anyway...