Signal said Facebook shut down its advertising account after the privacy-focused messaging app tried to buy Instagram ads showing how the social media giant collects data

signal ceo moxie marlinspike
Signal CEO Moxie Marlinspike.

  • Signal said it tried to buy Instagram ads that would show users how Facebook targets them.
  • The ads would display personal information about users that Facebook uses when targeting ads.
  • But Signal said Facebook responded by shutting its account down.
  • See more stories on Insider’s business page.

Facebook blocked ads that Signal wanted to buy that would show Instagram users the data that Facebook collects from them, according to the encrypted messaging company.

In a blog post entitled “The Instagram ads Facebook won’t show you,” Signal said the likes of Facebook are driven to collect people’s data to sell, and the company wanted to showcase how that technology works. So it tried to buy “multi-variant targeted” ads on Instagram “designed to show you the personal data that Facebook collects about you and sells access to.” Facebook responded by shutting down Signal’s account, the blog post said.

“Being transparent about how ads use people’s data is apparently enough to get banned; in Facebook’s world, the only acceptable usage is to hide what you’re doing from your audience,” the company wrote in its post.

Signal posted examples of what the ads would look like on its blog. One reads: “You got this ad because you’re a newlywed pilates instructor and you’re cartoon crazy. This ad used your location to see you’re in La Jolla. You’re into parenting blogs and thinking about LGBTQ adoption.”

CEO Moxie Marlinspike tweeted another example that shows how a user could be targeted with ads based on their job, location, dietary preferences, and fitness interests.

Signal and Facebook did not immediately respond to Insider’s requests for comment.

Facebook has taken down ads critical of the company before. In 2019, Democratic Sen. Elizabeth Warren, who was running for office at the time, ran ads that laid out her plan to split up Facebook as well as other big tech companies. Facebook said it blocked the ads because they violated its rules around using the company’s corporate logo but eventually reinstated them.

Facebook’s ad business relies upon data tracking to inform its algorithm that decides which ads to put in front of online users, and it’s lucrative: It bolstered the social media giant’s Q1 revenue to $26.17 billion, up 48% from this time last year. The company attributed the rise to an increase in the average price per ad as well as the number of ad impressions.

Facebook has been vocal about its ad business being at risk thanks to a new privacy update that Apple has rolled out. The latest iOS update includes the company’s “App Tracking Transparency” feature that forces app developers to ask for permission to collect and track users’ data. Facebook has argued that the new feature will hurt small businesses that rely on personalized ads.

Read more: The battle between Facebook and Apple over privacy is about more than just ads – it’s about the future of how we interact with tech

Facebook’s WhatsApp also announced a controversial change to its terms of service earlier this year that would have forced users to share personal data with its parent company. WhatsApp said the move was to let businesses store chats using Facebook’s infrastructure.

Critics, including Tesla CEO Elon Musk, suggested that users switch to using Signal or Telegram.

Read the original article on Business Insider

The CEO of Signal is squaring up to Cellebrite, a company that helps cops hack into locked phones, claiming its software is full of security flaws

cellebrite
In the foreground Cellebrite’s tech is hooked up to an iPhone, ready to extract data from it.

  • Signal CEO Moxie Marlinspike published a security analysis of Cellebrite’s software.
  • Cellebrite is a company that specializes in breaking into locked phones, and is used by law enforcement.
  • Marlinspike says he found Cellebrite’s software was full of exploitable vulnerabilities.
  • See more stories on Insider’s business page.

Encrypted messaging app Signal dealt a major blow to Cellebrite, a company that specializes in breaking into locked phones.

Moxie Marlinspike, Signal’s CEO, published an explosive blog Wednesday detailing how he and his team managed to hack software from digital forensics firm Cellebrite.

Cellebrite provides software capable of breaking into locked phones and extracting data whilst hooked up to a secondary device. It is popular with police forces, who ship off locked phones for Cellebrite to unlock for thousands of dollars.

Cellebrite advertises itself as being able to crack into high-end phones that have sophisticated security, like iPhones.

But according to Marlinspike’s analysis of Cellebrite’s tech, its software is itself full of security vulnerabilities.

Marlinspike wrote, presumably tongue-in-cheek, that he obtained a Cellebrite-branded package containing dongles, its latest software, and cables after he saw it “fall off a truck ahead of me.”

Analyzing the software, he found that it was possible to hack Cellebrite’s software by leaving specially designed lines of code inside apps on a phone that’s being targeted, like booby traps.

This allowed Marlinspike to not only create fake data for scanning, but also modify old reports and potentially tamper with future ones by adding or removing data including text, emails, and photos.

“This could even be done at random, and would seriously call the data integrity of Cellebrite’s reports into question,” he wrote.

Read more: 14 cybersecurity startups that raised gobs of funding and became unicorns since the start of the pandemic

Marlinspike also said he found files that implement iTunes functionality in Cellebrite’s software, and said he found it unlikely that Apple had granted Cellebrite a license.

“It seems unlikely to us that Apple has granted Cellebrite a license to redistribute and incorporate Apple DLLs in its own product, so this might present a legal risk for Cellebrite and its users,” he wrote.

Apple did not immediately respond when contacted by Insider.

Cellebrite did not immediately respond to a request for comment when contacted by Insider.

Marlinspike also appeared to give Cellebrite an ultimatum. “We are of course willing to responsibly disclose the specific vulnerabilities we know about to Cellebrite if they do the same for all the vulnerabilities they use in their physical extraction and other services to their respective vendors, now and in the future,” he wrote.

In his blog he also accused the company of providing its services to authoritarian regimes, and signed off by saying in “completely unrelated news” that Signal would from now on be occasionally be placing files in app storage.

“These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software,” Marlinspike wrote. Vice’s Lorenzo Franceschi-Bicchierai writes that while cryptic, these files may be designed to tamper with Cellebrite software or devices.

This isn’t the first time Marlinspike has locked horns with Cellebrite. In December 2020, Cellebrite claimed it had worked out how to decrypt Signal chats on Android devices – which Marlinspike disputed.

Read the original article on Business Insider

Encrypted messaging app Signal appears to be blocked in China alongside Jack Ma’s Alibaba browser, as Beijing cracks down on social-media platforms

jack ma alibaba
Alibaba founder Jack Ma in January 2018.

  • China has reportedly blocked Signal and an Alibaba browser as it cracks down on social-media apps.
  • Signal users in China couldn’t send messages on the app from Monday evening.
  • Alibaba’s browser was pulled on Tuesday after the group was accused of misleading advertising.
  • See more stories on Insider’s business page.

Signal, a messaging app that rivals WhatsApp, and a internet browser made by Jack Ma’s Alibaba appear to have been blocked in China, as Beijing continues to crack down on tech firms and social media sites.

Signal users in China reported on other platforms that they had difficulties working the app from Monday evening, including not being able to send messages, the Washington Post reported.

Despite this, users can still access Signal via a virtual private network (VPN), which hides users’ locations.

“Signal has been walled,” users wrote on the Chinese microblogging site Weibo, the Post reported.

The app is still available for download via Apple’s China App Store, CNBC reported, but it’s unclear whether it will remain on the site for much longer.

Signal didn’t immediately respond to Insider’s request for comment.

The free messaging app offers end-to-end encryption, making it very difficult for third parties, including authorities, to see messages sent on the app. Signal is popular among tech giants, cybersecurity experts, journalists, and government officials.

Alibaba UC Browser pulled from app stores

Ecommerce group Alibaba had its internet browser pulled from Chinese app stores on Tuesday, the Financial Times first reported. Chinese authorities accused group’s UC Browser of promoting misleading online ads that directed patients to private hospitals instead of public ones.

App stores operated by Chinese tech companies including Huawei, Xiaomi, and Tencent have blocked downloads or removed the browser, the FT reported.

It’s the latest hit to Alibaba’s founder, Jack Ma. Last year, Chinese authorities halted a $37 billion initial public offering of Ant Group, Alibaba’s fintech affiliate.

Buzzy social media app Clubhouse was also blocked in China on February 8, after people flocked to it to discuss political and sensitive topics, such as Xinjiang’s Uighur detention camps. Clubhouse conversations aren’t recorded, making them difficult to monitor, and access is available by invitation only.

Read the original article on Business Insider

WhatsApp’s new T&Cs didn’t really change anything about sharing your data with Facebook, but you should still use Signal if you care about privacy

whatsapp users go to signal 4x3
  • WhatsApp caused a user stampede to rival encrypted messaging app Signal by sending users new terms and conditions.
  • Users were panicked by the notification WhatsApp sent out, thinking it meant the app would share more data with Facebook, its parent company.
  • In fact, WhatsApp was already sharing their data with Facebook — all the notification did was draw attention to it.
  • Visit Business Insider’s homepage for more stories.

On January 6, WhatsApp caused a user stampede.

The app sent users a notification asking them to sign off on updated terms and conditions, which stipulated it could share reams of metadata – including their phone numbers, locations, and contacts – with its parent company Facebook. If users did not consent, the notification said, they would lose access to WhatsApp.

The notification shocked users, at least some of whom use WhatsApp because the encrypted messaging app touts itself as privacy-focused. High-profile figures including Tesla’s CEO Elon Musk, the world’s richest man, recommended users switch to Signal, a much smaller rival encrypted messaging app.

People flocked to Signal in their droves. Signal amassed 7.5 million downloads in the week following WhatsApp’s notification – up 4,200% from the previous week.

WhatsApp soon went into damage-control mode, putting up a new FAQ about the policy change and delaying the deadline for users to agree to the new terms and conditions from February 8 until May 15.

As it happens, it doesn’t look like anything has really changed about how WhatsApp shares data with Facebook. 

The updates to T&Cs were solely to facilitate business accounts on WhatsApp to link up with Facebook’s back-end analytics infrastructure, WhatsApp said. They do not change anything about the way an average user’s data gets passed back to Facebook, it said.

WhatsApp gave users 30 days to opt out of sharing some data with Facebook back in 2016 – Wired reported that this opt-out would still be honored, and WhatsApp confirmed the report to Insider.

What WhatsApp accidentally did with its notification was to highlight to users exactly how much of their data it was already sending back to the Facebook mothership.

“I suspect people were alarmed by being reacquainted with what WhatsApp already share”

Alan Woodward, a cybersecurity expert at the University of Surrey, said WhatsApp made new T&Cs look a lot more scary to users by telling them they’d lose access if they didn’t consent.

“WhatsApp presented this as an ultimatum to users, which never goes down well: accept these new terms or stop using the service. They could perhaps have been a lot clearer up front about what the changes were, in which case many would have simply said okay,” Woodward said.

“I suspect people were alarmed by being reacquainted with what WhatsApp already share,” he said. 

Professor Eerke Boiten of De Montfort University agreed that WhatsApp’s method of sending a notification with what appeared to be an ultimatum was a misstep.

“The main thing they got wrong was putting it into the users’ faces. They’ve alerted users to something that didn’t get massively worse […] in any significant sense, but was a looming problem all along,” Boiten told Insider.

WhatsApp’s shifting attitude to privacy has been a cause for concern among tech industry insiders and privacy advocates for a long time. The decision to increasingly link WhatsApp up with Facebook’s ad business is what drove its cofounder Brian Acton to leave the company – the same is reportedly true for cofounder Jan Koum.

Acton subsequently helped found the non-profit Signal Foundation, which backs Signal.

“The move from WhatsApp to Signal is maybe not justified by the immediate incidence, but in broader terms it’s a good thing,” Boiten added.

Read more: Signal’s CEO reveals how it became a red-hot alternative to WhatsApp without venture capital or a business plan

You can see the difference between how much data WhatsApp collects compared to Signal using the Apple App Store’s new privacy information feature. While WhatsApp cannot read the contents of messages because they are encrypted, it is able to hoover up metadata – i.e., data about an account and its messaging. That includes information like your phone number, as well as who you’re messaging and when.

WhatsApp vs Signal
WhatsApp collects much more data than Signal.

“Metadata is almost as telling as the contents [of a message],” Boiten said. It’s hard to get a clear read on exactly what metadata WhatsApp is sending back to Facebook, Boiten said, as its privacy policy is written with lots of broad language, specifically by promising not to share “account information” but not specifying whether that includes metadata.

Woodward also pointed to WhatsApp’s collection of metadata. “The perverse thing is that WhatsApp encryption is based upon the same as used by Signal, but whilst [WhatsApp] keep the content if your messages confidential they do harvest some metadata, and knowing who talked to whom, when and for how can be valuable data in targeting advertising by identifying affinity group,” he said.

Signal’s focus on privacy does come with a tradeoff: If you make it impossible to gather things like metadata tracking down illegal activity on a messaging app becomes difficult. Signal employees are reportedly worried the company’s explosive growth could mean it attracts extremists, the Verge reported.

Their worries are not without precedent. Far-right users moved to rival encrypted messaging app Telegram after social media app Parler – which is famous for its popularity amongst far-right commentators and had a growth explosion following the US Capitol riots – was booted off its Amazon web servers.

But CEO Moxie Marlinspike thinks the benefits of a truly private messenger outweigh the potential abuses.

“I want us as an organization to be really careful about doing things that make Signal less effective for those sort of bad actors if it would also make Signal less effective for the types of actors that we want to support and encourage […] Because I think that the latter have an outsized risk profile. There’s an asymmetry there, where it could end up affecting them more dramatically,” Marlinspike told the Verge.

While the new WhatsApp notification appears to be a PR blunder, Woodward doesn’t think WhatsApp is in deep trouble long-term.

“WhatsApp still has a critical mass of users and many are quite relaxed about the unwritten social contract that says you can use our service for free in return for us using your data to make a profit,” he said.

Read the original article on Business Insider

As Signal downloads surge, employees are reportedly worried the messaging app isn’t doing enough to head off extremism

Signal CEO Moxie Marlinspike
Signal CEO Moxie Marlinspike

  • WhatsApp rival Signal got a huge boost in user numbers this month.
  • Employees are worried Signal isn’t doing enough to prevent misuse of its platform, such as by heading off extremism, according to a report by The Verge.
  • Rival encrypted messaging company Telegram is also under fire for allowing hate speech on its app.
  • Visit Business Insider’s homepage for more stories.

Employees at encrypted-messaging app Signal are worried that an explosion in growth – prompted by users moving over from rival WhatsApp – could cause extremism to spread on the platform, according to a new report from The Verge.

An engineer called Gregg Bernstein, who left Signal this month, told the Verge that Signal’s CEO Moxie Marlinspike was worryingly passive at the prospect of extremists using the platform to organize. 

“It’s not only that Signal doesn’t have these policies in place. But they’ve been resistant to even considering what a policy might look like,” said Bernstein.

He said that after President Donald Trump told the far-right extremist group the Proud Boys to “stand back and stand by,” Marlinspike was asked at a company all-hands meeting how Signal planned to prevent extremists from organizing on the app.

“The response was: if and when people start abusing Signal or doing things that we think are terrible, we’ll say something […] You could see a lot of jaws dropping. That’s not a strategy – that’s just hoping things don’t go bad,” Bernstein said.

Read more: Signal’s CEO reveals how it became a red-hot alternative to WhatsApp without venture capital or a business plan

Signal is backed by the nonprofit Signal Foundation, which was started in 2018 with a $50 million loan by WhatsApp founder Brian Acton, and is popular among activists and dissidents for its rigorous approach to privacy.

A trade-off of strong privacy practices is that apps are less able to track and moderate harmful behavior. Marlinspike told the Verge he wanted to take a hands-off approach to moderating the app because it was a messaging platform, not social media.

“The overriding theme there is that we don’t want to be a media company. We’re not algorithmically amplifying content. We don’t have access to the content. And even within the app, there are not a lot of opportunities for amplification,” he said.

Marlinspike said he believed the benefit Signal gives to activists and dissidents outweighed the risk that extremists might use it.

“I want us as an organization to be really careful about doing things that make Signal less effective for those sort of bad actors if it would also make Signal less effective for the types of actors that we want to support and encourage […] Because I think that the latter have an outsized risk profile. There’s an asymmetry there, where it could end up affecting them more dramatically,” he said.

Downloads of the app surged after WhatsApp informed users of changes to terms of service related to messaging business accounts. WhatsApp scrambled to explain that its data sharing practices with Facebook, its parent company, weren’t changing, and that the new terms and conditions did not affect messaged to friends and family – but by then many users had already downloaded Signal.

Signal isn’t the only encrypted messaging app facing accusations of inaction over hate speech.

Former US ambassador Marc Ginsberg on Monday filed lawsuits against Apple and Google, petitioning them both to boot encrypted messaging app Telegram – which also received a big user boost from the WhatsApp exodus – off their app stores.

Ginsberg said the platform had harbored extremists, and pointed to the fact both Apple and Google banned Parler, a social media app popular with the far-right, from their stores.

Insider found that far-right users migrated to messaging platforms including Telegram following the US Capitol riot.

Read the original article on Business Insider