Facebook is offering users money to refrain from using the site and Instagram in the weeks leading up to the bitterly contested November elections.
To assess the impact of social media on voting, the company will pay selected members up to $120 to deactivate their accounts beginning at the end of September.
“Anyone who chooses to opt-in – whether it’s completing surveys or deactivating FB or IG for a period of time – will be compensated,” Facebook spokesperson Liz Bourgeois tweeted last week. “This is fairly standard for this type of academic research.”
“Representative, scientific samples of people in the US will be selected and invited to participate in the study. Some potential participants will see a notice in Facebook or Instagram inviting them to take part in the study,” Facebook said. “Study samples will be designed to ensure that participants mirror the diversity of the US adult population, as well as users of Facebook and Instagram.”
The results of the study are expected to be released sometime next year.
“To continue to amplify all that is good for democracy on social media, and mitigate against that which is not, we need more objective, dispassionate, empirically grounded research,” Facebook said in describing the plan.
The research will be carried out by independent data scientists, company officials said.
Facebook CEO Mark Zuckerberg announced last Thursday that he was banning new political ads in the week before the election to curb misinformation.
And so to WhatsApp’s latest planned update to make its 2 billion users even more secure and protected from prying eyes, while adding some neat new functionality as well. Until this update is available, your data is not as secure as you probably think—there’s a major security gap. But, as reported by WABetaInfo today, May 21, two critical changes are now in beta and are expected to be rolled-out soon.
The first is an absolute game-changer. Right now, hundreds of millions of iPhone users rely on “Chat Backup” to store message history and media on iCloud. When an iPhone is lost or changed, the full chat history with all its media can be restored. The issue, though, and it’s a big one, is that “media and messages you back up aren’t protected by WhatsApp end-to-end encryption while in iCloud.” That means your private data can be accessed—it doesn’t have the same level of security as within WhatsApp itself. Most users are blissfully unaware of this.
Now, according to WABetaInfo, the current iOS beta “enables the encryption of chat histories hosted on iCloud, including media—just check WhatsApp Settings.” This plugs a major gap and should be welcomed by all users. The option to easily store a WhatsApp backup is critical, especially with the spate of social engineering hacks recently that have hijacked user accounts. Without such a backup in place, the temporary loss of your account or the loss of your phone is a nightmare.
The fact that WhatsApp’s end-to-end encryption does not extend to its iCloud backups is a major security vulnerability that has been exposed before. When the chats are backed-up from the device, they are decrypted as you’re one end of that end-to-end encryption. Any security applied to the cloud backup falls outside of WhatsApp’s wrapper. Extending the platform’s encryption, secured under a user password with no man-in-the-middle access, is a critical improvement. Absent that, your data is accessible by Apple or the authorities when required.
The second new feature is a long-awaited option for users to send a personal QR code which will load their contact details into another phone. This will be available for both iOS and Android users and is a simple way of adding to your contact list within WhatsApp. It means, for example, that a user could send their details to a new WhatsApp group, without anyone having to cut and paste fields. It also means that businesses can publish contact details for users to quickly store.
According to WABetaInfo, the QR codes can be changed and revoked, which suggests that if you send one in error, it will no longer work. The security issue for users, of course, is that they are sharing their real phone numbers. That said, this might be an interesting shift away from long-term linkage of a user’s phone number towards independent and anonymized WhatsApp unique identifiers.
There is of course a deep-rooted irony with WhatsApp: its ownership. The platform has been part of Facebook since 2014, and yet has remained largely undamaged by the trail of security and privacy mishaps with its parent.
Not always, though. This week, German privacy chief Ulrich Kelber “warned federal authorities against using WhatsApp.” As reported by Handelsblatt, the official alleged that WhatsApp collects metadata when users send messages, “and it can be assumed this is then immediately passed on to Facebook.” This, he said, would compromise the privacy of citizens sending messages to federal authorities.”
WhatsApp has categorically denied this, of course, assuring me that no user metadata is sent to Facebook and that reports to the contrary are incorrect. There was no claim that actual message data is collected—it’s end-to-end encrypted, after all. Although German security agencies have been hungry—alongside their U.S. and U.K. colleagues—to break that encryption and access the data. Ironically this would break WhatsApp’s security wrap and would compromise user privacy.
Despite its parentage, WhatsApp takes user security seriously. Every dealing I have had with the platform encourages me as to the intent behind the features it pushes out to users. The recent expansion of its encrypted video chat service is a great example of this. And six years on from the Facebook acquisition, we still don’t have to put up with ads and marketing messages polluting our chat timelines.
But, as ever, there are notes of caution. As I have reported multiple times before, WhatsApp does have its security slip-ups. The advantage of a hyper-scale platform found on most phones is that it’s an obvious target for sophisticated cyber attacks. And we have seen something similar this week again, with the report of a new vulnerability attributed to a German threat group, targeting users in Asia. This follows reports last year around various vulnerabilities, following on from the infamous spyware attacks attributed to Israel’s NSO and targeting victims through WhatsApp accounts. This is the subject of a current court case in the U.S.
Most of the alleged WhatsApp attacks seen in the wild are targeted, a tiny fraction of high-profile users have to concern themselves over such attacks. For most people, it’s the basics—set up two-factor authentication AND the WhatsApp PIN. They are not the same thing. And for iOS users, make sure you encrypt your iCloud backup and make use of that backup option when it’s available. It is hard to overstate how beneficial an encrypted backup option is for your security.
And, on that note, Facebook itself confirmed some welcome news for its billions of Messenger users today. The tech giant announced a set of “privacy-preserving tools” would be rolled-out “as we move to end-to-end encryption.” Those tools include warnings when content is suspicious, automated tools to detect when an adults message inappropriately with minors, and filters to screen for scams.
“As Messenger becomes end-to-end encrypted by default,” the company said, “we will continue to build innovative features that deliver on safety while leading on privacy.” Users had hoped encryption would be in place by now—but it has been delayed. Now, though, we have confirmation it’s still coming. The new features, it said, “will be available and effective when Messenger is end-to-end encrypted.”