[liberationtech] Why WhatsApp messages are not fully E2EE in the cloud, how to protect your passwords from copy/paste

Yosem Companys ycompanys at gmail.com
Sun Jun 21 23:13:23 CEST 2020 

>From The WSJ's Privacy Q&A

Q: You mentioned that WhatsApp messages are not fully end-to-end encrypted in
the cloud. What exactly do you mean by that?—Ji Yong Dijkhuis from Lelystad,
Netherlands
A: WhatsApp messages are fully encrypted. This means that the contents of those
messages can only be seen by you and the intended recipient.
But when you enable a feature called Chat Backup, which syncs your message and
media history to iCloud (for iPhones) or Google Drive (for Android phones), then
that content is no longer protected by WhatsApp’s end-to-end encryption. This is
also the case when iCloud sync is turned on for iMessage. So, if someone got
access to either of those cloud accounts, they would also be able to read your
backed-up WhatsApps or iMessages.
It’s one of the reasons why privacy advocates recommend Signal, which I wrote
about last week. Signal doesn’t allow you to backup to the cloud, but you can
transfer local Signal data between your old device and your new one.
Q: A critical security feature in clipboard managers is that the user be able to
exclude apps from capture, like password managers.—Andrew Wolfe from New Orleans
A: I completely agree and am glad you mentioned this. In last week’s newsletter,
I recommended an app I’ve been a longtime fan of: Copy’em Paste ($15), a
powerful clipboard manager for Mac. One of the application’s most important
features is indeed its ability to blacklist password managers and other
sensitive apps.
According to the app’s privacy, all clippings are stored locally, unless you
turn on syncing, which stores a copy of your clippings in iCloud. (Make sure to
turn on two-factor authentication for your Apple ID.)
References: * 
   https://www.wsj.com/articles/signal-the-pros-and-cons-of-a-truly-private-chat-app-11592127002
   
 * 
   https://support.signal.org/hc/en-us/articles/360007059752-Backup-and-Restore-Messages
   
 * https://apps.apple.com/us/app/fun-math-games/id876540291
 * https://support.apple.com/en-us/HT204915
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ghserv.net/pipermail/lt/attachments/20200621/70bd597c/attachment.html>

More information about the LT mailing list