Data leaks are our fault!
I have spent a lot of time thinking about some of the latest social media data leaks and figured out one thing.
People say they care, they get scared when they see what happened, but, they are not scared enough to change anything, they are just ready to blame everyone else.
In this post, I am not going to write about what they did with data, but, how did leak happen.
According to Mark Zuckenberg, data was stolen using Facebook Application with more permissions than required for them to work.
My opinion is that is 100% fault of users even if Facebook could have done validation for Application like that to check if that Application needs what it requires.
I am really sorry, but, you can not just blame someone else for your own carelessness…
Now, we come to even more important point…
According to some, what Zuckenberg said is a lie. They claim Facebook has sold their data.
Guess what? You gave your data willingly to Facebook.
Hacker community has been talking about this for years now.
You are relying on company who is in business of selling your own data for marketing purposes to keep your data safe.
It is your own fault.
This post is under construction
Now, lets talk about how we can improve security.
First lets talk about most popular chats.
According to some, Facebook now uses “end to end encryption” and, they are safe.
For end to end encryption to work, one user needs to be able to encrypt message using one key and another needs to be able to decrypt that message using same or different key, depending on type of encryption algorithm used.
But, who stores the key?
Facebook does. So, there is end to end decryption they can decrypt.
You want proof?
You can read your messages on other devices. And you do not have to store your own key.
Now, there is whatsapp, where you can read chats only on one device, unless you enable Web Application for whatsapp chat.
Guess what happens then? You are sending those same messages you used end to end encryption on unencrypted to your web browser.
And, that is not even the worst part.
When you are encrypting your messages, whatsapp servers are doing key exchange.
What does that mean?
There can be end to end encryption from you to whatsapp and from whatsapp to your friend, and, you can not ever notice that since you can not verify keys…
But, wait, Whatsapp does not store my chats, or does it?
They say they do not store your chats, but, they do a “backup” for you, so, you do not lose your chats…
Instagram does not even claim they have any kind of security.
Viber is as big of a joke as messenger. Only difference is that they claim they do not store user data.