fidzu : geeks

Longtime Slashdot reader schwit1 shares a report from PCMag: A lawsuit claims that WhatsApp's end-to-end encryption is a sham, and is demanding damages, but the app's parent company, Meta, calls the claims "false and absurd." The lawsuit was filed in a San Francisco US district court on Friday and comes from a group of users based in countries such as Australia, Mexico, and South Africa, according to Bloomberg. As evidence, the lawsuit cites unnamed "courageous whistleblowers" who allege that WhatsApp and Meta employees can request to view a user's messages through a simple process, thus bypassing the app's end-to-end encryption. "A worker need only send a 'task' (i.e., request via Meta's internal system) to a Meta engineer with an explanation that they need access to WhatsApp messages for their job," the lawsuit claims. "The Meta engineering team will then grant access -- often without any scrutiny at all -- and the worker's workstation will then have a new window or widget available that can pull up any WhatsApp user's messages based on the user's User ID number, which is unique to a user but identical across all Meta products." "Once the Meta worker has this access, they can read users' messages by opening the widget; no separate decryption step is required," the 51-page complaint adds. "The WhatsApp messages appear in widgets commingled with widgets containing messages from unencrypted sources. Messages appear almost as soon as they are communicated -- essentially, in real-time. Moreover, access is unlimited in temporal scope, with Meta workers able to access messages from the time users first activated their accounts, including those messages users believe they have deleted." The lawsuit does not provide any technical details to back up the rather sensational claims.

Read more of this story at Slashdot.

27 Jan 2026 7:00am GMT

An anonymous reader quotes a report from The Telegraph: China hacked the mobile phones of senior officials in Downing Street for several years, The Telegraph can disclose. The spying operation is understood to have compromised senior members of the government, exposing their private communications to Beijing. State-sponsored hackers are known to have targeted the phones of some of the closest aides to Boris Johnson, Liz Truss and Rishi Sunak between 2021 and 2024. It is unclear whether the hack included the mobile phones of the prime ministers themselves, but one source with knowledge of the breach said it went "right into the heart of Downing Street." Intelligence sources in the US indicated that the Chinese espionage operation, known as Salt Typhoon, was ongoing, raising the possibility that Sir Keir Starmer and his senior staff may also have been exposed. MI5 issued an "espionage alert" to Parliament in November about the threat of spying from the Chinese state. [...] The attack raises the possibility that Chinese spies could have read text messages or listened to calls involving senior members of the Government. Even if they were unable to eavesdrop on calls, hackers may have gained access to metadata, revealing who officials were in contact with and how frequently, as well as geolocation data showing their approximate whereabouts.

Read more of this story at Slashdot.

27 Jan 2026 3:30am GMT

Reddit has forced Jaime Rogozinski, the founder of infamous r/WallStreetBets, to strip the WallStreetBets name from an upcoming Miami conference after legal threats citing trademark rights. According to a press release, it's the "first known case of a social media company enforcing trademark control over a user-created community." From the report: After years of litigation, courts ultimately sided with Reddit in a decision now referred to as the "Rogozinski Ruling," a precedent that grants platforms broad authority to assert trademark ownership over user-created communities. That ruling now forms the basis for Reddit's demand that the words "WallStreetBets" be physically removed from the event. "They aren't afraid of the name being used," said Rogozinski. "If they were, they'd have to sue the internet. What they're afraid of is the creator hanging out with his creation. They're afraid of the community's independence. And they're afraid it's evolved into something bigger than a subreddit." The irony is difficult to ignore. The original subreddit counts around three million subscribers, while conservative estimates place more than seven million WallStreetBets participants spread across other platforms. For a movement that built its reputation confronting corporate overreach, Reddit's decision to extend its authority beyond the confines of its web-based platform, reaching into real-world gatherings to police culture it did not create, risks stirring a hornet's nest with a long memory and a track record of collective action. The event formerly known as WallStreetBets Live, will proceed as scheduled on January 28-30 in Miami. In compliance with Reddit's demands, all references to the name will be physically redacted on-site. "Reddit's lawyers did one thing right," Rogozinski continued. "They proved exactly why we need a decentralized future. This event has become a live case study in what's broken about modern social media. Platforms can deplatform creators, and now, with courts backing them, they can appropriate what users build."

Read more of this story at Slashdot.

27 Jan 2026 1:50am GMT

Unusually detailed post explains how OpenAI handles the Codex agent loop.

26 Jan 2026 11:05pm GMT

Kirk Milhoan's comments come as federal vaccine policy slides to insignificance.

26 Jan 2026 9:31pm GMT

Company's autodiscover caused users' test credentials to be sent outside Microsoft networks.

26 Jan 2026 9:02pm GMT

9front, by far the best operating system in the whole world, pushed out a new release, titled "GEFS SERVICE PACK 1". Even with only a few changes, this is still, as always, a more monumental, important, and groundbreaking release than any other operating system release in history. Everything changes, today, because exec() now supports shell-scripts as interpreter in #!, improved sam scrolling, TLS by default in ircrc, and more. You're already running 9front, of course, but if you're one of the few holdouts still using something else, download GEFS SERVICE PACK 1 and install it.

25 Jan 2026 11:09am GMT

Your mission, should you choose to accept it, is to sneak into the earliest parts of the boot process, swap the startup config without breaking anything, and leave without a trace. Are you ready? Let's begin. ↫ Jynn Nelson Genius.

25 Jan 2026 10:56am GMT

Encrypting the data stored locally on your hard drives is generally a good idea, specifically if you have use a laptop and take it with you a lot and thieves might get a hold of it. This issue becomes even more pressing if you carry sensitive data as a dissident or whistleblower and have to deal with law enforcement. Or, you know, if you're an American citizen fascist paramilitary groups like ICE doesn't like because your skin colour is too brown or whatever. Windows offers local disk encryption too, in the form of its BitLocker feature, and Microsoft suggests users store their encryption keys on Microsoft's servers. However, when you do so, these keys will be stored unencrypted, and it turns out Microsoft will happily hand them over to law enforcement. "This is private data on a private computer and they made the architectural choice to hold access to that data. They absolutely should be treating it like something that belongs to the user," said Matt Green, cryptography expert and associate professor at the Johns Hopkins University Information Security Institute. "If Apple can do it, if Google can do it, then Microsoft can do it. Microsoft is the only company that's not doing this," he added. "It's a little weird… The lesson here is that if you have access to keys, eventually law enforcement is going to come." ↫ Thomas Brewster Microsoft is choosing to store these keys in unencrypted fashion, and that of course means law enforcement is going to come knocking. With everything that's happening in the United States at the moment, the platitude of "I have nothing to hide" has lost even more of its meaning, as people - even toddlers - are being snatched from the streets and out of their homes on a daily basis by fascist paramilitaries. Even if times were better, though, Microsoft should still refrain from storing these keys unencrypted. It is entirely possible, nay, trivial to address this shortcoming, but the odds of the company fixing this while trying to suck up to the current US regime seem small. Everybody, but especially those living under totalitarian(-esque) regimes, should be taking extra care to make sure their data isn't just encrypted, but that the keys are safe as well.

23 Jan 2026 11:43pm GMT

While starting this post I realized I have been maintaining personal infrastructure for over a decade! Most of the things I've self-hosted is been for personal uses. Email server, a blog, an IRC server, image hosting, RSS reader and so on. All of these things has all been a bit all over the place and never properly streamlined. Some has been in containers, some has just been flat files with a nginx service in front and some has been a random installed Debian package from somewhere I just forgot.

19 Jan 2026 12:00am GMT

In the recent blog post on the work funded by Sovereign Tech Fund (STF), we provided an overview of the "File Hierarchy for the Verification of OS Artifacts" (VOA) and the voa project as its reference implementation. VOA is a generic framework for verifying any kind of distribution artifacts (i.e. files) using arbitrary signature verification technologies. The voa CLI ⌨️ The voa project offers the voa(1) command line interface (CLI) which makes use of the voa(5) configuration file format for technology backends. It is recommended to read the respective man pages to get …

11 Jan 2026 12:00am GMT

In 2024 the Sovereign Tech Fund (STF) started funding work on the ALPM project, which provides a Rust-based framework for Arch Linux Package Management. Refer to the project's FAQ and mission statement to learn more about the relation to the tooling currently in use on Arch Linux. The funding has now concluded, but over the time of 15 months allowed us to create various tools and integrations that we will highlight in the following sections. We have worked on six milestones with focus on various aspects of the package management ecosystem, ranging from formalizing, parsing and writing of …

10 Jan 2026 12:00am GMT