fidzu : nerds

Longtime Slashdot reader schwit1 shares a report from PCMag: A lawsuit claims that WhatsApp's end-to-end encryption is a sham, and is demanding damages, but the app's parent company, Meta, calls the claims "false and absurd." The lawsuit was filed in a San Francisco US district court on Friday and comes from a group of users based in countries such as Australia, Mexico, and South Africa, according to Bloomberg. As evidence, the lawsuit cites unnamed "courageous whistleblowers" who allege that WhatsApp and Meta employees can request to view a user's messages through a simple process, thus bypassing the app's end-to-end encryption. "A worker need only send a 'task' (i.e., request via Meta's internal system) to a Meta engineer with an explanation that they need access to WhatsApp messages for their job," the lawsuit claims. "The Meta engineering team will then grant access -- often without any scrutiny at all -- and the worker's workstation will then have a new window or widget available that can pull up any WhatsApp user's messages based on the user's User ID number, which is unique to a user but identical across all Meta products." "Once the Meta worker has this access, they can read users' messages by opening the widget; no separate decryption step is required," the 51-page complaint adds. "The WhatsApp messages appear in widgets commingled with widgets containing messages from unencrypted sources. Messages appear almost as soon as they are communicated -- essentially, in real-time. Moreover, access is unlimited in temporal scope, with Meta workers able to access messages from the time users first activated their accounts, including those messages users believe they have deleted." The lawsuit does not provide any technical details to back up the rather sensational claims.

Read more of this story at Slashdot.

27 Jan 2026 7:00am GMT

An anonymous reader quotes a report from The Telegraph: China hacked the mobile phones of senior officials in Downing Street for several years, The Telegraph can disclose. The spying operation is understood to have compromised senior members of the government, exposing their private communications to Beijing. State-sponsored hackers are known to have targeted the phones of some of the closest aides to Boris Johnson, Liz Truss and Rishi Sunak between 2021 and 2024. It is unclear whether the hack included the mobile phones of the prime ministers themselves, but one source with knowledge of the breach said it went "right into the heart of Downing Street." Intelligence sources in the US indicated that the Chinese espionage operation, known as Salt Typhoon, was ongoing, raising the possibility that Sir Keir Starmer and his senior staff may also have been exposed. MI5 issued an "espionage alert" to Parliament in November about the threat of spying from the Chinese state. [...] The attack raises the possibility that Chinese spies could have read text messages or listened to calls involving senior members of the Government. Even if they were unable to eavesdrop on calls, hackers may have gained access to metadata, revealing who officials were in contact with and how frequently, as well as geolocation data showing their approximate whereabouts.

Read more of this story at Slashdot.

27 Jan 2026 3:30am GMT

Reddit has forced Jaime Rogozinski, the founder of infamous r/WallStreetBets, to strip the WallStreetBets name from an upcoming Miami conference after legal threats citing trademark rights. According to a press release, it's the "first known case of a social media company enforcing trademark control over a user-created community." From the report: After years of litigation, courts ultimately sided with Reddit in a decision now referred to as the "Rogozinski Ruling," a precedent that grants platforms broad authority to assert trademark ownership over user-created communities. That ruling now forms the basis for Reddit's demand that the words "WallStreetBets" be physically removed from the event. "They aren't afraid of the name being used," said Rogozinski. "If they were, they'd have to sue the internet. What they're afraid of is the creator hanging out with his creation. They're afraid of the community's independence. And they're afraid it's evolved into something bigger than a subreddit." The irony is difficult to ignore. The original subreddit counts around three million subscribers, while conservative estimates place more than seven million WallStreetBets participants spread across other platforms. For a movement that built its reputation confronting corporate overreach, Reddit's decision to extend its authority beyond the confines of its web-based platform, reaching into real-world gatherings to police culture it did not create, risks stirring a hornet's nest with a long memory and a track record of collective action. The event formerly known as WallStreetBets Live, will proceed as scheduled on January 28-30 in Miami. In compliance with Reddit's demands, all references to the name will be physically redacted on-site. "Reddit's lawyers did one thing right," Rogozinski continued. "They proved exactly why we need a decentralized future. This event has become a live case study in what's broken about modern social media. Platforms can deplatform creators, and now, with courts backing them, they can appropriate what users build."

Read more of this story at Slashdot.

27 Jan 2026 1:50am GMT

Unusually detailed post explains how OpenAI handles the Codex agent loop.

26 Jan 2026 11:05pm GMT

Kirk Milhoan's comments come as federal vaccine policy slides to insignificance.

26 Jan 2026 9:31pm GMT

Company's autodiscover caused users' test credentials to be sent outside Microsoft networks.

26 Jan 2026 9:02pm GMT