Snapchat, Skype Put Users' 'Human Rights at Risk', Amnesty Int'l Reports (cbsnews.com)

← Back to Stories (view on slashdot.org)

Snapchat, Skype Put Users' 'Human Rights at Risk', Amnesty Int'l Reports (cbsnews.com)

Posted by msmash on Tuesday October 25, 2016 @06:40AM from the privacy-woes dept.

Shanika Gunaratna, writing for CBS News: Snapchat and Skype are falling short in protecting users' privacy -- a failure that puts users' "human rights at risk," according to a report by the organization Amnesty International. Snapchat and Skype received dismal grades in a new set of rankings released by Amnesty that specifically evaluate how popular messaging apps use encryption to protect users' private communications. In the report, Amnesty is trying to elevate encryption as a human rights necessity, due to concerns that activists, opposition politicians and journalists in some countries could be put in grave danger if their communications on popular messaging apps were compromised. "Activists around the world rely on encryption to protect themselves from spying by authorities, and it is unacceptable for technology companies to expose them to danger by failing to adequately respond to the human rights risks," Sherif Elsayed-Ali, head of Amnesty's technology and human rights team, said in a statement. "The future of privacy and free speech online depends to a very large extent on whether tech companies provide services that protect our communications, or serve them up on a plate for prying eyes."Microsoft's Skype received 40 out of 100. WhatsApp fared at 73, and Apple scored 67 out of 100 for its iMessage and FaceTime apps. BlackBerry, Snapchat, and China's Tencent did 30 out of 100.

47 comments

Min score:

Reason:

Sort:

Human rights? by Anonymous Coward · 2016-10-25 06:42 · Score: 3, Insightful

You don't have any rights if you use a closed, proprietary communication system that reports directly to the US government.
1. Re:Human rights? by fbobraga · 2016-10-25 06:51 · Score: 0
  
  I'd rather be a Jewish lesbian woman in Saudi Arabia than a white male in the US
  Good luck with that...
2. Re:Human rights? by Streetlight · 2016-10-25 07:03 · Score: 1
  
  Where are going to go? Please let us know when you get there.
  
  --
  In a time of universal deceit, telling the truth is a revolutionary act. George Orwell
3. Re:Human rights? by Darinbob · 2016-10-25 07:17 · Score: 0
  
  As they say, it's better to live every day in mortal terror than to be forced to treat others as equals.
4. Re:Human rights? by Anonymous Coward · 2016-10-25 08:01 · Score: 1
  
  The day I turn 18
  Hey, I think I found one of the reasons why the level of discourse has dropped so sharply here in recent years.
5. Re:Human rights? by Anonymous Coward · 2016-10-25 08:10 · Score: 0
  
  YHBT. The kids are on reddit, not here.
6. Re: Human rights? by Anonymous Coward · 2016-10-25 18:43 · Score: 0
  
  As they say, it's better to live every day in mortal terror than to be forced to treat others as equals
  Both are horrible in their own way. People are not equals, and any society which uses threat, be it overt or otherwise, to force us to ignore that or any other objective reality is a terrible society.
Signal not mentioned by beckett · 2016-10-25 06:49 · Score: 4, Informative

Why didn't they compare the commercial offerings with Signal?

It's GPLv3, offers encrypted messaging and voice calls, and when served with a subpoena, Open Whisper Systems was only able to provide a confirmation of a user's account, and the last time they had logged in.
1. Re:Signal not mentioned by fbobraga · 2016-10-25 06:53 · Score: 2
  
  Very few people use Signal here, in Brazil (I can't understand why: I imagine is a publicity problem...)
2. Re:Signal not mentioned by Anonymous Coward · 2016-10-25 07:11 · Score: 0
  
  No video calls though, which, I believe, is the main reason people suffer skype at all.
  Last time I asked around for alternatives, someone suggested jitsi, which is open-source, does video calls and supports encryption.
  Haven't tried it yet, but if it does what it says on the tin, looks pretty good.
3. Re:Signal not mentioned by sirber · 2016-10-25 07:19 · Score: 4, Interesting
  
  I ran it a while. Had bugs, redphone crash and no way to disable it, installed version outdated that would stop working in 7 days, but no update available... I use Silence now, like Signal was before droping SMS support. No centralised server, no issues.
  
  --
  Be or ben't
4. Re:Signal not mentioned by fbobraga · 2016-10-25 07:26 · Score: 1
  
  Signal support SMS (I use that all the time)
5. Re:Signal not mentioned by Anonymous Coward · 2016-10-25 07:57 · Score: 0
  
  You need to use its companion offering, Noise. The trick is to use many more Signal clients than the companion client.
  That way you get a good
  <puts on sunglasses>
  Signal to Noise ratio!
6. Re: Signal not mentioned by Anonymous Coward · 2016-10-25 08:27 · Score: 1
  
  encrypted sms support was dropped
7. Re:Signal not mentioned by Anonymous Coward · 2016-10-25 11:10 · Score: 0
  
  That way you get a good
  
  <puts on sunglasses>
  
  Signal to Noise ratio!
  YEEEAA... uuhh, I guess.
8. Re:Signal not mentioned by johanw · 2016-10-25 11:50 · Score: 1
  
  You can use both, as I do. Silence is my default sms app, I don't use Signal for sms. I build Signal from source because I want a few changes in the product, like the encrypted backup back.
9. Re:Signal not mentioned by johanw · 2016-10-25 11:52 · Score: 1
  
  Meh, I only use Skype because it's some kind of standard in buisiness environments. Had all kinds of login problems lately because I use an "old" Skype account and won't turn it into a Microsoft account. Now that WhatsApp introduced video calls in their beta version I think that's about to change soon around here.
10. Re:Signal not mentioned by Anonymous Coward · 2016-10-25 19:53 · Score: 0
  
  The original report says:
  
  [Signal] has become widely recognized by cryptographers and security experts as the current “gold standard” for encryption applied to IM services [...] Amnesty International did not include OWS in its ranking as the report focuses on apps with the largest numbers of users.
But... by MitchDev · 2016-10-25 06:56 · Score: 2

...aren't Snapchat and Skype free?
Access to encryption is a right, but good software costs money, and is not a "right".
1. Re:But... by Anonymous Coward · 2016-10-25 07:04 · Score: 0
  
  What does them being made available for free have anything to do with anything else?
  This is about those apps protecting user data, not whether or not they cost money to the end user.
2. Re:But... by Anonymous Coward · 2016-10-25 07:56 · Score: 0
  
  Good software costs money? That's ludicrous. There's plenty of good, free software out there that can take the roll of Snapchat and Skype
  Signal and Tox come to mind.
3. Re:But... by Khyber · 2016-10-25 09:04 · Score: 1
  
  Signal and Tox do not do video worth a shit.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
4. Re:But... by johanw · 2016-10-25 11:53 · Score: 1
  
  Viber does, and they recently introduced end to end encryption.
5. Re:But... by MitchDev · 2016-10-26 00:22 · Score: 1
  
  So why complain about Skype and Snapchat, in the free department there are plenty of alternatives.
  It really just makes people come across as whiny entitlement bitches....
Skype Doesn't Claim Otherwise by rsmith-mac · 2016-10-25 06:58 · Score: 3, Insightful

I feel like Amnesty International has failed to put these various services in context.
Skype makes no claims that it is an anti-government service. It is subject to and complies with Lawful Intercept in the US and other countries. You should not treat it any differently than the local telco, because that's all Skype is trying to be.
1. Re:Skype Doesn't Claim Otherwise by fuzzyfuzzyfungus · 2016-10-25 07:05 · Score: 2
  
  While I would very much like to see improvements in the security of these services; it's also worth remembering that the 'alternative' is usually either POTS or cellular, provided by the local monopoly and/or cozy-cooperator-with-the-state.
  
  That doesn't diminsh the fact that, when doing communications software on a global scale, something that counts as 'eh, bug' in silicon valley may involve a one-way trip to the basement of the interior ministry for a bunch of users somewhere; but secure communications is something where the 'default' option is somewhere between 'completely useless' and 'actively hostile'. Phone networks were never built with privacy or security(aside from anything needed for billing purposes) in mind; and they've since sprouted all manner of surveillance tools.
  
  Just shrugging and saying 'Meh, the other guy is worse." isn't a good excuse; but it is worth remembering that people considering it to be a bug or vulnerability when eavesdropping succeeds is a pretty new feature.
2. Re:Skype Doesn't Claim Otherwise by mugurel · 2016-10-25 07:16 · Score: 1
  
  That's a straw-man. Amnesty International's is not arguing that these services should be anti-government, just that they come with basic precautions to ensure that communications that are meant to be private are actually private.
  To put it as a car-analogy, I think Amnesty envisions (end-to-end) encryption in messaging being standard, a bit like safety belts are standard in a car.
I sympathize with AI, but... by Nutria · 2016-10-25 07:09 · Score: 0, Offtopic

only 10% of Tor users are journalists, human rights activists, etc. A bit more than half use it to hide illegal activities.
(Yes, TFA is about messaging, but the whole "we must save encryption to protect the downtrodden" meme is just bogus.)

--
"I don't know, therefore Aliens" Wafflebox1
1. Re:I sympathize with AI, but... by mugurel · 2016-10-25 07:23 · Score: 2
  
  only 10% of Tor users are journalists, human rights activists, etc. A bit more than half use it to hide illegal activities.
  (Yes, TFA is about messaging, but the whole "we must save encryption to protect the downtrodden" meme is just bogus.)
  You got it backwards. To make your point about bogus, you should look at the percentage of journalists, human rights activists, etc. being Tor users, not the other way round.
2. Re:I sympathize with AI, but... by Anonymous Coward · 2016-10-25 11:54 · Score: 0
  
  ... protect the downtrodden.
  
  If you really want stop criminals, ban all handguns. There already legislated, so why not stop all those violent criminals and gang-related murders, easily? Of course, murderous criminals will obey the law, so the benefit will be immediate and total.
  I bet half of car drivers commit a crime in one day: So banning driving will instantly reduce the crime rate. Bank robbers and kidnappers won't be able to commit crimes using a vehicle, so those crimes will disappear too; trust me. Soon, we can all buy self-driving cars, so buses and trains will be a temporary measure and the crime rate will remain permanently low.
  
  ... 10% of Tor users are journalists, human rights activists.
  
  What percentage of journalists brought us the Pentagon papers, Watergate, the Snowden files? How many of those journalists worked on hiding or encrypting their communiques with informants and insiders? This is the sort of information that will disappear when one tries to expose all criminals.
  
  ... more than half use it to hide illegal activities.
  
  Because the world will be a much safer place when people stop buying prostitutes and cannabis. The war on drugs didn't stop drug-related crime; it made a few criminals very wealthy, which caused the US to throw due process and suspect's rights out the proverbial window, just to catch rich criminals. The war on terror didn't stop ISIS, al shabaab, Boko Haram, Ansar Dine, or Ansaru from spreading to other countries.
  People will still obey their need for hedonism (sex, drugs) or comfort (fame, money) or pride (fame, revenge). Writing some rules on a piece of paper doesn't automatically make the world a better place: Making everything illegal, only injures the obedient people.
3. Re:I sympathize with AI, but... by Anonymous Coward · 2016-10-25 15:28 · Score: 0
  
  only 10% of Tor users are journalists, human rights activists, etc. A bit more than half use it to hide illegal activities.
  (Yes, TFA is about messaging, but the whole "we must save encryption to protect the downtrodden" meme is just bogus.)
  What do you mean? Without the protection of Tor, much of this illegal activity couldn't safely take place. By engaging in such activity without Tor, these users may well find themselves attacked by the state. In this capacity, Tor is very much protecting the downtrodden.
  Besides, in several jurisdictions, journalists, whistle blowers, and human-rights activists are criminals by definition.
4. Re:I sympathize with AI, but... by Anonymous Coward · 2016-10-26 02:42 · Score: 0
  
  > only 10% of Tor users are journalists, human rights activists, etc. A bit more than half use it to hide illegal activities.
  And you know this how?
what crap, if you dont like it, dont use it by Anonymous Coward · 2016-10-25 07:10 · Score: 0

Remember kids, the producers don't have to.
no fucking telco by Anonymous Coward · 2016-10-25 07:13 · Score: 0

You should not treat it any differently than the local telco, because that's all Skype is trying to be.
They don't offer 911 emergency service, so WHY should they be treated as a telco?
1. Re:no fucking telco by Anonymous Coward · 2016-10-25 09:53 · Score: 0
  
  The Derp is strong with you. He's not talking from a regulatory standpoint, he's talking from an expectations and usage standpoint.
Re:Right not to use Encryption by Anonymous Coward · 2016-10-25 07:38 · Score: 0

Hobby projects are illegal. Where's your professional coder permit?
Article Source on AI website by Anonymous Coward · 2016-10-25 09:14 · Score: 0

Original source: https://www.amnesty.org/en/latest/news/2016/10/snapchat-skype-among-apps-not-protecting-users-privacy/
The ranking is not based on technical analysis but on E2E encryption, commitment to human rights and law enforcement policies.
Dangers of compromised communications by khz6955 · 2016-10-25 09:55 · Score: 1

"activists, opposition politicians and journalists in some countries could be put in grave danger if their communications on popular messaging apps were compromised."

It would help if the communications were not funnelled through Skype headquarters in north America and the encryption keys only resided on the client devices.
Enjoy been collected on by AHuxley · 2016-10-25 11:52 · Score: 1

So use that fact if your in the press. Plant lots of fiction based on your past reporting to bait or misdirect the nations tasked with illegal domestic collect it all.
If the brand was part of PRISM and was happy to decrypt for the US gov over the years keep mentioning that for free.
PRISM https://en.wikipedia.org/wiki/...

If you write on political issues, fill your messages with stories about contacts, news from new whistleblowers, about new emerging and past political intrigues.
Part of the tech media? A new free crypto that actually works as designed without a US trapdoor or backdoor designed in. That a select few in the press have been allowed to see but not mention yet is great bait.
Free OS security apps that can find zero day gov malware and track back its origins. Be super creative and push the limits of tech fiction.
Walk around areas of a city where it would be expected to meet with a mil/gov worker and keep the phone like device powered on.
Fake notes in a cafe and send then back "encrypted" details your office and residence in real time. Be very creative.
Make the brands popular messaging app collection irrelevant for both tracking and content. Give the tracking hardware and software to friends for a different walk or drive around.
You still have freedom of expression, freedom of the press and the freedom after speech. So be creative and help fill the tasking systems.
Be seen near any local protests, walk, carry a big old dslr, park locally to get your license plate near any event. If a chat down is induced by walking around in public, record it and put it on youtube with a lot of other first amendment audit videos.

The method in all this is to go from interesting member of the press or an interesting person to the security services to been very, very boring.
Got off their "Interesting People” list by using US device and software with junk encryption to flood illegal domestic collection with plain text fictional junk.
Illegal domestic collection only works if the product is good, the people been tasked are very real and can be sorted and tracked.
Go from a security risk to a risk to keep in any database due to all the fiction that clogs up domestic tasking.

--
Domestic spying is now "Benign Information Gathering"
Universal Declaration of Human Rights 1948. by Anonymous Coward · 2016-10-25 18:44 · Score: 0

Article 12
No one shall be subjected to arbitrary in terference with his/her privacy, family, home or correspondence, nor to attacks upon his/her honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
So, no need for the flamebait quote marks around privacy.... Oh wait, it interferes with your business model and your an American site/ideology, so what the hell, track everything.... ( Yeah I am trolling the poster, not everyone there. That would be most rude! :-) ). Mmm, conflict of interest? Yep.
FYI, Eleanor Roosevelt, helped in a huge way draft it, pity some of her grandchildren, have fallen so far from the tree.....
GreekGeek :-)
Good enough for the CIA by UberVegeta · 2016-10-25 22:47 · Score: 1

politicians and journalists in some countries could be put in grave danger if their communications on popular messaging apps were compromised.
Skype was good enough for the CIA to be discussing top-secret operations in real time when they were filming Homeland, so it ought to be secure enough for anybody.

--
I knew I needed to stop reading Slashdot and finish my PhD when I started to miss articles by Bennett Haselton.
Re:Hacking by Anonymous Coward · 2016-10-28 00:56 · Score: 0

I don't know about hacking but when my ex was cheating on me, a friend of mine referred me to Mr Robert I thought it wasn't real but he later proved me wrong by helping me to spy on my ex-husband and got me all the necessary evidence I needed. He helped me to hack and spy on his emails, mobile , all his social media and his bank accounts, Robert did all this remotely without touching his devices. You can contact him with mastershield55@gmail.com if you are in the same shoe as I was..