稍早 Telegram 创办人 Durov 又在他的个人频道开呛了，这边简单翻译了一下： 今年五月，我预测 WhatsApp 将会继续被爆出後门，严重的安全问题一个接着一个出现，就跟过往纪录一样 [1]。 这周新的後门又悄悄地被发现了 [2]，就像前两次被发现的後门， 这漏洞允许你手机上所有资料都让黑客及政府探员看爽爽，只要发个影片给你，所有资料都落入攻击者手中了 [3]。 In May, I predicted that backdoors in WhatsApp would keep getting discovered, and one serious security issue would follow another, as it did in the past [1]. This week a new backdoor was quietly found in WhatsApp [2]. Just like the previous WhatsApp backdoor and the one before it, this new backdoor made all data on your phone vulnerable to hackers and government agencies. All a hacker had to do was send you a video – and all your data was at the attacker’s mercy [3]. WhatsApp 不仅无法保护您的讯息安全，而且还一直作为特洛伊木马来监视您 WhatsApp 外的照片和讯息。 他们为何这麽做？Facebook 在收购 WhatsApp 之前就已经成为美帝棱镜计划的一员 [4][5]。 要是觉得被收购後政策会转弯就太天真了，尤其在 WhatsApp 创办人承认「我卖了所有使用者的隐私」後 [6]。 WhatsApp doesn’t only fail to protect your WhatsApp messages – this app is being consistently used as a Trojan horse to spy on your non-WhatsApp photos and messages. Why would they do it? Facebook has been part of surveillance programs long before it acquired WhatsApp [4][5]. It is naive to think the company would change its policies after the acquisition, which has been made even more obvious by the WhatsApp founder’s admission regarding the sale of WhatsApp to Facebook: “I sold my users’ privacy” [6]. 在本周被爆出此後门後，Facebook 坚称没有黑客成功利用後门的证据，试图使混淆民众视听 [7]。 当然没所谓的证据啦，想取得证据的话，要先能分析 WhatsApp 使用者分享的影片， 然而这并不会永久保存在他的伺服器上（而是透过 Google 及 Apple 的伺服器传送明码的讯息及影片 [8]）。 蒸蚌，都不用分析影响范围了 - 没证据？真方便 Following the discovery of this week’s backdoor, Facebook tried to confuse the public by claiming they had no evidence that the backdoor had been exploited by hackers [7]. Of course, they have no such evidence – in order to obtain it, they would need to be able to analyze videos shared by WhatsApp users, and WhatsApp doesn’t permanently store video files on its servers). So – nothing to analyze – “no evidence”. Convenient. 但请放心，这麽大的资安漏洞肯定早晚会被发现，就像之前用来反对人权运动及某些天真的记者一样 [9][10]。 今年九月有报导指出这些透过漏洞取得的资料会分享给美国探员们 [11][12]。 But rest assured, a security vulnerability of this magnitude is bound to have been exploited – just like the previous WhatsApp backdoor had been used against human rights activists and journalists naive enough to be WhatsApp users [9][10]. It was reported in September that the data obtained as a result of the exploitation of such WhatsApp backdoors will now be shared with other countries by US agencies [11][12]. 尽管有愈来愈多的证据显示 WhatsApp 是个钓个资的蜜罐（honeypot），专门骗那些到了 2019 仍相信 Facebook 的人， 但以善意推定来说，也可能只是不小心在所有程式都写出了严重的资安漏洞。 我相信 Telegram 在整体复杂度跟 WhatsApp 相似，但推出六年以来没有出过半个 WhatsApp 等级的纰漏。 非常不可能有人会不小心地犯下大型资安问题、常态性地为监控者开方便的小径。 Despite this ever-increasing evidence of WhatsApp being a honeypot for people that still trust Facebook in 2019, it might also be the case that WhatsApp just accidentally implements critical security vulnerabilities across all their apps every few months. I doubt that – Telegram, a similar app in its complexity, hasn’t had any issues of WhatsApp-level severity in the six years since its launch. It’s very unlikely that anyone can accidentally commit major security errors, conveniently suitable for surveillance, on a regular basis. 无论 WhatsApp 母公司的内心意图是什麽，对使用者的建议都一样： 除非你觉得你所有照片、讯息有天全被赤裸裸的公开在网路上很酷，否则你该从手机中把 WhatsApp 删了。 Regardless of the underlying intentions of WhatsApp’s parent company, the advice for their end-users is the same: unless you are cool with all your photos and messages becoming public one day, you should delete WhatsApp from your phone. 引用连结： [0] 此篇 Durov 频道原文 https://t.me/durov/109 [1] 为何 WhatsApp 永远不可能安全 https://tg.pe/Dx1 [2] WhatsApp 使用者急着更新程式以免监控威胁 https://tg.pe/Dx2 [3] WhatsApp 的 Android 及 iOS 使用者现正遭受有害影片的威胁 https://tg.pe/Dx3 [4] 关於棱镜计划你该知道的事 https://tg.pe/Dx4 [5] 美国 NSA 国安局从九大科技公司索取资料 https://tg.pe/Dx5 [6] WhatsApp 创办人：我卖了所有使用者的隐私 https://tg.pe/Dx6 [7] 黑客可用 WhatsApp 处理影片的漏洞取得你手机控制权 https://tg.pe/Dx7 [8] WhatsApp 储存未加密的备份资料在你的 Google Drive 云端硬碟 https://tg.pe/Dx8 [9] 上百位使用 WhatsApp 的记者、异议人士遭骇 https://tg.pe/Dx9 [10] 独家：各国政府官员的 WhatsApp 遭骇 https://tg.pe/DxA [11] 检警可以透过美国当局取得嫌疑犯的 Facebook 及 WhatsApp 讯息 https://tg.pe/DxB [12] Facebook、WhatsApp 将与英国警察分享讯息资料 https://tg.pe/DxC 转贴自 Telegram 频道： https://t.me/SeanChannel/92 --- 好像没听说 LINE 被嘴成这样，是外国人不屑台日韩市场吗 --

※ 发信站: 批踢踢实业坊(ptt.cc), 来自: 140.113.231.99 (台湾) ※ 文章网址: https://webptt.com/cn.aspx?n=bbs/Instant_Mess/M.1574272898.A.E23.html ※ Sean64:转录至看板 MobileComm 11/21 02:04 ※ 编辑: Sean64 (140.113.231.99 台湾), 11/21/2019 02:11:32