Ainsi, selon Gizmodo, l’avocat Ramon Rozas, du Maryland, a décidé de s’appuyer sur la note de blog de Moxie Marlinspike pour demander un nouveau procès pour son client.
« Un nouveau procès devrait être ordonné afin que la défense puisse examiner le rapport produit par le dispositif Cellebrite à la lumière de ces nouvelles preuves, et examiner le dispositif Cellebrite lui-même », explique-t-il dans sa demande.
On verra si les juges seront réceptifs à ce type d’argument. Si oui, les enquêteurs et les procureurs vont avoir problème, car ils s’appuient de plus en plus sur cet outil technologique.

A découvrir aussi en vidéo :

Cette méfiance n’apparaît pas qu’aux États-Unis. En Israël, un militant des droits de l’homme a demandé aux autorités d’arrêter toute utilisation de Cellebrite au sein des forces de l’ordre, tant que la fiabilité de l’appareil n’est pas analysée.
Cellebrite, de son côté, tente d’éteindre le feu. Selon Vice, le fournisseur aurait déjà diffusé un patch pour minimiser la surface d’attaque des failles en question, sans pour autant publier de communiqué officiel à ce sujet.

Sources : Gizmodo, Vice

A découvrir aussi en vidéo :

Le malware adapte son comportement en fonction du type de compte compromis (root ou non). Il est capable d’analyser le terminal infecté, d’exfiltrer des données sensibles et d’exécuter des plugins. Ces derniers n’ont toutefois pas pu être décortiqués par les chercheurs. Par ailleurs, on ne sait pas encore quel est le mode de diffusion de ce code malveillant. Enfin, les chercheurs ont remarqué que le code avait des similitudes avec Torii, un botnet d’objets connectés assez sophistiqué détecté en 2018 par Avast. Beaucoup de questions restent donc encore ouvertes sur ce curieux malware.

Source: Qihoo 360

This is why it’s so important to only use browsers you know will protect and improve your internet privacy. In this article, we explain how browsers capture so much information and which web browsers in 2019 are best at keeping your browsing history safe from data-hungry tech companies and advertisers

Further reading: Easy steps to improve your internet privacy

How you are tracked online

Before examining the impact your browser can have on your privacy, you need to understand how your online activity is monitored.

While having a company directly record your browsing history is a risk (see Google Chrome), the more common threats to your privacy come from online advertisers and third-party trackers. Similar to Google, advertisers and trackers want to record as much of your online browsing as possible. The more data they have, the better they can show you ads specifically tailored to you. The two tools they use to follow you around the Internet are device fingerprinting and cookies.

Device fingerprinting is when a site looks at all the characteristics of your device (the make and model of your device, what browser you are using, what plugins you have installed, what timezone you are in, etc.) until it has enough information to identify and follow it. Your device share this information to optimize the websites you visit. For example, websites want to know if you’re using a laptop or a smartphone so that it can select the correct font size and screen resolution. This can be surprisingly accurate. To see if your device has an easily identifiable fingerprint, check out the Electronic Frontier Foundation’s Panopticlick.
Cookies, or HTTP cookies, are tiny data packets that websites or services plant on your browser while you’re on a website. These cookies differentiate your browsers from others, like a nametag. 
The privacy risks of Chrome

Any discussion of privacy and Web browsers must begin with Google Chrome. It is, by far, the most popular Web browser. Chrome handles over 60 percent of web traffic. This is unfortunate because Google uses Chrome as a window to peer into every action you take online. Unless you modify your Google privacy settings, Chrome records every site you visit so Google can serve you targeted ads.

Even worse, Chrome does very little to block other advertisers and trackers from monitoring you with cookies or device fingerprinting. A Washington Post article reported Chrome gathers roughly 11,000 trackers in an average week. Do you want 11,000 pairs of eyes on you every time you do an Internet search?

[embedded content]

However, you do not need to give away your personal data to access the Internet.

There are Internet browsers that do not record your every action and protect you from trackers. Switching from Chrome to one of the following browsers can drastically reduce the amount of data you are inadvertently sharing as you browse the Internet.

Further reading: Gmail’s privacy problem and why it matters

Best secure and privacy-first web browsers: 
1. (tie) Brave

The Brave browser was designed to make privacy simple enough for everyone. It is an open source browser built on top of Chromium (an open source version of the Chrome browser), which means it’s easy for Chrome users to make the switch.

However, unlike Chrome, Brave does not collect any data about your online activity. Your data remains private and on your device.

Brave also makes blocking trackers easy. Instead of forcing users to decide which plugins and browser extensions they should download, Brave comes fully equipped. It automatically blocks all third-party and advertising cookies, and because HTTPS Everywhere is built-in, it ensures all your connections are securely HTTPS encrypted. Brave also features Fingerprinting Protection in the browser.

The company also has a social mission: to encourage websites not to rely on advertising based on tracking you around the Internet. Brave has introduced a system that allows you to reward creators and sites you visit directly.

Called Brave Rewards, it uses a utility token called a Basic Attention Token and enables you to anonymously reward the websites you visit most. Brave also has opt-in, privacy-preserving Brave Ads, and users who choose to view them earn 70% of the ad revenue, which they can then use to reward their favorite online creators.

Brave is available for desktop, Android, and iOS. 

1. (tie) Firefox 

The open source Firefox is the third-most-popular browser on the Internet, behind Google’s Chrome and Apple’s Safari. Developed by Mozilla, the Firefox team has improved the browser’s privacy protections in recent years.

They have introduced advanced anti-fingerprinting and Enhanced Tracking Protection features this year, both of which make it much more difficult for third-party trackers to follow you around the Internet.

Unlike Brave, the standard Firefox does not automatically block advertisements. However, there are numerous browser extensions that you can download that will prevent advertisers from getting your information or showing you ads.

Or, if you primarily browse the Internet on your mobile device, Firefox Focus incorporates automatic ad blocking. (Focus was developed as an ad blocker for Safari, but was then transformed into a minimalistic privacy browser for Android users.) 

Firefox is available for desktop, Android, and iOS. 

3. Tor browser

As we have discussed elsewhere, Tor is the best option if privacy is your utmost concern. The Tor browser is based on Firefox, but it has been stripped down and specially calibrated to run on the Tor network.

When you use Tor, your traffic is encrypted three times and bounced between three Tor servers before it reaches your desired website. The encryption is handled in such a way that each server only has access to one set of instructions, so no server has access to both your IP address and the website you are visiting.

This setup makes it impossible for Tor to keep any records about your online activity, and every time you close your session, the browser deletes your cookie cache and browsing history. The browser itself is formatted to prevent fingerprinting, and it blocks all kinds of trackers.

Unfortunately, it also blocks a lot of plugins that websites rely on. For example, with its privacy settings fully activated, the Tor browser will block JavaScript. JavaScript can expose user information, but blocking it can make websites unusable. Using Tor can also mean performing endless CAPTCHA verifications when you try to access larger sites. Finally, the Tor browser is slower than other browsers because of the extra encryption.

Download the Tor browser app for desktop and Android, as well as a Tor-approved open source Onion browser for iOS.  

4. DuckDuckGo (honorable mention)

Unlike the other browsers mentioned above, DuckDuckGo does not have a standalone desktop browser, which means it is only a solution if you are browsing the Internet on your smartphone or tablet. With the DuckDuckGo browser, your browsing history never leaves your device. Deleting your entire browsing history is as easy as tapping a single button.

It automatically blocks ads, stops third-party trackers, and ensures HTTPS encryption on all sites where that’s possible. One feature that does set it apart is the Privacy Grade it gives each site. This makes it easy for you to evaluate how much data each website collects from you, with and without DuckDuckGo’s protections, at a single glance.

The DuckDuckGo browser is available for Android and iOS.
You can also use the extension for Chrome and Firefox.

The Web browser you choose can have a dramatic impact on your overall online privacy. By switching to one of the privacy-focused browsers in this article, you can protect your browsing history from the companies and trackers that want to monitor your every digital move.

What’s your favorite web browser? Let us know in the comments below on Twitter or Reddit.

Best Regards,
The ProtonMail Team

You can get a free secure email account from ProtonMail here.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support.

Cela vous intéressera aussi

[EN VIDÉO] Qu'est-ce qu'une cyberattaque ?  Avec le développement d'Internet et du cloud, les cyberattaques sont de plus en plus fréquentes et perfectionnées. Qui est derrière ces attaques et dans quel but ? Quelles sont les méthodes des hackers et quelles sont les cyberattaques les plus massives ? 

Pour espionner et contre-espionner, les agences du renseignement de n'importe quel pays utilisent les mêmes outils que les pirates : des malwares. Tout est secret défense, mais Kaspersky pense avoir mis la main sur les logiciels utilisés par la CIA. Bien évidemment, en prenant le soin de ne pas la nommer.

Dans son rapport trimestriel, le seul célèbre éditeur d'antivirus explique ainsi qu'il a étudié des échantillons de malwares envoyés en février 2019 aux experts de sécurité. C'est ce qui se fait habituellement, et les plus grands antivirus sont chargés de les analyser pour renforcer la protection de leurs solutions, mais aussi de faire le point sur les menaces actuelles.

Une variante d'un cheval de Troie utilisé depuis 2014

Certains des échantillons ne peuvent être associés à aucune activité connue. Kaspersky explique qu'il a alors isolé les malwares les plus sophistiqués, et les experts ont découvert des similitudes dans le codage, le style et les techniques utilisés dans la famille des logiciels malveillants dits Lambert. Il y a quatre ans, sous le nom de Vault7, WikiLeaks avait révélé au grand public les outils de la CIA et, chez Kaspersky, on avait décidé de les classer sous le nom de Lambert, avec un code couleur pour chaque variante.

Aujourd'hui, il s'agit donc de Purple Lambert, et ce cheval de Troie permet de surveiller l'activité du réseau sur l'ordinateur infecté. C'est un malware passif, qui agit en arrière-plan, et selon Kaspersky, son code date de 2014. C'est une découverte extrêmement rare et, bien sûr, l'éditeur ne nomme pas la CIA... Mais comme il range sa découverte dans la « famille Lambert », forcément, il s'agit des toolkits de piratage utilisés par le renseignement américain dans le passé contre l'« État islamique », ou encore le secteur de l'aviation civile chinoise.

Intéressé par ce que vous venez de lire ?

Lien externe

Définitions associées

All solutions support integration into directory services. External users can join Threema Work without having to complete a tedious registration process and even without providing a phone number or email address. On top of that, Threema Work can also be restricted to a closed user group.

Not to offer an option to archive user chats on a central server (e.g., for compliance purposes) is a deliberate decision of Threema Work because this would, in theory, allow the service provider to access message contents, which, in turn, would render the security benefits of end-to-end encryption completely useless.

At Proton, we view end-to-end encryption as a core requirement for any messenger app that claims to be secure and private. This means messages are encrypted on your device and can only be decrypted on the device of the intended recipient. 

WhatsApp uses end-to-end encryption, so the actual messages are therefore secure on the platform. But this does nothing to stop Facebook from abusing metadata: information about whom you communicate with, from where, at what time, how often, and from which device.

Open source code is another important indicator that a service is secure. By publishing an app’s code publicly, anyone can examine it to ensure the app is doing what it is supposed to be doing. We believe open source is one of the best indicators that an app can be trusted.

We have therefore limited the following list of best WhatsApp alternatives to open source messaging apps that use end-to-end encryption (E2EE). Please note that apps are not reviewed in any particular order.

Signal

Pro

Free
Very good encryption
Almost no metadata kept
Protocol independently audited
Seamless to use on Android
Disappearing messages
E2EE text, voice, and video group chat

Cons

Requires a valid phone number to register
Hosted on Amazon Web Services (AWS)

The Signal messaging protocol is an end-to-end messaging protocol developed by the Signal Foundation, a non-profit organization founded by cryptographer and privacy activist Moxie Marlinspike. The Signal Protocol is open source, has been professionally audited for security vulnerabilities, and is widely admired for its cryptographic strength. 

Because of the quality of the Signal protocol, it is used by a variety of third-party messaging apps to provide secure end-to-end encryption for messages. These include WhatsApp, Facebook Messenger, and Skype, Unlike WhatsApp and other third-party apps that implement the Signal protocol, however, the Signal app from the Signal Foundation is 100% open source. 

Crucially, in light of recent heightened awareness about WhatsApp’s privacy policies, the Signal app and Signal Foundation keep almost no metadata related to the app’s usage. Only “the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service.” This is a claim that has been proven in court.

The app app itself has not been audited, however, and some security concerns exist around Signal’s reliance on Intel Software Guard Extensions (SGX). In theory, this could result in users’ metadata and data(but not messages) being compromised at the server level. This is a particular concern because Signal uses AWS to host its infrastructure, which is subject to legal demand from the US government.

Unlike WhatsApp, Signal is designed to replace your phone’s regular SMS messenger app on Android (not iOS). Texts exchanged to other Signal users are end-to-end encrypted, but texts to non-Signal users are not. Signal will warn you when messages are sent unencrypted. 

This makes Signal very transparent in use, but the fact that users must register with a valid phone number in order to match contacts is also the main source of criticism the app receives. It should be noted, though, that contacts are stored locally only and cannot be accessed by Signal Foundation.

In addition to messages, Signal supports disappearing messages, E2EE group voice chats, and now group video chats between up to eight users. Signal is a non-profit organization that relies on donations to operate.

Telegram

Pros

Free
Channels for broadcasting messages
Bots for managing groups
Sync across multiple devices (not E2EE)
Polls, stickers, sharing live location, identity management
E2EE 1-1 text, voice, and video chat

Cons

Encryption concerns
Only Secret Chats are E2EE 
Group chats (text or voice) are not E2EE
Collects lots of metadata
No group video chats
Requires a valid phone number to register
Headquartered in the UAE, which is not known for human rights or privacy from the government (despite having some strong privacy laws)

With over 500 million users, Telegram is a very popular WhatsApp alternative. A big part of this popularity is the widespread perception that Telegram is highly secure, a perception only heightened by a number of governments, notably Indonesia, Russia, and Iran, trying to block or ban the app.

There are, however, some big caveats regarding the security that Telegram offers its users. Regular default “Cloud-based messages,” that can be accessed on any of a user’s devices, are encrypted in transit and when stored on Telegram’s servers, but they are not end-to-end encrypted. Only client-to-client “secret chats” are end-to-end encrypted. Secret Chats are not available for groups or channels.

The open source in-house MTProto encryption used to secure communications in Telegram (whether E2EE or otherwise) has come under criticism from security experts, although the new version (MTProto 2.0) has been formally verified to be cryptographically sound. The Telegram API and all Telegram apps are open source, but its server-side backend is not. 

Another issue is that Telegram may collect a great deal of metadata from users: “We may collect metadata such as your IP address, devices and Telegram apps you’ve used, history of username changes, etc.”

On the other hand, Telegram has built its own secure cloud infrastructure, distributed across the globe. The encryption keys used to secure the Telegram Cloud are split in pieces and never stored in the same place as the information they protect.

Security considerations aside, a key feature that contributes to Telegram’s popularity (especially in repressive countries such as Iran, where it enjoys over 40 million users despite government attempts to regulate use of the service) is support for “channels.” Users can create and post to channels that any number of other users can subscribe to. 

Public channels can be created using an alias and a URL that anyone can subscribe to, making Telegram a powerful tool for organizing resistance and disseminating information in repressive countries. 

Other features that help make Telegram popular include polls, stickers, sharing live locations in chats, and an online authorization and identity management system for those who need to prove their identity. A bots feature assists managing groups and channels. 

It also features One-to-one voice and video chats are fully end-to-end encrypted, although group voice chats are not. Group video calls are not supported.

Telegram is funded by public donations (notably from its own founder, Pavel Durov), although it is possible in-app monetization features will be introduced in the future.

Threema

Pros

No phone number or email required to sign up
Almost no metadata kept
Independently audited 
Swiss-based with own servers
GDPR compliant
E2EE group text and voice chat
Group polling and distribution lists (Android only)

Cons

Not free
Relatively small userbase
No group video calls

Like Proton, Threema is based in Switzerland, a country with very strong data privacy laws and independent from the United States and European Union. It also owns its own server infrastructure located in Switzerland. 

All Threema’s apps use the open source NaCl cryptography library for end-to-encryption of all communications, and all have been recently audited (in 2020) by security professionals. 

An email address or phone number is not required to register an account, and it is possible to purchase Threema for Android anonymously using Bitcoin. Threema claims this allows you to text and make calls anonymously, and it goes to lengths to ensure that a minimum amount of metadata is collected. 

The fact that the app is not free is likely to be a pain point for some, but at around US$3 (one-time purchase), it’s unlikely to break the bank for most. This may contribute, however, to one of the biggest downsides with Threema: that its userbase is relatively small. 

The Android app features distribution lists that allow you to send messages to multiple separate recipients. In addition to fully E2EE group text and voice calls, Threema offers a group polling feature. E2EE video calls are supported, but not for groups.

Wickr Me

Pros

Free
Built for ephemeral messaging
Anti-censorship feature
E2EE group text and voice chat
No phone number or email needed for signup

Cons

Apps themselves are not open source 
Security audits are not published
No video chat (although available on free Pro version of app)

There are three Wickr apps, with the free Wickr Me being the version designed for personal use. The lowest tier of the more Slack-like Wickr Pro is also free, although it requires you to verify your identity at start-up.

Wickr Me places ephemeral messaging front and center, with messages disappearing from both the sending and receiving devices after a set period of time (six days by default). Undelivered messages sitting on Wickr servers are also deleted after this time.

You can also set a Burn-On-Read timer to determine how long a message lasts before self-destructing once it has been read. If it is not read then it will self destruct at the end of the message timer length. All metadata is scrubbed once a message is opened or expires (whichever comes first)

Wickr advertises itself as open source software, but there are a couple of major caveats to this claim. The code for the core wickr-crypto-c end-to-end encryption protocol that underpins all Wickr apps is available on Github for anyone to examine, but licencing restrictions mean that it cannot truly be described as open source.

More serious from a security stand-point, though, is that while the core crypto protocol is source-available, the code for the Wickr apps themselves is not. Wickr says that its code has undergone multiple independent security audits, but the full results of these audits are not publicly available.

No phone number or email is needed to register with the service. Up to 10 people can be invited into a room or end-to-end encrypted text or voice group chat. Video conferencing is not available in Wickr Me, although it is supported in the Wickr Pro app (including E2EE group chat with all room members).

Wickr is hosted on public server networks (such as Google and AWS), but has partnered with Psiphon to offer Wickr Open Access, a powerful anti-censorship feature.

Wickr Me is free, but it is funded through Wickr’s premium Pro and Enterprise apps. 

Wire

Pros

Free option
E2EE text, voice, and video group chats
Syncs across up to eight devices
Advanced video conferencing features

Cons

Quite a lot of metadata logged (and possibly stored in plaintext)
Phone number or email address required to register

Wire is another service based in privacy-friendly based in Switzerland. A phone number or an email email to register. In order to facilitate syncing across multiple devices, however, Wire keeps quite a lot of metadata. 

For years Wire kept a list of all users a customer has contacted in plaintext on their servers until an account is deleted, and it is unclear if this practice continues. Wire’s privacy white paper, however, makes it clear it logs data such as the participants in a group chat and user-defined folders used for organizing chats. 

The functional benefit of this is that it allows Wire to work across multiple devices in a way most E2EE messenger apps (including Signal) do not. It’s also worth noting that Edward Snowden recommends using Wire (or Signal).

Wire uses the Proteus protocol to provide end-to-end encryption for text messages. Proteus is an early fork from the code that went on to become the Signal Protocol. Proteus, and all Wire apps, have been publicly audited (making Wire the only app we are aware of to have this done).

Voice (up to 25 participants) and video calls (up to 12 participants) are end-to-end encrypted using DTLS with an SRTP handshake.

The app does support advanced video conferencing features that will appeal to business users, though, including screen sharing, screen recording, and advanced meeting scheduling.

Wire is keen to push users toward its premium Pro and Enterprise products, but a free version is available which offers similar features to the Pro app.

Element (was Riot.im)

Pros

Free option
Server federation
“Bridges” for interoperability with other apps
E2EE text chat
No phone number or email needed for signup

Cons

Questions over Matrix server network reliability
Not fully audited

All the other messenger apps discussed in this article rely on a centralized server network to function (although, as in the case of using AWS, this can be a highly distributed network).

Element is instead built on the idea of federation. Users can set up their own servers using the Matrix communications protocol or connect to Matrix servers that have been set up by other users. Federation has received the support of Edward Snowden, but remains a controversial idea due to the potentially unreliable ad-hoc peer-to-peer nature of such a network.

Matrix servers are interoperable, so any user of any Matrix client (Element is the most popular of these) can communicate with any other Matrix user. Matrix “bridges” even allow for communication with the users of other popular messaging platforms, such as Signal, Slack, or even WhatsApp.

Matrix (and thus Element) uses the Olm implementation of the Double Ratchet algorithm, with Megolm used for group communications. All Element apps, plus the Matrix protocol itself, are open source, but have not been formally audited. Olm and Megolm, however, have.

An email or phone number is not required to register with Element, although these can be added to make contact matching easier. By default, messages are hosted on a large public server run by Matrix, but you can connect to any Matrix server or set one up yourself in a matter of seconds.

All text chats and 1:1 voice and video calls are end-to-end encrypted. Group voice and video calls ( which also allow screen sharing) leverage Jitsi ( without E2EE support in Element at the present time). The Element app is free, but premium plans are available for Element-managed Matrix servers.

Keybase

Pros

Free (funding model is unclear)
E2EE text chats with support for public and private channels
Can connect to people via their social media profiles with PGP verification
Syncs across multiple devices
Self-destructing messages
Stellar wallet
250 GB free storage per user
Encryption is not TOFU

Cons

Owned by Zoom
A lot of metadata logged (much of it shared on a public blockchain)

Keybase is a free and open source (FOSS) messenger app (servers are not open source) that end-to-end encrypts all texts and files between users. Voice and video calls are not supported directly, but are possible using a (not E2EE) Jitsi bot.

E2EE group chat, with support for private and public “Teams” (i.e., channels) is end-to-end encrypted.

Keybase is notable for allowing you to connect to others using their social media (Twitter, GitHub, Reddit, Hacker News, and Mastodon) identities, which are verified using PGP encryption keys. No phone number or email address is required, and the app will sync across multiple devices. 

The PGP-based end-to-end encryption used by Keybase is solid and underwent a full independent audit in 2019. Interestingly, Keybase is almost unique in not supporting Trust On First Use (TOFU) when connecting to servers. This helps to make it resistant to man-in-the middle attacks.

The app also offers self-destructing messages; bots to automate your Keybase tasks; a Stellar wallet; full PGP support for encrypting and decrypting messages and files; and 250 GB free storage per user.

However, messages are stored on centralized servers (based in the US), which log a worrying amount of personal data. This includes your Team names and memberships, hashed passwords, account activity, your Keybase user ID and your IP address, network activity, and more. Not only is information stored encrypted, but much of it is added (in hashed form) to a public blockchain.

Arguably even more concerning is that Keybase is now owned by Zoom, a company widely criticized for its many privacy and security lapses, and which may be subject to pressure from the Chinese government. The fact that it is not clear how Zoom benefits from offering Keybase for free may also be a reason for concern.

Final thoughts

As a replacement for WhatsApp as a general purpose messenger that genuinely respects your privacy, Signal is an obvious choice, although being hosted on AWS servers remains a concern in light of its reliance on SGX. The security concerns around Telegram make it harder to recommend as a simple messenger, although its “channels” feature remains a powerful tool for organizing resistance in restrictive countries.

Another alternative for secure communication is end-to-end encrypted email. The biggest benefit of ProtonMail is its interoperability: You don’t need to have your recipient using the same messenger service to benefit from end-to-end encryption because, unlike any of the messenger apps discussed here, you can send end-to-end encrypted messages to anyone who has an email address using our Encrypt for non-ProtonMail users feature. The simplest way to benefit from E2EE, though, is to have both ends of the conversation using ProtonMail. Our servers are located in privacy-friendly Switzerland, and as with the messenger services discussed in this article, ProtonMail apps are open source.

The other apps discussed above all offer useful features that will appeal to those who need them, whether it’s anonymous sign-up, business collaboration tools, or server federation. Element/Matrix is a particularly strong choice for privacy enthusiasts, although its niche user base severely hampers its practicality as as a WhatsApp replacement.

As you take back your privacy in the digital age, anything you do to move more of your personal data behind strong encryption is an important step toward building an internet that puts people first.

FAQ

What are the dangers of using WhatsApp?

Since 2016, WhatsApp has shared the vast majority of its users’ transactional data and metadata with Facebook. A new privacy statement, which users must agree to by May 15, 2021, or use access to their accounts, “clarifies” this situation.

Information shared by WhatApp with Facebook includes your IP address, device ID, operating system, browser details, mobile network information, who you message, how long and how often you interact with them, transaction and payment data, and more.

Is WhatsApp chat private?

Messages in WhatsApp are end-to-end encrypted using the Signal protocol. This means only you and the intended recipient(s) can read your actual messages. So WhatsApp is secure. It does, however, collect a lot of metadata that is damaging to your privacy (see above).

What is the safest messaging app?

Signal is both highly secure and respects your privacy. We discuss it, plus the pros and cons of other good WhatsApp alternatives, in this article. 

How can WhatsApp be free?

WhatsApp is owned by Facebook, which makes a huge amount of money from invading users’ privacy in order to better target you with personalized ads. WhatsApp adds to the data Facebook knows about you by sending a great deal of metadata regarding your use of WhatsApp to Facebook. 

Note that, as Signal and some of the other apps discussed in this article, show, it is possible to offer a free messaging app without invading users’ privacy in this way.

Return to table

Footnotes:

All Telegram apps are open source, but the backend isn’t. This would not really be an issue if all communications were E2EE, but they are not by default (and no group chat is E2EE).
By default, Telegram chats are not end-to-end encrypted. Only client-to-client “secret chats” are. Secret chats are not available for groups or channels.
The 2015 audit of MTProto protocol was not very favorable. MTProto 2.0 has been formally verified to be cryptographically sound.
Wickr says its code has undergone multiple independent security audits, but the full results of these audits are not publicly available.
The Element apps and the Matrix protocol have not been formally audited. However, the Olm and Megolm protocols that underpin Matrix have.
All metadata is scrubbed once a message is opened or expires (whichever comes first).
Contacts can be added using social media profiles and verified using PGP keys.
Wickr has partnered with Psiphon to offer Wickr Open Access, a powerful anti-censorship feature for its servers.
Element and/or Matrix don’t actually own their own servers, but new Matrix servers can be set up within minutes on any server platform (or can be self-hosted). It is therefore almost impossible to shut down or block access to the Matrix platform. 
Wire is based in Switzerland and all users outside the United States are subject to Swiss law. US users, however, are subject to US law.
Matrix is a community-developed open source platform whose federated servers can be hosted anywhere in the world. 
Keybase is owned by Zoom, which may also be subject to pressure from China.

Return to table

Their products have often been linked to the persecution of imprisoned journalists and activists around the world, but less has been written about what their software actually does or how it works. Let’s take a closer look. In particular, their software is often associated with bypassing security, so let’s take some time to examine the security of their own software.

The background

First off, anything involving Cellebrite starts with someone else physically holding your device in their hands. Cellebrite does not do any kind of data interception or remote surveillance. They produce two primary pieces of software (both for Windows): UFED and Physical Analyzer.

UFED creates a backup of your device onto the Windows machine running UFED (it is essentially a frontend to adb backup on Android and iTunes backup on iPhone, with some additional parsing). Once a backup has been created, Physical Analyzer then parses the files from the backup in order to display the data in browsable form.

When Cellebrite announced that they added Signal support to their software, all it really meant was that they had added support to Physical Analyzer for the file formats used by Signal. This enables Physical Analyzer to display the Signal data that was extracted from an unlocked device in the Cellebrite user’s physical possession.

One way to think about Cellebrite’s products is that if someone is physically holding your unlocked device in their hands, they could open whatever apps they would like and take screenshots of everything in them to save and go over later. Cellebrite essentially automates that process for someone holding your device in their hands.

The rite place at the Celleb…rite time

By a truly unbelievable coincidence, I was recently out for a walk when I saw a small package fall off a truck ahead of me. As I got closer, the dull enterprise typeface slowly came into focus: Cellebrite. Inside, we found the latest versions of the Cellebrite software, a hardware dongle designed to prevent piracy (tells you something about their customers I guess!), and a bizarrely large number of cable adapters.

The software

Anyone familiar with software security will immediately recognize that the primary task of Cellebrite’s software is to parse “untrusted” data from a wide variety of formats as used by many different apps. That is to say, the data Cellebrite’s software needs to extract and display is ultimately generated and controlled by the apps on the device, not a “trusted” source, so Cellebrite can’t make any assumptions about the “correctness” of the formatted data it is receiving. This is the space in which virtually all security vulnerabilities originate.

Since almost all of Cellebrite’s code exists to parse untrusted input that could be formatted in an unexpected way to exploit memory corruption or other vulnerabilities in the parsing software, one might expect Cellebrite to have been extremely cautious. Looking at both UFED and Physical Analyzer, though, we were surprised to find that very little care seems to have been given to Cellebrite’s own software security. Industry-standard exploit mitigation defenses are missing, and many opportunities for exploitation are present.

As just one example (unrelated to what follows), their software bundles FFmpeg DLLs that were built in 2012 and have not been updated since then. There have been over a hundred security updates in that time, none of which have been applied.

The exploits

Given the number of opportunities present, we found that it’s possible to execute arbitrary code on a Cellebrite machine simply by including a specially formatted but otherwise innocuous file in any app on a device that is subsequently plugged into Cellebrite and scanned. There are virtually no limits on the code that can be executed.

For example, by including a specially formatted but otherwise innocuous file in an app on a device that is then scanned by Cellebrite, it’s possible to execute code that modifies not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports from all previously scanned devices and all future scanned devices in any arbitrary way (inserting or removing text, email, photos, contacts, files, or any other data), with no detectable timestamp changes or checksum failures. This could even be done at random, and would seriously call the data integrity of Cellebrite’s reports into question.

Any app could contain such a file, and until Cellebrite is able to accurately repair all vulnerabilities in its software with extremely high confidence, the only remedy a Cellebrite user has is to not scan devices. Cellebrite could reduce the risk to their users by updating their software to stop scanning apps it considers high risk for these types of data integrity problems, but even that is no guarantee.

We are of course willing to responsibly disclose the specific vulnerabilities we know about to Cellebrite if they do the same for all the vulnerabilities they use in their physical extraction and other services to their respective vendors, now and in the future.

Below is a sample video of an exploit for UFED (similar exploits exist for Physical Analyzer). In the video, UFED hits a file that executes arbitrary code on the Cellebrite machine. This exploit payload uses the MessageBox Windows API to display a dialog with a message in it. This is for demonstration purposes; it’s possible to execute any code, and a real exploit payload would likely seek to undetectably alter previous reports, compromise the integrity of future reports (perhaps at random!), or exfiltrate data from the Cellebrite machine.

The copyright

Also of interest, the installer for Physical Analyzer contains two bundled MSI installer packages named AppleApplicationsSupport64.msi and AppleMobileDeviceSupport6464.msi. These two MSI packages are digitally signed by Apple and appear to have been extracted from the Windows installer for iTunes version 12.9.0.167.

The Physical Analyzer setup program installs these MSI packages in C:\Program Files\Common Files\Apple. They contain DLLs implementing functionality that iTunes uses to interact with iOS devices.

The Cellebrite iOS Advanced Logical tool loads these Apple DLLs and uses their functionality to extract data from iOS mobile devices. The screenshot below shows that the Apple DLLs are loaded in the UFED iPhone Logical.exe process, which is the process name of the iOS Advanced Logical tool.

It seems unlikely to us that Apple has granted Cellebrite a license to redistribute and incorporate Apple DLLs in its own product, so this might present a legal risk for Cellebrite and its users.

In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software. Files will only be returned for accounts that have been active installs for some time already, and only probabilistically in low percentages based on phone number sharding. We have a few different versions of files that we think are aesthetically pleasing, and will iterate through those slowly over time. There is no other significance to these files.

Tweet Facebook

Want to get involved with Signal? We're hiring!

If you believe, like us, that privacy is a human right, Android is something of a nightmare. Most people who use Google services are aware the company is tracking their location, checking which websites they go to, recording their voice, and reading their emails. What a lot of people forget is that Android was developed by Google, and is one of the most important tools for this data collection.

It is possible, though, to use Android in a way that drastically limits the amount of data you are sharing with Google (and other companies who want your data). In this guide, we’ll show you how to do that.

In each step below, we’ll show you how to use the settings menu on your device to increase your security and privacy. Most of the menus we mention will be the same for most current Android devices, but since devices vary you might find these options in a slightly different location or named differently. With a little poking around in your device’s menu, you should be able to find the relevant option. 

The basic principle: Turn everything off

Before we begin with the specific steps necessary to make your Android device more private, let’s highlight a basic principle of using your phone: turn off all the connectivity you do not need.

This goes for whatever smartphone, and whichever operating system, you have. Don’t let your phone connect to unknown WiFi networks because they may be a source of malware. Don’t leave your Bluetooth on because there are plenty of Bluetooth security vulnerabilities. Don’t connect your phone to your computer (if you can avoid it), because smartphones can also act as a reservoir of malware, and your phone can be infected without you realizing it. 

In short: if you are not using a service right now, turn it off.

With that out of the way, let’s make your phone more secure. Here is a short(ish) list of how to do that.

1. Avoid Google Data Protection

First and foremost, you should be aware of Google’s fake commitment to privacy and limit the data the company collects from your phone. Android phones let you do this, but it is hidden. Go to your settings, and look for “activity controls.” Here, you can limit the data that Google is collecting via your phone. 

Going further, you can even use your Google device without signing into your Google account. Unfortunately, this really limits what you can do with your phone. 

2. Use a PIN

Another basic privacy step is to lock your phone with a personal identification number (PIN). Locking your phone prevents random strangers from being able to get into it and keeps your data private in the event that your phone is stolen or one of your friends “borrows” it.

When you set up a PIN on your device, some versions of Android will ask you if you want to encrypt the device as well. This is also a good idea, and we’ll come to that process shortly.

In 2019, it might seem a bit old-fashioned to use a PIN (or, even better, an alphanumeric password), but in terms of data privacy, a PIN is still king. That’s because if you are using the other locking methods that Android provides — your fingerprint or face recognition — you are consenting for this biometric information to be stored on your phone, and occasionally transmitted to Google. 

3. Encrypt your device

Encrypting your entire phone is pretty simple, but not many people do this. Encryption, though, is by far the best way to keep your data private, whether your phone is hacked or stolen.

Encrypting your phone can be done from the “security” menu in Android. You need to enter a PIN to do this, and the phone needs to be plugged in. Just don’t forget the PIN, because if you do all of the data on your phone may be lost forever.

4. Keep your software up-to-date

Everyone knows that keeping your software up-to-date is incredibly important, but even the most security-conscious people sometimes skip that annoying notification. If you don’t keep your phone updated, you are opening yourself up to vulnerabilities that can be exploited by hackers to steal your data.

In Android, you can update your software at any time by going to Settings > About Phone > System Update.

5. Be wary of unknown sources

By default, Android locks down the sources of software you can use by only allowing you to download apps from “approved sources” that have been vetted by Android developers. This is actually something that Android has inherited from Linux, which the OS is based on. However, sometimes your phone asks you to enable “unknown sources” for software, and if you’re in a rush you can accidentally turn this on. You should never trust software from these sources: some of it is malware, and some of it is merely riddled with security flaws.

To disable unknown software sources, go to Settings > Security > Unknown Sources, and uncheck the box. It’s probably not enabled anyway, but it doesn’t hurt to check.

6. Check app permissions

Yep. You know already that you should carefully check all of the permissions that an app asks for when you install it, but in a hurry you may not. There is no hard-and-fast rule when it comes to checking these permissions, but there is a good guiding principle: are the permissions an app is asking for appropriate for what it does? Does this silly game you’ve downloaded really need to access your camera, contacts, and microphone? Probably not.

The situation, when it comes to app permissions, has improved in recent years. In response to user concerns over privacy, Android apps now ask for (almost) all of the permissions they need. They will also ask for these selectively, so you can use an app without granting it all the permissions it asks for. An app will ask for Bluetooth permission, for instance, only when you try to use this functionality. 

On the other hand, there are some permissions that are so “basic” that they are not even counted as permissions by Android. The most striking example of this is access to your Internet connection. All apps are granted this permission by default, they will not ask you to confirm this, and you cannot disable it. This means that even your flashlight app can send and receive data.

You should check the permissions that an app asks for when you install it, but you should also audit your apps frequently to make sure that you have not granted them more permissions than they need. Building this kind of audit into your monthly schedule is a great way of staying on top of your cybersecurity, since you can easily spot extra permissions that you may have granted in a rush. To check these permissions, go to Settings > Apps > ⚙ icon > App permissions.

In general, if you think an app is asking for greater permissions than necessary, look for an alternative that takes your privacy more seriously.

7. Review your cloud sync

Plenty of apps request permission to sync data with the cloud, and sometimes you might want them to do this. There are many advantages of cloud storage for messaging apps and those that store important data. But, just like checking the permissions they ask for, you should also limit the number of apps you have syncing to the cloud. 

You can turn off cloud syncing for individual apps by going to Settings > Accounts, and then tapping on the app name. 

8. Hide notifications

An often overlooked way of making Android devices more private is simply to turn off notifications on the lock screen. That way, someone who picks up your phone won’t be able to see your contacts, message previews, reminders, and alerts.

Turning off these notifications is easy. Just go to Settings > Sound & Notifications.

9. Review default apps

Now we’re getting to some more technical measures. Android opens certain types of files with certain apps, and these are controlled by a list held in Settings > Apps > ⚙ icon > Default. Here, you can see which apps Android uses for each type of file. 

The key here is to make sure that Android is using the most secure apps available to open particular files. If you’ve installed ProtonMail, for example, make this your default app for email. The same goes for any other secure app you download because by default Android opens everything with the least privacy-focused apps available (i.e. the apps made by Google, which wants to spy on you).

10. Don’t share your location with apps

Many apps request that you share your location with them. For some apps, this is incredibly useful. In fact, some apps lose all functionality unless you give them your location data. 

On the other hand, plenty of apps that don’t need to know where you are ask for this information. This, in fact, has been one of the major security concerns of the 5G network, and why Huawei is banned from taking part in it. There was a fear that the Chinese tech giant was collecting location data by default for everyone who used their hardware, and that this could be used to identify individuals even when they had taken precautions against this.

To turn off location permissions for your apps, go to Settings > Apps > ⚙ icon > App permissions > Location.

A more general way of limiting access to your location data is to disable Google’s attempts to track your every move. You can do that by going to Settings > Location > Google Location History.

Limiting which apps have location permission is even more important now that Vice reported on Locate X, a service that aggregates and sells location data harvested by users’ apps. An internal Secret Service document confirms that the agency has purchased location data, information that it would normally need a warrant or court order to access, from Locate X. Other federal agencies, like Immigration and Customs Enforcement and the Internal Revenue Service, have engaged in similar practices.

11. Use a non-Google version of Android

If you take your privacy seriously, you could also consider using a version of Android that is not built by Google and won’t send them data.

Though most device manufacturers make their own “flavor” of Android, most of these variant systems are built around the core functionality that Google provides. As a result, almost all “mainstream” versions of Android will share your data with Google. 

There are some versions of Android, however, that do not do this. Installing them is a pretty major and complicated step, though, so you should carefully consider whether you want to wipe the existing OS from your phone. At the moment, the most developed (and stable) alternative Android OS is LineageOS. This is based on CyanogenMod, which limits access to your phone by third parties. Installing an alternative OS requires technical knowledge, though there are plenty of install guides to help you.

12. Don’t use Google for search

You might be wondering why this option is not higher up on this list. It should be easy to change your default search engine within Android, right? Well, yes and no. No surprise, Android doesn’t let you use any other search service from within its default browser. 

In order to use a more secure search engine, you need to download an alternative browser. These let you change the default search engine and avoid Google collecting data on your queries. 

13. Use a VPN

A virtual private network (VPN) encrypts all of the data passing between your phone (or computer, or tablet) and the wider Internet. 

There are plenty of VPN providers out there, but you should be careful about which one you choose. In general, VPN providers often are not transparent about who operates them or how they may or may not use your data. In addition, be wary of VPN providers that are based in the EU or (even worse) the US, because they may be required to share data with foreign intelligence agencies. With our own VPN service, we have gone to great lengths to demonstrate why we offer a VPN worthy of your trust. 

14. Use a secure email provider

Finally, you should use an email provider that doesn’t read your emails. It may sound pretty obvious. But you should remember that everything you do on Gmail is being read by Google. If you are uncomfortable with that, there are plenty of secure (and private) email providers out there. 

One of them is ProtonMail. We use PGP encryption to keep your emails private when they are in transit, and zero-access encryption to secure your data at rest. As a result, no one but you can access your messages, not even us. It’s also quite easy to transfer your data from Gmail using the ProtonMail Import-Export application (now in beta).

Learn more: why ProtonMail is trustworthy

Using Android privately

In closing, it’s also worth pointing out that, although Android is a risk to your privacy if you don’t lock it down correctly, smartphones per se are not evil.

In fact, if used correctly they can be extremely useful in securing other parts of your online life. The clearest example of this is two-factor authentication, in which a time-based code from a smartphone app is required in addition to your password to log in to your account. (Where possible, you should set up this kind of system for all of your online accounts.)

The trick to using a smartphone securely, as with any other device, is to take the time to find out how it actually works. That way, you can disable the data-collection and data-sharing “functions” that you don’t need. 

And just by reading this article, you’ve taken the first step on that road. 

Best Regards,
The ProtonMail Team

UPDATE August 17, 2020: This article was updated to incorporate Vice’s reporting on Locate X and the Secret Service purchasing user location data.

You can get a free secure email account from ProtonMail here.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support.

Plus de 100 millions de nouveaux utilisateurs ont rejoint Telegram en ce mois de janvier, en quête de plus de confidentialité et de liberté. Mais qu'en est-il des messages et des souvenirs laissés sur les apps remplacées ?

À compter d'aujourd'hui, tout le monde peut emmener son historique de discussions avec lui (incluant les vidéos et les documents) dans Telegram depuis des applications telles que WhatsApp, Line et KakaoTalk. Cela fonctionne aussi bien pour les conversations individuelles que pour les groupes :

Pour déplacer une discussion depuis WhatsApp sur iOS, ouvrez la page des Infos de contact ou des Infos de groupe dans WhatsApp, touchez Exporter discussion, puis choisissez Telegram dans le menu de partage.

Sur Android, ouvrez une discussion WhatsApp, touchez ⋮ > Plus > Exporter discussion, puis sélectionnez Telegram dans le menu de partage :

WhatsApp pour iOS vous permet aussi d'exporter vos discussions directement depuis la liste des conversations. Balayez une discussion vers la gauche, puis choisissez '…' > Exporter discussion.

Les messages seront importés dans le jour courant mais incluront également leurs horodatages d'origine. Tous les membres de l'échange dans Telegram verront les messages.

Déplacez des échanges et économisez de l'espace

Le meilleur dans tout cela réside dans le fait que les messages et les médias que vous déplacez ne nécessitent pas d'espace de stockage supplémentaire. Les anciennes apps stockent toutes les données sur votre appareil - contrairement à Telegram qui n'occupe virtuellement aucun espace tout en vous permettant de consulter tous vos messages, photos et vidéos quand vous le souhaitez.

Vous pouvez libérer de l'espace et contrôler la taille de votre cache dans Paramètres > Données et stockage > Utilisation du stockage.

Maîtrisez votre empreinte numérique

Vos données vous appartiennent, c'est pourquoi les utilisateurs de Telegram peuvent non seulement exporter leurs échanges, mais aussi supprimer les messages qu'ils envoient et reçoivent pour tout le monde – sans laisser la moindre trace.

Avec cette mise à jour, vous bénéficiez d'encore plus de contrôle : les échanges secrets, les groupes que vous avez créés et votre historique d'appels peuvent désormais aussi être supprimés pour tout le monde à tout moment.

Les serveurs Telegram ne stockent pas d'information à propos des échanges et journaux d'appels supprimés. Ainsi, les données disparaissent complètement, pour toujours.

Salons vocaux améliorés

Vous pouvez maintenant voir lesquels de vos groupes disposent de salons vocaux actifs, depuis le sommet de la page de votre historique d'appels.

Lors d'un salon vocal, vous pouvez maintenant ajuster le volume individuellement pour chaque participant afin de contrôler les niveaux de leurs microphones. Les ajustements faits par les admins de groupe seront appliqués pour tous les auditeurs.

Lecteur audio amélioré

Pendant la lecture d'un morceau, touchez le nom de l'artiste dans le lecteur pour voir leurs morceaux parmi tous vos échanges. Si vous avez besoin d'avancer ou de répéter quelque chose que vous avez manqué, appuyez et maintenez la pression sur les boutons Suivant et Précédent pour faire une avance rapide et revenir en arrière.

Nous avons aussi ajouté un effet de fondu pour enchanter vos oreilles lors de la pause et la reprise de la musique.

Autocollants de bienvenue

Si vos contacts ont récemment rejoint Telegram, il peut être sympa de leur souhaiter la bienvenue en utilisant une des fonctionnalités uniques de Telegram. Un autocollant de bienvenue sera suggéré dans vos nouveaux échanges, prêt à être envoyé d'un simple toucher.

Nouvelles animations sur Android

Qui dit nouvelle mise à jour dit chic nouvelles animations. Attrapez-les toutes en téléchargeant des fichiers, en jouant de la musique ou en chargeant les échanges après s'être authentifié.

Signaler les faux canaux

Toutes les apps Telegram vous permettent de signaler un spam et d'autres types de contenu illégal, notamment les appels à la violence ou l'abus sur mineurs. Désormais, vous pouvez également signaler de faux canaux ou groupes se faisant passer pour des personnes célèbres ou des organisations. Ouvrez leur page de profil et touchez '…' > Signaler > Faux compte pour nous prévenir que quelque chose de louche se passe par ici. Nos modérateurs y jetteront un oeil.

Améliorations d'accessibilité

De nombreuses améliorations d'accessibilité ont été ajoutées à la fois pour les utilisateurs de TalkBack et de VoiceOver. Pendant que nous continuons à affiner l'interface de nos applications pour tous les utilisateurs, nous suivons avec intérêt vos retours sur notre plateforme de suggestions.

Nous souhaitons chaleureusement la bienvenue à tous ceux qui nous ont rejoints récemment ! La prochaine mise à jour ne devrait pas tarder.

28 janvier 2021
L'équipe Telegram

Les salons vocaux ont fait leur apparition pour la première fois en décembre, apportant une nouvelle dimension de vie aux discussions des groupes Telegram. À compter d'aujourd'hui, ils sont également disponibles dans les canaux, et il n'y a plus aucune limite sur le nombre de participants.

Cette mise à jour apporte également les salons vocaux enregistrables, les listes enrichies de participants, un système de lever de main, des liens d'invitation pour les intervenants et les auditeurs, les titres de salons vocaux, et une manière pour les personnalités publiques de rejoindre des salons vocaux en tant que leurs propres canaux.

Salons vocaux sans limites

Les admins de canaux et de groupes publics peuvent maintenant organiser des discussions vocales pour des millions d'auditeurs en direct. Peu importe le degré de popularité atteint; de nouveaux utilisateurs pourront se joindre à l'écoute de la discussion. C'est un peu comme la radio publique réinventée pour le 21ème siècle.

Pour démarrer un salon vocal, ouvrez le profil de n'importe quel groupe ou canal dans lequel vous êtes admin, puis touchez (⋮) ou (⋯) et sélectionnez Démarrer un salon vocal.

Enregistrement des conversations audio

Alors que certaines conversations sont sensées être temporaires, d'autres doivent être préservées et transmises. Les admins peuvent désormais lancer l'enregistrement audio d'un salon vocal pour garder une trace des conversations et les publier pour les abonnés ayant manqué l'évènement en direct.

Une fois l'enregistrement terminé, le fichier audio devient disponible instantanément dans vos messages enregistrés. Pour éviter les surprises, les salons dans lesquels un enregistrement est en cours sont marqués d'un point rouge à côté de leur titre.

Lever la main

Dans les salons où les participants sont muets, les auditeurs peuvent d'un simple toucher lever la main et signaler aux admins qu'ils souhaitent prendre la parole. Exactement comme dans un talk show, mais avec des animations addictives.

Votre texte de bio est à présent visible dans la liste des participants, que vous pouvez utiliser pour détailler votre expertise, vos intérêts, ou juste dire quelques mots à propos de vous. Cette information peut aider les admins à trouver un bon créneau pour vos questions et commentaires.

Liens pour intervenants et auditeurs

Les administrateurs de groupes publics et de canaux peuvent maintenant créer des liens d'invitation ouvrant directement le salon vocal. Des liens séparés peuvent être créés pour les intervenants et les auditeurs. De cette façon, vous n'aurez pas à enlever la sourdine les invités importants lorsqu'ils rejoignent le salon - et ils peuvent utiliser un lien différent pour promouvoir une discussion à venir à leurs communautés.

Les salons vocaux disposent aussi en option de titres aidant les utilisateurs à connaître le sujet de conversation avant de rejoindre.

Rejoindre en tant que…

En entrant dans un salon vocal de canal, les utilisateurs ont la possibilité de rejoindre en prenant l'identité de leur compte personnel ou de l'un de leurs canaux. Ainsi, les célébrités et personnalités publiques peuvent prendre part à des conférences audio en public sans pour autant afficher leur compte personnel, et éviter un regain d'activité indésirable dans leurs messages privés.

Par exemple, le Président du Brésil et Premier Ministre d'Israël peuvent se rencontrer pour échanger dans le canal de Pavel Durov et répondre aux questions des utilisateurs sans risquer de voir leur liste d'échanges submergée par des admirateurs.

Et bien plus encore

Si vous choisissez par erreur le mauvais échange en transférant des messages, touchez le bouton X avant leur envoi, soit pour annuler le transfert ou sélectionner un autre échange de destination.

Vous pouvez également reprendre la lecture de là où vous l'avez interrompue pour l'écoute des longs messages vocaux. Auparavant, cette fonction était disponible pour de longues vidéos ou de longs morceaux audio, et nous avons pensé que nous avions couvert tous les cas possibles - mais c'était sans compter sur notre grand-mère une fois qu'elle s'est inscrite.

Dernier point mais pas des moindres, les utilisateurs Android peuvent choisir quelle action est assignée au balayage vers la gauche dans la liste d'échanges : archiver, épingler, mettre en sourdine, supprimer des échanges ou les marquer comme lus. (Sur iOS, toutes ces actions de balayage sont toujours disponibles, selon la direction vers laquelle vous balayez l'écran.)

Et c'est tout pour aujourd'hui, restez à l'écoute pour la prochaine mise à jour !

19 mars 2021
L'équipe Telegram