Awesome-Mirrors/personal-security-checklist
1
0
Fork 0
mirror of https://github.com/Lissy93/personal-security-checklist.git synced 2024-06-26 06:32:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update WhatsApp backup advice (#132)

Browse Source
This commit is contained in:
Alicia Sykes 2022-04-10 22:33:20 +01:00
parent 533c7dba86
commit b2abde93da
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -170,7 +170,7 @@ The big companies providing "free" email service, don't have a good reputation f
**Use a "Trustworthy" Messaging Platform** | Recommended | When selecting an encrypted messaging app, ensure it's fully open source. It should be stable and actively maintained. Ideally it should be backed by reputable developers or at least be fully clear where funding originates from and/ or what their revenue model is. It should have undergone an independent code audit, with results publicly published
**Check Security Settings** | Recommended | Enable security settings, including contact verification, security notifications and encryption. Disable optional non-security features such as read receipt, last online and typing notification. If the app supports cloud sync either for backup or for access through a desktop or web app companion, this increases the attack surface and so should be disabled
**Ensure your Recipients Environment is Secure** | Recommended | Your conversation can only be as secure as the weakest link. Often the easiest way to infiltrate a communications channel, is to target the individual or node with the least protection. They may not even be aware that their environment has been compromised, leading to sensitive information being captured by an adversary. The best solution to this is to educate and inform the participants in your conversation, about good security practices. Focus on secure authentication, device encryption, network security and malware prevention
**Disable Cloud Services** | Recommended | Some mobile messaging apps offer a web or desktop companion. This not only increases attack surface, but it has been linked to several [critical security issues](https://www.perimeterx.com/tech-blog/2020/whatsapp-fs-read-vuln-disclosure/), and should therefore be avoided, if possible. Some messaging apps also offer a cloud backup feature. Again there a serious security issues with many of these implementations, for example WhatsApp [backups are not encrypted](https://www.ghacks.net/2018/09/04/whatsapp-backups-android/), and so with this feature available, you chat history may be breached. Again, this should be [disabled](https://www.techuntold.com/stop-whatsapp-backup-iphone-android/).
**Disable Cloud Services** | Recommended | Some mobile messaging apps offer a web or desktop companion. This not only increases attack surface, but it has been linked to several [critical security issues](https://www.perimeterx.com/tech-blog/2020/whatsapp-fs-read-vuln-disclosure/), and should therefore be avoided, if possible. Some messaging apps also offer a cloud backup feature. Again there a serious security issues with many of these implementations, for example WhatsApp backups ~~[are not encrypted](https://www.ghacks.net/2018/09/04/whatsapp-backups-android/)~~ not encrypted by default and when enabled [the key still remains in control of WhatsApp](https://github.com/Lissy93/personal-security-checklist/issues/132#issuecomment-1094356009), and so with this feature available, you chat history may be breached. Again, where possible this should be [disabled](https://www.techuntold.com/stop-whatsapp-backup-iphone-android/).
**Secure Group Chats** | Recommended | That the risk of compromise will rise exponentially, the more participants are in a group, as the attack surface increases. There is also a higher chance that an adversary lurking among the members can go unnoticed. Periodically check that all participants are legitimate, and ensure only trusted members have admin privileges. It may sometimes be worth only sharing sensitive information within smaller groups. Note that with some messengers, not all group chats are encrypted (especially if one recipient is on an [older](https://graziadaily.co.uk/life/real-life/whatsapp-group-chats-actually-encrypted-theres-way-find/) version)
**Create a Safe Environment for Communication** | Recommended | There are several stages where your digital communications could be monitored or intercepted. This includes: Your or your participants device, your ISP, national gateway or government logging, the messaging provider, the servers. You can help protect from these risks by: paying attention to your surroundings, keeping your devices up-to-date, avoiding malware, watching out for phishing attacks, relying on trustworthy services, creating strong passwords and second-factor authentication, using encryption and helping those with whom you communicate do the same. If you are concerned about your communications being intercepted, consider using a reputable VPN provider, or routing traffic through Tor
**Agree on a Communication Plan** | Optional | In certain situations (such as attending a protest, communicating with a source or traveling to a risky location), it may be worth making a communication plan. This should include primary and backup methods of securely getting in hold with each other, (in order to avoid falling back on insecure technologies). You may wish to include procedures to implement in potential situations, e.g. to signal for help or assistance