Facebook shows a preview of the shared files via Messenger e Instagram, a function that can compromise the privacy of users according to a recent investigation, but the company ensures that it does not save the data and that with it it helps to protect users against the malware.
Files that are shared via Messenger or direct messages from Instagram generate a preview that, according to the developers Tommy Mysk Y Talal Haj Bakry, may pose privacy and security risks for users.
The research they have published focuses on previews that are generated when sending files through the most popular messaging applications.
The problem with previews on Messenger and Instagram
It is a function that they classify according to the level of risk, from none, in the case of links that do not generate such a preview, even the one they consider least secure, when the application opens the preview.
As they explain, the preview generated by the application means that said app connects to the server that leads to the link to send a request about its content. “So that the server knows where to return the data, the application includes the IP address of the phone in the request”, which can end up giving information about the user’s location to a cyber attacker.
However, the problem of Messenger e Instagram It is in an intermediate stage, according to the investigation. In this case, the application sends the link to an external server, which it subsequently requests to generate a preview. It is the server that sends the preview to both the sender and receiver.
This other approach, in principle, prevents access to the IP address, but poses a problem in the case of private chats, since the server would have to make a copy, even partial, something that in principle is not possible with protections like end-to-end encryption.
Thus, the researchers indicate that “applications that depend on servers to generate link previews they may be violating the privacy of their users by sending shared links in a private chat to their servers. “And they identify this approach in applications such as Hangouts, Zoom, Messenger The Instagram.
The research shows that Messenger “Download entire files whether it’s an image or video, even gigabyte-sized files.” For its part, Instagram download “how Messenger, but not limited to any type of file. Servers will download anything regardless of size. “
Facebook Responds
In response to this investigation, a spokesperson for Facebook has assured Europa Press that “described behavior is how previews of a link are displayed in Messenger or how people can share a link in Instagram, and we do not store that data. “And he notes that this approach” allows them to protect people from sharing malware“.
Facebook explained to the researchers how their applications generate previews, although they emphasize that the research includes the way a link is shared and not a security problem, since the way they present it does not take into account the measures taken to protect users.
It is also an approach that takes into account the legislation of the market where the applications operate. In this sense, the preview in Messenger e Instagram, to comply with the General Protection Regulation of the European Union, has deactivated the option in the countries that benefit from it, according to Mashable.
Europa Press
We recommend METADATA, the RPP technology podcast. News, analysis, reviews, recommendations and everything you need to know about the technological world. To hear it better, #StayEnCasa.
– .
