Normally we talk about the gap between rich and the poor in developing nations and within the United Kingdom at times - being a cyber security website as you can guess this article is not about class or education. I have been in info, information, data, IT, internet, network, computer, cyber security or whatever it was called at the time for fourteen years. Weirdly the private sector organisation I started off working at all those years ago as my first real job was better managed and secured than some you see today!
It had COPE (corporate owned personally enabled), web filtering, IDS (intrusion prevention detection), DLP (data loss prevention), email filtering, full disc encryption, privileged account management, security change approval board and more. This was before the words “cyber security” was even used and today I see large firms less secure than this private sector organisation. From finishing in 2006 I have worked at or consulted to many small-medium firms, very large firms and central government departments, and have seen so many hilarious things. Apart from me no one else was nosey enough to look around or ask hard questions. I would find flaws which had existed for years.
Firstly, I am a security and privacy freak with my personal security likely being better than what you would find at the British MoD. I try to avoid mass market services especially those owned by the big players and that includes WhatsApp. Occasionally I use it abroad while using a country SIM since it saves on high bills since it uses the internet not GSM which has high call charges while abroad. As soon as I am on the flight back, I uninstall it, remove its historically entry from the app store and remove left over files.
WhatsApp was once independent and then Facebook bought it up. Facebook, WhatsApp and other mass market services are typically free, and are funded by advertising or worse them selling on your data. WhatsApp has no advertising in it, so you have to wonder how they make money out of it. Their security spiel claims it offer end to end encryption by default and they cannot read your messages. It states the encryption is handled by the devices and they do not store messages once pushed to the end device. There is a short sentence about law enforcement access so obviously there is a way around it.
