98% of the more than 3,000 Massachusetts Institute of Technology (MIT) students surveyed by the National Bureau of Economic Research (NBER) in June 2017 were willing to exchange free pizza for the email addresses of their peers.

“People claim to care about privacy, but they are quite willing to relinquish private information when incentivized to do so,” according to the research, which highlights a phenomenon known as the “privacy paradox.”

At this moment, almost seven years later, Telegram has implemented a novel functionality whereby certain users can obtain a complimentary premium membership by granting the messaging application permission to utilize their phone numbers as a relay for transmitting one-time passwords (OTPs) to other users endeavoring to access the platform.

Peer-to-Peer Login (P2PL) is a feature that is presently undergoing testing for Android users of Telegram in select countries. In February 2024, tginfo first detected it (via @AssembleDebug).

Telegram’s Terms of Service limit the use of the phone number to a maximum of 150 OTP SMS messages per month. This restriction applies to both domestic and international SMS and incurs charges from the user’s mobile carrier or service provider.

On AMD CPUs, a novel ZenHammer attack circumvents Rowhammer resistance.

Nevertheless, the widely used messaging app states that it “cannot prevent the OTP recipient from seeing your phone number upon receiving your SMS,” in addition to saying it “will not be liable for any inconvenience, harassment, or harm resulting from unwanted, unauthorized, or illegal actions undertaken by users who became aware of your phone number through P2PL.”

Worse yet, the honor system-based mechanism does not strictly forbid users from initiating communication with unknown individuals to whom the OTP authentication SMS was sent, or vice versa; this could potentially result in a surge of unsolicited phone calls and text messages.

Telegram asserts its right to unilaterally terminate an account from the P2PL program if participants reveal confidential information about recipients. It also cautions users against contacting or replying to OTP recipients, even if they have sent them a message.

Telegram has surpassed 900 million monthly active users as of March 2024. In June 2022, the platform introduced the Premium subscription program, which granted users access to enhanced functionalities such as 4 GB file uploads, accelerated downloads, and exclusive reactions and decals.

Due to the fact that online services continue to authenticate users via phone numbers, it is prudent to be mindful of the privacy and security risks associated with participating in the experiment.

Meta is the target of legal action regarding Snapchat traffic interference.

The revelation coincides with the disclosure of recently unsealed court documents in the United States, which purport to establish Meta’s Ghostbusters covert initiative to decrypt and intercept the network traffic of Snapchat, YouTube, and Amazon users in order to gain insights into user behavior and gain a competitive edge over its rivals.

Facebook achieved this by utilizing customized applications derived from Onavo, a virtual private network (VPN) service it acquired in 2013 and discontinued in 2019 due to criticism for using its products to surveil users’ web activity in comparison to its competitors and covertly paying teenagers to record their internet browsing patterns.

The data-interception scheme, under which Facebook essentially paid individuals aged 13 to 35 $20 per month plus referral fees in exchange for installing a market research app and granting the company elevated access to inspect network traffic and analyze their internet usage, has been dubbed a “man-in-the-middle” strategy.

The strategy called for the development of “fake digital certificates to impersonate trusted Snapchat, YouTube, and Amazon analytics servers to redirect and decrypt secure traffic from those apps for Facebook’s strategic analysis.”

The NHS health board confirms a ransomware intrusion.

Facebook disseminated the applications through beta testing services such as uTest, Applause, and BetaBound to conceal its involvement. The application, subsequently referred to as the In-App Action Panel (IAAP), was operational between 2016 and 2018.

Meta responded by stating that there is no criminal activity or fraudulent activity and that “Snapchat’s own witness on advertising confirmed that Snap cannot ‘identify a single ad sale that [it] lost from Meta’s use of user research products,’ does not know whether other competitors collected similar information, and does not know whether any of Meta’s research provided Meta with a competitive advantage.”

source