The Defense Advanced Research Projects Agency, or DARPA, has signed an agreement with Intel to add it to its Data Protection in Virtual Environments project, which aims to create a practically useful form of fully homomorphic encryption. From a report: Fully homomorphic encryption has been described as the "holy grail" of encryption because it allows encrypted data to be used without ever having to decrypt it. Fully homomorphic encryption isn't fantasy -- it already exists and is usable, but it is incredibly impractical. "FHE adoption in the industry has been slow because processing data using fully homomorphic encryption methods on cryptograms is data intensive and incurs a huge 'performance tax' even for simple operations," Intel said in a press release.

The potential benefits of fully homomorphic encryption make creating a practical way to use it a cybersecurity imperative. Intel succinctly describes the biggest problem in data security as being caused by "encryption techniques [that] require that data be decrypted for processing. It is during this decrypted state that data can become more vulnerable for misuse." The goal of the Data Protection in Virtual Environments program is to develop an accelerator for fully homomorphic encryption that will make it more practical and scalable, which is where Intel comes in. The chip manufacturer's role in the project will be academic research and the development of an application-specific integrated circuit that will accelerate fully homomorphic encryption processing. Intel said that, when fully realized, its accelerator chip could reduce processing times by five orders of magnitude over existing CPU-driven fully homomorphic encryption systems.

"WhatsApp, the Facebook-owned messaging platform used by 2 billion people largely in the global south, has become a particularly troublesome vector for misinformation," writes Quartz — though it's not clear what the answer is: The core of the problem is its use of end-to-end encryption, a security measure that garbles users' messages while they travel from one phone to another so that no one other than the sender and the recipient can read them. Encryption is a crucial privacy protection, but it also prevents WhatsApp from going as far as many of its peers to moderate misinformation. The app has taken some steps to limit the spread of viral messages, but some researchers and fact-checkers argue it should do more, while privacy purists worry the solutions will compromise users' private conversations...

In April 2020, WhatsApp began slowing the spread of "highly forwarded messages," the smartphone equivalent of 1990s chain emails. If a message has already been forwarded five times, you can only forward it to one person or group at a time. WhatsApp claims that simple design tweak cut the spread of viral messages by 70%, and fact-checkers have cautiously cheered the change. But considering that all messages are encrypted, it's impossible to know how much of an impact the cut had on misinformation, as opposed to more benign content like activist organizing or memes. Researchers who joined and monitored several hundred WhatsApp groups in Brazil, India, and Indonesia found that limiting message forwarding slows down viral misinformation, but doesn't necessarily limit how far the messages eventually spread....

This isn't just a semantic argument, says EFF strategy director Danny O'Brien. Even the smallest erosion of encryption protections gives Facebook a toehold to begin scanning messages in a way that could later be abused, and protecting the sanctity of encryption is worth giving up a potential tool for curbing misinformation. "This is a consequence of a secure internet," O'Brien says. "Dealing with the consequences of that is going to be a much more positive step than dealing with the consequences of an internet where no one is secure and no one is private...."

No matter what WhatsApp does, it will have to contend with dueling constituencies: the privacy hawks who see the app's encryption as its most important feature, and the fact-checkers who are desperate for more tools to curb the spread of misinformation on a platform that counts a quarter of the globe among its users.

Whatever Facebook decides will have widespread consequences in a world witnessing the simultaneous rise of fatal lies and techno-authoritarianism.

tsu doh nimh shares a report: Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums' user databases, including email and Internet addresses and hashed passwords. Members of all three forums are worried the incidents could serve as a virtual Rosetta Stone for connecting the real-life identities of the same users across multiple crime forums. On Tuesday, someone dumped thousands of usernames, email addresses and obfuscated passwords on the dark web apparently pilfered from Mazafaka (a.k.a. "Maza," "MFclub"), an exclusive crime forum that has for more than a decade played host to some of the most experienced and infamous Russian cyberthieves.

At the top of a 35-page PDF leaked online is a private encryption key allegedly used by Maza administrators. The database also includes ICQ numbers for many users. ICQ, also known as "I seek you," was an instant message platform trusted by countless early denizens of these older crime forums before its use fell out of fashion in favor of more private networks, such as Jabber and Telegram. This is notable because ICQ numbers tied to specific accounts often are a reliable data point that security researchers can use to connect multiple accounts to the same user across many forums and different nicknames over time. Cyber intelligence firm Intel 471 assesses that the leaked Maza database is legitimate.

M.I.T. researchers have devised a virtual-reality technique that lets them read old letters that were mailed not in envelopes but in the writing paper itself after being folded into elaborate enclosures. From a report: In 1587, hours before her beheading, Mary, Queen of Scots, sent a letter to her brother-in-law Henry III, King of France. But she didn't just sign it and send it off. She folded the paper repeatedly, cut out a piece of the page and left it dangling. She used that strand of paper to sew the letter tight with locking stitches. In an era before sealed envelopes, this technique, now called letterlocking, was as important for deterring snoops as encryption is to your email inbox today. Although this art form faded in the 1830s with the advent of mass-produced envelopes, it has recently attracted renewed attention from scholars. But they have faced a problem: How do you look at the contents of such locked letters without permanently damaging priceless bits of history?

On Tuesday, a team of 11 scientists and scholars at the Massachusetts Institute of Technology and other institutions disclosed their development of a virtual-reality technique that lets them perform this delicate task without tearing up the contents of historical archives. In the journal Nature Communications, the team tells of virtually opening four undelivered letters written from 1680 and 1706. The dispatches had ended up in a wooden postal trunk in The Hague. Known as the Brienne Collection, the box contains 3,148 items, including 577 letters that were never unlocked. The new technique could open a window into the long history of communications security. And by unlocking private intimacies, it could aid researchers studying stories concealed in fragile pages found in archives all over the world.

ZDNet reports: Scientists from quantum computing company D-Wave have demonstrated that, using a method called quantum annealing, they could simulate some materials up to three million times faster than it would take with corresponding classical methods.

Together with researchers from Google, the scientists set out to measure the speed of simulation in one of D-Wave's quantum annealing processors, and found that performance increased with both simulation size and problem difficulty, to reach a million-fold speedup over what could be achieved with a classical CPU... The calculation that D-Wave and Google's teams tackled is a real-world problem; in fact, it has already been resolved by the 2016 winners of the Nobel Prize in Physics, Vadim Berezinskii, J. Michael Kosterlitz and David Thouless, who studied the behavior of so-called "exotic magnetism", which occurs in quantum magnetic systems....

Instead of proving quantum supremacy, which happens when a quantum computer runs a calculation that is impossible to resolve with classical means, D-Wave's latest research demonstrates that the company's quantum annealing processors can lead to a computational performance advantage... "What we see is a huge benefit in absolute terms," said Andrew King, director of performance research at D-Wave. "This simulation is a real problem that scientists have already attacked using the algorithms we compared against, marking a significant milestone and an important foundation for future development. This wouldn't have been possible today without D-Wave's lower noise processor."

Equally as significant as the performance milestone, said D-Wave's team, is the fact that the quantum annealing processors were used to run a practical application, instead of a proof-of-concept or an engineered, synthetic problem with little real-world relevance. Until now, quantum methods have mostly been leveraged to prove that the technology has the potential to solve practical problems, and is yet to make tangible marks in the real world.
Looking ahead to the future, long-time Slashdot reader schwit1 asks, "Is this is bad news for encryption that depends on brute-force calculations being prohibitively difficult?"

"The developers of audio chat room app Clubhouse plan to add additional encryption to prevent it from transmitting pings to servers in China," reports The Verge, "after Stanford researchers said they found vulnerabilities in its infrastructure." In a new report, the Stanford Internet Observatory (SIO) said it confirmed that Shanghai-based company Agora Inc., which makes real-time engagement software, "supplies back-end infrastructure to the Clubhouse App." The SIO further discovered that users' unique Clubhouse ID numbers — not usernames — and chatroom IDs are transmitted in plaintext, which would likely give Agora access to raw Clubhouse audio. So anyone observing internet traffic could match the IDs on shared chatrooms to see who's talking to each other, the SIO tweeted, noting "For mainland Chinese users, this is troubling."

The SIO researchers said they found metadata from a Clubhouse room "being relayed to servers we believe to be hosted in" the People's Republic of China, and found that audio was being sent to "to servers managed by Chinese entities and distributed around the world." Since Agora is a Chinese company, it would be legally required to assist the Chinese government locate and store audio messages if authorities there said the messages posed a national security threat, the researchers surmised...

The company told SIO that it was going to roll out changes "to add additional encryption and blocks to prevent Clubhouse clients from ever transmitting pings to Chinese servers" and said it would hire an external security firm to review and validate the updates.

"A Swiss technology company says it has made a breakthrough by using quantum computers to uncover vulnerabilities in commonly used encryption," reports Bloomberg: Terra Quantum AG said its discovery "upends the current understanding of what constitutes unbreakable" encryption... Terra Quantum AG has a team of about 80 quantum physicists, cryptographers and mathematicians, who are based in Switzerland, Russia, Finland and the U.S. "What currently is viewed as being post-quantum secure is not post-quantum secure," said Markus Pflitsch, chief executive officer and founder of Terra Quantum, in an interview. "We can show and have proven that it isn't secure and is hackable..."

The company said that its research found vulnerabilities that affect symmetric encryption ciphers, including the Advanced Encryption Standard, or AES, which is widely used to secure data transmitted over the internet and to encrypt files. Using a method known as quantum annealing, the company said its research found that even the strongest versions of AES encryption may be decipherable by quantum computers that could be available in a few years from now. Vinokur said in an interview that Terra Quantum's team made the discovery after figuring out how to invert what's called a "hash function," a mathematical algorithm that converts a message or portion of data into a numerical value. The research will show that "what was once believed unbreakable doesn't exist anymore," Vinokur said, adding that the finding "means a thousand other ways can be found soon."

The company, which is backed by the Zurich-based venture capital firm Lakestar LP, has developed a new encryption protocol that it says can't be broken by quantum computers. Vinokur said the new protocol utilizes a method known as quantum key distribution. Terra Quantum is currently pursuing a patent for the new protocol. But the company will make it available for free, according to Pflitsch. "We will open up access to our protocol to make sure we have a safe and secure environment," said Pflitsch. "We feel obliged to share it with the world and the quantum community."

Early Friday the principal author of GNU Privacy Guard (the free encryption software) warned that version 1.9.0 of its cryptographic library Libgcrypt, released January 19, had a "severe" security vulnerability and should not be used.

A new version 1.9.1, which fixes the flaw, is available for download, Help Net Security reports: He also noted that Fedora 34 (scheduled to be released in April 2021) and Gentoo Linux are already using the vulnerable version... [I]t's a heap buffer overflow due to an incorrect assumption in the block buffer management code. Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature is validated before the vulnerability occurs.

It was discovered and flagged by Google Project Zero researcher Tavis Ormandy and affects only Libgcrypt v1.9.0.
"Exploiting this bug is simple and thus immediate action for 1.9.0 users is required..." Koch posted on the GnuPG mailing list. "The 1.9.0 tarballs on our FTP server have been renamed so that scripts won't be able to get this version anymore."

As the U.S. investigation into the SolarWinds hacking campaign grinds on, lawmakers are demanding answers from the National Security Agency about another troubling supply chain breach that was disclosed five years ago. From a report: A group of lawmakers led by Sen. Ron Wyden, D-Ore., are asking the NSA what steps it took to secure defense networks following a years-old breach of software made by Juniper Networks, a major provider of firewall devices for the federal government. Juniper revealed its incident in December 2015, saying that hackers had slipped unauthorized code into the firm's software that could allow access to firewalls and the ability to decrypt virtual private network connections. Despite repeated inquiries from Capitol Hill -- and concern in the Pentagon about the potential exposure of its contractors to the hack -- there has been no public U.S. government assessment of who carried out the hack, and what data was accessed.

Lawmakers are now hoping that, by cracking open the Juniper cold case, the government can learn from that incident before another big breach of a government vendor provides attackers with a foothold into U.S. networks. Members of Congress also are examining any role that the NSA may have unwittingly played in the Juniper incident by allegedly advocating for a weak encryption algorithm that Juniper and other firms used in its software. Lawmakers want to know if, more than a decade ago, the NSA pushed for a data protection scheme it could crack, only for another state-sponsored group to exploit that security weakness to gather data about the U.S. "Congress has a responsibility to determine the root cause of this supply chain compromise and the NSA's role in the design and promotion of the flawed encryption algorithm that played such a central role," Wyden and other lawmakers wrote to Gen. Paul Nakasone, head of the NSA and U.S. Cyber Command, in a letter made public Friday.

Four European apps which secure user data via end-to-end encryption, ProtonMail, Threema, Tresorit and Tutanota, have issued a joint-statement warning over recent moves by EU institutions that they say are setting lawmakers on a dangerous path to backdooring encryption. From a report: Last month the EU Council passed a resolution on encryption that's riven with contradiction -- calling for "security through encryption and security despite encryption" -- which the four e2e app makers believe is a thinly veiled call to backdoor encryption. The European Commission has also talked about seeking "improved access" to encrypted information, writing in a wide-ranging counter-terrorism agenda also published in December that it will "work with Member States to identify possible legal, operational, and technical solutions for lawful access." Simultaneously, the Commission has said it will "promote an approach which both maintains the effectiveness of encryption in protecting privacy and security of communications, while providing an effective response to crime and terrorism." And it has made it clear there will be no 'one silver bullet' as regards the e2e encryption security 'challenge.' But such caveats are doing nothing to alleviate the concerns of e2e encrypted app makers -- who are convinced proposals from the Council of the EU, which is involved in adopting the bloc's laws (though the Commission usually drafts legislation), sums to an push toward backdoors.

"While it's not explicitly stated in the resolution, it's widely understood that the proposal seeks to allow law enforcement access to encrypted platforms via backdoors," the four app makers write, going on to warn that such a move would fatally underline the security EU institutions also claim to want to maintain. "The resolution makes a fundamental misunderstanding: Encryption is an absolute, data is either encrypted or it isn't, users have privacy or they don't," they go on. "The desire to give law enforcement more tools to fight crime is obviously understandable. But the proposals are the digital equivalent of giving law enforcement a key to every citizen's home and might begin a slippery slope towards greater violations of personal privacy."

Long-time Slashdot reader SonicSpike shares a recent Wired.com article that purports to reveal "how law enforcement gets around your smartphone's encryption." Lawmakers and law enforcement agencies around the world, including in the United States, have increasingly called for backdoors in the encryption schemes that protect your data, arguing that national security is at stake. But new research indicates governments already have methods and tools that, for better or worse, let them access locked smartphones thanks to weaknesses in the security schemes of Android and iOS.

Cryptographers at Johns Hopkins University used publicly available documentation from Apple and Google as well as their own analysis to assess the robustness of Android and iOS encryption. They also studied more than a decade's worth of reports about which of these mobile security features law enforcement and criminals have previously bypassed, or can currently, using special hacking tools...

once you unlock your device the first time after reboot, lots of encryption keys start getting stored in quick access memory, even while the phone is locked. At this point an attacker could find and exploit certain types of security vulnerabilities in iOS to grab encryption keys that are accessible in memory and decrypt big chunks of data from the phone. Based on available reports about smartphone access tools, like those from the Israeli law enforcement contractor Cellebrite and US-based forensic access firm Grayshift, the researchers realized that this is how almost all smartphone access tools likely work right now. It's true that you need a specific type of operating system vulnerability to grab the keys — and both Apple and Google patch as many of those flaws as possible — but if you can find it, the keys are available, too...

Forensic tools exploiting the right vulnerability can grab even more decryption keys, and ultimately access even more data, on an Android phone.
The article notes the researchers shared their findings with the Android and iOS teams — who both pointed out the attacks require physical access to the target device (and that they're always patching vulnerabilities).

The US National Security Agency has issued a security advisory this month urging system administrators in federal agencies and beyond to stop using old and obsolete TLS protocols. From a report: "NSA recommends that only TLS 1.2 or TLS 1.3 be used; and that SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1 not be used," the agency said. "Using obsolete encryption provides a false sense of security because it seems as though sensitive data is protected, even though it really is not," the agency added. Even if TLS 1.2 and TLS 1.3 are deployed, the NSA warns against configuring these two protocols with weak cryptographic parameters and cipher suites.

The Intercept's Nikita Mazurov warns that Zoom has digital watermarks that could expose sources working with journalists or government officials. An anonymous reader shares an excerpt from the report: Many users may not realize it, but Zoom has the capability to insert both video and audio watermarks into a meeting. The video watermarks are readily perceptible to meeting participants. When enabled, the video watermarking feature superimposes the username portion of each participant's email address over the content they are viewing when another participant shares their screen and places the same watermark over the current active speaker. Because the video watermark appears across the entirety of the video frame, blurring may adversely impact the visibility of the underlying material. In contrast, the audio watermarks are not readily perceptible to casual listeners, though they are what in watermarking parlance is known as "overt." That means the fact that they are embedded is easily discerned by meeting participants: When a Zoom meeting has the audio watermark, or what Zoom also calls the "audio signature," feature enabled, the meeting will have a green circular icon with a sound wave and a padlock at the top left of the frame next to the encryption icon.

It is not immediately apparent at what point Zoom injects its "ultrasonic" audio watermark into the audio stream -- whether this happens only if a meeting attendee presses the Record button in Zoom or if the audio stream is watermarked prior to that point. Nonetheless, when recording a Zoom meeting, it is best to avoid using Zoom's built-in recording option and to capture the meeting using a third-party audio/video recorder. Zoom mentions that in order to identify the participant who recorded the meeting, they need at least two minutes of audio from the meeting, though it stands to reason that shorter snippets may also be identifiable if they happen to contain the audio watermark. Journalists should also be wary of publishing raw audio leaked from Zoom meetings, particularly if the source is not sure whether audio watermarking was enabled or not.

Aside from Zoom's own watermarks, a number of elements appearing on an individual's own device may inadvertently give away the identity of the person who is recording. If the meeting video is being recorded either via screen recording software or a camera, there are a number of elements to watch out for...

Brian Acton is crossing paths again with Facebook. From a report: Over more than a decade of building and operating WhatsApp, the company's co-founder first competed against and then sold his instant messaging app to the social juggernaut. Only a few years ago he parted ways with the company that made him a billionaire in a bitter split over messaging and privacy. Now Acton says the ongoing outrage over what Facebook has done to the messaging service he helped build is driving people to his latest project -- Signal. Acton, who serves as the executive chairman of the privacy-conscious messaging app's holding company, told TechCrunch in an interview that the user base of Signal has "exploded" in recent weeks. "The smallest of events helped trigger the largest of outcomes," said Acton on a video call. "We're also excited that we are having conversations about online privacy and digital safety and people are turning to Signal as the answer to those questions." "It's a great opportunity for Signal to shine and to give people a choice and alternative. It was a slow burn for three years and then a huge explosion. Now the rocket is going," he said. The event Acton is referring to is the recent change in data-sharing policy disclosed by WhatsApp, an app that serves more than 2 billion users worldwide. Poll: Which Messaging App Do You Prefer To Use?

An anonymous reader quotes a report from The Verge: WhatsApp has published a new FAQ page to its website outlining its stances on user privacy in response to widespread backlash over an upcoming privacy policy update. The core issue relates to WhatsApp's data-sharing procedures with Facebook, with many users concerned an updated privacy policy going into effect on February 8th will mandate sharing of sensitive profile information with WhatsApp's parent company. That isn't true -- the update has nothing to do with consumer chats or profile data, and instead the change is designed to outline how businesses who use WhatsApp for customer service may store logs of its chats on Facebook servers. That's something the company feels it is required to disclose in its privacy policy, which it's now doing after previewing the upcoming changes to business chats back in October.

But a wave of misinformation on social media, not helped by Facebook's abysmal track record on privacy and its reputation for obfuscating changes to its various terms of service agreements, has resulted in a full-blown WhatsApp backlash that has users fleeing to competitors like Signal and Telegram. [...] WhatsApp executives, as well as Instagram chief Adam Mosseri and Facebook AR / VR head Andrew "Boz" Bosworth, are now trying to set the record straight, perhaps to little avail at this point.

"We want to be clear that the policy update does not affect the privacy of your messages with friends or family in any way. Instead, this update includes changes related to messaging a business on WhatsApp, which is optional, and provides further transparency about how we collect and use data," the company writes on the new FAQ page. It also stresses in the FAQ that neither Facebook nor WhatsApp read users' message logs or listen to their calls, and that WhatsApp doesn't store user location data or share contact information with Facebook. (It's also worth noting that data sharing with Facebook is extremely limited for European users due to stronger user privacy protections in the EU.) WhatsApp chief Will Cathcart also took to Twitter a few days ago to post a thread (later shared by Bosworth in the tweet above) trying to cut through the confusion and explain what's actually going on. "With end-to-end encryption, we cannot see your private chats or calls and neither can Facebook. We're committed to this technology and committed to defending it globally," Cathcart wrote. "It's important for us to be clear this update describes business communication and does not change WhatsApp's data sharing practices with Facebook. It does not impact how people communicate privately with friends or family wherever they are in the world."

According to founder and CEO Pavel Durov, Telegram gained 25 million new users in the last 72 hours as it smashed past the 500 million active monthly user mark. Android Police reports: For comparison, the app averaged around 1.5 million new users per day in 2020, which was impressive enough already. Durvov says that this is down to his company's simple privacy and security promise, above all else.

The bulk of the new users are coming from Asia (38%), Europe (27%), and Latin America (21%), with around 8% signing up from the MENA region (Middle East and North Africa). Although not explicitly noted in Durov's post, there is likely a good number of Parler orphans joining Telegram -- although there are differences between the functions of the two apps, there's talk that former Parler users are heading to encrypted messaging apps in search of a more private platform. Signal has seen a similar rise in popularity for the same reason.

"With the runaway success of the new ARM-based M1 Macs, non-x86 architectures are getting their closeup," explains a new article at ZDNet.

"RISC-V is getting the most attention from system designers looking to horn-in on Apple's recipe for high performance. Here's why..." RISC-V is, like x86 and ARM, an instruction set architecture (ISA). Unlike x86 and ARM, it is a free and open standard that anyone can use without getting locked into someone else's processor designs or paying costly license fees...

Reaching the end of Moore's Law, we can't just cram more transistors on a chip. Instead, as Apple's A and M series processors show, adding specialized co-processors — for codecs, encryption, AI — to fast general-purpose RISC CPUs can offer stunning application performance and power efficiency. But a proprietary ISA, like ARM, is expensive. Worse, they typically only allow you to use that ISA's hardware designs, unless, of course, you're one of the large companies — like Apple — that can afford a top-tier license and a design team to exploit it. A canned design means architects can't specify tweaks that cut costs and improve performance. An open and free ISA, like RISC-V, eliminates a lot of this cost, giving small companies the ability to optimize their hardware for their applications. As we move intelligence into ever more cost-sensitive applications, using processors that cost a dollar or less, the need for application and cost-optimized processors is greater than ever...

While open operating systems, like Linux, get a lot of attention, ISAs are an even longer-lived foundational technology. The x86 ISA dates back 50 years and today exists as a layer that gets translated to a simpler — and faster — underlying hardware architecture. (I suspect this fact is key to the success of the macOS Rosetta 2 translation from x86 code to Apple's M1 code.)

Of course, an open ISA is only part of the solution. Free standard hardware designs — with tools to design more — and smart compilers to generate optimized code are vital. That larger project is what Berkeley's Adept Lab is working on. As computing continues to permeate civilization, the cost of sub-optimal infrastructure will continue to rise.

Optimizing for efficiency, long-life, and broad application is vital for humanity's progress in a cyber-enabled world.
One RISC-V feature highlighted by the article: 128-bit addressing (in addition to 32 and 64 bit).

A duo of French security researchers has discovered a vulnerability impacting chips used inside Google Titan and YubiKey hardware security keys. From a report: The vulnerability allows threat actors to recover the primary encryption key used by the hardware security key to generate cryptographic tokens for two-factor authentication (2FA) operations. Once obtained, the two security researchers say the encryption key, an ECDSA private key, would allow threat actors to clone Titan, YubiKey, and other keys to bypass 2FA procedures. However, while the attack sounds disastrous for Google and Yubico security key owners, its severity is not what it seems. In a 60-page PDF report, Victor Lomne and Thomas Roche, researchers with Montpellier-based NinjaLab, explain the intricacies of the attack, also tracked as CVE-2021-3011. For starters, the attack won't work remotely against a device, over the internet, or over a local network. To exploit any Google Titan or Yubico security key, an attacker would first need to get their hands on a security key in the first place.

Signal, an encrypted messaging app that competes with other services including Facebook's WhatsApp, said Thursday that verification codes used to create new accounts were delayed because of a flood of new users. From a report: "We are working with carriers to resolve this as quickly as possible," the non-profit foundation said in a tweet. "Hang in there." The surge came just hours after Elon Musk endorsed the service and amid reported changes to WhatsApp's terms of service.

References to decades-old computer software are included in the new Brexit agreement, including a description of Netscape Communicator and Mozilla Mail as being "modern" services. From a report: Experts believe officials must have copied and pasted chunks of text from old legislation into the document. The references are on page 921 of the trade deal, in a section on encryption technology. It also recommends using systems that are now vulnerable to cyber-attacks. The text cites "modern e-mail software packages including Outlook, Mozilla Mail as well as Netscape Communicator 4.x." The latter two are now defunct - the last major release of Netscape Communicator was in 1997. The document also recommends using 1024-bit RSA encryption and the SHA-1 hashing algorithm, which are both outdated and vulnerable to cyber-attacks.