At the earliest I arrived in Lima last week, and did what countless travelers do every day: go to the cellphone store to get a SIM card with a local number. But this mundane ritual, no more exciting than exchanging your dollars for euros, quickly became unexpected – you infiltrated a criminal network.
When I was planning my trip, drugs were the last thing on my mind. In the optimistic days before Omicron, Peru felt like a dream, a dose of warmth and sunshine before heading home in the bleak New York winter. But minutes after I left the Movistar store, with the phone number in my hand, I found a new holiday hobby: telling people they had the wrong number. I assumed it would be a minor inconvenience, a few text messages before people got the word out. But things got even weirder when I installed WhatsApp.
The problems started with an annoying home screen. Instead of the new list for the new account, I met a list of dozens of groups of which I was apparently a member. Even with my embarrassingly poor Spanish, terms like “dark web” popped up, and the sexually suggestive emoji required no translation. Then I started receiving messages. And while most of you won’t find yourself involved in a crime ring in Peru, your digital life faces exactly the same vulnerabilities.
WhatsApp is encrypted, so people feel safe speaking openly. And they started talking a lot about drugs, sex work, and other terms that I didn’t want to translate. People told me about upcoming deliveries, and mentioned places I’d never heard of. I was in heaven, sitting by a rooftop pool overlooking the beaches and cliffs of Miraflores, and had a panic attack.
I started showing scenes from the vulgar mob movies, a gullible passerby who was killed because he saw too much. So I deleted everything. Every message, every group. I even did mental exercises to blur my memories and force myself to forget. But people continued to communicate. And when I continued to explain that they had the wrong person, they insisted: “Delete the number!”
And so I ended up giving tips on cyber security to the crime syndicate. I promised to delete the account, switch the number, but then explained how they had already been hacked. Like many WhatsApp accounts, my predecessor did not have a PIN, which is a subscription security feature that can block what I did accidentally, take over someone else’s account, and in fact someone else’s world. I can get a new number, but without the PIN, whoever got the number Movistar lent me would end up facing the same horror.
As in almost every country in South America, WhatsApp is the most popular communication platform in Peru. In some countries, the Facebook-owned app is so ubiquitous that it has effectively replaced text messaging, allowing users to circumvent phone company fees and call reliably in areas with poor cellular coverage. The other draw, of course, is security. But while encryption is indispensable, it is not sufficient. End-to-end encryption means that Facebook and anyone who intercepts your messages cannot read the content of what you wrote. But they can know everything else. With WhatsApp, they know who your contacts are, what groups you belong to, and when and to whom you send messages.
Although WhatsApp has supported two-factor authentication since 2017, it has never been a default requirement. And no one knows exactly how many of the two billion WhatsApp accounts are unsecured. WhatsApp should make PINs mandatory, or at least the default. But she is far from alone. Encrypted messaging platforms like Signal not only have similar vulnerabilities but many others too. Even after I deleted WhatApp, I continued to receive a series of text messages from banks and payment apps, all looking to confirm someone else’s identity.
[ad_2]
Source link
