In this edition of AdGuard’s digest: Meta goes after iMessage in the new WhatsApp ad, Germany fines Telegram, DuckDuckGo brings its privacy-focused browser to desktop (Mac for now), Google relabels ads, and Toyota’s carelessness backfires.

Meta dumps on Apple in a PR stunt for WhatsApp

Meta came out swinging at Apple’s iMessage as part of its large-scale promotional campaign for WhatsApp in the US. The PR effort is spearheaded by none other than Meta CEO Mark Zuckerberg. In an Instagram post, Zuckerberg argued that WhatsApp was “far more private and secure than iMessage” due to a number of features Apple’s own instant messaging service does not have.

For instance, Zuckeberg noted that end-to-end encryption on WhatsApp works both on iOS and Android, while iMessage is tailor-made for Apple devices. Apple turns texts between iPhones and Android devices into SMS/MMS messages that are not encrypted. They appear in green text bubbles as opposed to blue for iPhone to iPhone texts. While iMessage’s criticism might be warranted, Meta has picked a relatively easy target. There are more secure options than WhatsApp, such as Signal.

Meta has faced privacy-related criticism over the years, including over employing an army of human “content reviewers” who can read messages from reported threads. WhatsApp also shares users’ detailed metadata with law enforcement in response to official requests, and does so almost in real time unlike other services.

Google will make ads more (or less) obvious

Google has announced a new design change that should help users better distinguish between paid and organic search results. Paid results, which were previously marked with a tiny “Ad” label, will now carry a longer “Sponsored” tag in bold black text. This change, according to Google, should “make information about paid content clear.” The company has already started rolling out the new design on mobile, and plans to begin testing it on desktop as well.

In addition, Google will be adding site names and favicons on top of each search result on mobile — that should, presumably, make it easier to identify the source of the content.

It remains to be seen whether the design update will actually help distinguish ads from organic results or confuse users even more, especially when it comes to desktop. Favicons, as shown in Google’s preview, appear big enough to draw all the attention to themselves. Google has a long history of tweaking the design of its search ads to make them look less eye-catching and more like genuine search results. Back in the day Google used to shade its search ads blue, yellow, green, and even red before removing any shading in 2013. Since then and up until now, ad labeling has only gotten more subtle. AdGuard users, however, will not even notice the change because they are spared from seeing any ads, irrespective of design.

Germany fines Telegram for failure to follow its laws

In the latest back-and-forth between Berlin and Telegram, the German government has slapped a 5,1 million euro ($5 million) fine on the messaging service. The country’s justice ministry said that Telegram refused to create “a legally compliant” reporting channel where users could report “criminal content”. Telegram was also accused of failing to appoint a representative to the country.

Telegram can now appeal the fine. The move by the German government indicates that, contrary to some reports, there has been little if any rapprochement between the privacy-oriented tech company and Berlin. In August this year, Telegram surprised its German users by asking them directly if they want the company to relax rules around sharing data with law enforcement, leave them as they are or stop sharing data altogether. Currently, Telegram turns over IP addresses and phone numbers of terrorist suspects to the German police, but only if there’s a court order. The majority of users voted to keep the status quo.

Apparently, Telegram has taken feedback from users into account, and is refusing to budge. Telegram users have shown that they are not ready to compromise their privacy for the sake of potentially catching “bad guys”, which is an encouraging trend.

No love lost: Telegram CEO calls WhatsApp ‘surveillance tool’

Telegram CEO Pavel Durov did not mince words criticizing rival app WhatsApp. In a lenthy blog post, Durov cited a recently discovered vulnerability reported by WhatsApp, and noted that it could have allowed hackers to gain “full access” to everything on the potential victim’s phone.

The Telegram founder then listed other instances in which WhatsApp has encountered similar issues. He suggested that it was a vicious circle the Meta-owned messaging service was unlikely to ever break. “Every year, we learn about some issue in WhatsApp that puts everything on their users’ devices at risk. Which means it’s almost certain that a new security flaw already exists there.” Durov went on to say that he was not highlighting WhatsApp’s security issues to get users switch to Telegram, but rather to keep them away from WhatsApp, which he called a surveillance tool.”

Photo: Adem AY/Unsplash

There is no love lost between WhatsApp and Telegram. Last year, tens of millions new users joined Telegram amid the fallout from WhatsApp’s new privacy policy. The policy revealed that the messenger in some cases shares user data with its parent company Facebook without the right to opt out. We, too, have serious concerns about WhatsApp and its past privacy record, so we don’t recommend using it, especially in the presence of other, more secure alternatives. But the final choice is yours, just be aware of the risks.

DuckDuckGo’s privacy-focused browser arrives to Mac

DuckDuckGo, a company mostly known for its privacy-first search engine, has started rolling out a web browser for Mac. The browser has been available through a waitlist since April, and has now moved into open beta. The developers also announced that they have included several new built-in privacy features in the release.

One of these features — called “Duck Player” — promises to protect users from targeted ads and cookies on YouTube. YouTube would still be able to register your views, but none of the content you view would contribute to creating your advertising profile on YouTube. This means that users won’t see personalized ads unless they want to. Other features include instant access to DDG email service that removes trackers and integrattion with open-source password manager Bitwarden. Apart from that, the developers said that they have improved the ad-blocking functionality by removing white space that used to be in place of blocked ads.

DuckDuckGo has confirmed they are working on a similar solution for Windows, and expect to release the web browser as a closed beta in the coming months. We can only salute DuckDuckGo for helping users to eschew trackers and ads. After suffering a public backlash due to its deal with Microsoft earlier this year, DDG seems to be working hard to redeem itself in the eyes of the privacy-conscious public.

Oops! Toyota says 300,000 customers’ data might have leaked due to security blunder

Japanese automaker Toyota has reported that email addresses and customer numbers of 269,019 people using its T-Connect service were exposed as a result of a data breach. T-Connect is a service that allows Toyota clients to check various types of data about their vehicles.

The breach has affected Toyota owners who registered with the T-Connect website between July 2017 and September this year, which was when Toyota discovered the security hole. According to the automaker itself, the website development subcontractor “mistakenly uploaded part of the source code to their GitHub account while it was set to be public” five years ago. The source code contained an access key to the data server where client data was stored. After discovering the vulnerability on September 15, Toyota made the code private. The company assured that other sensitive data, such as customer names, phone numbers, and credit card information, had not been leaked.

Toyota noted that while they could not confirm that any third party had actually accessed the exposed server, they could not rule that out. Toyota’s blunder shows once again that even big corporations that supposedly have all the resources and best practices to protect customer data are not immune from rather trivial security oversights.