Meta has revealed more details about how third-party messaging apps can be interoperable with WhatsApp and Messenger. The company is being required to open up its apps to a certain extent to comply with the Digital Markets Act (DMA), a new European Union law that comes into effect this week.

"We think the best way to deliver interoperability is through a solution which builds on Meta’s existing client/server architecture," Meta wrote in a blog post. "The approach we have taken in terms of implementing interoperability is the best way of meeting DMA requirements, whilst also creating a viable approach for the third-party providers interested in becoming interoperable with Meta and maximizing user security and privacy."

Meta says it has been working on interoperability with the European Commission for nearly two years. To begin with, interoperability will need to support text-based messages and the ability to share images, voice notes, videos and other files. In the future, Meta will need to enable group chats and calling between WhatsApp and Messenger and third-party apps.

For the time being, third-party developers will likely have to use the Signal protocol to hook into Messenger and WhatsApp. Meta uses that protocol for end-to-end encryption (E2EE) on both apps, "as it represents the current gold standard for E2EE chats." Developers will have the option of using a compatible protocol, but only "if they are able to demonstrate it offers the same security guarantees as Signal."

Meta notes that when it comes to messaging entirely within the WhatsApp and Messenger ecosystems, it controls both the sending and receiving clients. In such cases, it can affirm that only the sender and intended recipients will be able to see messages. 

However, it added that "while we have built a secure solution for interop that uses the Signal protocol encryption to protect messages in transit, without ownership of both clients (endpoints) we cannot guarantee what a third-party provider does with sent or received messages, and we therefore cannot make the same promise." As such, Meta is indicating that messages that originate from or are sent to a third-party app may not be as secure as those that stay completely within its own ecosystem.

Developers who connect their apps to WhatsApp and Messenger will have to host media files that they send to Meta's platforms on their own servers. WhatsApp or Messenger will then download the media from the media via a Meta proxy service.

To enable interoperability, makers of third-party messaging apps will need to sign an agreement with Meta. The company notes that it needs to be ready to turn on interoperability with another service within three months of receiving a request, though "it may take longer before the functionality is ready for public use."

Shortly after Japan’s space agency became the fifth country to land a spacecraft on the surface of the moon, its scientists discovered the Smart Lander for Investigating Moon (SLIM) unfortunately touched down upside down. The Japan Aerospace Exploration Agency (JAXA) said that the SLIM landed on the lunar surface on January 20 but it knew it might have bigger problems due to an issue with power generation. Just hours after making landfall, JAXA expected the power to run out, before it ultimately did.

SLIM met the moon’s surface about 55 meters east of the original target landing site, JAXA said. The agency did get all of the technical information related to its navigation prior to landing and ultimately becoming stationary on the lunar surface. JAXA captured photos of the SLIM from its The Lunar Excursion Vehicle 2, its fully autonomous robot currently exploring the moon.

The reason behind the main engine malfunctioning is under investigation by the space agency. There is a slim chance for regeneration because the solar cells that power the spacecraft are facing west, meaning there is a chance for SLIM recovery if enough light from the sun reaches the cells as more time passes. The SLIM JAXA team took to X earlier this week to write, “We are preparing for recovery.” The agency said it will “take the necessary preparations to gather more technical and scientific data from the spacecraft.

When Snapchat introduced the notion of “ephemeral data” to the masses a decade ago, self-destructive messaging really took off. There were tons of companies trying to cash in, from Meta-created Poke to Wickr, Confide, Hash and others. For the most part, all of those companies failed, but the idea has thrived. To that end, WhatsApp just introduced voice messages that automatically delete after being played.

The messaging app’s View Once feature already exists for photos and messages, but this is the first time it has been applied to voice messages. The interface is simple. Just select View Once and make a voice message. It’ll self-destruct after the recipient hears it. This is not only fun in a Mission Impossible sort of way, but actively enhances privacy in the case of audio recordings that mention sensitive topics. Hey, once in a while you have to give someone credit card details and it’s better to be safe than sorry.

There are some caveats, as no technology is foolproof. WhatsApp encourages users to only send View Once voice messages to people they trust, as there are ways to get around the ephemeral nature of the data. For instance, Android users can use the screen record function as they listen and anyone can use another camera or external microphone to capture the message.

The tool’s rolling out globally over the next few days, so it might be a bit before the update hits your box. WhatsApp has been making all sorts of improvements throughout the past year. Just last week, the platform introduced the ability to share photos in their original format, without compression. The app also recently added a tool that masks your IP address when making calls.

There's never been a better time to buy the Apple Watch SE (2nd Gen), as it has fallen to another new low on Amazon. Both sizes (40mm and 44mm) are available with discounts of $70, with the 40mm GPS Watch SE starting at just $179, or 28 percent ($70) off and the 44mm model starting at $209 (25 percent off). That's an all-time low, besting the $189 price we saw just two days ago. 

With solid performance, a familiar design and support for numerous apps, the 2022 Watch SE scored a solid 89 in our Engadget review. It looks nearly identical to the latest Watch models, and delivers smooth performance despite the slightly older processor. Most importantly, it offer all the same features you'd get in the more expensive models, like all-day heart rate monitoring, built-in GPS, fall detection, Apple Pay support, sleep-tracking and more. Battery life has also been improved over the previous model.

It doesn't include a blood oxygen sensor or ECG, nor the always-on display of the Series 8 or Series 9 models. If those things aren't terribly important, you'll still get a full Watch experience. The other main drawbacks with all Watch models are sleep tracking that doesn't quite measure up to the competition, and less than a full day of battery life.

If you want the higher-end models, there's more good news too. All the Watch Series 8 models are on sale, starting at $299 for the Watch Series 8 (GPS 41mm), $329 for the Watch Series 9 (in red only, $100 off) and $359 for the Watch Series 9 in other colors.  

You might want to run antivirus tools if you use certain Minecraft mods. The MMPA security community has learned that hackers are exploiting a "BleedingPipe" flaw in the Forge framework powering numerous mods, including some versions of Astral Sorcery, EnderCore and Gadomancy. If one of the game tweaks is running on Forge 1.7.10/1.12.2, intruders can remotely control both servers and gamers' devices. In one case, an attacker was using a new exploit variant to breach a Minecraft server and steal both Discord chatters' credentials as well as players' Steam session cookies.

As Bleeping Computerexplains, BleedingPipe relies on incorrect deserialization for a class in the Java code powering the mods. Users just have to send special network traffic to a server to take control. The first evidence of BleedingPipe attacks surfaced in March 2022 and were quickly patched by modders, but MMPA understands most servers running the mods haven't updated.

We've asked Mojang parent company Microsoft for comment. It's not responsible for Forge, so the tech giant can't necessarily stop or limit the damage. You won't be affected if you use stock Minecraft or stick to single-player sessions.

The full scope of the vulnerability isn't clear. While there are 46 mods known to fall prey to BleedingPipe as of this writing, there's the potential for considerably more. Users are asked to scan their systems (including their Minecraft folder) for malware. Server operators, meanwhile, are urged to either update mods or stop running them entirely. MMPA also has a PipeBlocker mod that protects everyone involved, although mod packs may cause problems if the mods haven't been updated.

Nearly three years after a 2020 court decision threatened to grind transatlantic e-commerce to a halt, the European Union has adopted a plan that will allow US tech giants to continue storing data about European users on American soil. In a decision announced Monday, the European Commission approved the Trans-Atlantic Data Privacy Framework. Under the terms of the deal, the US will establish a court Europeans can engage with if they feel a US tech platform violated their data privacy rights. President Joe Biden announced the creation of the Data Protection Review Court in an executive order he signed last fall. The court can order the deletion of user data and impose other remedial measures. The framework also limits access to European user data by US intelligence agencies.

The Trans-Atlantic Data Privacy Framework is the latest chapter in a saga that is now more than a decade in the making. It was only earlier this year the EU fined Meta a record-breaking €1.2 billion after it found that Facebook's practice of moving EU user data to US servers violated the bloc's digital privacy laws. The EU also ordered Meta to delete the data it already had stored on its US servers if the company didn't have a legal way to keep that information there by the fall. As TheWall Street Journal notes, Monday's agreement should allow Meta to avoid the need to delete any data, but the company may end up still paying the fine.

Even with a new agreement in place, it probably won't be smooth sailing just yet for the companies that depend the most on cross-border data flows. Max Schrems, the lawyer who successfully challenged the previous Safe Harbor and Privacy Shield agreements that governed transatlantic data transfers before today, told The Journal he plans to challenge the new framework. "We would need changes in US surveillance law to make this work and we simply don't have it," he said. For what it's worth, the European Commission says it's confident it can defend its new framework in court.

WhatsApp has begun rolling out a handful of new security features. The most notable sees the company doing more to protect users against SIM jacking and other social engineering attacks that could compromise your account. The next time you download WhatsApp on a new device, you may be asked to use your old device to confirm you want to move your account to a new phone.

If you’re worried about the potential of being locked out of your account, a WhatsApp spokesperson told Engadget Account Protect will only activate if the company detects a suspicious registration attempt. Moreover, if you don’t have access to your old device, you can request the company send you a second one-time passcode.

Whether or not you decide to switch devices anytime soon, your WhatsApp account will be safer, thanks to the new introduction of new background checks. You won’t need to directly interact with the verification features WhatsApp is adding. Nonetheless, the company says they will help secure your account against malware, and better protect you if your WhatsApp is ever compromised.

Separately, WhatsApp is also making it easier for users to verify their connection with someone is encrypted. Right now, verifying your connection with someone involves either scanning a QR code or comparing a 60-digit number, both of which you can find by tapping the Encryption tab under a contact’s info sheet. Moving forward, tapping the tab will automatically verify whether your connection is secure.

The new features will roll out to all WhatsApp users in the coming months. In the meantime, if you want to do the most you can to secure your account, WhatsApp parent company Meta recommends you enable two-factor authentication and encrypted backups.

One of the biggest criticisms of DJI's otherwise excellent Avata FPV drone was around the Goggles 2, which lacked comfort and forced you to tether to a battery. Now, DJI has unveiled the Goggles Integra, a new model designed for the Avata that offers an integrated battery, improved ergonomics and new flight control features. The company also announced the RC Motion 2 controller with an upgraded joystick and controls.

The Goggles Integra use a new integrated design that merges the headband and battery, eliminating the annoying connecting cable on the last model. At the same time, DJI promises that the headband is "light, balanced and incredibly comfortable," while offering up to two hours of connecting time. It uses DJI's OcuSync O3+, that provides a 50Mbps video feed with up to 6.2 miles of range and 30-millisecond latency. It has a built-in GPS that lets you fly with no need to connect to a smartphone. 

DJI

Unfortunately, the Goggles Integra lack the built-in diopter range found on the Goggles 2, and are too small to accommodate eyeglasses. Instead, they come with interchangeable lenses, meaning they're less flexible for users who need eye correction than the Goggles 2. And as before, when you take them off to see the drone, you'll need to put your glasses back on. With the battery cable gone, though, it's less awkward to put the headset on and take it off.

Another key difference with the Goggles 2 is that there's no Bluetooth or WiFi communication. That means you won't be able to transmit the visuals you see in the goggles to a smartphone, as you can on the previous model. 

Along with the new headset, DJI introduced the RC Motion 2 as an update to the original RC Motion controller. It uses the same motion-sensing tech, but comes with an improved joystick that protrudes (rather than being flush as before) for more traditional operation. 

DJI

It also has an updated accelerator with a reverse function to support multidirectional flight. That includes vertical, backward and sideways motion, "making it easier to adjust the direction or choose a suitable place to land," DJI wrote. On the side is a new Fn dial (replacing the tilt switch) that lets you adjust the camera's ISO, shutter and other parameters without the to interact with the goggles. 

The new products show that DJI is being responsive to users, but it's unfortunate that the Goggles Integra lacks several key features from the $649 Goggles 2 — even though it's $150 cheaper. The Goggles Integra and RC Motion 2 are now available for $499 and $239 respectively. You can also get them in the Avata Explorer Combo that includes the Goggles Integra, DJI RC Motion 2, and DJI Avata for $1,278. If you need the diopter adjustment range and WiFi/Bluetooth features, the Pro-View Combo with the Goggles 2, DJI RC Motion 2, and DJI Avata is available for $1,428. 

Meta has sued companies doing business as "HeyMods," "Highlight Mobi" and "HeyWhatsApp" for stealing over a million accounts using unofficial WhatsApp Android apps, Bleeping Computer has reported. The malware-infested apps were available on several APK sites and even the Google Play Store, according to the complaint. 

"After victims installed the Malicious Applications, they were prompted to enter their WhatsApp user credentials," according to the suit filed in the US District Court in San Francisco. "The Defendants programmed the Malicious Applications to communicate the user's credentials to WhatsApp's computers and obtain the users' account keys and authentication information."

The apps in question are called "Theme Store for Zap" and "AppUpdater for WhatsPlus 2021 GB Yo FM HeyMods" among others. The latter app was installed more than a million times for the Google Play Store, according to Bleeping Computer. 

WhatsApp chief Will Cathcart warned users not to download the fake apps, saying they "were just a scam to steal personal information stored on people's phones." He added that Meta's findings were shared with Google, and in July, Google Play Protect was updated to detect and disable the fake apps. "We're also taking enforcement action against HeyMods... and will explore legal options to hold HeyMods and others like them accountable," he said. 

Meta said the developers effectively breached their agreements, though jurisdiction isn't clear as the complaint indicates that the companies are organized under the laws of three different regions (Hong Kong, Beijing and Taiwan). In any case, Cathcart gave some advice that applies universally to any app: "If you see friends or family using a different form of WhatsApp please encourage them to only use WhatsApp from a trusted app store or our official website directly at http://WhatsApp.com/dl."

WhatsApp just introduced several important privacy features including the online status blocking option it recently showed in beta, TechCrunch has reported. The aim is to eventually make WhatsApp "as private and secure as face-to-face conversations," Meta CEO Mark Zuckerberg said in a Facebook post. 

The new "online presence control" feature allows you to send messages while appearing to be offline. That offers another level of privacy over the ability to hide your "last seen" status from specific contacts, a feature introduced earlier this year. 

You can control the feature in a granular way, deciding which contacts can view your online status and which can't. There are no limits, and you can swap people in and out at any time. The feature will roll out to all users across desktop and mobile, later this month. 

WhatsApp is also testing screenshot blocking for view once messages that disappear after a single view. When those messages were introduced last year, Meta said that you should still take caution as you wouldn't know if someone screenshotted them. A new feature that lets you block such screenshots is now in testing, but the company hopes to get it to all users "soon." 

With the final change, you can leave leave groups privately without sending out a mass notification to everyone else that you're gone — though group admins will still be notified. That should save some awkwardness when it rolls out to the desktop and mobile apps, also later this month.