Shit if I think I got my point across I’m pretty happy
Actually really I think more often we think “I SHOULD have said that!”. It’s like we know so so many words until a native comes to talk to us and then all our words go hiding somewhere.
Due to a lack of any reliable way of backing that up, I cannot convince anyone else using the opinions of a random on the internet. I was looking for a place I can show them with evidence, so I don’t look like a conspiracy theorist with a pinboard full of string and coloured paper.
It’s proprietary software. You can’t know what they’re actually doing without getting a job there and getting assigned to that project. But given Facebook’s long history of user hostile behavior, the statements from Zuckerberg that people who trust him are idiots, and the class action lawsuits against them for violating consumer trust and straight-up selling user data, I wouldn’t believe anything they say. Why use a 3rd party app run by a user hostile company whose entire business model revolves around capturing user data, when there are better alternatives out there? I understand that I’m preaching to the choir and I apologize. I’ve had the same argument with my two best friends trying to get them to use literally anything other than Whatsapp and they won’t. So we still communicate with a group sms on our phones. That’s better than Whatsapp as far as I’m concerned. You have my sympathies since your group is probably too big to just refuse to participate in and still get communications from.
When you type a message a message and send it to your counter part, WhatsApp says it encrypts it and the recipient will decrypt it on their side with WhatsApp. However, WhatsApp is closed source. That means you trust WhatsApp to do what it says.
It’s like going to a contractor and telling them your message and handing them a key. The contractor says they’ll deliver it to the other party in a manner that nobody else will be able to read that message. You can ask them provide the tools they do it, explain how they do it, and show you how it’s done, but they say “no can do, trade secret”. Do you trust them?
Alright, let’s say you do trust them, they really do make the message unreadable to anybody but the other party. But every time you want to send a message, you have to go to their building, write down the message on a notepad, and then hand it + the key to the messenger. If you told them “Just to be sure, I’d like to verify that nobody else is here possibly looking at the message while I write, nor reading it when you go into the backroom to render it unreadable” and asked “Can I check for other people here?” to which they respond “no can do, trade secret”. Do you trust them?
Alright alright, so you still trust them. They won’t let you check anything, but you still trust them. The messenger is employed by the one and Sauron Inc. The owner has been caught lying about stuff before, but you trust them. No problem.
Let’s says the messenger says “hey, you know, all the communications you have when you go into the small room there, we can make copies for you! if the messages were ever misplaced, this building burned down or anything, you could always have the communication history”. You find it a great idea! Wow, it’s so convenient. They even suggest to put copies in a building in another city and the building is owned by Darth Vader Inc. You’re ecstatic! To get the process started, WhatsApp walks into your room with a bunch of blank papers and chest, then asks you to hand over your key and closes the door behind them. You are escorted out of the building and wait for the process to be over.
A few months later, the city is bombarded by Megatron. The WhatsApp building is destroyed and your communications are gone! The key you had for the messenger to render your communications unreadable? Gone too! Well, luckily you can just go to another WhatsApp building. You enter, say your name, fill in your details and you are escorted to a room that looks just like the one in the building the Megatron destroyed!
The elation is great! … until you notice that all your messages are readable. Not only that, but the key that’s used to make then unreadable by WhatsApp is sitting there on the desk - pristine and undamaged as it ever was.
Wait a moment… how did the unreadable messages and the key get restored? What exactly did Darth Vader Inc. get from WhatsApp?
Must just be a coincidence, right? You probably had the key in your pocked the whole time and gave it to WhatsApp while you were at the reception filling in your contact details. Your trust is unwavering, the security unrattled, and your communication unscathed.
You are right, we don’t and can’t know if any of what Meta says is true, but at least on the surface it seems to check out. If they are stealing your private key and unlocking all your chats in secret, then they are doing a bloody good job, since no one has leaked anything yet.
Just to clear things a bit, in your analogy you don’t hand the courier both the chest and the key. The chest has a special keypad that accepts two keys, one is your key, the other is the recipient’s key. What you do is you lock the chest with your key and then give it to the courier, which will deliver the chest to the other party, which will then open the chest with his key. In theory the courier never had access to the key.
Now the issues are that you are indeed writing your message from within the Whatsapp building and you can never know if there cameras watching you or not. You also cannot know if Whatsapp has made a copy of your key, or the recipient’s key without your knowledge.
As for how can you recover all your chat history even after you destroy your phone, it’s quite easy and Whatsapp doesn’t need to know anything in particular. The functionality allows you to make a backup and store it on Google Drive. That backup gets encrypted with your password and it’s probably the most secure thing of all, if nothing else because Meta would gain nothing from the backup having poor security (as it would already have all the data if they wanted it) while it would only make them loose face, plus would allow anyone else to gain access to all ~~your ~~their data. After you restore the backup on a new device a new key+padlock pair gets created and the lock gets shared to all your contacts (which will see the yellow box telling them your padlock has changed).
I’m not claiming it doesn’t have privacy issues mind you, I’m just saying that you can’t be sure either way, unfortunately. Still, better than Telegram that doesn’t even encrypt most of your chats.
Maybe that’s a new feature? Does WhatsApp require a password when backing up now? Haven’t used it in a few years, but back when I had it, the backup to Google didn’t require anything besides your phone number and access the google drive on your account - it was only retrievable from WhatsApp and not visible on a Google Drive interface nor API.
They will if I don’t sound paranoid and can give rational answers backed up with real articles that aren’t conspiracy sites. Much of my family are teachers, everyone has at least one university degree, and is capable of rational thought and critical thinking. They just don’t see a reason to switch. I need to put forward a reason that is worth their time.
The contents of the chat messages are e2e encrypted, so meta can’t see what you are sending.
Even if we assume correct e2ee is used (which we have no way of knowing), Meta can still see what you are sending and receiving, because they control the endpoints. It’s their app, after all.
Even if they do, you can’t know whether they can access the encryption keys. It’s all just layers of “but this, but that” and at the very bottom a layer of “trust me, bro”.
My way around the issue with the app and its collection is :
Install in a separate profile with empty everything. (So they get an empty contact list)
Install beeper in a different profil and connect WhatsApp to beeper.
Remove all permissions from WhatsApp. There if I need to reconnect sometime.
Oh and using fake number is also a good idea. And yes not as good as selfhosting I know. Signal is an option if you can get them to switch. Telegram is crap.
In a similar situation as you (entire society revolves around whatsapp). I came to this conclusion:
Others won’t share my view on personal privacy at all will happily give out any metadata or data. No matter what secure channel we use, the destination (people) will always leak.
Because of (1), consider all communication with others as public, no matter the inferred intimacy, no matter the platform or its security.
Consider (2) as true even if they somehow used Signal or any secure platform, because of (1). (E.g. “Hey, did you hear about $familyMember? Yes, the weird kiddo who forced me to use some strange blue shit for chat. He got positive on blood exam for $badCondition. Go check on him”)
As for whatsapp itself, i use Android and isolate it in a separate profile, also frozen until opened. I also used a burner phone number for account registration, not my actual number.
People are more receptive of whatsapp accounts with “alternate” numbers when you explain you “got hacked in the past” or any plausible reason.
sopuli.xyz
Hot