Due to a lack of any reliable way of backing that up, I cannot convince anyone else using the opinions of a random on the internet. I was looking for a place I can show them with evidence, so I don’t look like a conspiracy theorist with a pinboard full of string and coloured paper.
It’s proprietary software. You can’t know what they’re actually doing without getting a job there and getting assigned to that project. But given Facebook’s long history of user hostile behavior, the statements from Zuckerberg that people who trust him are idiots, and the class action lawsuits against them for violating consumer trust and straight-up selling user data, I wouldn’t believe anything they say. Why use a 3rd party app run by a user hostile company whose entire business model revolves around capturing user data, when there are better alternatives out there? I understand that I’m preaching to the choir and I apologize. I’ve had the same argument with my two best friends trying to get them to use literally anything other than Whatsapp and they won’t. So we still communicate with a group sms on our phones. That’s better than Whatsapp as far as I’m concerned. You have my sympathies since your group is probably too big to just refuse to participate in and still get communications from.
As long as you are running closed source Operating Systems, they can listen to whatever they want, and scan whatever they want that’s happening on your screen. Wake up people. Facepalm.
The contents of the chat messages are e2e encrypted, so meta can’t see what you are sending.
Even if we assume correct e2ee is used (which we have no way of knowing), Meta can still see what you are sending and receiving, because they control the endpoints. It’s their app, after all.
Even if they do, you can’t know whether they can access the encryption keys. It’s all just layers of “but this, but that” and at the very bottom a layer of “trust me, bro”.
When you type a message a message and send it to your counter part, WhatsApp says it encrypts it and the recipient will decrypt it on their side with WhatsApp. However, WhatsApp is closed source. That means you trust WhatsApp to do what it says.
It’s like going to a contractor and telling them your message and handing them a key. The contractor says they’ll deliver it to the other party in a manner that nobody else will be able to read that message. You can ask them provide the tools they do it, explain how they do it, and show you how it’s done, but they say “no can do, trade secret”. Do you trust them?
Alright, let’s say you do trust them, they really do make the message unreadable to anybody but the other party. But every time you want to send a message, you have to go to their building, write down the message on a notepad, and then hand it + the key to the messenger. If you told them “Just to be sure, I’d like to verify that nobody else is here possibly looking at the message while I write, nor reading it when you go into the backroom to render it unreadable” and asked “Can I check for other people here?” to which they respond “no can do, trade secret”. Do you trust them?
Alright alright, so you still trust them. They won’t let you check anything, but you still trust them. The messenger is employed by the one and Sauron Inc. The owner has been caught lying about stuff before, but you trust them. No problem.
Let’s says the messenger says “hey, you know, all the communications you have when you go into the small room there, we can make copies for you! if the messages were ever misplaced, this building burned down or anything, you could always have the communication history”. You find it a great idea! Wow, it’s so convenient. They even suggest to put copies in a building in another city and the building is owned by Darth Vader Inc. You’re ecstatic! To get the process started, WhatsApp walks into your room with a bunch of blank papers and chest, then asks you to hand over your key and closes the door behind them. You are escorted out of the building and wait for the process to be over.
A few months later, the city is bombarded by Megatron. The WhatsApp building is destroyed and your communications are gone! The key you had for the messenger to render your communications unreadable? Gone too! Well, luckily you can just go to another WhatsApp building. You enter, say your name, fill in your details and you are escorted to a room that looks just like the one in the building the Megatron destroyed!
The elation is great! … until you notice that all your messages are readable. Not only that, but the key that’s used to make then unreadable by WhatsApp is sitting there on the desk - pristine and undamaged as it ever was.
Wait a moment… how did the unreadable messages and the key get restored? What exactly did Darth Vader Inc. get from WhatsApp?
Must just be a coincidence, right? You probably had the key in your pocked the whole time and gave it to WhatsApp while you were at the reception filling in your contact details. Your trust is unwavering, the security unrattled, and your communication unscathed.
You are right, we don’t and can’t know if any of what Meta says is true, but at least on the surface it seems to check out. If they are stealing your private key and unlocking all your chats in secret, then they are doing a bloody good job, since no one has leaked anything yet.
Just to clear things a bit, in your analogy you don’t hand the courier both the chest and the key. The chest has a special keypad that accepts two keys, one is your key, the other is the recipient’s key. What you do is you lock the chest with your key and then give it to the courier, which will deliver the chest to the other party, which will then open the chest with his key. In theory the courier never had access to the key.
Now the issues are that you are indeed writing your message from within the Whatsapp building and you can never know if there cameras watching you or not. You also cannot know if Whatsapp has made a copy of your key, or the recipient’s key without your knowledge.
As for how can you recover all your chat history even after you destroy your phone, it’s quite easy and Whatsapp doesn’t need to know anything in particular. The functionality allows you to make a backup and store it on Google Drive. That backup gets encrypted with your password and it’s probably the most secure thing of all, if nothing else because Meta would gain nothing from the backup having poor security (as it would already have all the data if they wanted it) while it would only make them loose face, plus would allow anyone else to gain access to all ~~your ~~their data. After you restore the backup on a new device a new key+padlock pair gets created and the lock gets shared to all your contacts (which will see the yellow box telling them your padlock has changed).
I’m not claiming it doesn’t have privacy issues mind you, I’m just saying that you can’t be sure either way, unfortunately. Still, better than Telegram that doesn’t even encrypt most of your chats.
Maybe that’s a new feature? Does WhatsApp require a password when backing up now? Haven’t used it in a few years, but back when I had it, the backup to Google didn’t require anything besides your phone number and access the google drive on your account - it was only retrievable from WhatsApp and not visible on a Google Drive interface nor API.
According to EU law, PII should be accessible, modifiable and deletable by the targeted persons. I don’t think ChatGPT would allow me to delete information about me found in their training data.
ban all European IPS from using these applications
But again, is this your information as in its random individuals or is this really some company roster listing CEOs it grabbed off some third party website that none of us are actually on and its being passed off as if its regular folks information
You’re pretentiously laughing at region locking. That’s been around for a while. You can’t untrain these AI. This PII which has always been publicly available and seems to be an issue only now is not something they can pull out and retrain. So if its that big an issue, region lock them. Fuck em. But again this doesn’t sound like Joe blow has information available. It seems more like websites that are scraping company details which these ai then scrape.
It also doesn't mean it inherently isn't free to use, either. The article doesn't say whether or not the PII in question was intended to be private or public.
Again, the article doesn't say whether or not the data was intended to be public. People post their contact info online on purpose sometimes, you know. Businesses and shit. Which seems most likely to be what's happened, given that the example has a fax number.
If someone had some theoretical device that could x-ray, 3d image, and 3d print an exact replica of your car though, that would be legal. That’s a closer analogy.
It’s not illegal to reverse-engineer and reproduce for personal use. It is questionably legal though to sell the reproduction. However, if the car were open-source or otherwise not copyrighted/patented it probably would be legal to sell the reproduction.
I’m curious how accurate the PII is. I can generate strings of text and numbers and say that it’s a person’s name and phone number. But that doesn’t mean it’s PII. LLMs like to hallucinate a lot.
It’s a degradation in functionality masquerading as an improvement. And as for labelling everything ‘shit’, have you seen my comment history. This is the first time I have used this term on any platform. Smh
It’s not really degrading functionality there is it. It’s a feature that no one wants and is annoying and badly thought out but you can turn it off but they haven’t disabled any functionality to add this feature
It’s a feature that no one wants and is annoying and badly thought out but you can turn it off but they haven’t disabled any functionality to add this feature
I assume Whatsapp encryption is equivalent to https, your connection to the server is encrypted and “impossible” to be intercepted and decrypted, but on the server end everything arrives as clear text, so the only people that can watch your conversation is the recipient of the messages and whatsapp.
That’s not correct. WA claims to use end-to-end encryption. I have no reason to doubt that. It probably arrives encrypted at the servers, not as clear-text.
That’d also align with the business-model of big tech. They do lots of things with meta-data. And algorithms can infer lots of important things just by looking at that. I wouldn’t be surprised if they really don’t care about the exact content of WA messages.
Yeah. I think they partnered with the makers of Signal and took the encryption from Signal back in 2014 or 2015. I still remember the first of my friends adopting WA and it had zero encryption or protection against impersonating people. I used XMPP (Jabber) back then and just shook my head.
Always has been. Just yesterday I was explaining AI image generation to a coworker. I said the program looks at a ton of images and uses that info to blend them together. Like it knows what a soviet propaganda poster looks like, and it knows what artwork of Santa looks like so it can make a Santa themed propaganda poster.
Same with text I assume. It knows the Mario wiki and fanfics, and it knows a bunch of books about zombies so it blends it to make a gritty story about Mario fending off zombies. But yeah it’s all other works just melded together.
My question is would a human author be any different? We absorb ideas and stories we read and hear and blend them into new or reimagined ideas. AI just knows it’s original sources
“Blending together” isn’t accurate, since it implies that the original images are used in the process of creating the output. The AI doesn’t have access to the original data (if it wasn’t erroneously repeated many times in the training dataset).
My question is would a human author be any different?
Humans don’t remember the exact source material, it gets abstracted into concepts before being saved as an engram. This is how we’re able to create new works of art while AI is only able to do photoshop on its training data. Humans will forget the text but remember the soul, AI only has access to the exact work and cannot replicate the soul of a work (at least with its current implementation, if these systems were made to be anything more than glorified IP theft we could see systems that could actually do art like humans, but we don’t live in that world)
My way around the issue with the app and its collection is :
Install in a separate profile with empty everything. (So they get an empty contact list)
Install beeper in a different profil and connect WhatsApp to beeper.
Remove all permissions from WhatsApp. There if I need to reconnect sometime.
Oh and using fake number is also a good idea. And yes not as good as selfhosting I know. Signal is an option if you can get them to switch. Telegram is crap.
You have DNS ad blocking, but not IP encryption or DNS rerouting. DNS rerouting encrypts your plaintext DNS lookups, but your packets are still very much sniffable. If you aren’t using a VPN + DNS filtering/rerouting, you’re not anonymous. Also, if your girlfriend is away from home, she’s probably completely unmasked on the internet. Same with you. Your phone keeps that metadata. Also, Facebook and Instagram all use tracking software that tracks your activity even if you close the apps. It would be wise to delete your facebook and instagram accounts as they aren’t really necessary to live a happy life and they are actively spying on you.
If you really need to share photos, I’d recommend flickr or photobucket, and if you need to talk about yourself, get a blog. Your actual friends and family will find a way to stay in touch with you.
Will you be informed and asked confirmation before the page is loaded?
I mean, even for self-signed/invalid certificates, most browsers allow you to optionally access the page anyway... it'll show some error page first, but it'll allow you to load it if you explicitly request to continue in the error page itself, right? and you'll get an eye-catching red icon indicating the website is untrusted... why can't browsers implement something similar to that? Just use a different icon and a different page/dialog to opt-in on first visit. Something that isn't as strong as the error page, but that makes it clear to the user which organization/government is responsible for authorizing the access.
But then again... why not simply have that website registered under .id.eu (for example) and have the EU use that DNS for registering/signing subdomains using eIDAS certificates? then there would be no risk for it to potentially poison other top-level domains if it's compromised. And imho, it would be great if when a citizen gets their eIDAS certificate it comes with a personal domain that they can freely use.
I feel I'm not fully understanding here neither what exactly is being asked nor the purpose for asking it.
Is there some more clear and unbiased information on this? ...the way they wanna call it "secret" is also very confusing to me, that smells of FUD... in which way is it "secret"? are there no public details about the request? "secret legislation" feels almost like an oximoron. I feel that what they want to say is that the controversial sections were introduced very late in the process, following some closed-door meetings, but that's no the same thing as the legislation being "secret"...
for clarity, i think that the worst thing anyone’s been able to decisively prove about telegrams encryption is that it’s vulnerable to replay attacks… which in the context of privacy rather than full security isn’t suuuuper problematic
that’s not to say that there aren’t other flaws; that’s kinda the point behind “rule number 1: DONT INVENT YOUR OWN CRYPTO”: you just don’t know what flaws there are… AES (etc) has had a LOT of eyes on it
but for the most part, the negativity with the crypto boils down to what-ifs
As I see it, the key advantage of Telegram is not technical, it is political.
Yes, Telegram is a slightly shady company with an ambiguous business model and a possibly-dodgy encryption algorithm (when it is even turned on).
But Telegram is based outside the reach of the West (in UAE, eastern Europe, maybe even Russia). Whatever its other problems, nobody thinks that Telegram is under the thumb of Western governments, as the Big Tech corporate messengers almost certainly are.
Personally I don’t care much if Russia or even China is spying on me. Because if we can be certain of anything in this world, it’s that Russia and China are not sharing their spyware data with Western intelligence agencies. And as Westerners we live outside the reach of the Russian and Chinese police states, fortunately. So for us it’s win-win for privacy. That’s the way I see it.
The ideal solution, of course, is a truly private messenger which protects everyone’s privacy, including Chinese and Russians.
Telegram’s servers are located in US, Singapore, Netherlands (and maybe some other countries) from what I’ve gathered. And all chats that are not E2EE’ed are stored there, encrypted at rest at best with keys in the same database, or somewhere else that can still be accessed in automated way. Maybe it is not even encrypted at rest.
The point is, all those countries are either in 5 eyes or have information sharing agreements with 5 eyes countries. So as far as I’m concerned, TLAs can still have their fingers in those pies, in addition to Telegram’s overall shadiness and Russian ties. So maybe you get KGB strongman keeping a watch over your chats too.
This is not something I’d have much confidence in to be honest.
For the average Westerner, the threat from shady Russian agents seems orders of magnitude less serious than that from their own governments and police forces.
For EE2E, the corporate spyware messengers are asking us to take their word for it. Hard.
About the server locations, that’s interesting and does indeed undermine my argument a bit.
privacy
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.