Didn’t Costco’s pharmacy get in trouble for this exact thing a couple months ago? I have a feeling we’re going to see a story about this for all the major pharmacy chains.
Until now, YT videos works flawless in SMplayer and MotionBox Browser, the last one is IMHO the best desktop client for nearly all streaming platforms, only drawback is a bad and not very intuitive UI.
Cybersec researcher here. The content of your chat is encrypted end to end. Their servers can’t read what you write. This is because they use the same protocol as signal, x3dh and double ratchet. However, they can and will collect everything else. Contact info, for example, phone, etc
To “link” other devices you have to scan a qr from your phone, so it’s certainly possible that during that process the devices connect and share the key, and the servers don’t have it.
Or the servers could have it. Idk, it’s closed source, that’s the problem at hand.
No, the protocol is sound enough, WhatsApp doesn’t have the key, doesn’t want the key (so they will probably not be responsible for what you are communicating with others), and doesn’t need the key - as others have put so eloquently, the metadata is rich enough for them.
Sounds like it transfers the ID Out-of-band, so that’s good, does the desktop get the chat history then? (It’s possible it pulls chat history from the phone).
Oh, I agree with the closed source issue. That makes it a no-sale for me.
Initially you could only log in from one device, as it created a new private key every time you switched device. Then they implemented Whatsapp Web, which essentially required the primary device to be connected to the internet, the chats would then be transferred from the primary device to the secondary devices (I assume through an encrypted tunnel of some sorts). Then as of late they have implemented a new technology that allows you to share your private key among multiple devices, making them all the “primary device”. The chat history and all the messages can be shared from one device to another while encrypted. The weak spot at one point was the chat backup, which was unencrypted and stored in your Google Drive, so technically Google could have had access to all your chats. Today though, you can encrypt the backup through a password.
In theory Whatsapp has never needed to read your chats to have the functionality it has. That’s in theory because it’s closed source and we cannot know anything for certain. All this is just what Meta/Whatsapp said or pure speculation.
I wouldn’t consider WA secure. They do tracking, they have your phone numbers and those of all of your friends and know exactly who you talk to, when, and how often. Even if they don’t know the content of the message because it’s encrypted, that’s a lot of information for the algorithm to feed on. Apart from that, I’m not sure if they have access to the encryption keys. They might be able to decrypt everything if they want.
I’m sure someone wrote a lengthy blog article about WA. But unless someone does a proper security audit including where the encryption keys are stored and the implications of that and how extra features like breaking encryption in case someone flags an inappropriate post turns out… The ‘it’s safe’ is just a claim by your brother or Meta. You’re free to believe in anything you want. But it’s not necessarily true.
With the new European regulations Whatapp will soon be forced to offer some compatibility towards 3rd party apps, so there are chances that perhaps bridging in this way will become easier in the near future, or at least have some level of official support. But we won't know for certain how will it work until it happens. All we know is that Whatsapp is currently working on a way for 3rd parties to connect with them.
Personally, I'd hold for a bit to see where does that go and then decide what method to use.
I don’t want to sound overly negative here. But that idea is more a hypothetical proposal “we should do something about it” at this point. There is a working group mimi. But not even a draft or technical proposal, yet. And interoperability is hard, and they also want to come up with a solution that makes it secure, the messages confidential and maybe grant anonymous access. These problems aren’t solved at all as of today. On top you have to deal with spam, malicious servers, users, lawful interception and all kinds of things in a distributed platform. Then they need to come up with a text for the regulation. Write it, discuss and do several revisions, debate it. And there will be lobbyism against it and court cases because it cuts into the business model of large companies. Then it has to be adopted into national legislation and it will get a grace period.
So if you want to wait 'til 2029 (or so) to reply to your mom, go ahead and wait for the EU. I don’t have a crystal ball to be sure, but I highly doubt that this will happen in the next few years.
And on top, there is no guarantee that it turns out good or usable in the first place. There is a lot of lobbyism happening in the EU. Especially by big tech. They’ll find a way to make it a thing that just connects Apple, Meta and Google and exclude independant or secure services.
So, while I'm very skeptical that the result will be satisfactory, I'm very curious to see what will Whatsapp come up with when the deadline hits, because, allegedly, they are already working on it.
I’m curious what Meta is going to unveil. Usually big tech companies get ahead of legislation, in order to set a standard they like, or to prevent possible more strict regulation from happening. We see the same thing with AI and practically everything the big tech companies lobby for. I’m a bit wary.
Whatsapp is under the hood still a lightly modified XMPP system, and given Zucks recent comments about federated protocols (albright in a Threads i.e. ActivityPub context), they might just get their XMPP federation working again.
I use FreeTube which seems to still work fine but it seems to me like the browser plugin that opens YouTube links in FreeTube does not work properly sometimes
I’ve just started using freetube. I’ve noticed short periods of very low quality stream once in a while. Not sure if the periods match Ad time, tho. Do you experience those low Q periods?
I usually just switch it from auto to 1080p or whatever is available and that fixes it 90% of the time, sometimes it takes a second or 2 to fix the quality though.
I might but I am not sure. My internet speed is often a bit unreliable so if I had a drop in quality or issues with buffering I ´just attributed it to that.
I assume Whatsapp encryption is equivalent to https, your connection to the server is encrypted and “impossible” to be intercepted and decrypted, but on the server end everything arrives as clear text, so the only people that can watch your conversation is the recipient of the messages and whatsapp.
That’s not correct. WA claims to use end-to-end encryption. I have no reason to doubt that. It probably arrives encrypted at the servers, not as clear-text.
That’d also align with the business-model of big tech. They do lots of things with meta-data. And algorithms can infer lots of important things just by looking at that. I wouldn’t be surprised if they really don’t care about the exact content of WA messages.
Yeah. I think they partnered with the makers of Signal and took the encryption from Signal back in 2014 or 2015. I still remember the first of my friends adopting WA and it had zero encryption or protection against impersonating people. I used XMPP (Jabber) back then and just shook my head.
for clarity, i think that the worst thing anyone’s been able to decisively prove about telegrams encryption is that it’s vulnerable to replay attacks… which in the context of privacy rather than full security isn’t suuuuper problematic
that’s not to say that there aren’t other flaws; that’s kinda the point behind “rule number 1: DONT INVENT YOUR OWN CRYPTO”: you just don’t know what flaws there are… AES (etc) has had a LOT of eyes on it
but for the most part, the negativity with the crypto boils down to what-ifs
As I see it, the key advantage of Telegram is not technical, it is political.
Yes, Telegram is a slightly shady company with an ambiguous business model and a possibly-dodgy encryption algorithm (when it is even turned on).
But Telegram is based outside the reach of the West (in UAE, eastern Europe, maybe even Russia). Whatever its other problems, nobody thinks that Telegram is under the thumb of Western governments, as the Big Tech corporate messengers almost certainly are.
Personally I don’t care much if Russia or even China is spying on me. Because if we can be certain of anything in this world, it’s that Russia and China are not sharing their spyware data with Western intelligence agencies. And as Westerners we live outside the reach of the Russian and Chinese police states, fortunately. So for us it’s win-win for privacy. That’s the way I see it.
The ideal solution, of course, is a truly private messenger which protects everyone’s privacy, including Chinese and Russians.
Telegram’s servers are located in US, Singapore, Netherlands (and maybe some other countries) from what I’ve gathered. And all chats that are not E2EE’ed are stored there, encrypted at rest at best with keys in the same database, or somewhere else that can still be accessed in automated way. Maybe it is not even encrypted at rest.
The point is, all those countries are either in 5 eyes or have information sharing agreements with 5 eyes countries. So as far as I’m concerned, TLAs can still have their fingers in those pies, in addition to Telegram’s overall shadiness and Russian ties. So maybe you get KGB strongman keeping a watch over your chats too.
This is not something I’d have much confidence in to be honest.
For the average Westerner, the threat from shady Russian agents seems orders of magnitude less serious than that from their own governments and police forces.
For EE2E, the corporate spyware messengers are asking us to take their word for it. Hard.
About the server locations, that’s interesting and does indeed undermine my argument a bit.
To be frank with you, humans are the weakest security point in any system. Even if you did somehow (impossibly) 100% secure your device... you’re literally sending everything to X other family members who don't care about security anyway and take zero preventative measures. That's sort of the point of a chat app. All they would need to do is target your family instead of you to get the exact same info - this is how Facebook has everyone's telephone number and profile photo, even if they don't have an account. And if it's a WhatsApp data breach... well. Your family is just one in a sea of millions of potentially better/easier targets.
If there's anything interesting about your family chats that is actually secret info, it probably shouldn't be put into text anywhere except maybe a password manager. Just tell them not to send passwords or illegal stuff or security question info via whatsapp. It's all you can realistically do in situations like this.
We literally cannot keep all information private from everyone all the time, you have to pick and choose your battles. And even then, you'll still lose some, even if you're perfect.
That’s true in the sense that if a very sophisticated organization directly targets your family chat for surveillance, they’re going to find a way to access its content no matter what communication method you use.
Threat modeling is core to security, and that kind of threat probably isn’t the issue here. Mass surveillance, both government and corporate is, and neither is likely to secretly install malware on a family-members phone that can access the contents of the group chat. Doing that to large numbers of people would get them caught; they save it for valuable targets.
Governments openly forcing the install of spyware, as I’ve read China does in some cases would be an exception; you cannot have a secure conversation involving a device so compromised.
You and family use WhatsApp to talk to each others, just like millions families out there and so far no chats have been leaked because the encryption is bypassed.
This is the privacy community, and they were discussing the privacy aspect.
The concern isn’t about getting your chats leaked, there’s no incentive to just give away data that is collected. The concern is usually about a malicious group (company, government, criminals) abusing the data that they can get their hands on.
It’s a rage-bait, avoid trolls like them. Whatsapp is close-sourced - so we don’t know shit about how good their encryption is - remember how phone numbers were showing up on Google Search? Yeah. Meta also works with the local government to suppress “fake news” - so, how exactly does it know what the contents are, without breaking encryption? These are two of the most convincing reason to not use the app.
privacy
Hot
This magazine is from a federated server and may be incomplete. Browse more on the original instance.