A question about secure chats

fiat_lux, 1 year ago (edited 1 year ago)

To be frank with you, humans are the weakest security point in any system. Even if you did somehow (impossibly) 100% secure your device... you’re literally sending everything to X other family members who don't care about security anyway and take zero preventative measures. That's sort of the point of a chat app. All they would need to do is target your family instead of you to get the exact same info - this is how Facebook has everyone's telephone number and profile photo, even if they don't have an account. And if it's a WhatsApp data breach... well. Your family is just one in a sea of millions of potentially better/easier targets.

If there's anything interesting about your family chats that is actually secret info, it probably shouldn't be put into text anywhere except maybe a password manager. Just tell them not to send passwords or illegal stuff or security question info via whatsapp. It's all you can realistically do in situations like this.

We literally cannot keep all information private from everyone all the time, you have to pick and choose your battles. And even then, you'll still lose some, even if you're perfect.

Zak, 1 year ago

That’s true in the sense that if a very sophisticated organization directly targets your family chat for surveillance, they’re going to find a way to access its content no matter what communication method you use.

Threat modeling is core to security, and that kind of threat probably isn’t the issue here. Mass surveillance, both government and corporate is, and neither is likely to secretly install malware on a family-members phone that can access the contents of the group chat. Doing that to large numbers of people would get them caught; they save it for valuable targets.

Governments openly forcing the install of spyware, as I’ve read China does in some cases would be an exception; you cannot have a secure conversation involving a device so compromised.

tioute, 1 year ago (edited 1 year ago)

deleted_by_author

nIi7WJVZwktT4Ze, 1 year ago (edited 1 year ago)

Content of the Tweet if you don’t want to click X links:

What #Telegram collects and stores:

1. Unencrypted messages, photos, videos, and files
2. Encrypted photos and videos from secret chats
3. Phone numbers and contacts
4. Metadata such as IP addresses

…

What #WireMin collects and stores:

1. None.

#Decentralization #privacy

By @WireMin

belkka, 1 year ago

Note, Telegram Isn’t As Private As You Think

neutron, 1 year ago

In a similar situation as you (entire society revolves around whatsapp). I came to this conclusion:

1. Others won’t share my view on personal privacy at all will happily give out any metadata or data. No matter what secure channel we use, the destination (people) will always leak.
2. Because of (1), consider all communication with others as public, no matter the inferred intimacy, no matter the platform or its security.
3. Consider (2) as true even if they somehow used Signal or any secure platform, because of (1). (E.g. “Hey, did you hear about $familyMember? Yes, the weird kiddo who forced me to use some strange blue shit for chat. He got positive on blood exam for $badCondition. Go check on him”)

As for whatsapp itself, i use Android and isolate it in a separate profile, also frozen until opened. I also used a burner phone number for account registration, not my actual number.

People are more receptive of whatsapp accounts with “alternate” numbers when you explain you “got hacked in the past” or any plausible reason.

pylapp, 1 year ago

You can for example have a look on the online resource below:

www.securemessagingapps.com

It is very interesting with a big comparison grid between plenty of messaging solutions.