A question about secure chats

Zeroxxx, 1 year ago

You and family use WhatsApp to talk to each others, just like millions families out there and so far no chats have been leaked because the encryption is bypassed.

You make your own life so complicated for what?

otter, 1 year ago

This is the privacy community, and they were discussing the privacy aspect.

The concern isn’t about getting your chats leaked, there’s no incentive to just give away data that is collected. The concern is usually about a malicious group (company, government, criminals) abusing the data that they can get their hands on.

Zeroxxx, 1 year ago (edited 1 year ago)

He is talking about encryption, which I addressed. Maybe reading comprehension, eh?

Konlanx, 1 year ago

“It must be encrypted well because nothing has been leaked yet” is a very, very bad stance on encryption.

In fact, every encryption is working well until it’s broken the first time.

So no, you didn’t address shit.

Zeroxxx, 1 year ago (edited 1 year ago)

Yea yea, if even Signal Protocol cant do shit, your shit can’t do anything as well. 🤣

All you guys do is talking without any solid base. Sigh.

Konlanx, 1 year ago

That comment does not make sense.

Zeroxxx, 1 year ago

If you lack knowledge , admit it.

WhatsApp is using Signal Protocol.

sag, 1 year ago

Bro are you high or something?

Konlanx, 1 year ago (edited 1 year ago)

It is very unpleasant to communicate with you.

It is still unclear what you meant with “your shit”.

Apart from that I did not argue against the signal protocol, I argued against your idiotic stance on encryption.

Maybe reading comprehension, eh?

Zeroxxx, 1 year ago

So? We just have differing view. No more, no less.

Bring your shit elsewhere don’t present it to me.

Konlanx, 1 year ago

Are you able to coherently answer or is it going to stay like this? Because then I will end this conversation here.

Zeroxxx, 1 year ago (edited 1 year ago)

End it. I don’t need to converse with you either, I merely answered OP.

Since you ended this, be quiet and don’t spam me with notification.

velox_vulnus, 1 year ago (edited 1 year ago)

It’s a rage-bait, avoid trolls like them. Whatsapp is close-sourced - so we don’t know shit about how good their encryption is - remember how phone numbers were showing up on Google Search? Yeah. Meta also works with the local government to suppress “fake news” - so, how exactly does it know what the contents are, without breaking encryption? These are two of the most convincing reason to not use the app.

nick, 1 year ago

Give it up, you sound like either a you don’t know what you’re talking about or a you’re a bootlicker for facebook.

You’re never going to win a pro Facebook argument in this community.

otter, 1 year ago

Wider context matters

Two companies can advertise lockers with the same high quality lock, but one might still be better to use

• if one company can’t prove they are actually using the high quality lock
• if one company acts as a middleman, doing the locking/unlocking for you
• if one company watches everything you do before and after using the locker, allowing them to infer what you are using it for

Even if we specifically talk about security, one is better than the other.

Zeroxxx, 1 year ago

WhatsApp has been endorsed by Moxie himself who invented Signal Protocol. What more do you want? Long winded talk for shit?

otter, 1 year ago

Long winded talk for shit?

what

PupBiru, 1 year ago

i can’t find a single reference to that. i think you’re confused

LWD, 1 year ago (edited 11 months ago)

deleted_by_author

theskyisfalling, 1 year ago

Does it though when they control both ends. It is encrypted between each end which I guess secures against things like a man in the middle attack from outside parties but their app encrypts it on one end and decrypts it on the other. I have a very hard time believing that they don’t “read” your messages at some point in that process.

PupBiru, 1 year ago

i’ve seen the bullet points from that article riffed in different ways, but i think that’s the most important part:

• They know you rang a phone sex line at 2:24 am and spoke for 18 minutes. But they don't know what you talked about.
• They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the call remains a secret.
• They know you got an email from an HIV testing service, then called your doctor, then visited an HIV support group website in the same hour. But they don't know what was in the email or what you talked about on the phone.
• They know you received an email from a digital rights activist group with the subject line “Let’s Tell Congress: Stop SESTA/FOSTA” and then called your elected representative immediately after. But the content of those communications remains safe from government intrusion.
• They know you called a gynecologist, spoke for a half hour, and then called the local abortion clinic’s number later that day.

Brtrnd, 1 year ago

I’ve wondered if they don’t know the data. They can perfectly read the convo on your device, assign a category what you’re talking about and keeping that category. They don’t store, read, know the conversation, they only ‘analyze’ it. F.e. if you talk about planes they may assign a category travel and sell your profile to holiday companies?

I don’t know about this, I’m just thinking that’s how I’d do it if I ran an evil corp.

pylapp, 1 year ago

You can for example have a look on the online resource below:

www.securemessagingapps.com

It is very interesting with a big comparison grid between plenty of messaging solutions.

otter, 1 year ago (edited 1 year ago)

My understanding is that it IS encrypted, and its supposed to use the Signal protocol (Signal developed it and released it for others to use)

The problems are with

• metadata (like the other comment explained)
• closed source, so we take their word on it for how it works. It’s possible they’re being misleading or doing something shady

See this image from a few years ago: https://i.redd.it/0imry50rxy961.png

Note that signal does require this, which isn’t in the chart:

• phone number (for now)
• last active date
• sign up date (I think)

pylapp, 1 year ago

Interesting! Do you remember where you got this chart?

elvith, 1 year ago

These are just screenshots of the data privacy section from the Apple AppStore of each of the apps. Afaik those are mandatory & self reported by the devs of the app.

otter, 1 year ago (edited 1 year ago)

I think it’s from here :)

forbes.com/…/whatsapp-beaten-by-apples-new-imessa…

Also it does leave out some info, I edited my comment up top

ultratiem, 1 year ago

iMessage definitely has more hooks in than those listed. It’s an integral Apple service that’s hooked into your deeper iCloud account. And because of that, they know a lot more than just a mere “chat” app would get access to. Which likely makes it harder to quantify.

Moreover, Meta and Alphabet also cross reference a lot of data points from all the other sources they have (cookies, IP logs, etc.). Again making actual data points fuzzy or incomplete.

Agent641, 1 year ago (edited 1 year ago)

I do not consent to Signal knowing about my empty box

otter, 1 year ago (edited 1 year ago)

Oh also @Thisfox

Instead of Telegram, consider one of these, it’s easier to switch to the good one now than to try and switch again later.

www.privacyguides.org/en/real-time-communication

Signal works great for my family

Thisfox, 1 year ago (edited 1 year ago)

I have been using Telegram for… A really long time. A decade? Maybe not that long. But yeah, no reason to change from what works for me. You’re right about that.

Signal and Matrix(?) and the others all seem to be a recent development, and although I have downloaded a few, no one else has them or has heard of them, so their directories are empty as I have never found anyone who wants to connect that way. It means I don’t know how to use or teach older people how to use the software. I am trying to find a simple evidence-based way to encourage my family to change their minds, but it appears it will only make me look paranoid, so probably won’t try.

otter, 1 year ago (edited 1 year ago)

That’s fair enough, it’s really location based. Around where I am, telegram isn’t that popular. I’ve met a few people using Signal and I have friends/collegues pop up in the “____ has Signal” section of the app.

We don’t really have a dominant chat app around here, there’s a good mix of messenger/instagram/iMessage, with some groups sticking to Whatsapp/WeChat/Viber.

I am trying to find a simple evidence-based way to encourage my family to change their minds, but it appears it will only make me look paranoid

I think part of it is because it’s hard to convince people without first explaining how things work. Not much use in worrying about it if you can’t, just look out for yourself. What you COULD do is to use the private option when you need to talk about something sensitive. If the app is installed on their phone then they’re more likely to use it, and even if not then you’re looking out for yourself

shortwavesurfer, 1 year ago

Technically, yes, it is encrypted. However, Facebook still gets metadata on who you talk to, when you talk to them, how long you talk to them, your contact information, etc. As an example, if you talked to your girlfriend, then you talked to her doctor, and then you talked to your mom. There’s a good chance that your girlfriend may be pregnant, even if I did not know what was said. Or, if I know you are at the top of a bridge and that you contacted a suicide hotline… So just because it is encrypted does not mean it is safe.

remotelove, 1 year ago

That’s clever about the pregnancy.

I would have thought it was about a case of herpes that you caught from your girlfriend and then gave to your mom.

nightwatch_admin, 1 year ago (edited 1 year ago)

And that’s why privacy is important - the assumptions and decisions an algorithm makes are not necessarily correct, often not even close.

Edit:before someone wants to be smart: yes, I know it’s a joke.

PupBiru, 1 year ago

ml doesn’t understand jokes very well, so honestly it’s not a shit example lol

shortwavesurfer, 1 year ago

This made me laugh. Thanks

poVoq, 1 year ago

Also WhatsApp requests access to the phone book and is very hard to use if you deny access. This is very likely done because Facebook wants access to the stored numbers to build a social graph. Even if you personally don’t mind, it is a gross privacy violation to share the phone number of other people with Facebook.

DudeDudenson, 1 year ago

Question, how would you use a messaging app that identifies users trough phone numbers without giving it access to phone numbers?

poVoq, 1 year ago (edited 1 year ago)

By typing in the numbers, or selectively sharing them from the address book. This works fine on Signal, Telegram and Threema. Only Whatsapp makes it so that you have to share your entire address book with the app.

With some workarounds you can actually use whatsapp also without giving it access to your address book, which shows that it is clearly an intentional dark pattern by Facebook to make people share their entire address book with them to avoid the hassle.

AVincentInSpace, 1 year ago

Well said. I’m saving this comment in case I need to explain this to someone else.

PupBiru, 1 year ago (edited 1 year ago)

the other important thing with all of this is that even if your girlfriend is taking care, THEY STILL KNOW

people around you (or “you”, in this case) using these services impacts your privacy

is there anything we can do about that? probably not

but it’s worth being aware of