Two questions.
My family insist on using Whatsapp for the family chats. I have to keep a copy on a device just so I can communicate with them. I do so under protest, as I was always told it isn’t secure. My brother has just said
“oh Whatsapp is encrypted, it’s perfectly secure”.
First, is it actually as encrypted and safe as my brother claims? That would solve everything.
Second, if it isn’t, where can I get some proof that we should switch to Telegram or whatever? Proof which doesn’t make me look like a raving loony?
My understanding is that it IS encrypted, and its supposed to use the Signal protocol (Signal developed it and released it for others to use)
The problems are with
- metadata (like the other comment explained)
- closed source, so we take their word on it for how it works and that they’re not found anything misleading or shady
See this image from a few years ago:
Oh also @Thisfox@sopuli.xyz
Instead of Telegram, consider one of these, it’s easier to switch to the good one now than to try and switch again later.
https://www.privacyguides.org/en/real-time-communication
Signal works great for my family
I have been using Telegram for… A really long time. A decade? Maybe not that long. But yeah, no reason to change from what works for me. You’re right about that.
Signal and Matrix(?) and the others all seem to be a recent development, and although I have downloaded a few, no one else has them or has heard of them, so their directories are empty as I have never found anyone who wants to connect that way. It means I don’t know how to use or teach older people how to use the software. I am trying to find a simple evidence-based way to encourage my family to change their minds, but it appears it will only make me look paranoid, so probably won’t try.
Corporations love to lie with almost truths, or incomplete truths. So sure it might be end-to-end encrypted between two users, and each message is also signed with a special key that the corporation can view, or that some trusted third party carnivore system could view. That means they didn’t lie, it is end to end encrypted, it’s just three-way encrypted instead of two-way encrypted.
Or it is end-to-end encrypted across the network, but the edge devices, ie the phones, have search capabilities built into them to deliver the messages back to the organization based on some match capability.
And as other people indicated, closed source you don’t know what’s happening, you don’t know what’s changing, you just don’t know
Interesting! Do you remember where you got this chart?
I think it’s from here :)
Also it does leave out some info, I edited my comment up top
Technically, yes, it is encrypted. However, Facebook still gets metadata on who you talk to, when you talk to them, how long you talk to them, your contact information, etc. As an example, if you talked to your girlfriend, then you talked to her doctor, and then you talked to your mom. There’s a good chance that your girlfriend may be pregnant, even if I did not know what was said. Or, if I know you are at the top of a bridge and that you contacted a suicide hotline… So just because it is encrypted does not mean it is safe.
Also WhatsApp requests access to the phone book and is very hard to use if you deny access. This is very likely done because Facebook wants access to the stored numbers to build a social graph. Even if you personally don’t mind, it is a gross privacy violation to share the phone number of other people with Facebook.
Question, how would you use a messaging app that identifies users trough phone numbers without giving it access to phone numbers?
By typing in the numbers, or selectively sharing them from the address book. This works fine on Signal, Telegram and Threema. Only Whatsapp makes it so that you have to share your entire address book with the app.
With some workarounds you can actually use whatsapp also without giving it access to your address book, which shows that it is clearly an intentional dark pattern by Facebook to make people share their entire address book with them to avoid the hassle.
That’s clever about the pregnancy.
I would have thought it was about a case of herpes that you caught from your girlfriend and then gave to your mom.
And that’s why privacy is important - the assumptions and decisions an algorithm makes are not necessarily correct, often not even close.
ml doesn’t understand jokes very well, so honestly it’s not a shit example lol
This made me laugh. Thanks
Well said. I’m saving this comment in case I need to explain this to someone else.
the other important thing with all of this is that even if your girlfriend is taking care, THEY STILL KNOW
people around you (or “you”, in this case) using these services impacts your privacy
is there anything we can do about that? probably not
but it’s worth being aware of
No Telegram lol. Thats way worse. Whatsapp sais they are E2EE but its all “trust me bro” because you cannot look at the code.
With Telegram its a little pain to open encrypted chats and groups are always unencrypted. So its useless.
Let them try Signal, its nearly identical but you can trust it.
Switch to Telegram
You know it’s not even E2EE by default, and when it is it uses a homegrown algo that is not exactly well spoken of? (at least V1)
for clarity, i think that the worst thing anyone’s been able to decisively prove about telegrams encryption is that it’s vulnerable to replay attacks… which in the context of privacy rather than full security isn’t suuuuper problematic
that’s not to say that there aren’t other flaws; that’s kinda the point behind “rule number 1: DONT INVENT YOUR OWN CRYPTO”: you just don’t know what flaws there are… AES (etc) has had a LOT of eyes on it
but for the most part, the negativity with the crypto boils down to what-ifs
IIRC Telegram is only e2e if you explicitly enable it, and not at all for group chats. My info is probably (and hopefully) outdated though.
And E2EE is only available on phones, circa a couple of years ago anyways
But how can I virtue signal when using the mainstream app???
deleted by creator
i’ve seen the bullet points from that article riffed in different ways, but i think that’s the most important part:
- They know you rang a phone sex line at 2:24 am and spoke for 18 minutes. But they don’t know what you talked about.
- They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the call remains a secret.
- They know you got an email from an HIV testing service, then called your doctor, then visited an HIV support group website in the same hour. But they don’t know what was in the email or what you talked about on the phone.
- They know you received an email from a digital rights activist group with the subject line “Let’s Tell Congress: Stop SESTA/FOSTA” and then called your elected representative immediately after. But the content of those communications remains safe from government intrusion.
- They know you called a gynecologist, spoke for a half hour, and then called the local abortion clinic’s number later that day.
I’ve wondered if they don’t know the data. They can perfectly read the convo on your device, assign a category what you’re talking about and keeping that category. They don’t store, read, know the conversation, they only ‘analyze’ it. F.e. if you talk about planes they may assign a category travel and sell your profile to holiday companies?
I don’t know about this, I’m just thinking that’s how I’d do it if I ran an evil corp.
deleted by creator
Does it though when they control both ends. It is encrypted between each end which I guess secures against things like a man in the middle attack from outside parties but their app encrypts it on one end and decrypts it on the other. I have a very hard time believing that they don’t “read” your messages at some point in that process.
deleted by creator
When you type a message a message and send it to your counter part, WhatsApp says it encrypts it and the recipient will decrypt it on their side with WhatsApp. However, WhatsApp is closed source. That means you trust WhatsApp to do what it says.
It’s like going to a contractor and telling them your message and handing them a key. The contractor says they’ll deliver it to the other party in a manner that nobody else will be able to read that message. You can ask them provide the tools they do it, explain how they do it, and show you how it’s done, but they say “no can do, trade secret”. Do you trust them?
Alright, let’s say you do trust them, they really do make the message unreadable to anybody but the other party. But every time you want to send a message, you have to go to their building, write down the message on a notepad, and then hand it + the key to the messenger. If you told them “Just to be sure, I’d like to verify that nobody else is here possibly looking at the message while I write, nor reading it when you go into the backroom to render it unreadable” and asked “Can I check for other people here?” to which they respond “no can do, trade secret”. Do you trust them?
Alright alright, so you still trust them. They won’t let you check anything, but you still trust them. The messenger is employed by the one and Sauron Inc. The owner has been caught lying about stuff before, but you trust them. No problem.
Let’s says the messenger says “hey, you know, all the communications you have when you go into the small room there, we can make copies for you! if the messages were ever misplaced, this building burned down or anything, you could always have the communication history”. You find it a great idea! Wow, it’s so convenient. They even suggest to put copies in a building in another city and the building is owned by Darth Vader Inc. You’re ecstatic! To get the process started, WhatsApp walks into your room with a bunch of blank papers and chest, then asks you to hand over your key and closes the door behind them. You are escorted out of the building and wait for the process to be over.
A few months later, the city is bombarded by Megatron. The WhatsApp building is destroyed and your communications are gone! The key you had for the messenger to render your communications unreadable? Gone too! Well, luckily you can just go to another WhatsApp building. You enter, say your name, fill in your details and you are escorted to a room that looks just like the one in the building the Megatron destroyed!
The elation is great! … until you notice that all your messages are readable. Not only that, but the key that’s used to make then unreadable by WhatsApp is sitting there on the desk - pristine and undamaged as it ever was.Wait a moment… how did the unreadable messages and the key get restored? What exactly did Darth Vader Inc. get from WhatsApp?
Must just be a coincidence, right? You probably had the key in your pocked the whole time and gave it to WhatsApp while you were at the reception filling in your contact details. Your trust is unwavering, the security unrattled, and your communication unscathed.
You are right, we don’t and can’t know if any of what Meta says is true, but at least on the surface it seems to check out. If they are stealing your private key and unlocking all your chats in secret, then they are doing a bloody good job, since no one has leaked anything yet.
Just to clear things a bit, in your analogy you don’t hand the courier both the chest and the key. The chest has a special keypad that accepts two keys, one is your key, the other is the recipient’s key. What you do is you lock the chest with your key and then give it to the courier, which will deliver the chest to the other party, which will then open the chest with his key. In theory the courier never had access to the key.
Now the issues are that you are indeed writing your message from within the Whatsapp building and you can never know if there cameras watching you or not. You also cannot know if Whatsapp has made a copy of your key, or the recipient’s key without your knowledge.
As for how can you recover all your chat history even after you destroy your phone, it’s quite easy and Whatsapp doesn’t need to know anything in particular. The functionality allows you to make a backup and store it on Google Drive. That backup gets encrypted with your password and it’s probably the most secure thing of all, if nothing else because Meta would gain nothing from the backup having poor security (as it would already have all the data if they wanted it) while it would only make them loose face, plus would allow anyone else to gain access to all ~~your ~~their data. After you restore the backup on a new device a new key+padlock pair gets created and the lock gets shared to all your contacts (which will see the yellow box telling them your padlock has changed).
I’m not claiming it doesn’t have privacy issues mind you, I’m just saying that you can’t be sure either way, unfortunately. Still, better than Telegram that doesn’t even encrypt most of your chats.
That backup gets encrypted with your password
Maybe that’s a new feature? Does WhatsApp require a password when backing up now? Haven’t used it in a few years, but back when I had it, the backup to Google didn’t require anything besides your phone number and access the google drive on your account - it was only retrievable from WhatsApp and not visible on a Google Drive interface nor API.
They added the password some time ago. I would say maybe a couple years
In a similar situation as you (entire society revolves around whatsapp). I came to this conclusion:
-
Others won’t share my view on personal privacy at all will happily give out any metadata or data. No matter what secure channel we use, the destination (people) will always leak.
-
Because of (1), consider all communication with others as public, no matter the inferred intimacy, no matter the platform or its security.
-
Consider (2) as true even if they somehow used Signal or any secure platform, because of (1). (E.g. “Hey, did you hear about $familyMember? Yes, the weird kiddo who forced me to use some strange blue shit for chat. He got positive on blood exam for $badCondition. Go check on him”)
As for whatsapp itself, i use Android and isolate it in a separate profile, also frozen until opened. I also used a burner phone number for account registration, not my actual number.
People are more receptive of whatsapp accounts with “alternate” numbers when you explain you “got hacked in the past” or any plausible reason.
-
I case they’re set on WhatsApp:
You could use something like:
https://github.com/mautrix/whatsapp
and bridge WA to a secure Matrix server of your choice. That way you can have a secure environment and they can use whatever they like.
Here is an overview table about messengers, in case you want to compare them and have more arguments in the discussion:
With the new European regulations Whatapp will soon be forced to offer some compatibility towards 3rd party apps, so there are chances that perhaps bridging in this way will become easier in the near future, or at least have some level of official support. But we won’t know for certain how will it work until it happens. All we know is that Whatsapp is currently working on a way for 3rd parties to connect with them.
Personally, I’d hold for a bit to see where does that go and then decide what method to use.
I don’t want to sound overly negative here. But that idea is more a hypothetical proposal “we should do something about it” at this point. There is a working group mimi. But not even a draft or technical proposal, yet. And interoperability is hard, and they also want to come up with a solution that makes it secure, the messages confidential and maybe grant anonymous access. These problems aren’t solved at all as of today. On top you have to deal with spam, malicious servers, users, lawful interception and all kinds of things in a distributed platform. Then they need to come up with a text for the regulation. Write it, discuss and do several revisions, debate it. And there will be lobbyism against it and court cases because it cuts into the business model of large companies. Then it has to be adopted into national legislation and it will get a grace period.
So if you want to wait 'til 2029 (or so) to reply to your mom, go ahead and wait for the EU. I don’t have a crystal ball to be sure, but I highly doubt that this will happen in the next few years.
And on top, there is no guarantee that it turns out good or usable in the first place. There is a lot of lobbyism happening in the EU. Especially by big tech. They’ll find a way to make it a thing that just connects Apple, Meta and Google and exclude independant or secure services.
Yes, I agree that it feels unrealistic that there will be something stable and good by the time the law actually takes effect. But the regulation (the Digital Markets Act) has been already approved since 2022 and we already have a deadline for Whatsapp set by the EU: March 2024 (6 months from 6th September 2023, which is when the Commission designated Meta as “Gatekeeper” and Whatsapp as a “Core Platform Service”).
So, while I’m very skeptical that the result will be satisfactory, I’m very curious to see what will Whatsapp come up with when the deadline hits, because, allegedly, they are already working on it.
Thx for the additional links!
I’m curious what Meta is going to unveil. Usually big tech companies get ahead of legislation, in order to set a standard they like, or to prevent possible more strict regulation from happening. We see the same thing with AI and practically everything the big tech companies lobby for. I’m a bit wary.
To be frank with you, humans are the weakest security point in any system. Even if you did somehow (impossibly) 100% secure your device… you’re literally sending everything to X other family members who don’t care about security anyway and take zero preventative measures. That’s sort of the point of a chat app. All they would need to do is target your family instead of you to get the exact same info - this is how Facebook has everyone’s telephone number and profile photo, even if they don’t have an account. And if it’s a WhatsApp data breach… well. Your family is just one in a sea of millions of potentially better/easier targets.
If there’s anything interesting about your family chats that is actually secret info, it probably shouldn’t be put into text anywhere except maybe a password manager. Just tell them not to send passwords or illegal stuff or security question info via whatsapp. It’s all you can realistically do in situations like this.
We literally cannot keep all information private from everyone all the time, you have to pick and choose your battles. And even then, you’ll still lose some, even if you’re perfect.
The contents of the chat messages are e2e encrypted, so meta can’t see what you are sending.
But they can see all of the Meta data, ie how often you chat with someone, how often you send pictures/videos/voice messages, etc.
That is more than enough to know everything about you and your friends.
The contents of the chat messages are e2e encrypted, so meta can’t see what you are sending.
Even if we assume correct e2ee is used (which we have no way of knowing), Meta can still see what you are sending and receiving, because they control the endpoints. It’s their app, after all.
You can for example have a look on the online resource below:
https://www.securemessagingapps.com/
It is very interesting with a big comparison grid between plenty of messaging solutions.
WhatsApp gives you the option to back up all messages to Google or Apple Cloud unencrypted.
I assume Whatsapp encryption is equivalent to https, your connection to the server is encrypted and “impossible” to be intercepted and decrypted, but on the server end everything arrives as clear text, so the only people that can watch your conversation is the recipient of the messages and whatsapp.
That’s not correct. WA claims to use end-to-end encryption. I have no reason to doubt that. It probably arrives encrypted at the servers, not as clear-text.
That’d also align with the business-model of big tech. They do lots of things with meta-data. And algorithms can infer lots of important things just by looking at that. I wouldn’t be surprised if they really don’t care about the exact content of WA messages.
Reading whatsapp definition of e2ee seems to be the case, I stand corrected.
You and family use WhatsApp to talk to each others, just like millions families out there and so far no chats have been leaked because the encryption is bypassed.
You make your own life so complicated for what?
This is the privacy community, and they were discussing the privacy aspect.
The concern isn’t about getting your chats leaked, there’s no incentive to just give away data that is collected. The concern is usually about a malicious group (company, government, criminals) abusing the data that they can get their hands on.
He is talking about encryption, which I addressed. Maybe reading comprehension, eh?
Wider context matters
Two companies can advertise lockers with the same high quality lock, but one might still be better to use
- if one company can’t prove they are actually using the high quality lock
- if one company acts as a middleman, doing the locking/unlocking for you
- if one company watches everything you do before and after using the locker, allowing them to infer what you are using it for
Even if we specifically talk about security, one is better than the other.
WhatsApp has been endorsed by Moxie himself who invented Signal Protocol. What more do you want? Long winded talk for shit?
Long winded talk for shit?
what
Appeals to authority are antithetical to any security assessment. Security is about capabilities, not about intentions.
“It must be encrypted well because nothing has been leaked yet” is a very, very bad stance on encryption.
In fact, every encryption is working well until it’s broken the first time.
So no, you didn’t address shit.
Yea yea, if even Signal Protocol cant do shit, your shit can’t do anything as well. 🤣
That comment does not make sense.
If you lack knowledge , admit it.
WhatsApp is using Signal Protocol.
It is very unpleasant to communicate with you.
It is still unclear what you meant with “your shit”.
Apart from that I did not argue against the signal protocol, I argued against your idiotic stance on encryption.
Maybe reading comprehension, eh?
Give it up, you sound like either a you don’t know what you’re talking about or a you’re a bootlicker for facebook.
You’re never going to win a pro Facebook argument in this community.