Two questions.

My family insist on using Whatsapp for the family chats. I have to keep a copy on a device just so I can communicate with them. I do so under protest, as I was always told it isn’t secure. My brother has just said

“oh Whatsapp is encrypted, it’s perfectly secure”.

First, is it actually as encrypted and safe as my brother claims? That would solve everything.

Second, if it isn’t, where can I get some proof that we should switch to Telegram or whatever? Proof which doesn’t make me look like a raving loony?

  • OtterEnglish
    907 months ago

    My understanding is that it IS encrypted, and its supposed to use the Signal protocol (Signal developed it and released it for others to use)

    The problems are with

    • metadata (like the other comment explained)
    • closed source, so we take their word on it for how it works. It’s possible they’re being misleading or doing something shady

    See this image from a few years ago:

    Note that signal does require this, which isn’t in the chart:

    • phone number (for now)
    • last active date
    • sign up date (I think)
      • @Thisfox@sopuli.xyzOP
        -17 months ago

        I have been using Telegram for… A really long time. A decade? Maybe not that long. But yeah, no reason to change from what works for me. You’re right about that.

        Signal and Matrix(?) and the others all seem to be a recent development, and although I have downloaded a few, no one else has them or has heard of them, so their directories are empty as I have never found anyone who wants to connect that way. It means I don’t know how to use or teach older people how to use the software. I am trying to find a simple evidence-based way to encourage my family to change their minds, but it appears it will only make me look paranoid, so probably won’t try.

        • OtterEnglish
          17 months ago

          That’s fair enough, it’s really location based. Around where I am, telegram isn’t that popular. I’ve met a few people using Signal and I have friends/collegues pop up in the “____ has Signal” section of the app.

          We don’t really have a dominant chat app around here, there’s a good mix of messenger/instagram/iMessage, with some groups sticking to Whatsapp/WeChat/Viber.

          I am trying to find a simple evidence-based way to encourage my family to change their minds, but it appears it will only make me look paranoid

          I think part of it is because it’s hard to convince people without first explaining how things work. Not much use in worrying about it if you can’t, just look out for yourself. What you COULD do is to use the private option when you need to talk about something sensitive. If the app is installed on their phone then they’re more likely to use it, and even if not then you’re looking out for yourself

    • @jet@hackertalks.comEnglish
      157 months ago

      Corporations love to lie with almost truths, or incomplete truths. So sure it might be end-to-end encrypted between two users, and each message is also signed with a special key that the corporation can view, or that some trusted third party carnivore system could view. That means they didn’t lie, it is end to end encrypted, it’s just three-way encrypted instead of two-way encrypted.

      Or it is end-to-end encrypted across the network, but the edge devices, ie the phones, have search capabilities built into them to deliver the messages back to the organization based on some match capability.

      And as other people indicated, closed source you don’t know what’s happening, you don’t know what’s changing, you just don’t know

    • meseek #2982
      17 months ago

      iMessage definitely has more hooks in than those listed. It’s an integral Apple service that’s hooked into your deeper iCloud account. And because of that, they know a lot more than just a mere “chat” app would get access to. Which likely makes it harder to quantify.

      Moreover, Meta and Alphabet also cross reference a lot of data points from all the other sources they have (cookies, IP logs, etc.). Again making actual data points fuzzy or incomplete.