Two questions.
My family insist on using Whatsapp for the family chats. I have to keep a copy on a device just so I can communicate with them. I do so under protest, as I was always told it isn’t secure. My brother has just said
“oh Whatsapp is encrypted, it’s perfectly secure”.
First, is it actually as encrypted and safe as my brother claims? That would solve everything.
Second, if it isn’t, where can I get some proof that we should switch to Telegram or whatever? Proof which doesn’t make me look like a raving loony?
To be frank with you, humans are the weakest security point in any system. Even if you did somehow (impossibly) 100% secure your device… you’re literally sending everything to X other family members who don’t care about security anyway and take zero preventative measures. That’s sort of the point of a chat app. All they would need to do is target your family instead of you to get the exact same info - this is how Facebook has everyone’s telephone number and profile photo, even if they don’t have an account. And if it’s a WhatsApp data breach… well. Your family is just one in a sea of millions of potentially better/easier targets.
If there’s anything interesting about your family chats that is actually secret info, it probably shouldn’t be put into text anywhere except maybe a password manager. Just tell them not to send passwords or illegal stuff or security question info via whatsapp. It’s all you can realistically do in situations like this.
We literally cannot keep all information private from everyone all the time, you have to pick and choose your battles. And even then, you’ll still lose some, even if you’re perfect.
That’s true in the sense that if a very sophisticated organization directly targets your family chat for surveillance, they’re going to find a way to access its content no matter what communication method you use.
Threat modeling is core to security, and that kind of threat probably isn’t the issue here. Mass surveillance, both government and corporate is, and neither is likely to secretly install malware on a family-members phone that can access the contents of the group chat. Doing that to large numbers of people would get them caught; they save it for valuable targets.
Governments openly forcing the install of spyware, as I’ve read China does in some cases would be an exception; you cannot have a secure conversation involving a device so compromised.