362
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 04 Mar 2024
362 points (100.0% liked)
Privacy
31939 readers
569 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
We don't have any clue on how good whatsapp encryption is. It's closed source.
The whitepaper explains it in detail. Closed source doesn't mean worse by default. In a lot of cases the opposite since professionals were hired and paid for their work and the company thinks they have an edge on the competition. Open source is more of a grab bag. Commercial use of open source is plagued by abandoned projects and lack of support obligations, even though it might be better in certain instances.
Closed source does mean it's worse by default because we can't verify what the app does. The only things we really know about Whatsapp are:
Meta is scanning your texts before the message is sent. Back when I last used it you could easily verify this by typing a url and having the app underline the url for you.
Meta is collecting an enormous amount of Metadata. This can also be verified by checking the permissions the app has and by various people that have monitored the background activity of the app.
Meta is using the Signal protocol to send the message. However, as previously explained this means nothing because they already scanned the message prior to sending it.
So with no way to look at the code we have to assume that Meta is collecting and storing the messages and their metadata.
Most industry standard software that people use in their jobs is closed source. When you watch movies or listen to music or play video games you're supporting proprietary software. Same with finance and basically any office job. Niche IT jobs are the exception but I've been in enterprise IT for 20 years and this is just how it is in a capitalist economy. I'd prefer for public ownership of technology platforms but it's basically reduced to a consumption model within the current system. Like the platforms people consume media through isn't very significant, which the open source community puts a lot of ideological importance on. Most open source projects are also abandoned and become obsolete too quickly. I've basically been relying on the same set of proprietary Adobe software for part of my income since the 90s, can't name an open source alternative that does what I need it to do or has this longevity even though I'd prefer it.
Btw a way you can verify the security of a chat app is by reading case docs from law enforcement about what's required to obtain communications through said platform. With whatsapp the closest they can get to message content is by retreiving cache from the iPhone chatsearch database, and metadata from WhatsApp about who sent a message to whom and when but not the message contents. Retrieval of WhatApp messages through proprietary security forensics software is limited to how certain phone models and OSs locally cache messages basically. This applies to different platforms the same way though and isn't something special about WhatsApp or Meta. The unique thing to Meta is how quickly they respond to law enforcement requests about metadata collection.
I'm not using closed source Zuckchat