Author recommends a meta owned company for text messaging.
Lol.
The loophole in WhatsApp's end-to-end encryption is simple: The recipient of any WhatsApp message can flag it. Once flagged, the message is copied on the recipient's device and sent as a separate message to Facebook for review.
That practically applies to every form of digital communication. Sender/recipient has it on their end unencrypted and passes/leaks it on elsewhere
Once a review ticket arrives in WhatsApp's system, it is fed automatically into a "reactive" queue for human contract workers to assess. AI algorithms also feed the ticket into "proactive" queues that process unencrypted metadata—including names and profile images of the user's groups, phone number, device fingerprinting, related Facebook and Instagram accounts, and more.
Does this also happen?
Fucking woof...
Please elucidate.
Just indicating that the steps taken that you mentioned are far beyond what most people would imagine as expected behavior for encrypted messaging software. Assuming your quote was published somewhere, as being about WhatsApp. I might've misunderstood.
The same FBI that keeps telling Congress end to end encryption needs to have legally mandated back doors in it?
"our backdoors, not theirs"
(of course, they always fail to acknowledge the simple fact that "ours" becomes "everybody's")
holy shit! the FBI is communist?! cool, cool.
The very same
They want access, they just don't want china to have access. Of course, when you add a backdoor it's best to assume everyone will use it sooner or later.
☝️
If China’s access to your data were actually a high priority to the US security state, then they wouldn’t be installing these back doors. They’re much more interested in 1) accessing your data and 2) convincing you that China is your enemy.
The US security state isn’t interested your security, they’re interested in what the capitalists are interested in: imperialism and screwing over the working class.
Of course, when you add a backdoor it's best to assume everyone will use it sooner or later.
Its true!! I saw several really interesting documentaries about this phenomenon on PornHub
Wow, I didn't know the Git host is providing documentaries too now, sweet 😋
And then there is the kinds of people who cry about Signal dropping support for SMS.
Yeah, I'm one of em. I'm well aware it's not secure, but as a frontend, signal certainly was more customizable and pleasant to use even for just the few people I had to sms till I could convince to use signal.
It was so much easier to convince people to use Signal when it had SMS support. I think while Signal needed to drop it, it wasn't the time yet.
I'm not convinced it ever should've. Make it obvious sms mode is in use, etc etc. But it was great to have everything in one place. One blocklist, great photo editing etc
Maybe. For me the worst change they made was removing custom colours for my contacts.
I agree that it helped with adoption. In a way I wish they still had it so I could get my text messaging family to use a messaging app instead.
The flip side was, if somebody tried signal and didn't like it and uninstalled it, then any SMS message to them from signal went to their signal account that they no longer had installed so they didn't get it. You had no way of knowing so it really sucked.
I am one of those. I ditched Signal and went back to the stock sms app and adopted matrix. Haven't looked back since. The reality is that Signal dropping support for sms wasn't going to stop me from using SMS. For that, other people need to be convinced to stop using it at the same time. Signal didn't have nearly the market size needed to make that happen. And now that card is played, and nothing has changed. Signal is just another messaging app among hundreds. At least matrix offers a real paradigm shift.
signal and matrix are both CIA. i'd say it's worse for your privacy than using your standard messengers since they know that's where all the juicy stuff is.
Source?
They might be trying to express that the Matrix protocol makes it easier for Israel to spy on someone using it. That idea came up somewhat often about 2 years ago, but I don't know many relevant facts. It's also common for people to say that the CIA and Israel cooperate, so that might be the connection to the CIA.
As for Signal, I am greatly annoyed that Signal requires your phone number for registration. Some people justify the centralization of Signal by saying that using a centralized network means that everyone using the network is using the same (good) security practices, and I've been told that the developers for Signal periodically express that they're trying to remove that requirement, but I still try to avoid using Signal (or any networks that I can't access without involving a phone number). The lack of progress on removing the requirement of your phone number from Signal (and the lack of information on where any centralized infrastructure is located) invites ideas about conspiring with the CIA.
Despite any uncertainty or discomfort, I defer to https://www.privacyguides.org/en/real-time-communication/ and https://soatok.blog/2024/07/31/what-does-it-mean-to-be-a-signal-competitor/ to determine what methods of communication might be suitable for me to use.
Not really a work around, but you could get a VOIP number from MySudo or Hushed or a similar service and use that to sign up for Signal. Might at least be more private if you go about it with like a prepaid card and temp email or something.
I thought signal switched to allow usernames a few months ago
They aren’t though…?
How are you going to grow the user base without including the normies?
That’s kind of like if iMessage dropped SMS support. Yeah, I know if it’s a green bubble it’s not encrypted. But I wouldn’t want them to just not allow it.
So... they only warn people about how insecure texting is after someone else exploits it...
The mobile standard setter, GSMA, and Google have said encryption will be coming to RCS, but there’s no firm date yet.
GSMA, please don't come up with yet another poorly designed encryption standard.
The IETF is already working on Messaging Layer Security (MLS), please work with IETF and adopt MLS. IETF have more experience and do a good job at designing secure protocols. And multiple organisations and services are already working on adapting MLS (Mozilla, Google, Matrix, Wire, ...)
If cyberterrorists really want to know who's gonna be late to my D&D game and what food we're having, I guess there's no way we're gonna stop 'em. I blame Kamala's weak campaign.
Well, I'm stuck on a Verizon plan, so my SMS don't send anyways.
US 2010: "We've created and incentivised this gigantic drag net of information based on insecure protocols, private partnership deals, FISA court orders, and outright black budget illegality"
US 2024: "Pweeze use encrypted communication (that we have vendor relations with or that we have backdoors in or that we built as a honey pot) because China can see what's happening in the drag net and they can leverage that information to compromise our idiot elites."
I wonder what they would be saying if they'd been allowed to weaken encryption and back-door the fuck out of everything before the Salt Typhoon folks got involved.
Going back to the roots with the Finger Protocol.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)