[HN Gopher] WhatsApp CEO on the controversy surrounding proposed...
___________________________________________________________________
WhatsApp CEO on the controversy surrounding proposed German
communications laws
Author : seesawtron
Score : 83 points
Date : 2021-03-13 18:10 UTC (1 days ago)
(HTM) web link (www.spiegel.de)
(TXT) w3m dump (www.spiegel.de)
| rklaehn wrote:
| My personal impression is that there has been a huge movement
| away from WhatsApp to Signal and Telegram in Germany in the last
| months.
|
| Not just typically privacy sensitive people, but also lots of
| normal people.
|
| Most people still have WhatsApp for that one or two friends and
| relatives that don't want to switch. But most activity has moved
| on.
| projektfu wrote:
| Something weird happened in my neighborhood where a bunch of
| people were suddenly phished/hacked through WhatsApp and its
| SMS-based authentication. My girlfriend must have clicked a
| link in a text message that gave an adversary control over her
| WhatsApp and locked her out of it. That person then requested
| money from her friends and started phishing her contacts
| through groups--they didn't have actual access to her contacts.
|
| She was on Android and was able to recover her account and we
| set up 2FA. Her friends were not so lucky, many of those with
| iPhones apparently had to change phone numbers to make it stop.
| I don't understand why but I also couldn't see their phones.
|
| Anyhow, I encouraged people to give Signal a try. It at least
| doesn't send links that can hand over your account by text.
| skrebbel wrote:
| Can anyone explain the move to Telegram to me? I understand the
| UX argument, Telegram is amazing. But privacy? Aren't you
| moving from "Facebook can read your metadata" to "Pavel Durov
| can read your every message"? How is that an improvement?
|
| I mean, I too trust Durov more than Zuckerberg but that's an
| extremely low bar to clear, and you're giving them a lot more
| data.
| ollyhayes wrote:
| Since WhatsApp is closed source, you can't know that there
| isn't some sort of encryption backdoor in there anyway, so in
| both cases it comes down to trust that the company is doing
| what they say they're doing.
|
| When you read how the cloud encryption works in Telegram,
| with the encryption keys stored in different data centres and
| even different countries to protect against any one person or
| group being able to read them, I personally feel pretty happy
| with that. (See https://telegram.org/privacy#3-3-1-cloud-
| chats)
|
| Having the messages stored in the cloud and not having to
| rely on my phone (except for registration) is a huge win for
| me personally. Especially during the lockdown I almost
| exclusively use desktop versions of these and the Telegram
| one is great.
| fshbbdssbbgdd wrote:
| WhatsApp's encryption occurs on my phone and can I can
| verify it by examining the client binaries, regardless of
| whether it's open source. Telegram's story about the nine
| keys divided between the realms of the human, elves, orcs
| etc is just a story on a website. You should only trust it
| if you believe that organizations who want your data can't
| invent a good story.
| ollyhayes wrote:
| > by examining the client binaries
|
| And you do this every time there is a new WhatsApp
| version? How confident are you that you can find any
| backdoor in the binary? And it doesn't have to be in the
| encryption/decryption part, all it would need to do is
| hide the encryption key in a message back to the server,
| so you'd have to inspect the entire binary every time.
| Even if you do have the time and skill to do this it's
| not exactly feasible for most people.
|
| I'm not trying to argue that there is a backdoor, just
| that in both cases you have to rely on trust.
|
| > You should only trust it if you believe that
| organizations who want your data can't invent a good
| story.
|
| It's not just inventing a story though, their backend is
| also open source so they've also implemented this story.
| Of course that doesn't mean there isn't a backdoor in the
| production version, but you see how the trust you need in
| both cases is the same.
|
| Edit: Actually the backend isn't open source, I was
| thinking of signal
| [deleted]
| rklaehn wrote:
| No idea. Just saying what I am observing.
|
| I got signal, telegram and element.io . I encourage non
| technically savvy people to go to signal and technically
| savvy people to go to element. But I see a lot of normal
| people switching to telegram.
|
| Possibly just network effect due to the whatsapp exodus. If
| somebody you want to communicate with only has telegram, you
| also download it.
| aero-glide2 wrote:
| Is it just me or is Element much slower than whatsapp?
| schoolornot wrote:
| Orders of magnitude slower. Scrolling through past
| messages in Telegram is insanely fast. Not sure if it's
| Matrix or Element but there is a lot left to be desired
| there. And the longer it exists, the more it seems
| architectural. Not talking E2E groups. This isn't to take
| anything away from the Matrix folks who are doing an
| outstanding job.
| Arathorn wrote:
| On what platform are you seeing this? Element is three
| different apps on iOS/Android/Web and they implement
| scrolling differently. There is no architectural reason
| in Matrix why it should be slower than TG.
| meibo wrote:
| They are probably talking about the Matrix.org instance
| being slow at fetching messages for you, additionally to
| the delay needed to get keys for them in encrypted rooms.
|
| This is far nicer on smaller home servers, but matrix.org
| is the "default experience" of element and that's what
| people are judging it by.
| johnchristopher wrote:
| > There is no architectural reason in Matrix why it
| should be slower than TG.
|
| Then why is it ?
| smoldesu wrote:
| Probably because the people developing these clients
| aren't being bankrolled by multi-million dollar companies
| with private interests. The previous poster was correct;
| Matrix is a protocol, and so your performance really
| comes down to whatever client you're using it with.
| Element is a web app, so it will inevitably be pretty
| slow. If you want a client that won't slow down, look
| into Fractal, a GTK Matrix frontend written in Rust. If
| that doesn't iron out your performance issues, you just
| have a slow machine/connection.
| johnchristopher wrote:
| Fractal is actually responsive, I am actually impressed.
| It's not bankrolled by multi-million dollar companies
| though and Telegram web app is way faster so something
| doesn't add.
| anilakar wrote:
| > Scrolling through past messages
|
| Funny how you mention this - scrolling back manually is
| literally the only way to go to past conversations on
| mobile, as the search does not work with inflected
| languages. The only way to search for past content is to
| dump your whole message history on the desktop client and
| run grep on it.
| 0xy wrote:
| Firstly, by default WhatsApp backs up your encryption keys to
| the cloud making your messages totally accessible and not E2E
| encrypted at all.
|
| Secondly, Telegram secret messages have been repeatedly
| proven to be E2E encrypted, including by independent
| researchers, so "Pavel can read all your messages!" is just
| misinformation.
|
| As for the alternatives, well Signal is very likely
| compromised given their server repo is abandoned and they
| refuse to address why (they maintain a closed source
| version). Why else would an "open source project" act that
| way, if not gagged?
| Marsymars wrote:
| > Signal is very likely compromised given their server repo
| is abandoned
|
| Signal has client-side E2E encryption.
| 0xy wrote:
| I don't understand this argument, it's okay for an "open
| source project" to abandon their server repo with no
| explanation and if it's compromised and leaking metadata
| to third parties it's fine?
|
| People are killed over metadata.
| pgalvin wrote:
| This is NOT true. Message keys are never sent to the cloud
| in WhatsApp, no matter what.
|
| You're referring to the optional backup that requires users
| to opt-in. This sends an encrypted blob of all your
| messages to Apple/Google, and WhatsApp holds the key (but
| not the data) to that. Both companies would need to
| cooperate to read your messages, and this is OPT-IN by
| default.
|
| This isn't E2EE, but it's opt-in by default. It also has
| nothing to do with the key exchange for E2EE messages.
|
| You're comparing WhatsApp, with all messages end-to-end
| encrypted and where the only way to compromise that is an
| opt-in cloud backup, to Telegram, where the vast majority
| of people (anyone using cloud chats) do not use Telegram's
| encryption.
|
| Full disclosure: I begrudgingly use WhatsApp. I really
| don't like it. You're spreading misinformation, though.
| ffpip wrote:
| > This sends an encrypted blob of all your messages to
| Apple/Google, and WhatsApp holds the key
|
| It is a plain text backup to Google Drive. There is no
| key Whatsapp holds. Google can read it all, and has
| revealed the chats to help the Govt in multiple high
| profile cases here in India.
|
| You can extract it yourself, with the credentials of your
| Google account- https://github.com/YuriCosta/WhatsApp-GD-
| Extractor-Multithre...
|
| > You're referring to the optional backup that requires
| users to opt-in.
|
| With telegram, if you enable secret chats, it is never
| backed up to the cloud. It is a guarantee, unlike
| Whatsapp where you do not know whether your contact has
| enabled cloud backups
|
| Full disclosure: I begrudgingly use WhatsApp. I really
| don't like it. You're spreading misinformation, though.
| aero-glide2 wrote:
| In fact, WhatsApp is better than Telegram because whatsapp
| has e2e by default. Personally I use Telegram because of
| public searchable groups. Nice way to meet new people with
| same interests.
| Dma54rhs wrote:
| There's no way for you to check the claims though, you have
| to trust Zuck/FB.
| vbezhenar wrote:
| You can reverse-engineer an App and check its logic and
| protocol. Whatsapp is popupar enough, so I'm sure that
| many people do that and if E2E were fake, they would let
| everyone know.
| paulryanrogers wrote:
| Yet WA defaults to not notifying contacts when keys
| change. So silent interception is more likely to go
| unnoticed. And any app could send an automatic update
| with a backdoor at any moment.
|
| Disassembly and analysis is also harder with binaries
| than original sources and an open, reproducible build
| process.
| foepys wrote:
| Did they change this? I distinctly remember that after
| WhatsApp introduced e2e encryption I got a message every
| time somebody got a new phone. Haven't seen one in a
| while, though.
| simlevesque wrote:
| That is a fallacy. It's like saying that something is
| unhackable because it has not been hacked.
| fshbbdssbbgdd wrote:
| WhatsApp's E2E encryption occurs on your device, in
| binaries that you can decompile.
| 0xy wrote:
| Except the key is backed up to the cloud by default,
| subject to court orders. You may have declined to do
| this, but have your contacts?
| pgalvin wrote:
| You're definitely, definitely wrong. This is not true.
|
| WhatsApp messages have E2E encryption by default, you can
| not opt out, and the keys (each message has a different
| one) are never sent to WhatsApp or anybody else.
|
| Users may OPTIONALLY enable a cloud backup, which puts an
| encrypted backup on iCloud or Google Drive. WhatsApp
| (Facebook) holds the key for this, but not the data, and
| law enforcement would need the cooperation of Facebook
| and Google/Apple to access the messages.
|
| But that is all completely opt-in. By default, messages
| are not backed up, contrary to what you said.
|
| Full disclosure: I use WhatsApp but am eager to switch
| away from it a soon as Signal implements a local backup
| on iOS.
| ffpip wrote:
| > WhatsApp (Facebook) holds the key for this, but not the
| data, and law enforcement would need the cooperation of
| Facebook and Google/Apple to access the messages.
|
| It is a plaintext backup to Google Drive, whatsapp does
| not encrypt it before uploading it to Drive or iCloud.
|
| https://news.ycombinator.com/item?id=26458102
|
| > But that is all completely opt-in
|
| You cannot control your contacts backup settings. Every
| contact I have (100+) has enabled the backup option,
| meaning all my 'e2ee' chats are uploaded in plaintext to
| Google servers.
|
| With Telegram, I can be sure e2ee/secret chats with my
| contacts are not going anywhere other than the device
| they were delivered to.
| lrem wrote:
| It does not back up keys. In case of a key loss, a new
| one is generated and all your contacts get a warning that
| your key changed.
| 0xy wrote:
| This is false, because WhatsApp backs up your keys to the
| cloud by default, meaning anyone can read your messages
| with a simple court order. Additionally, even if you
| decline to back them up your contacts may have.
|
| So you have no idea whether it's actually E2E encrypted,
| and by default it is not.
| fsociety wrote:
| It sounds like you are suggesting it is not E2EE because
| keys are backed up to Google/Apple. That's not true, it
| still is E2EE. It just by default has a backup of the
| key.
|
| Sure, if your threat model means you are worried about
| the key backups and particularly your friends key
| backups, you shouldn't use WhatsApp.
|
| I'm not sure how you end up at Telegram with that threat
| model.. but whatever floats your boat.
|
| I'd wager most people care more about FB not being able
| to read their messages. And they can't. Maybe one day
| that changes but they will be required to communicate
| those changes.
| 0xy wrote:
| Telegram secret chat keys are never uploaded anywhere.
|
| Encryption is literally not E2EE if the private keys are
| uploaded to some random third party, maybe even without
| your knowledge (you have no idea what your contacts have
| done).
| johnchristopher wrote:
| Durov is in self-imposed exile from the Russian government.
|
| His public image carries more weight than Zuckerberg ever
| could (I don't think Zuckerberg could become a public figure
| in the next decades like Gates is).
|
| From https://en.wikipedia.org/wiki/Pavel_Durov:
|
| > On 16 April 2014 Durov publicly refused to hand over data
| of Ukrainian protesters to Russia's security agencies and
| block Alexei Navalny's page on VK.[4] Instead he posted the
| relevant orders on his own VK page [23][24] claiming that the
| requests were unlawful.
|
| > On 21 April 2014 Durov was dismissed as CEO of VK. The
| company claimed it was acting on his letter of resignation a
| month earlier that he failed to recall.[4][25] Durov then
| claimed the company had been effectively taken over by
| Vladimir Putin's allies,[25][26] suggesting his ouster was
| the result of both his refusal to hand over personal details
| of users to federal law enforcement and his refusal to hand
| over the personal details of people who were members of a VK
| group dedicated to the Euromaidan protest movement.[25][26]
| Durov then left Russia and stated that he had "no plans to go
| back"[26] and that "the country is incompatible with Internet
| business at the moment".[4]
| hayst4ck wrote:
| I am not really a conspiracy person. I am saying that
| because this will sound conspiratorial and I am aware of
| that. I certainly think I am looking at things from a
| probabilistic and alignment perspective.
|
| Is he a russian agent? Probably not. But, he's not dead or
| in prison, I'd say that counts against him. He's complied
| with fighting "extremeism" in Russia. If Russia did want a
| view into international communications they would have to
| publicly distance themself from him. I'm not saying it is
| the case, but I think the chance is pretty far from 0.
| Certainly everyone benefits from the appearance that he and
| Russia do not get along. The chance his co workers are
| russian is higher, and therefore the chance that Russia has
| leverage (money/property/family/blackmail etc) directly
| over at least one employee seems pretty non trivial.
|
| I don't see any good reason to believe Russia or himself
| are distant on purely the grounds that both of them say so.
|
| Is freedom/what's morally right a guiding light? Well, it's
| run out of Dubai, the middle east isn't exactly a shining
| star of liberal ideals. Not everything is encrypted
| automatically.
|
| Are they consistent? Company is supposed to be a non profit
| entity but isn't structured that way.
|
| Are they aligned with privacy? Their revenue model is ads,
| a revenue model with deep precedence for violations of
| privacy. I see no reason that he wouldn't take a
| zuckerbergian approach.
|
| I don't find telegram to be any more trustable than
| Facebook. If I were using a platform for political speech,
| something I could be blackmailed for, or anything else that
| would get a state actor interested in me both seem like
| equally bad choices.
| jeofken wrote:
| I'm curious how the German state deals with ethnic nationalist
| content on Telegram, which is illegal for Germans. A lot of
| channels where people do the Roman salute, talk about natives
| heading to minority status, and other things illegal. Afaik
| Telegram is not censorable and the servers are in Russia
| foepys wrote:
| > which is illegal for Germans
|
| It is not. Consuming it is absolutely legal. It is even in
| our constitution that the state does not censor.
|
| What is illegal is "making" (for lack or a better word) hate
| speech and inciting violence.
|
| Example: You can buy Hitler's "Mein Kampf" since 2015. Before
| that it wasn't possible just because Bavaria held the rights
| after Hitler's death and refused to publish uncommented full
| versions. Since books enter the free domain 70 years after
| the author's death, Mein Kampf entered it in 2015.
| kgeist wrote:
| The servers are definitely not in Russia because the team had
| to leave Russia due to the pressure from the government which
| outlawed it a few years ago. IIRC it runs on AWS because I
| remember when Russian government started banning Telegram IP
| ranges a lot of AWS-based sites became unavailable in Russia
| as collateral damage
| leokennis wrote:
| In The Netherlands I see now for the first time in forever that
| it's not a dealbreaker to not have WhatsApp.
|
| If you don't have it, people understand why. If you're in a
| small to medium sized chat group, people are willing to move it
| to Signal or an alternative, they are not afraid anymore to try
| the non-default option.
|
| Now to see if this momentum will last...
| BrandoElFollito wrote:
| I am on Signal fro (some) years and it is great.
|
| Except the way they manage contacts. It is a complete mess - I
| have contacts that changed their phone and there is NO WAY to
| remove them from the Signal contacts.
|
| They are not present in any of my phone contacts but somehow
| cannot leave Signal.
| terhechte wrote:
| For me it seems like Signal is winning. I started seeing more
| of the rural 50+ people on Signal that I haven't seen on
| Telegram yet. (Obvious aside, many of them are still on
| WhatsApp but Signal is where I've been surprised to see them
| too).
| jillesvangurp wrote:
| I'm in Germany. I get the very occasional message via signal
| but it doesn't look very widespread yet. It seems, mostly
| people installed it on their phone and then reverted back to
| using whatsapp because that's just the default for a lot of
| people. I also have Telegram installed but have zero activity
| there. Just my observation. It might be different outside my
| bubble of friends and family.
|
| I've so far not accepted the new whatsapp terms of use just
| because I'm curious to see if they will actually pull the
| trigger on this and disable access. I know many people that are
| sufficiently annoyed to refuse to click "agree" on that one for
| the same reason.
|
| My prediction is that Whatsapp will weasel their way out of
| that one when their self imposed deadline comes up by simply
| forgetting about it. I agreed to terms of use when I first used
| the app. So, they could just drop the whole thing and accept
| defeat. If there's something in these new terms that they need
| me to agree to, they just need to come out and tell us what
| that it is exactly. Either it matters or it never did. They are
| basically saying it doesn't matter but we still need to agree.
| The corporate weaseling is what is generating the suspicion.
| And of course Facebook doesn't have a great track record in
| general.
|
| The alternative may be having to disable millions of accounts
| which would predictably lead to lots of the remaining users
| discovering Signal or other solutions when their exiled friends
| start using those exclusively. I don't see why Facebook would
| want to let that just happen. So postpone, silently drop the
| the new terms of use (because as they assure us over and over
| again there's nothing new in there anyway), and move on.
| adonese wrote:
| In my country, lots of younger folks (college students), use
| telegram as oppose of whatsapp. Telegram is used widely for
| studying groups and other features (also piracy). Whatsapp is
| still the dominant in business though
| LockAndLol wrote:
| Whatsapp is a company. Does anybody believe they will simply
| leave 80M customers out or principle?
| sfshaw wrote:
| WhatsApp's users are not customers. They are the product.
| nindalf wrote:
| > WhatsApp CEO: I am worried by another surveillance law that
| Germany plans to pass that could force messenger apps and email
| providers to actively help government agencies to smuggle malware
| onto the devices of their customers.
|
| > Der Spiegel: The government says it needs this technology to
| read messages from terrorists at a point before they are
| encrypted on their phone. What's wrong with that?
|
| Maybe Der Spiegel is asking the question simply to elicit the
| interviewee's opinion. But it strikes me as very strange that a
| German paper aimed at a German audience would be asking why
| citizens need protection from government surveillance. Germans
| are possibly the most privacy conscious folks in the world
| because of a history of invasive government surveillance.
| stjohnswarts wrote:
| Der Spiegel likes their rights to be an independent news source
| (press) but they don't seem to care about other people's rights
| to privacy based on boogey men like terrorists. THere are other
| ways to find those guys, you don't have to hoover up 100% of
| everyone's communications to be able to do that.
| croes wrote:
| And yet the government tries to install massive surveillance
| laws in regularity.
| hutattedonmyarm wrote:
| I'm not sure how much this is still the case. The government
| has been massively pushing mass surveillance during the last
| few years, all under the ,,terrorists" and ,,child abusers" and
| almost everyone outside my privacy/tech bubble is in favor of
| it
| intricatedetail wrote:
| What if the next German is going to use that information to
| map out certain groups of people to send them to camps? Did
| Germans not learn? This development is extremely troubling.
| 9dev wrote:
| As someone formerly working for one of the largest WhatsApp
| messaging API providers, this whole controversy is really
| unfortunate. The problem boils down to the way the business API
| works: as WhatsApp is using e2e messaging, they could not simply
| offer a standard HTTP API for customers to use. In that case,
| WhatsApp would have to read messages received via such an API,
| and user responses to send webhooks.
|
| To solve this problem, they provided a Docker stack that would
| essentially spin up a specialised WhatsApp Client on the
| customer's infrastructure - so you'd be running the API locally,
| send and receive messages in your own network, and the client
| would handle encryption before transmitting to the WhatsApp
| servers. All containers would connect to a local SQL database to
| store their data, and included a REST API (curiously written in
| PHP). To handle high load, you had to spin up more images in
| distinct patterns and configure sharding per stack.
|
| This was a nice, albeit highly technical solution to the problem.
| As WhatsApp partners we built lots and lots of additional
| infrastructure to manage 12000 individual Docker-Compose stacks
| in a distributed, reliable way. That worked surprisingly well,
| but obviously is way too complex. So in the end WhatsApp
| concluded it would be easier to take care of the container
| hosting themselves, shoving them into AWS, integrated with the
| Facebook business manager. And all this lead to a necessary
| change in the terms of service, as WhatsApp hosting containers in
| AWS opened the possibility of e2e no longer being given.
| mpol wrote:
| These are all technical and business considerations that make
| clear that the change in terms of service are not bad. I don't
| think the controvery is about the change in terms, but more
| about what is and was already happening.
|
| If WhatsApp is doing things that are just on the border of
| legal, or let's say unpleasant for a lot of people, every time
| the terms of service get updated, people will be confronted
| with them. That is a risk, looking at what WhatsApp is doing.
| If I were CEO of WhatsApp I would want to be as quiet as
| possible about what kind of things that are happening outside
| of view. Every change to these terms of service, every time you
| point them out, you run the risk of people complaining about
| all the unpleasant things that are happening.
| rakoo wrote:
| It's not really unfortunate, it's the consequence of having e2e
| encryption: either you (as a business) have to handle
| everything or you deletage, and that delegation needs to be
| clear to the user.
|
| Were businesses not ready to run the client themselves ?
| intricatedetail wrote:
| Why hosting a docker container is complex? It seems like they
| set themselves for failure to have an excuse to break e2e.
| rimiform wrote:
| >DER SPIEGEL: But you do save data about your users like the
| device ID, the phone model, the WhatsApp user name, the phone
| book and thereby also the numbers of all their contacts, right?
|
| >Cathcart: It's true that _we do have some information about how
| people use WhatsApp_ and that we do know, for example, the device
| ID. We collect this only to secure our services and protect from
| attacks. When you use WhatsApp and allow access to your phone
| book, we only see the phone numbers, not the name.
|
| In particular, they have (meta)data regarding specific messages
| being sent, as evidenced by their approach to curtailing
| misinformation:
|
| >Cathcart: Messages that are highly forwarded can only be
| forwarded to one chat since last spring. That led to a drop in 70
| percent of these messages. More recently, we are additionally
| showing you a link to the Google search on those messages, to let
| you check the facts directly.
|
| I'm not sure how easy it is to figure out whether those 'highly
| forwarded messages' are all the same, or somehow link them
| without knowing anything about their content or linking them to
| information you already know about people. Maybe it's easy and
| I'm making a mountain out of a molehill, I don't know.
| reader_1000 wrote:
| > I'm not sure how easy it is to figure out whether those
| 'highly forwarded messages' are all the same, or somehow link
| them without knowing anything about their content or linking
| them to information you already know about people.
|
| They use a counter. I don't know, however, if it is enforced on
| only client side or it is in a unencrypted metadata which can
| be checked on server side.
|
| > Forwarded messages contain a counter that keeps track of how
| many times a message is forwarded. [1]
|
| [1] https://faq.whatsapp.com/general/chats/about-forwarding-
| limi...
| nvoid wrote:
| I was thinking the same thing. I believe the use a hash but
| surely each hash would be different if they were encrypted with
| different public/private keys?
|
| I am pretty sure they are using hashes to stop the child
| exploitation from being spread on WhatsApp.
| paraknight wrote:
| Can someone summarise the article please? I'd rather not accept
| Spiegel's privacy policy
| rPlayer6554 wrote:
| TLDR:
|
| The CEO of WhatsApp says - continues to say the whole
| controversy around the new TOS is fake news - WhatsApp are
| still growing - Does not like privacy labels because they are
| confusing due to each app defining what they put on it (example
| given: you can't tell from them that Telegram doesn't have E2E
| but WhatsApp does) - Does not like that the German Government
| wants them to actively help the police track criminals,
| including silently installing malware on their phone. - Is
| against weaking their own encryption for the government.
| ipaddr wrote:
| They are growing in users but dropping in usage. No one is
| deleting a whatapps account, most will delete the app and not
| use anymore. That allows the ceo to say we are growing. Is
| usage growing?
| tmp538394722 wrote:
| 1:1 conversations continue to be e2e and will forever be
| (allegedly).
|
| Communicating with a business will not be e2e, per their new
| TOS.
|
| Simple "Privacy nutrition labels", like apple recently
| introduced in the App Store are a neat idea, but because they
| are self reported and not standardized they can do more harm
| than good. Eg it's not clear from the labels that WhatsApp is
| e2e for personal comms while telegram isn't by default and
| never for groups.
|
| WhatsApp confirms they keep some of your personal data
| including phone numbers from your address book but doesn't
| currently share that with Facebook.
| intricatedetail wrote:
| They are also capable of identifying spam so indirectly he
| confirmed they do read messages.
| self wrote:
| They don't need to read messages to identify spam:
| https://techcrunch.com/2017/02/02/how-whatsapp-is-
| fighting-s...
| ffpip wrote:
| But they do send recent messages when you report someone.
|
| > Once reported, WhatsApp receives the most recent
| messages sent to you by a reported user or group, as well
| as information on your recent interactions with the
| reported user.
|
| https://faq.whatsapp.com/general/security-and-
| privacy/stayin...
| intricatedetail wrote:
| So in theory authorities just have to "report" and then
| request the messages.
| tmp538394722 wrote:
| No, that's not how it works.
|
| If _I_ have received a message I can report _that_
| message.
| waterglassFull wrote:
| Thank you very much
| ffpip wrote:
| https://archive.is/LHsgA
| throwaway888abc wrote:
| among those lines of "lot of incorrect or inaccurate
| information",
|
| >DER SPIEGEL: Soon after you announced your new privacy policies,
| chain letters started circulating on WhatsApp. People recommended
| other messenger apps like Signal, Threema or Telegram and said
| WhatsApp would read phone books and misuse the contacts.
|
| Cathcart: There is a lot of incorrect or inaccurate information.
| That's why we have delayed the update and send additional
| information to users directly in WhatsApp. Let me be very clear:
| We cannot read your messages, we cannot listen to your calls.
| When you send your location over WhatsApp, we do not know where
| you are.
|
| >WhatsApp would read phone books and misuse the contacts?
|
| We cannot read your messages, we cannot listen to your calls.
| When you send your location over WhatsApp, we do not know where
| you are.
| McDyver wrote:
| > When you use WhatsApp and allow access to your phone book, we
| only see the phone numbers, not the name.
|
| > we can hand over, for example, the IP address, user name or
| profile photo
|
| Seems to me that they don't have to collect the name from the
| phone book, they just match it with the profile information (at
| least)
| fgonzag wrote:
| We can only see the profile photo, which we obviously
| couldn't match in our worldwide facial recognition platform
| which automatically tags every picture of yours.
| mtgx wrote:
| Distinction without a difference?
|
| They still know who you are and who you're connected with by
| phone number.
| pritambaral wrote:
| >> phone books and ... contacts?
|
| > messages ... calls ... location
|
| The response ignores the question.
| stjohnswarts wrote:
| Since they ID you by telephone number then they need at least
| the phone numbers in your contact list to let you know if
| people on your phone are using the service. I agree that step
| should be optional though and allow you to manually put in
| someone else's phone number and never need WA to rifle
| through your contacts.
| tannhaeuser wrote:
| That sounds like a canned response carefully prepared by a
| lawyer (if indeed it's repeated word-by-word which I can't
| check due to Spiegel's lack of privacy options). I guess the
| privacy invasion comes in via linking to Fb and graphs of
| who's-messaging-whom.
|
| Wonder what the alternatives are? I'm no expert and might be
| completely wrong but my assessment re usual suspects goes like
| this: Telegram? No E2E! Signal? Ceased to update their self-
| hosting software! Matrix: not a really open protocol to begin
| with!
|
| Over ten years ago, XMPP used to work just fine (and IRC before
| that) so I'm just wondering why we have to reinvent the wheel
| all the time. Messaging isn't exactly rocket science.
|
| I won't tie my online presence to a proprietary vendor with no
| alternative clients and service providers since that's strictly
| worse than what we have today. Remember WhatsApp started like
| those other providers but then got acquired by Fb.
|
| So it's SMS/MMS for me I guess.
| tpush wrote:
| > I guess the privacy invasion comes in via linking to Fb and
| graphs of who's-messaging-whom.
|
| In the interview he explicitly says that they do not share
| phone book data with Facebook.
| stjohnswarts wrote:
| ...yet
| Arathorn wrote:
| Matrix is very much an open protocol. Just because the team
| who created it works together professionally doesn't somehow
| make it less open, given we set up the Foundation to keep it
| neutral. (And the fact our jobs depend on it being successful
| acts a useful motivator not to screw it up).
| MattJ100 wrote:
| For the record XMPP worked 10 years ago, and continues to
| work today (of course it has changed a lot).
|
| If you have Android contacts then Quicksy is on the app store
| and an easy jump from WhatsApp, with the benefits of an open
| federated network. I believe iOS is planned, but in the
| meantime Siskin is a decent choice.
|
| There is a lot of development activity going on in XMPP
| across a very wide range of projects, and I'm hopeful that as
| people realize that all this centralization onto single
| providers has been a recipe for abuse of power, that open
| networks may gather more public interest.
| ohlookabird wrote:
| Hm, wonder why he declines to answer the contact and phone book
| question twice, but instead deflects...
| vbezhenar wrote:
| Because Whatsapp abuses contacts. I tried to send a message
| to someone without adding him to my contacts, but I did not
| find a way to do so in iOS. I had to add that number to my
| contacts and allow whatsapp full access to those.
| NicoJuicy wrote:
| Https://wa.me/+(country code)(phone number)
| dirkt wrote:
| And it's actually this information Facebook is interested
| in, to build the "social graph".
|
| The content doesn't matter, it knows who you communicate
| with and how often, and that's already a privacy concern
| (wife wants to know if husband cheats on her with someone
| else? and so on).
|
| But of course the WhatsApp CEO doesn't mention this ...
| much easier to say "we don't look at your content" to give
| it the spin they need.
| dcsommer wrote:
| From the article:
|
| DER SPIEGEL: Do you share these numbers with your parent
| company Facebook?
|
| Cathcart: No, we don't. The updated privacy policies will
| actually not change anything globally in our ability to
| share data with Facebook.
| throwaway888abc wrote:
| How about hashed identifier derived from phone number ?
| 0df8dkdf wrote:
| Not sure if we can trust anything coming from FB or Google
| type of large corp under US national security surveillance
| capitalism state (with conflicting business model against
| user privacy) regarding what they really do with user data.
| Any corporation with association with the intelligence agency
| and the military industrial complex can not be trust.
| paulryanrogers wrote:
| Have warrant canaries at least shed any light here? It
| seems companies eagerly hosted them only for them to fall
| silent soon thereafter. Which, if accurate implies they
| have received warrants in short order.
| jillesvangurp wrote:
| "When you use WhatsApp and allow access to your phone book,
| we only see the phone numbers, not the name."
|
| That's the weakness of current chat tools right there. They
| can't listen in but they do know when you talked to whom and
| how long, how often, etc. In fairness, Signal and Telegram
| are similarly dependent on phone numbers. The traffic might
| be encrypted but even just knowing who talked to whom, when
| is useful.
| em-bee wrote:
| i believe signal uses the phones contact list, but telegram
| manages its own contact list, and i can add telegram
| contacts contacts without knowing their phone number or
| adding them to my phone contact list. i can also block my
| number from being shared with anyone.
|
| the only thing the number is needed for is to create a new
| account.
| bellyfullofbac wrote:
| Yeah, this was demonstrated greatly in the
| Navalny/Bellingcat investigation of his poisoning:
| https://www.youtube.com/watch?v=smhi6jts97I . They bribed
| the appropriate providers to get phone call records and
| could see how the agents would be ringing each other and up
| the chain of command around the time of certain events. If
| an "enemy of the state" could do this, imagine what the
| state, or the owners of the data, could do.
|
| Funny as if saying "just the phone numbers and not the
| names" should make us feel safe, Facebook already asks for
| your phone number, and could correlate your data that way.
| radicalbyte wrote:
| Assumably because they know who you talked to, when you
| talked to them and for how long and with an approximate
| location. They also have a good idea of what you were doing
| at the time from their cookies / "facebook integrations" over
| the greater internet.
| sub7 wrote:
| Sorry but the Whatsapp CEO is Zuck who controls 60+% of whatsapp.
| That guy has somehow bastardized the words friend and connect
| even though he clearly has never had any of either.
|
| This slave is just a hack and they are trying to grossly violate
| your privacy to make benefit glorious targeting of ads. Fuck
| right off is the only response.
| intricatedetail wrote:
| This is very troubling "Messages that are highly forwarded can
| only be forwarded to one chat since last spring. That led to a
| drop in 70 percent of these messages. More recently, we are
| additionally showing you a link to the Google search on those
| messages, to let you check the facts directly." Earlier he claims
| they cannot read messages but somehow they can filter out the RNA
| spam? It makes no sense. What am I missing?
| sirius87 wrote:
| I haven't seen it in action, but it possibly works on the
| client-side like link previews, by constructing a Google search
| URL with the decrypted contents of the highly forwarded message
| after the message is received on your phone, and leave it up to
| you to click it.
| ffpip wrote:
| https://archive.is/LHsgA
___________________________________________________________________
(page generated 2021-03-14 23:02 UTC)