this post was submitted on 26 Jul 2023
1091 points (91.5% liked)

Programmer Humor

32572 readers
128 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (5 children)

I feel like WhatsApp should be in the middle. The app is terrible, but the messaging is actually encrypted. We paranoids also appreciate Signal, and Element disappointingly gets no play here.

Also:

*believes not every company is inherently evil*

It's kind of weird, then, how they all end up doing evil stuff, including the guys that explicitly set out with the philosophy "don't be evil".

We can all tell conservative is supposed to be the enlightened one, but unless the creator is using a very malice-driven definition of evil (as opposed to including accidental evil) this line is an own-goal.

[–] [email protected] 10 points 1 year ago (1 children)

Do you think Whatsapp is actually encrypted and isn't a tool to get more information from its users because Meta pinky promised? Closed source piece of garbage.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

Open Whisper did the actual message algorithm, and I understand it's open source. It could be copying your messages at the endpoint, I guess, but nobody has caught it doing that on wireshark to date.

[–] [email protected] 2 points 1 year ago (2 children)

I do trust Open Whisper and their open source project as well. I also trust Meta to do everything possible to collect even the slightest bit of data possible. Plus as Whatsapp is completely proprietary we don't know how the solution from Open Whisper was integrated. Why not open source it like Signal does?

[–] [email protected] 1 points 1 year ago

well, profit obviously - because they definitely compromise user encryption keys.

[–] [email protected] 1 points 1 year ago

You'd have to ask Meta, I guess, although you wouldn't get a straight answer. It's possible they could switch just your phone to send them cleartexts. Anyone who's read this far should probably use an actual secure app.

[–] [email protected] 5 points 1 year ago

Yeah, Matrix should be in the middle. Telegram is tech normie but in the east.

[–] [email protected] 3 points 1 year ago (1 children)

Last I read, you can’t use WhatsApp without sharing your contacts. This helps Meta build its shadow profiles and keep tabs on folks not even using it. The metadata is also often just as valuable as the actual contents.

But eventually the “you’re the product” instance will dawn on ya.

[–] [email protected] 1 points 1 year ago

Last I read, you can’t use WhatsApp without sharing your contacts. This helps Meta build its shadow profiles and keep tabs on folks not even using it. The metadata is also often just as valuable as the actual contents.

That's correct. When I use it (family is on it and it beats no encryption) I sandbox it, that's part of the app being terrible.

[–] [email protected] 3 points 1 year ago (1 children)

Fuck anything created by Facebook. It wouldn't surprise me if the EFF released an announcement today saying that Facebook always had a master encryption key and have hard records of every conversation ever had on WhatsApp. Actually, I'd be willing to bet real money that is the case, if there was any way to actually resolve that bet.

[–] [email protected] 3 points 1 year ago

It wouldn’t surprise me if the EFF released an announcement today saying that Facebook always had a master encryption key and have hard records of every conversation ever had on WhatsApp.

Literally not possible, from what I've read of the scheme involved. I haven't looked over it myself but I trust Open Whisper.

[–] [email protected] 3 points 1 year ago (1 children)

actually encrypted

Last time I checked (which has been a while admittedly) they used their central server for key exchange, meaning the whole encryption is compromised.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

I know it was bullshit when it first launched, but they completely rebuilt the message protocol later on. Shit, now you've got me worried, time to do research.

Edit: Nah, it looks like it uses a perfectly valid key exchange algorithm. Maybe it goes via a WhatsApp server, but you shouldn't care because the algorithm is interception-proof.