this post was submitted on 26 Jul 2023
1091 points (91.5% liked)
Programmer Humor
32572 readers
128 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I feel like WhatsApp should be in the middle. The app is terrible, but the messaging is actually encrypted. We paranoids also appreciate Signal, and Element disappointingly gets no play here.
Also:
It's kind of weird, then, how they all end up doing evil stuff, including the guys that explicitly set out with the philosophy "don't be evil".
We can all tell conservative is supposed to be the enlightened one, but unless the creator is using a very malice-driven definition of evil (as opposed to including accidental evil) this line is an own-goal.
Do you think Whatsapp is actually encrypted and isn't a tool to get more information from its users because Meta pinky promised? Closed source piece of garbage.
Open Whisper did the actual message algorithm, and I understand it's open source. It could be copying your messages at the endpoint, I guess, but nobody has caught it doing that on wireshark to date.
I do trust Open Whisper and their open source project as well. I also trust Meta to do everything possible to collect even the slightest bit of data possible. Plus as Whatsapp is completely proprietary we don't know how the solution from Open Whisper was integrated. Why not open source it like Signal does?
well, profit obviously - because they definitely compromise user encryption keys.
You'd have to ask Meta, I guess, although you wouldn't get a straight answer. It's possible they could switch just your phone to send them cleartexts. Anyone who's read this far should probably use an actual secure app.
Yeah, Matrix should be in the middle. Telegram is tech normie but in the east.
Last I read, you can’t use WhatsApp without sharing your contacts. This helps Meta build its shadow profiles and keep tabs on folks not even using it. The metadata is also often just as valuable as the actual contents.
But eventually the “you’re the product” instance will dawn on ya.
That's correct. When I use it (family is on it and it beats no encryption) I sandbox it, that's part of the app being terrible.
Fuck anything created by Facebook. It wouldn't surprise me if the EFF released an announcement today saying that Facebook always had a master encryption key and have hard records of every conversation ever had on WhatsApp. Actually, I'd be willing to bet real money that is the case, if there was any way to actually resolve that bet.
Literally not possible, from what I've read of the scheme involved. I haven't looked over it myself but I trust Open Whisper.
Last time I checked (which has been a while admittedly) they used their central server for key exchange, meaning the whole encryption is compromised.
I know it was bullshit when it first launched, but they completely rebuilt the message protocol later on. Shit, now you've got me worried, time to do research.
Edit: Nah, it looks like it uses a perfectly valid key exchange algorithm. Maybe it goes via a WhatsApp server, but you shouldn't care because the algorithm is interception-proof.