this post was submitted on 07 Mar 2024
253 points (100.0% liked)

Technology

37716 readers
325 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] DavidGarcia@feddit.nl 14 points 8 months ago (3 children)

kind of dumb they could get huge market share

[–] anlumo@feddit.de 38 points 8 months ago (1 children)

Yeah, this worked so well for XMPP when everybody federated with Gmail chat.

[–] BarryZuckerkorn@beehaw.org 4 points 8 months ago

Well, it worked out for Google when it federated with Jabber, who first open sourced XMPP.

[–] muhyb@programming.dev 33 points 8 months ago (3 children)

It's not. There is no privacy if you send your message to Whatsapp servers.

[–] avidamoeba@lemmy.ca 25 points 8 months ago

There's even less privacy if I have to have the WhatsApp app installed on my phone to send that message.

[–] InfiniWheel@lemmy.one 13 points 8 months ago

You have the big plus of not having the WhatsApp app installed and snooping around with all those permissions it has.

[–] n2burns@lemmy.ca 4 points 8 months ago (2 children)

Would it not be E2EE? Isn't that one of the reasons for using the Signal protocol?

[–] muhyb@programming.dev 11 points 8 months ago (2 children)

Yes, the "delivering" part would be E2EE. Do we really know the afterwards if they can read their users' messages? They probably can.

[–] falsemirror@beehaw.org 10 points 8 months ago (1 children)

Whatsapp CANNOT read messages when e2ee is enabled, this client-side snooping was discussed when the protocol was first implemented. Whatsapp collects a ton of metadata and social graph info, but not message content.

[–] blackstrat@lemmy.fwgx.uk 4 points 8 months ago (1 children)

Well you type messages in in plain text and they decrypt it to show you the messages at the other end. So they can do the nefarious processing on the client side and send back results to the mother ship. E2EE is only good when you trust the two ends, but with WhatsApp and Messenger you shouldn't trust the ends.

[–] sunbeam60@lemmy.one 0 points 8 months ago (1 children)

At the end of the day, you’ve got to trust someone. I’m 200% convinced meta mines the social graph, of course they do, and provide access to law enforcement with a pro forma request. But I’m also 199% sure they don’t actually read your messages once unencrypted, reencrypts them and sends them as hidden payloads or does something else with it. The damage, should it be discovered, would be untold.

And while I don’t trust Meta on a lot of things, I know enough people there to realise that if they did that it would leak.

[–] blackstrat@lemmy.fwgx.uk 1 points 8 months ago (1 children)

It wouldn't matter to them really. Just look at how many people have gmail accounts.

They don't even have to send the whole messages back to base. They could be categorizing your messages in to themes and sending that back to base as small category flags. Use that to build a profile on you and use those for advertising to you.

You mention something on the theme of 'broken boiler' in a message, that gets analyzed on the client in to a category of 'interest in heating / boiler repair', plus some adjacent categories based on your demographic. The categorization gets sent back and the next website you visit has an ad for British Gas boiler repair.

[–] sunbeam60@lemmy.one 1 points 8 months ago

Yes but it’s not like people wouldn’t observe the traffic, even if encrypted.

[–] n2burns@lemmy.ca 5 points 8 months ago (2 children)

Sure, but any messaging app (including Signal) could have these backdoors in place. Heck, there's even vectors for unrelated apps on your phone to read this data once unencrypted.

[–] bleachisback@programming.dev 2 points 8 months ago (1 children)

Signal clients are open-source.

[–] n2burns@lemmy.ca 2 points 8 months ago (1 children)

Signal is only officially distributed through Google Play, so their APK isn't reproducible, and I believe it still contains binary blobs.

[–] Akuchimoya@startrek.website 2 points 8 months ago

You can download Signal APK directly from their website.

[–] muhyb@programming.dev 2 points 8 months ago

That's actually true. We don't know the real-time server code of Signal. Though other apps cannot read what's written inside Signal, that's the good part. I prefer private server + Matrix but Signal is the easiest for regular people.

[–] authorinthedark@lemmy.sdf.org 3 points 8 months ago

if i remember correctly, it would be E2EE (WhatsApp and Messenger are too) but Meta stores the encrypted message on their server

[–] helenslunch@feddit.nl 14 points 8 months ago (1 children)

Signal does not care about "market share", they're a non-profit.

[–] ViciousTurducken@lemmy.one 10 points 8 months ago* (last edited 8 months ago) (1 children)

Them being nonprofit has nothing to do with the pursuit of marketshare. Plenty of nonprofits want to maximize marketshare. Them being nonprofit means they are mission-driven.

And what is that mission?

Per the Signal Foundation's website:

Protect free expression and enable secure global communication through open source privacy technology.

[–] helenslunch@feddit.nl 9 points 8 months ago* (last edited 8 months ago)

Them being nonprofit has nothing to do with the pursuit of marketshare.

Um, of course it does? LOL

Them being nonprofit means they are mission-driven.

And what is that mission?

Let's talk about what the opposite of their mission is: Mainly operating as a source of data collection and revenue for a corporate surveillance and advertising agency.

Do they want more users? Sure. Are they going to compromise on their core principles out of convenience for their users? Abso-fuckin-lutely not.

There's also the opposite to consider: that users would decide to use WhatsApp instead of Signal because they can, which then puts you in the uncomfortable position I find myself in often where I have to tell people I'm not accepting their messages from insecure platforms.