Why WhatsApp Will Never Be Secure
graph.org
external-link
The world seems to be shocked by the news that WhatsApp turned any phone into spyware. Everything on your phone – including photos, emails and texts – could be accessed by attackers just because you had WhatsApp installed [1].   This news didn’t surprise me, though. Last year WhatsApp had to admit they had a very similar issue – a single video call via WhatsApp was all a hacker needed to get access to all of your phone’s data [2].  Every time WhatsApp has to fix a critical vulnerability in their app, a new…

This is an article written by telegram’s founder and CEO Pavel Durov in 2019 on “Why whatsapp will never be secure”. Your thoughts?

Arthur Besse
link
fedilink
85
edit-2
10M

Sure, fuck WhatsApp, but Telegram isn’t even end-to-end encrypted most of the time. Their group chats never are, and their “secret chat” encryption for non-group chats must be explicitly enabled and hardly ever is because it disables some features. And when it is encrypted, it’s with some dubious nonstandard cryptography.

It’s also pseudo open source; they do publish source code once in a while but it never corresponds to the binaries that nearly everyone actually uses.

And the audacity to talk about metadata when Telegram accounts still require a phone number today (as they did five years ago when this post was written) is just… 🤯

State-sponsored exploits against WhatsApp might be more common than against Telegram, or at least we hear about them more, but it’s not because the app is more vulnerable: it’s because governments don’t need to compromise the endpoint to read your Telegram messages: they can just add a new device to your account with an SMS and see everything.

(╯° °)╯︵ ┻━┻

Anything claiming to prioritize privacy yet asking for your phone number (Telegram, WhatsApp, Signal, …) is a farce.

Bravo, bravo, bravo!!

Dude, see you on the same side of the barricades when the time comes to fight the centralized army of agent Smiths 👏👏👏

Shit, 2019 really was five years ago.

@Dra@lemmy.zip
link
fedilink
310M

Signal is great. Stop being overzealous

I don’t agree with everything but that last point of yours. Requiring your phone number only means your are not anonymous. There is no need to be anonymous to communicate privately. In fact, it can be counterproductive, since your are much more vulnerable to social engineering.

And also not secure if somebody sim swapped you, and then your privacy goes into the hands of the FSB agent who sim swapped you

Telegram isn’t perfect, but it is infinitely better than Whatsapp because it doesn’t belong to Facebook, and also isn’t from the United States. Also it can be used by normies without problem, unlike Matrix or Xmpp or what have you.

Sure, WhatsApp exposes you to US jurisdiction and Meta bullshit. At the same time, Telegram is very friendly with the Kremlin and associated intelligence services. So it basically comes down to whether you want to be spied on by Russian or US entities.

Source: Wired cover story

Wired story from a year ago about the FSB using Telegram to track down political activists.

Clot
creator
link
fedilink
110M

Thats just speculation. The fact remains most of the Ukrainians (including their president) used telegram to raise their voice.

If you’d read the linked sources, you’d know that it’s not just speculation. Regardless of Telegram’s user base, it cooperates with Russian authorities. That remains true whether or not Ukranians use it to communicate. I’m not blaming Telegram for cooperating with Russian authorities as it’s well known that not doing so leads to drastic authoritarian measures.

But don’t take my word for it: Wikipedia: Blocking of Telegram in Russia

Brother, it has servers all over the world (including the US) where it hosts your data unencrypted. Telegram is nearly not inifinitely better than WhatsApp.

Anything claiming to prioritize privacy yet asking for your phone number (Telegram, WhatsApp, Signal, …) is a farce.

Yeah, sure. The privacy farce signal.

I’m getting tired of this stupid hardline-take.

Salamander
link
fedilink
510M

And the audacity to talk about metadata when Telegram accounts still require a phone number today (as they did five years ago when this post was written) is just… 🤯

Not only that, but I believe that they actively try to prevent VoIP numbers from being used to create accounts.

qyron
link
fedilink
310M

Then what is the choice?

@BearOfaTime@lemm.ee
link
fedilink
2
edit-2
10M

Simplex - requires nothing, just install. But you connect with other people by sending a code outside of SimpleX. Though they’ve added a directory service for groups.

XMPP

Wire (not Wiremin), though it requires an email account, which is easily addressed with a disposable email.

Signal is very secure from what I’ve read, despite the phone number identifier.

Signal is just fine. This with the PhoneNumber is a really stupid hardliner-take.

Something can be private without being anonymous.

Read up on Xmpp or matrix as good alternatives.

Matrix not yet untill they implemented proper encryption and security stuff

SimpleX is pretty cool

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

  • 1 user online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 3K Posts
  • 75.4K Comments
  • Modlog