4

What makes WhatsApp not privacy friendly? They don't state that they share contact information and only statistical stuff (App last opened, etc.) Which is marketing, but not really bad. And they use end to end encryption.

By the way, this here is there Whitepaper on end to end encryption. But haven't read through it yet. https://whatsapp.com/security/...

Comments
  • 0
    They use Curve25519 encryption, but I don't know about what encryption techniques are secure, so...
  • 0
    On a side-note: The greatest vulnerability lies in OSI 7 and 8. Especially 8.
  • 0
    @groenkek What's the vulnerability and how does it relate to WhatsApp?
  • 1
    So I read this article quite some time ago, but I'm not sure if it was just media not understanding end-to-end encryption or if it actually was WhatsApp's fault. The article stated that their end-to-end encryption had a "bug" that only allowed them/Facebook to read it. While I'm not sure about it, that tainted the image of WhatsApp.
  • 5
    @adwalvekar As for the "bug", WhatsApp didn't explicitly require users to verify other users' keys when they'd change, this could've been abused by creating a man in the middle situation because users didn't have to verify it anyways. This isn't a backdoor but I'd call it bad security practice.

    As for WhatsApp's privacy, they collect metadata.

    "but they encrypt the messages so you still can't know the content, right?"

    True. But: if a woman messages her doctor, then a midwife and after that the hospital, you don't need rocket science to figure out what's going on. This counts for many conversations. Just by looking at the metadata, you can figure out a lot without having the actual content.

    Except for that, the app is closed source so without source code I don't believe anything they're saying, also keeping in mind that WhatsApp is owned by Facebook which is pretty much a surveillance company and is also integrated within worlds biggest government mass surveillance network.

    So, as for security they're doing a good job, as for privacy, if you'd even slightly care about it, don't use WhatsApp.
  • 2
    @linuxxx has probably enough to say about this topic. He has written blogposts about it, but I don’t have the url by hand anymore.

    Edit: never mind... he just posted ahead of me...
  • 1
    @linuxxx Yeah. That's a very well worded explanation. I understand now, that article didn't do justice (just like every article in most media outlets related to tech) to the actual situation. I read the first half of your comment and I was about to reply that "metadata" is a very harmless term that is used that can be used extrapolate information about anything to a surprisingly scary accuracy.

    But yes. I agree with everything you said.
  • 3
    @Prutser @adwalvekar awesome to hear! I'm not a self promotion type of guy but maybe check out my blog: https://much-security.nl 😊
  • 3
    Also most people probably use automatic backups to Google drive, which are of course plaintext.
  • 1
    @electrineer This and since a few weeks, Google doesn't count those backups as for your Google drive usage.

    Dangerous if you ask me.
  • 0
    @linuxxx but they say they don’t collect metadata about who and when you contact them
  • 2
    @bcye Where do they say that?

    I found this in their privacy policy:
    Usage and Log Information. We collect service-related, diagnostic, and performance information. This includes information about your activity (such as how you use our Services, how you interact with others using our Services, and the like), log files, and diagnostic, crash, website, and performance logs and reports.

    "how you interact with others using our Services, and the like" - this pretty much says that they collect usage data which includes metadata.
  • 0
    @linuxxx I interpreted it a bit different, but yeah makes sense
  • 0
    @bcye And that's exactly the thing, if your interpretation fits within their words, they can do/collect your interpretation :)
  • 0
    @bcye maybe a little bit late, but it is an insider at work. So there are 7 layers of networking, 1 = physical link and 7 = application. Going 'further' to 8 we get to user layer. Like, 'this security support ticket does only exist because of OSI layer 8'.
Add Comment