Having a private conversation over WhatsApp these days...

What the actual fuck.
Use signal or telegram or something like that.
This is horrible.

@elonmusk I know, we had a discussion about privacy in that group chat, and someone randomly started sending pgp encrypted messages.

It's more meant like a parody.

@kolaente 😂😂
I thought you guys are chatting like that.
My bad :)

> whatsapp

What are you, an indian microsoft scammer?

@ganjaman no microshaft tech sopport 😂

@ganjaman nah, here in Germany everyone has WhatsApp so there is that kind of social pressure for you to have it...

@kolaente Just get out of the social pressure. People can call, text. email or Signal me if they want to have contact.

No more shitty spam groups etc. Only family stuff is delayed quite a bit.

@Codex404 yeah, i should do that.

@kolaente "Can't have social pressure if you don't have a social life!"

@coolboole "supposed to be"

@coolboole

WhatsApp is indeed encrypted end-to-end. It uses the Signal protocol.

The problem is that:

1. It's closed source & owned by Facebook. There are no known backdoors/vulnerabilities, but that could easily change without anyone noticing.

2. Messages & media are backed up to Google Drive if you gave it permission, which breaks the fully end-to-end encrypted nature.

3. With end-to-end encryption, you must verify IN PERSON that you share the same 60-digit identifier to be sure that there is no MitM attacker in between. No one does this, with any app.

...but on the other hand, point me to an alternative, and I'll point you to security flaws.

Proper chat encryption in super inconvenient, so not a single app does it properly.

@elonmusk There are very little actual differences between WhatsApp, Wire and Signal.

All three use the Signal protocol. All three store metadata on their servers, with from best-worst: Signal < Wire < WhatsApp.

Signal and Wire have open sourced both server & client though -- but even if you are on your own non-federated shielded net, you're going to leak some metadata.

@Codex404 yeah, no it doesn’t work. For school to get told about stuff, kinda. For other groups about your band, or whatever, yeah no.

@bcye
school: email
Band: Signal

@Codex404 so convince 30 persons to join me on Signal?

@bcye 30? What kind of band is that?

But just do it and things will adjust to it. But iets basically a matter of caring enough about it.

@bittersweet what about Keybase, its mobile and desktop apps and website?

@eeee Their concept is neat, but depending on how you use it it can be very dangerous for your online anonymity.

I've spoken about a social scraping tool I made a few years ago which populates a graph network with data about users, by crawling & reinforcing links about concepts, using some image/language recognition and known vulnerabilities, until it hits surprising personal stuff -- I demonstrated it by request on a few devRanters.

The problem with keybase is the concept of a web of trust, which links multiple accounts and devices together.

For some people here on devRant their Github leads straight through keybase to twitter/reddit, or they use an avatar on keybase or related sites, which they use on other websites, etc. They slip in the name of a town in a reddit post, they use specific odd words together -- before you know it you know their friends, home addresses, hobbies of their parents, etc.

That's the main issue with keybase, it's a very convenient crawling node.

@eeee

And to be clear: That's usually the issue. I wouldn't know how to improve the situation for messaging, nor am I sure it can be done.

Convenient. Secure. Anonymous.

Pick two. If you're lucky, because usually you get just one.