Privacy

31982 readers

359 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Is WhatsApp bad for privacy? (lemm.ee)

submitted 1 year ago by [email protected] to c/[email protected]

72 comments fedilink hide all child comments

And if so, why exactly? It says it's end-to-end encrypted. The metadata isn't. But what is metadata and is it bad that it's not? Are there any other problematic things?

I think I have a few answers for these questions, but I was wondering if anyone else has good answers/explanations/links to share where I can inform myself more.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 36 points 1 year ago* (last edited 1 year ago) (17 children)

Metadata is all the content of a message besides the actual text content of the message (i.e. what you type). Examples would be the date and time it is sent, what users these messages were sent to / from, and the IP addresses of both parties. (The availability of metadata varies from messenger to messenger).

I like this example: If you only text your Aunt Sally, who lives in Alaska, twice per year to wish her a happy birthday and Christmas, just by looking at the metadata someone could infer the meaning of your messages, as well as your relationship to the person you're messaging. To a point this is true about any messages you sent.

As for Whatsapp specifically, it being end-to-end doesn't really matter imo, as the application is not open source and is owned by an advertising / social media company. As long as the code is closed source, you cannot be sure:

That your messages are encrypted at all
That your encryption keys are kept on-device, and not plainly available to a centralized party
That the encryption the application is using is securely implemented

At least for applications handling truly sensitive information (for the average person only their messenger and browser), you should be using open source software. The easiest recommendations I can make are:

Browsers: Firefox, Thorium, Brave (disabled all cryptocrap)
Messengers: Signal, SimpleX Chat, XMPP

Anyways, I hope this was a satisfactory answer.

[–] [email protected] 2 points 1 year ago (1 children)

How do I know other browsers/messengers actually include the code that is published when they arrive on my phone? Wouldn't it be possible to simply add tracking/malicious code outside of the open-source repository, build an APK from it and put that on the Play Store instead of the "clean" code on the repository?

[–] [email protected] 5 points 1 year ago

You could compile the software yourself, and the builds they do publish are reproducable, therefore any hidden malicious code would almost certainly be noticed in any popular application.

load more comments (15 replies)