On Wed, Mar 17, 2021 at 10:54:24PM -0400, Celejar wrote: > On Sat, 13 Mar 2021 09:45:28 +0100 > <to...@tuxteam.de> wrote: > > > On Sat, Mar 13, 2021 at 09:24:50AM +0200, Andrei POPESCU wrote: > > ... > > > > Fortunately most of the > > > conversations have been moving to WhatsApp (where they are supposed to > > > be encrypted, at least). > > > > Yeah, right. Encrypted. End-to-end. One of those ends is Facebook, though. > > Ouch. > > I'm not sure whether you're being serious or facetious, but WhatsApp > apparently has genuine end-to-end encryption, using the Signal protocol, > and neither of the ends is Facebook.
I am "hinting" at the subtle fact that FB bought WhatsApp for 19 billion (same Wikipedia ref you gave). They are going to do whatever it takes to make those investors happy. Quoting the same source: "In January 2021, WhatsApp announced a new Privacy Policy which users will be forced to accept by February 8, 2021, or stop using the app. The new policy will allow WhatsApp to share data with its parent, Facebook. The new policy does not apply in EU, since it violates the principles of GDPR. Facing a pushback about Facebook data sharing and lack of clarity, WhatsApp postponed the implementation of the privacy policy update scheduled from February 8 2021 to May 15 2021." So while I don't doubt that the WA client *could* *in principle* do end-to-end encryption, they'll do whatever it takes to trick end users to share their juicy data with the mothership, FB. It's their life-blood. Should they need help with that "tricking users to do silly things" part, the mothership, FB, has expertise on that. So if you do everything right, if you only communicate with a tight knit group, if you check all the other's keys, yadda, yadda -- then it'll possibly work (there are enough mentions of embarrasing bugs on that Wikipedia page to underscore the "possibly" part, though). But then you could do as well mail/gpg. The user interface is, at least better, and the most egregious bugs might be shaken out by now. Cheers - t
signature.asc
Description: Digital signature