Original post text
Given the recent detainment of a French person who got detained because he said something bad about the current administration in his WhatsApp messages. It makes me wonder if WhatsApp is truly end to end encrypted as they claimed. How did they even single him out?
As a corollary question, if I were to pass Customs, and if I delete WhatsApp , Reddit etc just before I reach the counter, will they be able to find out that I just deleted the apps minutes ago? I’ll be deleting them from my phone but keep them on the cloud.
Any time you hear about anyone high profile using a chat app - what are they using?
They’re using Signal.
There’s a reason why they’re using Signal; as far as security it’s the best one out there. Sure, it’s tied to a phone number, but a phone number isn’t an identity.
Phone numbers are heavily tied to a person.
What signal had going for it is encryption, but that major flaw of tied to phone number makes me doubt everything else they say.
The phone number link means forward security isn’t possible. If ever the encryption is hacked, all your messages could be forfeit by anyone who’s simply kept the encrypted data.
The phone number link means forward security isn’t possible. If ever the encryption is hacked, all your messages could be forfeit by anyone who’s simply kept the encrypted data.
Can you elaborate on that? Obviously the phone number has privacy implications, but I don’t think it can be used to decrypt messages. In the signal protocol, encryption keys are exchanged using ECDH (so wiretapping doesn’t work) and periodically rotated (so even knowing the encryption keys at a certain point doesn’t let you decrypt messages after that).
The comment that you replied to does not imply the phone number can be used to decrypt messages. All they are saying is that because Signal accounts are tied to phone numbers, a potential adversary already has one piece of the puzzle (who is talking to whom). If somehow, some way, the encryption were ever compromised, then the adversary would have both pieces—in other words, they would know not only who is talking to whom but also what they are saying.
If the encryption is ever hacked, knowing who you are is probably the least of anyone’s concerns. I would imagine that any adversary could build a profile or plan a response without knowing a particular phone number.
“These two people are planning civil rights activism here on Friday,” is just as useful as, “MLK Jr and Malcolm X are planning activism here on Friday.”
Thankfully, they’d have to not only break encryption but also MitM the conversations, since Signal doesn’t actually store chat data on their servers.
I think he is going for the idea once encryption is broke in the future… You name is tied to the content forever.
Without phone number it would be just some random content.
A phone number can be traced back to a person. If there is ever a hack or backdoor it can be traced. There are plenty of alternatives that are open source and don’t require any kind of identifier.
Phone number is KYC’d
It is literally an identity and thats why everyone forcing you to use it now.
Phonenumbers are easy to fake, I have two signal accounts without any ties to my person.
That’s jurisdiction dependent… I thought that this ability is very limited now
Yeah, in some countries you can buy SIM cards at 7-11. In others you need to submit your ID, connect your bank account etc
Removed by mod
Use screenshots instead of links.
I did upload a screenshot with the link, but I guess it’s inaccessible… Here it is in full resolution
you left out reddit’s reason for removing the question
The mods response is odd but also the comments are real. Who is dumb enough to think WhatsApp is safe?
Your post has been removed for being too specific to a company or single product. These days, reddit is heavily astroturfed with fake posts asking questions about companies and services by shills of those same companies and services as a form of fake organic advertising, and by competitors trying to create FUD to benefit their own product or service. This often takes the form or character assassination, libel, and conspiracy theories.
We don’t allow it, and in order to keep it from happening, we remove posts that are too close to astroturfing, corporate comparisons, personal Nd political opinions, ranting diatribes, etc.
If your question was legitimate (asking for pros and cons, potential issues, comparisons, etc), feel free to use subreddits more appropriate such as one for the company or service mentioned, or see privacyguides.org for community comparisons and recommendations to privacy focused open source software.
r/privacy moderators also censored this post with the same reason:
IRS nears deal with ICE to share addresses of SUSpected undocumented immigrants
Really makes you think.
Okay that’s absolutely insane. Glad I switched to here even though it’s quieter
Glad to have you here, too. Its not as big as the reddit counterpart but I like this community.
