this post was submitted on 04 Dec 2024
201 points (96.7% liked)

Privacy

32442 readers
655 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] masterofn001@lemmy.ca 209 points 2 weeks ago (1 children)
[–] commander@lemmy.world 52 points 2 weeks ago (2 children)

The loophole in WhatsApp's end-to-end encryption is simple: The recipient of any WhatsApp message can flag it. Once flagged, the message is copied on the recipient's device and sent as a separate message to Facebook for review.

That practically applies to every form of digital communication. Sender/recipient has it on their end unencrypted and passes/leaks it on elsewhere

[–] masterofn001@lemmy.ca 35 points 2 weeks ago (1 children)

Once a review ticket arrives in WhatsApp's system, it is fed automatically into a "reactive" queue for human contract workers to assess. AI algorithms also feed the ticket into "proactive" queues that process unencrypted metadata—including names and profile images of the user's groups, phone number, device fingerprinting, related Facebook and Instagram accounts, and more.

Does this also happen?

[–] Benjaben@lemmy.world 5 points 2 weeks ago (1 children)
[–] masterofn001@lemmy.ca 4 points 2 weeks ago (1 children)
[–] Benjaben@lemmy.world 7 points 2 weeks ago (3 children)

Just indicating that the steps taken that you mentioned are far beyond what most people would imagine as expected behavior for encrypted messaging software. Assuming your quote was published somewhere, as being about WhatsApp. I might've misunderstood.

load more comments (3 replies)
[–] GregorGizeh@lemmy.zip 4 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

Pretty sure the more user / privacy friendly options prevent screenshots or copying from an encrypted chat, and also allow the participants to delete their messages after they were read or even a set time.

[–] Zak@lemmy.world 20 points 2 weeks ago (1 children)

prevent screenshots or copying from an encrypted chat

Aside from the obvious analog hole, that's only possible if the user's device cooperates, which is never guaranteed.

There is no way to send messages to someone's device and guarantee they won't provide them to a third party. Technology can't force an untrustworthy person to keep your secrets.

Signal does not attempt to stop me from taking screenshots, and all chats on Signal are encrypted.

load more comments (1 replies)
[–] domdanial@reddthat.com 18 points 2 weeks ago (1 children)

Restricting screenshots is laughable security. If you can read a message then you can take a picture with a second device, there isn't any software that can stop that.

Preventing screenshots can stop accidents and make someone think twice about it, and disappearing messages prevents returning later and looking them up, but that's it.

[–] GregorGizeh@lemmy.zip 7 points 2 weeks ago* (last edited 2 weeks ago)

Well yes obviously nobody can prevent the recipient from taking a picture of the screen with a second device or writing down manually what the message said.

No system is foolproof, but those features are definitely miles ahead of anything meta provides, since they dont actually want those chats to be encrypted. They want that data, it is their business model.

[–] thebardingreen@lemmy.starlightkel.xyz 131 points 2 weeks ago (3 children)

The same FBI that keeps telling Congress end to end encryption needs to have legally mandated back doors in it?

[–] adarza@lemmy.ca 69 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

"our backdoors, not theirs"

(of course, they always fail to acknowledge the simple fact that "ours" becomes "everybody's")

[–] qprimed@lemmy.ml 7 points 2 weeks ago

holy shit! the FBI is communist?! cool, cool.

[–] florencia@lemmy.blahaj.zone 20 points 2 weeks ago

The very same

[–] Fubarberry@sopuli.xyz 20 points 2 weeks ago (2 children)

They want access, they just don't want china to have access. Of course, when you add a backdoor it's best to assume everyone will use it sooner or later.

[–] davel@lemmy.ml 25 points 2 weeks ago* (last edited 2 weeks ago)

☝️
If China’s access to your data were actually a high priority to the US security state, then they wouldn’t be installing these back doors. They’re much more interested in 1) accessing your data and 2) convincing you that China is your enemy.

The US security state isn’t interested your security, they’re interested in what the capitalists are interested in: imperialism and screwing over the working class.

[–] RvTV95XBeo@sh.itjust.works 15 points 2 weeks ago (1 children)

Of course, when you add a backdoor it's best to assume everyone will use it sooner or later.

Its true!! I saw several really interesting documentaries about this phenomenon on PornHub

[–] QuazarOmega@lemy.lol 4 points 2 weeks ago

Wow, I didn't know the Git host is providing documentaries too now, sweet 😋

[–] Charger8232@lemmy.ml 24 points 2 weeks ago (1 children)

So... they only warn people about how insecure texting is after someone else exploits it...

Abusive parents: "Only I get to beat my children!"

[–] brrt@sh.itjust.works 22 points 2 weeks ago (4 children)

And then there is the kinds of people who cry about Signal dropping support for SMS.

[–] RubberElectrons@lemmy.world 31 points 2 weeks ago (3 children)

Yeah, I'm one of em. I'm well aware it's not secure, but as a frontend, signal certainly was more customizable and pleasant to use even for just the few people I had to sms till I could convince to use signal.

[–] warm@kbin.earth 21 points 2 weeks ago (1 children)

It was so much easier to convince people to use Signal when it had SMS support. I think while Signal needed to drop it, it wasn't the time yet.

[–] RubberElectrons@lemmy.world 15 points 2 weeks ago (1 children)

I'm not convinced it ever should've. Make it obvious sms mode is in use, etc etc. But it was great to have everything in one place. One blocklist, great photo editing etc

[–] warm@kbin.earth 4 points 2 weeks ago

Maybe. For me the worst change they made was removing custom colours for my contacts.

load more comments (2 replies)
[–] SkyNTP@lemmy.ml 7 points 2 weeks ago (12 children)

I am one of those. I ditched Signal and went back to the stock sms app and adopted matrix. Haven't looked back since. The reality is that Signal dropping support for sms wasn't going to stop me from using SMS. For that, other people need to be convinced to stop using it at the same time. Signal didn't have nearly the market size needed to make that happen. And now that card is played, and nothing has changed. Signal is just another messaging app among hundreds. At least matrix offers a real paradigm shift.

load more comments (12 replies)
[–] UltraGiGaGigantic@lemmy.ml 7 points 2 weeks ago* (last edited 2 weeks ago)

How are you going to grow the user base without including the normies?

[–] capital@lemmy.world 5 points 2 weeks ago

That’s kind of like if iMessage dropped SMS support. Yeah, I know if it’s a green bubble it’s not encrypted. But I wouldn’t want them to just not allow it.

[–] ArcaneSlime@lemmy.dbzer0.com 16 points 2 weeks ago (1 children)

I'm 100% not one of those "I have nothing to hide" people, but I don't text about "things I want to hide" already FFS. In this case if the chinese gov or us gov really want to know about my plan to go get a costco hotdog with my friend later, fine, I don't like it but also "whatever." It's not like I'm texting about federal crimes or government secrets, that's what Matrix is for.

The only thing I don't like is being forced to use texts for 2fa on shit websites that won't except a yubikey (or flipper0-u2f, in my case) which seems to be most sites using 2fa ime.

[–] oatscoop@midwest.social 10 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

"I have nothing to hide, I just question your judgement and motives."

In a world entirely populated by empathetic, decent, and sane people we wouldn't need much privacy. Unfortunately that's not the world we live in. There are countless unstable, stupid, and evil people in the world -- some of them are in positions of power or might achieve power in the future. They are absolutely the sort to weaponize "harmless" information against you.

Do you want those people to know your sexual preferences, political leanings, etc?

load more comments (2 replies)
[–] Hirom@beehaw.org 15 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

The mobile standard setter, GSMA, and Google have said encryption will be coming to RCS, but there’s no firm date yet.

GSMA, please don't come up with yet another poorly designed encryption standard.

The IETF is already working on Messaging Layer Security (MLS), please work with IETF and adopt MLS. IETF have more experience and do a good job at designing secure protocols. And multiple organisations and services are already working on adapting MLS (Mozilla, Google, Matrix, Wire, ...)

load more comments (1 replies)
[–] lattrommi@lemmy.ml 14 points 2 weeks ago

Well, I'm stuck on a Verizon plan, so my SMS don't send anyways.

[–] LovableSidekick@lemmy.world 12 points 2 weeks ago* (last edited 2 weeks ago)

If cyberterrorists really want to know who's gonna be late to my D&D game and what food we're having, I guess there's no way we're gonna stop 'em. I blame Kamala's weak campaign.

[–] unknown1234_5@kbin.earth 10 points 2 weeks ago (10 children)

so, have you guys heard of matrix?

load more comments (10 replies)
[–] Zerush@lemmy.ml 7 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

OK. then photos of steganographed kittens

load more comments (1 replies)
[–] dyathinkhesaurus@lemmy.world 7 points 2 weeks ago

I wonder what they would be saying if they'd been allowed to weaken encryption and back-door the fuck out of everything before the Salt Typhoon folks got involved.

[–] AnneVolin@lemmy.ml 6 points 2 weeks ago* (last edited 2 weeks ago)

US 2010: "We've created and incentivised this gigantic drag net of information based on insecure protocols, private partnership deals, FISA court orders, and outright black budget illegality"

US 2024: "Pweeze use encrypted communication (that we have vendor relations with or that we have backdoors in or that we built as a honey pot) because China can see what's happening in the drag net and they can leverage that information to compromise our idiot elites."

[–] Zerush@lemmy.ml 4 points 2 weeks ago

Going back to the roots with the Finger Protocol.

load more comments
view more: next ›