13 comments

[ 4.6 ms ] story [ 33.6 ms ] thread
(comment deleted)
As a family we switched to Telegram about 18 months ago, and so far we've not found a reason to switch back.

Indeed, as often as I can, I encourage others to make the switch too - to Telegram or Signal or any other secure messaging app, just don't stay on WhatsApp!

Just remember Telegram is not end-to-end encrypted by default. Signal is.
I moved my parents and siblings to Telegram. I have ws but I deactivated all ws notifications. I tell everyone If they want to contact me they can either call me or chat with me on telegram or via SMS.
It’s a bit disingenuous (sensationalist?) to go from:

> “No one outside of this chat, not even WhatsApp, can read or listen to them.” Those assurances are not true.

to (buried in the middle):

> Because WhatsApp’s content is encrypted <…> WhatsApp reviewers gain access to private content when users hit the “report” button on the app, identifying a message as allegedly violating the platform’s terms of service. This forwards five messages <…> to WhatsApp in unscrambled form

Unless I’m missing something, the article so far confirms that in WhatsApp:

(1) Signal-based E2E chat encryption still works as expected,

(2) reports actually get reviewed (I used that feature a few times), and

(3) FB mines down to bedrock everything else apart from actual chat contents. Nothing new here.

Since, as far as my personal experience goes, almost no one uses Signal and almost everyone uses Telegram in non-E2EE mode, the choice appears obvious.

That all said, the horribleness of content moderation jobs deserves more awareness.

Signal has since changed their encryption methods so that it's harder to know who's sending messages to who, and what groups exist. On WhatsApp, these changes have obviously not been implemented, so it's not true that WhatsApp uses Signal encryption.
Based on a shallow scan of Signal protocol’s Wikipedia page, I can’t see any notable changes after 2016, which is when WhatsApp had it integrated. Perhaps the measures you mentioned exist in Signal the client, as opposed to Signal the protocol?

But yes, if using WhatsApp one must keep in mind that FB and third parties know (and probably data-mine) whom (also when, etc.) one’s talking to; this is most likely less of a concern with Signal client.

I have a lot of respect for Signal Foundation, although I question their recent idea of integrating cryptocurrency support into a messaging app.

i think GP is referring to the signal protocol [0] as the underlying transport of the contents, which should be still true in WhatsApp. Feature parity with Signal app itself in terms of what is encrypted seems to have not been a focus of WhatsApp.

[0]: https://en.wikipedia.org/wiki/Signal_Protocol

I'm still unclear, after reading the article, how all this is supposed to work.

My basic question is: are my messages to other users still encrypted or can Whatsapp employees read them? If so, that's seriously scandalous. If not, how can they make reliable assessments from metadata alone?

If you click a button to report bad messages, your client (which of course has the keys for your messages) sends that message and the 4 messages before that to Facebook in such a way that Facebook can read them.
I'm wondering how's possible that the keys are device based keys. Everytime I switch phone I can just do a copy of the messages and Whatsapp will import them without issues.

The question would be whether that archive also contains the key then and that the keys are not saved in the WhatsApp servers

I’m surprised anyone is surprised…