Messaging programs: which is better privacy - browser versions or dedicated apps?
I use Slack, WhatsApp, Discord and Facebook's Messenger. On my computers, rather than installing dedicated apps, I've always just used these services' browser versions. It allows me to block ads with my browser's ad blocker and modify the UIs with other extensions that I use.
But in terms of privacy — and more specifically, in terms of what the service has access to outside of their own walled gardens — is there a difference between using these services through a browser or their dedicated apps? I use both Windows and Mac computers, if that makes a difference. My browser of choice is Firefox and I run the services in their own containers.
On my phone, I just use the provided apps and get notifications that way. I am well aware that most of these protocols are not great for privacy to begin with, but I'm not currently looking for other messaging systems.
The functional difference is basically nil, especially if you’re using things like Facebook messenger.
They have you fingerprinted and profiled to death and I believe will have access to every word you say. Kinda like worrying about a paper cut instead of a stab wound.
If you sincerely care about privacy it’s miserable because you need the others you want to communicate with to care too
Adjacently I would like to add that even with e.g. WhatsApp, which I believe unlike FB Messenger (?) has end-to-end encrypted messages, the metadata alone will be sufficient often enough for fingerprinting and profiling.
I once was told the following, in my view fitting, succinct summary: They don’t necessarily need to know what or even who you text at 3 AM, especially if it’s a common reoccurrence – there’ll only be a few possibilities anyways.
Or, going on a bit of a tangent to the original topic here, another example: if you primarily talk to users that show behavior of (read: who they have profiled as) younger people, they’re either your kids or your peers, depending on when you text them (texts in the morning/afternoon vs. going out together). Keeping metadata private is almost as important as the message content itself!
As such, here comes to obligatory plug for using Signal: it has basically feature parity to the other messengers, while being so much better for not-being-snooped on (also a nice wording/alternative I learned from that same conversation, useful for the people who say they don’t “care about privacy”).
I love posting this: https://i.imgur.com/wXygZQl.png
The amount of meta data captured by those E2EE apps is hilarious, in a non humourous way.
Signal turns your phone number in to a hash to not share your number.
https://blog.xot.nl/2021/01/14/contact-discovery-and-notification-some-new-privacy-concerns/index.html is a great read up on this.
Well @grumbel, you don't have to use it. It's still far better than anything else out there right now. The best out there was BBM (Blackberry Messenger) which used pins, unfortunately people choose ease over security.
BBM was encrypted only from device to server and then from server to device, which meant Blackberry could decrypt the information. Had that been made E2EE with pins, that would have been gold.
Is this the right image? It's unreadable
Imgur seems to do something with image compression on mobiles. Not sure what's going on, really, but if you're redirected to the imgur page showing the image just as I was at first (as opposed to accessing the image directly) they might give you a highly compressed .webp file instead which I agree is unreadable. Switching to view the page in desktop mode may help, as may copying the URL, opening a new tab and going straight to it.
https://i.imgur.com/Jd89tpT.png
I just had a thought... what's stopping E2EE apps from running local content classification before encryption? Like, labeling each series of messages (a couple long ones, or many short ones etc.) as one of [electronics, fashion, cosmetics, pet] etc. and periodically sending labels to the central server? If feels like something someone would already be doing.
It's a tradeoff. Webapps tend to be better sandboxed than their native equivalents on desktop, and you also don't need to worry about falling back on electron/chromium versions.
On the other hand, it does lead to issues with end to end encryption where the server could serve you (as in you specifically) backdoored JS, whereas with a native app it would have to be sent to all users, increasing the likelihood of detection. I believe this is also the reason why Signal does not have a webapp, though their own desktop app has issues like disabling the electron sandbox entirely.
Ironically, Meta has deployed mitigations for this, and their windows app is one of the few to actually work within the currently supported app sandboxing.
There's several decisions technical surrounding Signal's desktop client that strike me as rather odd. Some of it could be explained by lack of resources which is understandable, except they've turned away and/or disallowed independent developers looking to develop and maintain open source native Signal clients, which means in some capacity they're creating their own problems.
On desktop OSes it's another matter, but with heavily sandboxed modern mobile OSes this makes perfect sense to me. The web, much like desktop OSes, is now an old platform that well pre-dates the privacy concerns that arose during the formative years of mobile OSes and has all sorts of legacy systems hanging around that can be used to harvest information.
What's more, an ad company now effectively owns the web and has a conflict of interest in keeping its ad business profitable. This same company is also constantly poking holes in the walls of its browser's containment field for the sake of making it more like an operating system, resulting in an unbelievably complex monolith than even an entire team of experts can only barely accurately reason about.
That's an interesting study, thanks for the link. It would be interesting to see what they would find if they ran the study now, as much has changed in seven years.
I have indeed found NoScript to be a little too much hassle for my tastes, but recently I have started to think about adding it to Firefox. Until now, I have just run uBlock Origin, Decentraleyes and Privacy Badger.
Of course, I suppose if I was particularly paranoid, I could always use a completely separate browser for the messaging platforms, and force each domain into its own container. Sometimes I wonder if that idea could even be taken further and a modified browser could be tweaked to basically function in the way Trillian, Pidgin and other multi-platform messaging clients used to work back in the day.
Firefox has a "resist fingerprinting" setting in it that basically breaks the web, but... just by using FF you've already fingerprinted yourself a lot, and enabling features to randomize things just fingerprints you even more. At least they don't know you've got dark mode enabled though.
I have no idea how effective it is in reality, but Apple's approach with Safari is interesting. Rather than randomize, it does the opposite by spoofing many bits of data that are used to fingerprint with the exact same generic data across all devices, in theory giving trackers fewer unique bits to key off of.