16 votes

Why WhatsApp Will Never Be Secure

17 comments

  1. [11]
    weystrom (edited ) Link
    Telegram is pretty cool, the clients, both mobile and desktop, are industry leading from the UX point of view. Why roll your own crypto though? Why no encryption by default? How long until it gets...

    Telegram is pretty cool, the clients, both mobile and desktop, are industry leading from the UX point of view.

    Why roll your own crypto though? Why no encryption by default? How long until it gets monetized? Somehow I don’t trust Durov to be the altruist he claims to be, but at the same time we have never seen anything nefarious from Telegram so who knows.

    14 votes
    1. [9]
      babypuncher Link Parent
      I like Signal more, simply because I place more trust in a non-profit to keep the service free and private, and keeps all its code open source. Telegram is run a private company that keeps the...

      I like Signal more, simply because I place more trust in a non-profit to keep the service free and private, and keeps all its code open source. Telegram is run a private company that keeps the server source code proprietary.

      19 votes
      1. [6]
        lionirdeadman Link Parent
        I've personally taken a liking to Wire, they plan Federation and actually want to be in F-droid which Signal has been adamantly against and even pushed away people who wanted to make a version...

        I've personally taken a liking to Wire, they plan Federation and actually want to be in F-droid which Signal has been adamantly against and even pushed away people who wanted to make a version using Signals' servers but fully-free of proprietary code.

        8 votes
        1. [2]
          user2 (edited ) Link Parent
          "They plan federation and want to be in F-droid". To me, "plan" and "want" are just words with a similar meaning as "are not". They are not federated and they are not in F-droid. They've been...

          "They plan federation and want to be in F-droid". To me, "plan" and "want" are just words with a similar meaning as "are not". They are not federated and they are not in F-droid. They've been saying that they "plan" and "want" for several years, yet they are still not. So, I would consider the best alternative, which, right now, is matrix.org.

          6 votes
          1. lionirdeadman Link Parent
            It's much better than "don't want" and "don't plan", it shows they have interest. Also, while I do want to believe in Matrix, the UI/UX is no good at the moment and some of the server details...

            It's much better than "don't want" and "don't plan", it shows they have interest.

            Also, while I do want to believe in Matrix, the UI/UX is no good at the moment and some of the server details bother me quite a bit.

            3 votes
        2. [3]
          babypuncher Link Parent
          F-Droid is just an alternative app store for Android isn't it? Why would Signal care if the app is available there?

          F-Droid is just an alternative app store for Android isn't it? Why would Signal care if the app is available there?

          2 votes
          1. synergy-unsterile (edited ) Link Parent
            F-Droid is more convenient to install/update than downloading an APK off a webpage (Open Whisper Systems forces Google-less Android users to download the Signal apk from their website or github...

            F-Droid is more convenient to install/update than downloading an APK off a webpage (Open Whisper Systems forces Google-less Android users to download the Signal apk from their website or github repo). It would cost them very little (in comparison to running the Signal Servers) to set up their own official F-Droid repository (like a PPA in Ubuntu terms) so that installs/updates can be made securely without trusting a loose apk file or Google Play.

            Edit: This removal request on the privacytoolsIO issue tracker goes into some depth, points two and three are pertinent.

            (I do use Signal myself, but I am aware of the many trade-offs involved in its usage.)

            7 votes
          2. Octofox Link Parent
            Fdroid is the app store for open source/privacy users. Many users like me do not have the play store or any google proprietary apps installed and only install things from fdroid.

            Fdroid is the app store for open source/privacy users. Many users like me do not have the play store or any google proprietary apps installed and only install things from fdroid.

            3 votes
      2. weystrom Link Parent
        And yet he's chastizing Whatsapp for being closed source, the hypocrisy is real.

        Telegram is run a private company that keeps the server source code proprietary.

        And yet he's chastizing Whatsapp for being closed source, the hypocrisy is real.

        6 votes
      3. SourceContribute Link Parent
        Signal is great but I'm hoping Keybase becomes more popular because it has social network effects within it and it's usability is pretty good as well.

        Signal is great but I'm hoping Keybase becomes more popular because it has social network effects within it and it's usability is pretty good as well.

        2 votes
    2. lionirdeadman Link Parent
      I'd like to add that their Android source code is always outdated which has been quite frustrating to those who try to publish a fully-free fork on F-droid.

      I'd like to add that their Android source code is always outdated which has been quite frustrating to those who try to publish a fully-free fork on F-droid.

      3 votes
  2. [2]
    Moxdi Link
    Telegram seems cool but im not sure if i agree with their business model i bet theres something shady going on

    Telegram seems cool but im not sure if i agree with their business model i bet theres something shady going on

    3 votes
    1. Octofox Link Parent
      Telegram has randomly banned me and my bf as well as a few people I know without any explanation other than to "contact support". When you contact support you get told they can't do anything and...

      Telegram has randomly banned me and my bf as well as a few people I know without any explanation other than to "contact support". When you contact support you get told they can't do anything and you should send an email to this address and when you send the email they never reply. I honestly wouldn't trust it with anything important. At least with matrix.org I can switch server or host my own.

      5 votes
  3. SourceContribute Link
    I wonder when "authenticity" for privacy and security will be a marketing slogan, seems like the time is coming where free/open source and actual secure apps will have to up their marketing game...

    I wonder when "authenticity" for privacy and security will be a marketing slogan, seems like the time is coming where free/open source and actual secure apps will have to up their marketing game and reach out to the general public. Signal seems to be doing alright at it (you can send GIFs, it's what the people want!)

    2 votes
  4. [3]
    sniper24 Link
    Signal has almost every feature whatsapp does, with the exception of group calls and I'm sure a few others, But also has long running security credentials. All it lacks is more people.

    Signal has almost every feature whatsapp does, with the exception of group calls and I'm sure a few others, But also has long running security credentials. All it lacks is more people.

    2 votes
    1. [2]
      alyaza Link Parent
      signal seems like it has a fairly sustainable number of people but alas, the latter thing can be a real killer for otherwise-good services. you can have all the features anybody could ever want,...

      Signal has almost every feature whatsapp does, with the exception of group calls and I'm sure a few others, But also has long running security credentials. All it lacks is more people.

      signal seems like it has a fairly sustainable number of people but alas, the latter thing can be a real killer for otherwise-good services. you can have all the features anybody could ever want, but if you can't attract an audience, it really doesn't matter. it's a problem that honestly plagues a lot of the FOSS answers to non-FOSS services (certainly smaller ones like peertube and friendica, but also to some extent even the larger ones like matrix and mastodon)--they generally just don't have the ability to really put themselves out there and sell themselves to people like the things they're emulating do.

      4 votes
      1. sniper24 Link Parent
        It has a sustainable user-base among those who care about encryption and the like, but the real goal of encryption tech should be to strengthen everyone, not just those who care. FOSS has always...

        It has a sustainable user-base among those who care about encryption and the like, but the real goal of encryption tech should be to strengthen everyone, not just those who care. FOSS has always struggled because the people involved are focused not on revenue and DAU, but on the politics, so commercial software always has the advantage, as they think of the customer.

        5 votes