It’s a good move; it shows they are no interested in popularity but Privacy and Security
me neither
In a statement to the publication, Signal president Meredith Whittaker says, “Our privacy standards are extremely high and not only will we not lower them, we want to keep raising them. Currently, working with Facebook Messenger, iMessage, WhatsApp, or even a Matrix service would mean a deterioration of our data protection standards.”
Ugh, okay Meredith, let’s pretend it’s impossible to handle this with user experience that makes the user acknowledge their conversation with a WhatsApp user is not secure. Meanwhile if the only viable way for this conversion to occur is to have WhatsApp on both ends, the situation less secure. So according to Meredith, the choice is between less overall security or not having conversations with people who don’t use Signal. That could makes sense for her salary but it surely is a net negative for Signal users some of which will have to install WhatsApp since they won’t be able to afford not to have those conversations.
It’s the same argument they used when ditching SMS-support ☹️
I’m not nearly as salty about SMS because of the following differences from the WhatsApp scenario. Signal-SMS was only supported on Android, call it half of Signal users whereas a potential WhatsApp integration (or lack thereof) would affect nearly all Signal users. Then the Android users who have to reach others over SMS already have a built-in system app that does this, so they don’t have to install third party app that exists to vacuum data. So the downgrade for the Android Signal user is in ease of use, not in overall security.
Except most people are not going to tolerate having a multiplicity of apps, and if people in your circle don’t already use signal, they definitely won’t now. Whereas previously, I was getting pretty decent traction from people slowly adding it.
In the modern age, it’s getting easier to hard-line your messaging platform though.
If people are already used to having multiple messaging clients for multiple people, it’s less of a jump to add one more.
This has been my experience as well. In the past friends and family were more reluctant to break away from whatever their default communication app was. These days most people are already familiar with the idea of using one thing to text, another to “message”, and often more than that. I’ve had great success converting people to more secure platforms now that they understand the process.
Don’t the built in system apps also vacuum data?
This is Lemmy. Here we believe everything vacuums data!
The built-in apps get and send SMS from a system service on Android. In nearly every case the system app is from the same vendor as the system itself which means there’s no significant opportunity for data disclosure that doesn’t already exist within the system. If anything , the system has much larger opportunity to vacuum data. Therefore if you don’t trust the system SMS app, you shouldn’t trust the system either. If you trust the system, you can probably trust the system SMS app too. Third party SMS apps present net additional opportunity for data disclosure so one has to trust the one they use doesn’t vacuum data.
a net negative for Signal users some of which will have to install WhatsApp since they won’t be able to afford not to have those conversations.
I just had to do exactly this for a little league group 😭
Yeah we’re like super serious about privacy so we require you to make you’re account based on a unique, hard to change, personally identifiable, insecure data point and require you to show it to everyone you talk to. The fact that they’re only now starting to test hiding your phone number is beyond asinine. Any arguments signal has about security I might listen to but their concept of privacy is laughable.
Ugh, okay Meredith, let’s pretend it’s impossible to handle this with user experience that makes the user acknowledge their conversation with a WhatsApp user is not secure. Meanwhile if the only viable way for this conversion to occur is to have WhatsApp on both ends, the situation less secure.
It is a privacy concern, not a security one.
So according to Meredith, the choice is between less overall security or not having conversations with people who don’t use Signal.
Could you cite this please? Because I do not see this beeing said or implied.
That could makes sense for her salary but it surely is a net negative for Signal users some of which will have to install WhatsApp since they won’t be able to afford not to have those conversations.
Entirley different conversation, accusations and projections. So dropping this.
It’s doable we are not in the kindergarten and school groups we might miss a few things but worked so fast for us. And I convinced both my job teams to use Signal
Ugh, okay Meredith, let’s pretend it’s impossible to handle this with user experience that makes the user acknowledge their conversation with a WhatsApp user is not secure. Meanwhile if the only viable way for this conversion to occur is to have WhatsApp on both ends, the situation less secure.
I don’t agree with this. The only way to have the conversation is to have Signal at both ends.
while i see where you’re coming from, being able to message WhatsApp users from a client app that respects privacy would be better than being forced to have WhatsApp installed on your device, with it snooping casually on your everyday device usage and your contact list and so on.
WhatsApp is the only Facebook app on my phone and i’d love to get rid of it without losing the ability to message all those buffons using it (which make up for 99% of my social circle)
Exactly. Let us choose if we want to interact with WhatsApp or not.
I’d be ready to sacrifice some security in order to not have WhatsApp installed on my phone.
Of course it would be cool to just get rid of WhatsApp but I can’t force my whole basketball team to go on Threema…
BTW, you can somewhat mitigate the spyware by using Shelter.
while i see where you’re coming from, being able to message WhatsApp users from a client app that respects privacy would be better than being forced to have WhatsApp installed on your device
Who’s forcing you? I removed everything Zuckerberg and just informed people I use only Signal now. I had to help my parents a bit with the install and the pin, younger than 70s did it themselves. I found that, if you have a reason for boycotting, people will just give you a hundred MB of their phone space and install Signal along with whatsapp
Signal refusing to federate with WhatsApp, even though meta says they will still use the signal protocol is the most bone headed decision I have ever seen from them.
There no better chance to break the network effect than this.
Meta could easily have the WhatsApp client upload decryption keys to their servers without any notification to the user.
Not sure what you mean, of course WhatsApp can disable it’s own encryption. That would be an argument for open source third party apps and interoperability.
What I’m talking about has nothing to do with the line protocol. Each client has encryption key pairs. The public key of the first party shares it with the other parties, and vice versa. If it’s encrypted with the public key then the private key can decrypt it.
If Meta gets the private keys, they can decrypt any message they want independent of whatever protocol is being used.
But aren’t these key pairs generated per session and/or per contact? So once you switch to a more secure / auditable client this only matters when communicating with people on whatsapp. But they presumably have a backdoor in their app for the NSA anyway.
No body said it’s going to have the same level of security, but that still doesn’t mean that should just give up on it, just put a small icon indicating this is a WhatsApp user.
Yeah that sucks, Signal is my preferred app and I wish I could get rid of WhatsApp without having to convert everyone.
Yeah this is very stupid. But I never liked Signal anyway.
Is there a matrix protocol based app that is planning to “federate”?
Realistically there is going to be a bridge which you can either self host or use to federate matrix.
Every Matrix protocol server, excluding some experimental or internal for a company ones, are federating? And it’s not an app as you can choose an app, the protocol defines client<>server spec too.
I mean “federate” with whatsapp. Apparently there is a bridge https://github.com/tulir/whatsmeow
Okey
Meta wants to federate with the whole fediverse eventually. This is first up, then Threads. Remains to be seen if they’ll bother with a Lemmy instance but I wouldn’t be shocked.
So far though the response by the fediverse has been “nah”.
It’s… I guess the ghost of their XMPP abandonment.
EEE at its finest, like they did to XMPP
Wasn’t it google?
Both Google and Facebook.
This is a centralization problem. Come and force federation upon my SimpleX server in Iceland!
upvote for SimpleX
SimpleX looked pretty intriguing…is it basically a better / private / more secure replacement for IRC?
pretty much, though it’s pretty basic in terms of functionality at the moment
On the one hand I agree with them sticking to their guns re: adamantly protecting privacy.
On the other, the number of contacts I have using signal has dropped off a cliff, from 12 to just one. It certainly isn’t rising. The people I know who used it have abandoned it and went back to WhatsApp.
Getting rid of SMS support was a mistake.
I’d personally prefer that when messaging with someone using WhatsApp, they make clear to you that Facebook can and will have some metadata, but not the contents of the chat itself. Shit, make it opt-in.
A big part of why nobody uses signal is because… nobody uses signal. If you could still talk to people on WhatsApp, the de facto standard in most of the world bar the US and China, more people might give it a try, and thus more people over time would be having signal-to-signal conversations.
IMO a good but imperfect solution is preferable to nobody using Signal, which is the realistic alternative.
I’ll continue donating to Signal, but much like their SMS decision, I believe this to be a mistake that will severely hamper adoption.
I would state it even more generally, something like “when chatting with WhatsApp/Facebook Messenger users Signal can only ensure no data is shared with third parties from your device …” or something around the lines of that
Perfect is the enemy of good
This is exactly the problem. If they support interoperability then they will allow their users to continue using the Signal app which has high security standards, even if the particular conversation is not as secure as native signal conversations and they can’t control what the third-party app does. This will help grow the Signal network (because now it is easier for WhatsApp users to incrementally switch to Signal) and become more secure.
By rejecting interoperability they may be slightly improving the privacy of the 1% of users where their conversation partner would have switched to Signal, but are harming privacy the 99% of users that will now need to switch to WhatsApp for those converstions and are harming their future network growth (which would bring even more users to a private solution).
they make clear to you that Facebook can and will have some metadata, but not the contents of the chat itself.
You thought you’re safe and private when the content is encrypted? LOL, no. Metadata are much more useful to Facebook, and to the intelligence services.
“We Kill People Based on Metadata.” – General Michael Hayden, former Director of NSA and CIA
My point isn’t that metadata isn’t useful for them, there’s no need to be condescending about things I never said.
My point is metadata should be protected as content does. While IM platform needs to know which message should be delived to whom, they don’t need that after being delivered, nor have it profiled.
Agreed.
I disagree. When sending SMS you are leaking info like when, to whom and how big message you sent to a lot of spying agencies.
You do that regardless of which app you use to send SMS.
That’s why I don’t use SMS at all
Cool, but that’s not an argument against SMS support in Signal.
I’d personally prefer that when messaging with someone using WhatsApp, they make clear to you that Facebook can and will have some metadata, but not the contents of the chat itself.
If you believe that, then I think you’re one of Zuckerberg’s proverbial “dumb fucks”. Not that I mean to be insulting, but that’s literally what he thinks of his users.
Facebook’s WhatsApp is almost certainly filled with backdoors and exploits. In particular, with Android they often bypass Play Store checks by bundling system apps directly via the manufacturer.
Calling someone a dumb fuck, even indirectly by using Zuck’s famous quote, is quite rude. People aren’t dumb fucks because they are forced into using WhatsApp.
Maybe you’re from the US or somewhere where iMessage, SMS, or WeChat dominate, but here, you either use WhatsApp, or you become an outcast. Whatsapp is de facto mandatory. Even half of my delivery notifications and 2FA comes to my WhatsApp, not SMS. When people say “just don’t use WhatsApp”, they may as well be saying “just don’t use email”.
I don’t want to be one of Zuck’s users. That’s why I want an open and secure protocol for cross-client messaging. So I and others can use something else without being isolated from friends and family. Being lonely isn’t pleasant.
Facebook’s WhatsApp is almost certainly filled with backdoors and exploits
Perhaps it is. We can never know due to its proprietary nature… which is why I don’t want to use it.
As it stands, I can use Signal with one contact. The rest refuse to use it, or used it and abandoned it.
It would be amazing if everyone woke up tomorrow and flocked to signal, but here in the real world, outside of my fantasies, I have to go with the standard, which unfortunately is WhatsApp.
The only other alternative is SMS which is far worse in terms of both security and privacy, and would also cut me off from talking with friends as I’d have no group chat access and because nobody uses SMS.
My choice is between:
-
being alone and unable to talk to anybody, but being a privacy purist.
-
conceding some metadata but retaining private chats and using a client I want to use. It would also bring more people to signal as they also won’t be locked out from chatting with others. Overall I’d gain signal-to-signal contacts, as well as imperfect signal-to-whatsapp ones.
-
giving in entirely and using Facebook software.
To me, there’s an obvious answer there. It’s not perfect, but it’s better than the others.
-
There is one thing about interoperability that I don’t see many people talking about:
Your messages going to and being handled by other services means you’d be subject to their TOS and privacy policy as well.
As long as services are transparent about it so users can make informed decisions based on it, that’s generally fine.
But then services like Beeper, or just Matrix bridges in general, make it so anyone can setup such a connection between services without their contacts even knowing about it.
Your messages going to and being handled by other services means you’d be subject to their TOS and privacy policy as well.
This is true of literally every one of your contacts, too. When you send someone a message, they can screenshot, copy, archive, and forward however they see fit (and most people don’t govern themselves by any kind of TOS or privacy policy). Which then means that if any one of your contacts chooses to use another service as a bridge, or as an archival tool, you’re naturally going to expose your messages to that service, on that contact’s terms.
But that isn’t about interoperability per se. It’s about how other people store and use their copy of data shared between multiple users. Apple iMessage isn’t interoperable with anything, but users still have conversations archived all the way back to the beginning of the service over a decade ago, and can choose to export those messages to be saved elsewhere. (For example, I use a bridge for iMessage so that I can view them on my Android phone, but the mechanism is software that leverages the Mac’s accessibility API).
Some of us are data hoarders. If you’re gonna have a conversation with people like me, you’ll have to trust that we don’t use those archives in a way that either inadvertently/negligently or intentionally exposes that data to some bad actor. I’d like to think I do a good job of respecting my friends’ privacy, and secure my systems, but I’m probably not perfect.
You’re not wrong but a friend (maybe even inadvertently) being negligent with my message, and a business structurally sending my message (received from my friend’s app) to third parties seems like a different ballpark.
deleted by creator
Back in the 80s and 90s we imagined a world of interoperable standards all agreed upon by the industry leaders for the benefit of all.
Then capitalism took over and shat on EVERYTHING.
Matrix will implement a bridge using the new api, that’s enough for me.
What sort of irks me is what a mixed bag EU regulation is. Some is good (GDPR), not denying that. Some is annoying (you’re going to be accepting cookies 100 times a day until you’re dead thanks to them), and Whatsapp runs on all devices, so while interoperability nice, even as a free-software, Linux person I don’t really care.
However, if you have to deal with friends or family in the US and you don’t have an iPhone though, god help you. They don’t care about this.
I guess my complaint is that EU regulation may seem legally elegant, but I think it is sometimes quite blind to the real situation on the ground.
It looks good on the books but we still, say, don’t have a standard ARM boot process for smartphones that would help users not be dependent on whatever shitty ROM the OEM wants them to have. That would be life changing, but it will never even be talked about.
The cookie consent also has a huge fail whale of unintended consequences - training users to click [accept], or really [anything], to make the annoyance just go away.
And nefarious actors have their run of the place now. They can slip onerous terms into EULAs and know they will largely be accepted.
As well as random [Continue] boxes to install malware or whatever they want since users are so well trained to click just to get it the fuck off their screen.
That wont hold in court tho
Wait and see what happens when Google removes traditional tracking from Chrome and every sites start requiring registration to access content !
Right. That’s a very different business model. I don’t necessarily have an opinion about whether it would be better or worse. It is easier to look at our current problems and say it would be better. But, eh, I can block most trackers and be a leach off of websites that stay up by selling other people’s data. shrug
Whatsapp runs on all devices
Nope. Android, iOS, Windows and Mac are not all devices. And web versions are far from ideal (some may suggest expanding web capabilities, but please don’t).
Mimimimimimimimimi
If you have nothing to say, say nothing at all.
Same to you, bud
just get an extension and adblocker filters to automatically dismiss/block cookie dialogs and use an allowlist for sites from which you actually need to persist cookies in your browser’s settings and set your browser to delete everything else on exit. With Firefox and browsers based on it you can, in addition to that, use container tabs (try sticky containers extension) for even better context isolation.
Obviously. But that is very difficult on mobile.
on Firefox if a desktop addon has no mobile version you can look up how to add custom add-ons collections when it comes to cookie prompt blockers, but ublock origin and adding filters to it work out of the box. Recently also some apps started showing cookie prompts with no option to decline unless you pay, if they can work offline, make them so
Interesting. I’ll check it out. I didn’t know that.
(BTW from my understanding of the law sites cannot block functionality if you decline cookies. But it is rarely enforced)
That’s a bummer. Means I have no alternative but to keep using WhatsApp then.
you’re getting downvoted for not being American 💀
I’ve had this conversation before. The consensus last time was that I should tell every single person on my contacts list to download Signal if they want to stay in touch and if they refuse it means they’re shitty people that don’t care about me but I’m totally not a shitty person for forcing my preferences onto others.
People don’t realize that in most of Europe WhatsApp is more popular than iMessages are in the US. Not having WhatsApp means you’re not texting to anyone.
Yep. And it’s not just a Europe thing. WhatsApp is basically the only messaging app in South Asia, West Asia, south America and a lot of parts in Africa. Telling someone to stop using WhatsApp here is like telling an American to stop using E-Mail ans SMS.
Well for me it works and I have most of my people on either Signal or threema though threema is getting slowly obsolete
Americans have something even worse: SMS
A huge amount of them, and the vast majority of younger people, have iMessage.
I never really understood why is it so complicated to also have Signal on the phone? I mean most people have a shit ton of stupid apps anyway. It’s not like it slows your phone down or anything. Just use Signal as well until most people also have it, and then you can choose to ditch the other apps. It’s like one extra icon in your app list. Also this is the fastest way to ditch shit apps, have everyone use Signal in parallel with the shit ones.
I’ve had Signal installed for years. There’s like 3 of my contacts that I never talk to anyway. Most people use facebook and tiktok and can’t even bother installing an adblocker. They’re not interested about a privacy focused messenger when they already got WhatsApp.
I converted all of my friends, and family. But it hasn’t been easy that’s for sure.
Wholeheartedly agree, but most people wont do it, so you end up with signal for 1 or 2 friends, telegram for a few others, and all the crap ones for the rest (whatsapp, slack, teams, messenger, etc)
Ive ditched every messaging app but signal and telegram, and its really annoying sometimes
Like another person said, most people don’t even bother installing adblockers on their browsers and yet complain about ads anyway, despite them being like 4 clicks away. Even after being told they exist and how to do it. Now imagine that with an entirely “new” “unheard of” messaging app.
I’m indifferent, since I’ve got both installed, there’s no escaping having to use WhatsApp in many countries around the globe. If I want to keep in touch with family/friends then only one or two contacts use signal, for everyone else it’s WhatsApp or the alternative is SMS.
I’m also indifferent though because of I want the interoperability, Beeper is doing fine.
It’s different, because not being forced to use their app and have WhatsApp account to still talk to someone there?
It’s certainly different, but for signal users who want to maintain that level of privacy, it’s probably something they want, right? From their perspective this is probably a good decision.
I’m indifferent because I’d personally rather have interoperability and Beeper gets the job done.
That is one good thing about america, whatsapp never caught
give whatsapp users green bubbles
😂
Use matrix, setup bridge (defederate from matrix network if you want), meet your friends where theyre at.
Hi, average idiot here, whats matrix?
Its an open standard for communications (like xmpp, but the new hotness) with a focus on federating IRC chat. (lot of cool work on state resolution by them wrt that). So you can communicate with people on different matrix servers as long as they federate with each other. Additionally, they have built in support for bridges that let you connect to other people via matrix giving you a seamless experience on that service via matrix. Lemme know if you need more clarifications.
I tried to make a bridge to my telegram and Whatsapp account, but I didn’t get it to work. Do you have any guide to follow?
I just used the guides by mautrix for the respective bridges. https://docs.mau.fi/bridges/go/setup.html there are instructions for a bunch there that work well. What was the issue you faced?
