• stuckgum
    link
    fedilink
    arrow-up
    51
    arrow-down
    3
    ·
    24 days ago

    Please don’t use WhatsApp or anything FB related

      • fernandu00
        link
        fedilink
        arrow-up
        24
        ·
        24 days ago

        Yeah…in my country it’s almost mandatory to have it or you won’t talk to anybody…it’s the only message app most people know… It’s like windows to operating systems…people just use it and ignore that there are different ways to communicate. I tried to use other apps like telegram or signal …nobody wants a second app to send messages…too much trouble

    • plant_based_monero@lemm.ee
      link
      fedilink
      arrow-up
      15
      ·
      24 days ago

      I live in a whatsapp dominated country and I have tried to move people to signal time and time again, not even the tech savy will try it. I had signal for over two years and I dont have anyone to talk to

      • variants@possumpat.io
        link
        fedilink
        English
        arrow-up
        5
        ·
        24 days ago

        Do you guys not have sms messaging, if someone I know doesn’t have signal we just text them the old fashioned way

        I got my brother to switch from what’s app to signal finally then we got our friends who are brothers to join us, then my brothers older friends who are in the same circle joined in, then our parents recently as well. Now I’m working on getting my wife’s family to let go of what’s app. My wife’s brother married a Brazilian ladies so he got them all on the what’s app

      • JJLinux
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        23 days ago

        I know your pain all to well, but when I figured my mental health and privacy were at risk, I just took the leap. It is not an easy choice. Having said that, think about these benefits:

        • from your “inner circle” those who really want to keep in touch won’t mind installing another app. This give you a broader view of just how important you and what YOU consider your well-being is to each of those people.
        • may not feel that way at first, but after a few days you will start feeling refreshed by having reduced notifications dramatically. This helps for focusing on whatever you enjoy.
        • the knowledge that you’re giving a tech giant less, or even nothing, is an epic feeling that can only be experienced, not described.

        I also live in a country made to be driven by Meta and all its crap by the population, so much so that even the oldest and largest corporations, banks and stores have all but abandoned their websites, and handle everything over WhatsApp for transactions, and Instagram and Facebook for publicity and offers. Some of these sites have not been updated in over 10 years, and good luck getting them to reply to an email and God forbid, picking up a phone.

        I’ve been out of that environment for almost 10 years now, and all it’s done for me is make me happier, save money and give me plenty of time for video games without being disturbed.

        Try it, let everyone know you’re moving to (insert name of alternative and privacy focused app) and will be eliminating your WhatsApp in (whatever amount of time). Then, after the first week, disable all notifications on WhatsApp, and just check it when you feel like it. I’m not going to tell you to stop replying to people, but take longer (12 hours, 2 days, whatever you can handle) and when they ask what took you so long, just tell them what you think about WhatsApp, and that you’re easier to reach on the other app. If at the end you’re not comfortable, just don’t eliminate WhatsApp and keep it, it’s not going to harm anyone (other than your privacy, of course), and you still walk out having at least tried.

        Full disclosure, I’m not young anymore, will be 50 soon, so understand that I’m in a point in life where I don’t want more people in my life, I want less 🤣🤣

  • Unskilled5117@feddit.de
    link
    fedilink
    arrow-up
    26
    ·
    edit-2
    24 days ago

    Tldr: This is a traffic analysis attack, it exposes metadata without help or access to data from whatsapp. Other messengers are vulnerable too. It requires vast resources and access only governments have. It is not a threat model that todays messengers defend against.

    The interesting part of the article ist the last one.

    According to the internal assessment, the stakes are high: “Inspection and analysis of network traffic is completely invisible to us, yet it reveals the connections between our users: who is in a group together, who is messaging who, and (hardest to hide) who is calling who.”

    The analysis notes that a government can easily tell when a person is using WhatsApp, in part because the data must pass through Meta’s readily identifiable corporate servers. A government agency can then unmask specific WhatsApp users by tracing their IP address, a unique number assigned to every connected device, to their internet or cellular service provider account.

    WhatsApp’s internal security team has identified several examples of how clever observation of encrypted data can thwart the app’s privacy protections, a technique known as a correlation attack, according to this assessment. In one, a WhatsApp user sends a message to a group, resulting in a burst of data of the exact same size being transmitted to the device of everyone in that group. Another correlation attack involves measuring the time delay between when WhatsApp messages are sent and received between two parties — enough data, the company believes, “to infer the distance to and possibly the location of each recipient.”

    Today’s messenger services weren’t designed to hide this metadata from an adversary who can see all sides of the connection,” Green, the cryptography professor, told The Intercept.

  • Scolding0513@sh.itjust.works
    link
    fedilink
    arrow-up
    22
    ·
    edit-2
    24 days ago

    This is a traffic analysis attack, and doesn’t really have anything to do with Whatsapp specifically. The same exact thing can be done with Signal, and likely is already many times over

    Also this was exposed a long time ago

  • Autonomous User@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    3
    ·
    edit-2
    24 days ago

    Wrong, anti-libre software, WhatsApp, bans us from proving it’s claims (E2EE claims lies), bans us from removing malicous source code. It is vulerable hostile by design.

  • delirious_owl@discuss.online
    link
    fedilink
    arrow-up
    6
    ·
    24 days ago

    The nature of these systems is that they’re going to kill innocent people and nobody is even going to know why.

    When lack of privacy is literally a death sentence

  • Fonzie!@ttrpg.network
    link
    fedilink
    arrow-up
    13
    arrow-down
    7
    ·
    edit-2
    24 days ago

    TL;DR meta data isn’t encrypted and read by “government agencies”. Probably Israel, but they’re not saying with certainty which agencies do.
    If government agencies can read these, other groups likely can, too.

    “WhatsApp has no backdoors and we have no evidence of vulnerabilities in how WhatsApp works,” said Meta spokesperson Christina LoNigro.

    Your vulnerability’s right there, LoNigro.
    Saying “oh but it affects the other apps, too” doesn’t make yours less vulnerable.

  • TheAnonymouseJokerM
    link
    fedilink
    arrow-up
    5
    ·
    24 days ago

    This is not a WhatsApp exclusive problem. MITM traffic analysis for metadata packet interception is a common technique.

    • Arthur BesseOPA
      link
      fedilink
      English
      arrow-up
      2
      ·
      23 days ago

      Indeed, the only thing WhatsApp-specific in this story is that WhatsApp engineers are the ones pointing out this attack vector and saying someone should maybe do something about it. A lot of the replies here don’t seem to understand that this vulnerability applies equally to almost all messaging apps - hardly any of them even pad their messages to a fixed size, much less send cover traffic and/or delay messages. 😦

  • grid11@lemy.nl
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    24 days ago

    some interesting excerpts:

    The analysis notes that a government can easily tell when a person is using WhatsApp, in part because the data must pass through Meta’s readily identifiable corporate servers. A government agency can then unmask specific WhatsApp users by tracing their IP address, a unique number assigned to every connected device, to their internet or cellular service provider account.

    The assessment makes clear that WhatsApp engineers grasp the severity of the problem, but also understand how difficult it might be to convince their company to fix it.

    It will be difficult to better protect users against correlation attacks without making the app worse in other ways, the document explains. For a publicly traded giant like Meta, protecting at-risk users will collide with the company’s profit-driven mandate of making its software as accessible and widely used as possible.


    “WhatsApp has no backdoors and we have no evidence of vulnerabilities in how WhatsApp works,” said Meta spokesperson Christina LoNigro.

    That’s why you slam e2e encryption banner all over the app to make this statement even more true instead of doing an independent code review that could confirmed that on paper.