You know, I still don't get why people jumped on The Guardian and Tobias Boelter about the WhatsApp debacle. People keep trying to frame it as "they told everyone to give up on encryption", when it was blatantly clear to me that the message was "you can do better than Facebook for encryption".
I do not like this kinda stuff:
> “If you're a whistleblower like Edward Snowden, or if you are a politician, or if you are a journalist who regularly deals with people at risk of deportation, or if you work regularly in countries with harsh, repressive governments… you will have a different threat model to someone who just wants privacy because they’re talking about intimate or personally important stuff,” says Muffett. In such extreme cases, Tufekci suggests you use Signal to get in touch with experts such as the Electronic Frontier Foundation, who can teach you the finer points of digital security.
> For the rest of us, the end-to-end encryption in WhatsApp is enough to keep our chats out of snoopers’ hands. Indeed, privacy invasion may not come from the NSA or security services, but the people in your life — if you want to keep your parents or siblings from seeing your messages, you don’t need a secure app so much as a PIN to unlock your phone.
This is not okay. This basically says, "yeah, if you're a huge weirdo with a target on your back, you may want to use Signal". And yet I use Signal to casually talk with my friends about movies and food. I'd like to think that there's strength in numbers, I'd hate for Signal to be, rather than protective, a big bullseye for politically dangerous people.
The continued attack on Tobias Boelter and The Guardian about this, as if they had committed an unconscionable crime, is extremely jarring when people then praise this article that says to kids "privacy invasion may not come from the NSA".
I don't like being considered an "extreme case" for taking effortless, cost-free precautions that have a nice side-effect of not being part of Facebook's ecosystem. Look at this: "whether it’s Facebook Messenger, WhatsApp, or a stronger tool such as Signal." It's basically an ad for Facebook properties.
Nobody is attacking Boelter, or mentioning him. The fault here is the Guardian's alone, for not doing the basic kind of journalism that Teen Vogue demonstrates—asking multiple experts their opinion, and vetting their answers with other sources.
The problem with your advice to just use Signal is that Signal is not very usable. It routinely requires message resets, it sometimes initiates audio calls for no reason, it doesn't work in landscape mode.
And it is particularly unfriendly in scenarios where there is a key change (like someone reinstalling Signal in a group conversation). Some of these are bugs that will get fixed, some are tradeoffs required for a higher level of security.
I say this as someone who depends on the app, supports it wholeheartedly, and uses it to communicate with hundreds of people.
Normal users pressed to use Signal will fall back to SMS. This is not speculation, but documented behavior that we see happening among regular users. That's why the Guardian's hatchet job on WhatsApp was so harmful.
You can't give good security advice in a vacuum. Telling teens thinking of attending their first protest that the NSA is not their biggest threat is good security advice.
Telling them to use end-to-end encrypted messaging apps that have good UX is good security advice.
Reminding them that their biggest threat is the person they're sending the message to, or a nosy parent or sibling, is good security advice.
The article does a great job explaining this difficult topic in a way its audience can understand and act on.
> This is not okay. This basically says, "yeah, if you're a huge weirdo with a target on your back, you may want to use Signal". And yet I use Signal to casually talk with my friends about movies and food.
In an ideal world, you would be right. But in the world we live in, using high grade encryption tools does tend to attract more attention. Doubtlessly, those who use a VPN + Tor for all network connections are more likely to attract the attention of various TLA than the average person.
It's sad, but if you really have something to hide, the best advice I've received is to hide it in plain sight or bone up on steganography.
I do not like this kinda stuff:
> “If you're a whistleblower like Edward Snowden, or if you are a politician, or if you are a journalist who regularly deals with people at risk of deportation, or if you work regularly in countries with harsh, repressive governments… you will have a different threat model to someone who just wants privacy because they’re talking about intimate or personally important stuff,” says Muffett. In such extreme cases, Tufekci suggests you use Signal to get in touch with experts such as the Electronic Frontier Foundation, who can teach you the finer points of digital security.
> For the rest of us, the end-to-end encryption in WhatsApp is enough to keep our chats out of snoopers’ hands. Indeed, privacy invasion may not come from the NSA or security services, but the people in your life — if you want to keep your parents or siblings from seeing your messages, you don’t need a secure app so much as a PIN to unlock your phone.
This is not okay. This basically says, "yeah, if you're a huge weirdo with a target on your back, you may want to use Signal". And yet I use Signal to casually talk with my friends about movies and food. I'd like to think that there's strength in numbers, I'd hate for Signal to be, rather than protective, a big bullseye for politically dangerous people.
The continued attack on Tobias Boelter and The Guardian about this, as if they had committed an unconscionable crime, is extremely jarring when people then praise this article that says to kids "privacy invasion may not come from the NSA".
I don't like being considered an "extreme case" for taking effortless, cost-free precautions that have a nice side-effect of not being part of Facebook's ecosystem. Look at this: "whether it’s Facebook Messenger, WhatsApp, or a stronger tool such as Signal." It's basically an ad for Facebook properties.