It's harder for US folks to understand just how much of a monopoly WhatsApp has in Europe and the UK.
Pretty much all of our school and local community communication happens via WhatsApp. I'd change to Signal or Telegram in a heartbeat, but the inertia is so great it's not possible.
It pains me to say, but we're getting to the point where companies like Twitter, Facebook and Google need to be treated like utilities or something so that such moves as these can be scrutinised and controlled more effectively as Facebook could pretty much (within current law) introduce whatever policy they like and users would be faced with the option of accepting or being cut off from their local community.
Given the pandemic and the UK lockdown, this is not tolerable.
I'm also in the UK and I deleted WhatsApp 2 years ago when it became clear that Facebook intended to move in the direction of fuller integration (I deleted my Facebook account after 1 month of usage 10 years ago). However, I had to reinstall WhatsApp because all of my kid's sports activities and school updates are organised through WhatsApp groups and it is impossible to participate without WhatsApp. Much as I believe in the cause, I'm not going to go preach it to the volunteers who coach my kids' rugby team. The scary thing here is that the actual real-life "social network" has been privatised and monopolised, and now we can't participate in society in very important ways without going through Facebook.
I want to add that when I left WhatsApp (~2y ago) I deleted my account. WhatsApp kept accepting messages on my behalf. People didn't know I wasn't getting their messages. I'm surprised I don't see this mentioned to the point I wonder if I did something wrong at the time.
In the end, I reopened a WhatsApp account recently because everyone is using WhatsApp in France and I couldn't stand breaking everyone's efforts to bring us together during lockdown.
> People didn't know I wasn't getting their messages.
They saw 2 ticks, meaning delivered to your device? Or did they see one tick, meaning only delivered to the server?
If it's the latter, that's a reasonable choice for the server to make. The server has acknowledged receipt of the message, and failed to send it to your device.
If you wanted WhatsApp to advertise to your contacts that your account was inactive, you could have maybe sent them a message yourself?
I would wager that most people using WhatsApp know the difference between one tick (server receipt), two ticks (client receipt) and two blue ticks (client actually read it).
Marking "Server received message and is holding it for user" with the same icon as "server received message and determined there is no such user" is dumb and bad and wrong, and probably also a dark pattern in this case.
If you click on the message you get a Message Info screen which shows you exactly what the state the message is and the timestamps. It explicitly says "Sent"/"Delivered"/"Read" alongside the ticks and at what time it happened.
I can confirm my mother has no idea what these ticks mean. She can't make the difference between WhatsApp and iMessage either. At the time I left, I told her so and she kept wondering why I was not getting some of her messages (the ones she was sending on WhatsApp, that is).
Most users don't search for extra info screens and extra information in apps. ESPECIALLY not the older generations. I'd argue that the majority of people may understand the blue tick, but that _very_ few understand the difference between a single check and a double check.
Even the ones who do understand a little about the checks probably don't bother thinking about the difference between "sent" and "delivered". They'd understand it if it was pointed out to them, they aren't stupid. But they don't care enough to realize it because they shouldn't _need_ to understand it most of the time.
And even so, the checkmarks are very subtle and easy to not notice if you don't expect to need to look at them. A user is more likely to say "well it didn't give me an error so it must have sent, I wonder why nindalf is ghosting me" rather than "huh, I wonder if WhatsApp actually _delivered_ the message to nindalf, let me check"
I use it multiple times a day. I'm in half a dozen groups.
I use it somewhat reluctantly which might reduce the degree to which I actively seek out understanding. I wish we'd all go back to vendor neutral channels of communication but I also apprecitate the fact that it is less sucky than SMS.
What is with HN and throwing around words like dArK pAtTeRn?
No it’s not a dark pattern. They’re being as transparent as possible. If you long press the message and click “info” they even explain what each tick means and when each event took place. It’s literally not possible to be more transparent than that.
And before the privacy brigade who’ve not used the app show up, this is configurable. You can opt out of sending and receiving read receipts. And since it’s a closed app with no other implementation, you can’t circumvent that either.
he deleted his account. it's absolutely not reasonable to accept my message without informing me the user I'm sending to is not on the platform anymore
I can only guess that people sending messages to my cancelled WhatsApp account saw only one tick. That's still meaningless to less skilled users and there's no way to tell if the user has gone forever or if they're just offline for a bit.
Anyway, my point is that WhatsApp shouldn't silently accept messages for a non existent user no matter what weak signals you get. When you send a text message to a non existent number, you get an error. Same for an e-mail.
I can't help but think it's a way to deter users from leaving WhatsApp.
> WhatsApp kept accepting messages on my behalf. People didn't know I wasn't getting their messages.
As an FYI to you and anyone reading this, you can convert your account to a business account using WhatsApp for Business. It has an auto-reply feature that you can enable with a custom message, to inform people you've moved to whatever platform you've decided to move to.
When I switched from Windows to Linux, sure there were some inconveniences but with enough technical knowledge and a bit of inconvenience I was able to get by.
But social media? What do I switch to?
> This is precisely the dilemma in a nutshell.
Exactly my problem too (car mechanic, plumber, school parent committee, loads of my friends …) – I need my car fixed, I need my plumbing fixed, I need to communicate with other parents. I hate that I have no choice but to use a Facebook product when I am not even on Facebook!
Just thinking out loud here, as I was considering something like this.
I can also not give up the WhatsApp account due to the social pressure. What if I would use a second phone, a cheap one, used only for the whatsapp (and some other essential but privacy invasive apps). I would not have that second phone always with me, but it would provide me access to the social network I need without feeling tracked or providing more data than needed.
I do understand that this doesn't fix exactly the issue presented here, but I already assumed that whatsapp data was already in Facebook's hands one way or another. But I would limit the amount of information that WhatsApp can track about me by having this application on a phone which does not really represent my full actions as i don't have it with me.
Trouble is you are privileged enough to be able to afford two phones. For many families, even a $300 device is a significant expense. So if your approach was the only approach, only the rich would have privacy.
Thankfully his approach is not the only approach - just don't use WhatsApp! I never have despite the pleadings of my friends to use it.
If they can't be bothered to email or send an SMS to me or use Signal or video call via the multitude of alternative messaging services (Duo, FaceTime, Skype, Signal etc. etc.) I don't think they're that bothered about being my friend are they?
If their friendship hinges on me using a specific mobile app, that's a shallow friendship.
There's a "social capital" thing going on here. Your friends are usually willing to make some amount of effort to talk and hang out with you, depending on how close friends you are, but there are limits to that. Nobody wants to get together with someone who insists on doing everything their way every time. Most people don't care to spend what social capital they have getting their friends to use a different messaging app. You're only burning even more social capital if you try to lecture them about things they don't care about, such as Facebook having their personal information.
Particularly, this social capital is at its minimum when you're trying to develop new friendships. Good luck starting any when you refuse to use the app that everyone else in the area uses to communicate.
That just sounds like "everyone else is smoking, so I should start smoking too". Just because everyone else is doing it does not mean it is the right thing for you to do.
In this instance, if developing friendships relies on me sending my data to some unknown person the other side of the world so that they can build graphs on my activity and follow me around just because everyone else has decided that's what they want to do, then I would choose another path.
Wouldn't you? If not, please send me all your data and details of your activities, all the time. If you can trust that data to some guy you've never met in a datacenter, then why not send it to me. You've got my username - that's more than you'll ever know about the people looking at your data at Facebook.
> "everyone else is smoking, so I should start smoking too"
No, what they said is equivalent to "everybody is smoking but I'll annoy the hell out of them so they stop, and I'll refuse to meet them in person before they quit"
It's an individual-level realpolitik. You (the general you) are welcome to take such a stand if you care to, but the price is that your social opportunities may be severely constrained. There might be other things about you or your life that also constrain your social opportunities, things more important than who has your data, and if that's the case, then taking such a stand may leave you rather seriously isolated.
I would not "choose another path" because those things are more important to me. To be blunt, I'm not sending such data to any individual HN reader because that would have no relation at all to my practical ability to maintain friendships with people in real life.
You may have missed the point that in Europe, many many things are organised via WhatsApp. Kids football clubs, dance clubs, parents' evenings, school closures, social club outings, ...lots of things.
Other people are saying that in their countries, Health Services and bank transactions are coordinated via WhatsApp.
It's not just about messaging your friends, and for many people, "opting out" of WhatsApp is not a viable path.
I live in the UK. I understand that people arrange items via WhatsApp but it seems baffling to me. Why not just use email to notify people??
When you sign up to any service, they ask for an email address. They don't ask for a mobile number necessarily, and there is never a "my mobile number is on WhatsApp" checkbox. Why is the assumption of the organiser that you're on WhatsApp your concern? They have assumed you're on a certain platform, and it's their mistake.
It reminds me of the tidal wave of people suddenly abandoning their own websites and instead using "Find Us On Facebook". They might as well put "Use this keyword on AOL".
Facebook is not the internet, and WhatsApp is not the only communication method.
You can be as upset about the state of things as you want to be -- yes, it's wrong and broken and unfair -- but you can't change the state of things by just wishing hard enough. The GP's point stands, things are organized via WA, even though they shouldn't be, so your choices are exactly these:
- Use WA and participate
- Don't use WA, don't participate
- Go stand in front of the home of whoever organizes the activity and have a little one-person picket parade with angrily-worded signs -- this is the same as #2 but might make you feel better
I am not upset about it at all - I think you are projecting that. I don't use it and it doesn't affect me. I was just presenting the alternative mechanism of using the established communication method of email for notification of events since an email account is requested for most things (tax returns, bank account, most accounts).
Perhaps it's baffling, and perhaps I agree, but one cannot deny the reality. They don't use email, they do use WhatsApp, and not using WhatsApp is effectively impossible for people in that situation.
Seems a bit reductionist of the concept of privilege because everything becomes privilege as there is someone who has experienced worse with few options. For an extreme example, dying with cancer becomes a privilege compared to someone who loses their life immediately in an accident. Only one of those two has a chance to say goodbye as well as prepare their friends and family.
It’s not just reductionist, it’s a misuse of the word in a way that is becoming more fashionable. Buying phones does not come under the meaning of privilege, unless perhaps you’re in prison (I struggle to think of an example that might occur and isn’t patently absurd). The rest of us can walk into a shop, those things that are open to the public.
Hopefully this misuse is just a fad and we can go back to a more sensible use.
Exactly. Privilege can indeed be earned through hard work (without implying that's the only way to gain/earn it), and one is free to use privilege in life. It's still privilege, and the troublesome part is when that goes unacknowledged.
Please describe what you mean by “privilege”. Privileged enough to have a second phone? What does that even mean? Am I also privileged to have a second laptop and a PS4? Should I feel ashamed because of this and why, exactly?
If you can afford to have a throwaway phone with a second phone line of service -- remember, WA must be tied to a phone number, and you don't want to give FB your real phone number, right? -- then you are probably doing better than the average person. Remember all those articles about how the average US resident can't afford a single $400 surprise bill? That's called privilege. Nobody is saying to "feel ashamed" about it, just remember that if you're suggesting a second phone as an acceptable solution to this problem.
That wasn’t me, I did not suggest that. Though your choice of wording is horrendous and your understanding of the term “privilege” is ridiculously wrong and borderline humiliating. It is not a privilege if you earned it by hard work. I spent years, decades of my life learning languages, educating myself in tech, and now you are saying that I am more privileged than an average person because I am earning more? I don’t think so.
On Android you could use Shelter [1]. Might no be as good as as second phone but it heavily limits the data you expose. You can also freeze the app if you don't use it actively.
The biggest annoyance is that Android only allows having exactly one of those "Work Profiles".
>What if I would use a second phone, a cheap one, used only for the whatsapp (and some other essential but privacy invasive apps). I would not have that second phone always with me, but it would provide me access to the social network I need without feeling tracked or providing more data than needed.
This is what I'm doing currently: an old phone used exclusively for whatsapp (with an empty contact list); it always stays at home.
I only use it to coordinate kid's stuff (school, social activities, etc), so there is no problem with me not having it with me the whole time.
You can limit what an app can gather anyway, if you wish. If you would go to such extremes to have a second device just for WhatsApp, there are ways to hide things from it on your one main device, too. I go for microg in order to cut Google's surveillance, and usually allow no permissions on untrusted apps, so all they can get is the IP. You can mitigate that too when needed, though probably with more effort than is practical (accessing the internet is something that can also be restricted from default Android permissions).
When this article went up, I realized that I'd allowed WA to access my Contacts, so I went in and revoked that permission. It immediately reformatted my whole conversation list as phone numbers instead of names. I can't rename the conversation, but I can "add to contacts"... which inexplicably shows me my OS contact editor, which they're not allowed to read. So I guess that as punishment for not letting them constantly vacuum up my contact list and send it all to FB, they make it harder to figure out who I'm talking to. Classic FB.
I have a second dirt-cheap used phone with a disposable SIM card just for WA. But you could make a WA<->Matrix<->Signal bridge (https://matrix.org/bridges/) using a temporary phone no.
I've recently switched to using Whatsapp in an emulator, which is kinda similar. I even almost got a virtual camera working so I can share my desktop screen via whatsapp call (would be super useful for parent tech support). Laptop cameras should work fine though.
I used Bluestacks emulator (and Nox too, one has to be a clone of the other I guess) to run the app. For the virtual camera I used OBS with a plugin to emulate a webcam. This worked for the webcam feed in the browser, but in Windows > Camera it wasn't detecting anything. I got the same results when trying to use an old smartphone as a camera via DroidCam before I gave up.
I tried to run a branch of a charity without WhatsApp and Facebook for two years and it was impossible. I had to give in and sign up.
So, these things should be regulated and operated like utilities. Phone companies don't have the right to mine my contact list, and neither should Facebook.
And tell them what? Please all go install a different app? That only works if you can get everybody on board, it's unacceptable if a parent gets left out because he isn't there that day or cannot get it to work.
You would also have to explain to them that Facebook cannot read your messages, but they can see the meta data. And then you have to explain to them what meta data is.
I think your kid is not going to appreciate your efforts.
The point is that you can tell everybody why you don't like WA, and even come up with a really good way of explaining the problems to non-technical people. This might even work in some cases. The problem is that WA has an enormous head-start in Europe. So maybe you talk around your gym, but your kids' school can't justify switching. Guess what, you're still stuck picking between using WA and missing out on big chunks of your real life.
If you think privacy is important, you have to do something about it.
It's a lesson in civics. To do nothing and say nothing while expecting someone else to fight the good fight is poor citizenship, but it is very good consumerism.
Wow I had a similar experience at university. I only joined Facebook because my course had a Facebook group where we all communicated. Now this same hook exists in WhatsApp. It’s pretty crazy
the issue is that people would probably not want to pay for an app like WhatsApp, and so the 'free' alternative takes hold, and whoever controls that gets the cost of running the infrastructure in advertisement fees.
If some company could set themselves up as a utility, and the mobile network operators were to pay that company to run the messaging app + infra, then it could be made to operate like a utility and nobodies data would have to be sold.
I could remember initially paying for a Whatsapp subscription a couple of years ago, I was happy to do so as I believed they were providing an essential service.
In the U.S., my experience with Whatsapp was that I created an account and never used it once to communicate with anyone, then I deleted it.
I've also withdrawn from social media.
The exception for now is HN, because it's more of a forum, even when bad information sometimes instates itself as reality for a large conversation, like a big gathering of fans talking about their team that will inevitably fail to win or perhaps a bad STD.
I learn what others are doing through direct and intentional communication, even if technology is used or if the information is second-hand. I don't text back or call back immediately, which my friends and family forgive, but it sometimes seems to hurt my relationships.
I still worry of dependence on large companies, big data companies gathering more information about me than I know myself, and the potential of out-of-control AIs. However, I attribute these in-part to my own paranoid thinking that use my memories of large company layoffs, privacy concerns raised in the tech community, and mostly fiction.
While I've come to the realization that the act to trying to be happy and successful is the very thing that makes me unhappy, and I just need to exist, maybe becoming better at whatever I'm naturally good at, while being here and now with those I'm with, giving my service to them... I still keep wasting time replying about things that don't matter.
WA is not particularly good, it's just that I don't know anyone who doesn't use it (in the Netherlands), even when you want to contact helpdesks it is sometimes the preferred way. I mean, we have this in many streets: [0]
Without kids I could see myself getting away with not using WA, but with kids you are really setting yourself up for a very hard time (and prepare to be judged by other (annoyed) parents and your kid will feel the consequences at some point, the kids will miss out on critical and fun information).
WA has almost become what email used to be. Except that it's a controlled platform and we are locked into a single provider, a provider that once promised a focus on privacy and an app free of commercials, forever...
yep, here in the UK everyone I know uses whatsapp. Some people have telegram as well, but WA is the baseline. The only SMS texts I get are marketing and automatic notifications.
It's more reliable than sms - I used not to receive some of the texts people would send me, which caused all kinds of misunderstandings. I ended up doing experiments with friends sitting beside me just to prove my point. The same thing happened to family members.
I'm not sure what the problem was, but WhatsApp solved it.
I don't actually use SMS but I don't think that most people get read/receipt confirmation. The little check-mark system in WA is a big step forward compared to plain texting. Of course, similar features exist in other chat applications, but if the comparison is just between WA and SMS, that's a big difference.
At one point I had unlimited data (2011-ish?) for 5 eur/month and a text was 20 euro cents per 160 chars or so... So I guess providers wanted SMS to disappear here.
>Twitter, Facebook and Google need to be treated like utilities [...]
Our generation is reinventing the wheel here, our ancestors had exactly the same problems with the power, water, gas, telephone and rail networks (at some point in time, all those were unregulated and privately owned) and did exactly that. Critical infrastructure needs to be heavily, regulated if not outright publicly owned.
I think similarly to how europe has forced Banks to interoperate by making them write a protocol that can interoperate, governments need to force social media companies to write down a protocol and use it.
I like the analogy with utilities, but the issue is that we pay for electricity, but we don't pay for our usage of social media. As long as that's true we can difficulty do what I'm suggesting above
I think India's Unified Payments Interface is a better analogy here. From what I understand (as an outsider, so based only on what I've read) it provides a universal API for mobile applications to interface with banks, essentially standardizing the federation of bank transfers. Therefore, your account at bank X can be used to pay an account at bank Y for some service that uses app Z.
I wrote a tweet thread about this which I will post here for convenience:
Consolidation is a debt. You gain market cap at the cost of introducing systemic weakness and reducing broader market innovation. Once a company becomes a fundamental service they need to be regulated like a utility
(I will illustrate with Facebook)
Facebook can get the license to operate it but they also need to open up their API’s so others can build on top. These should become web standards governed by w3c.
Facebook is an interesting case as this system would remove all the perverse incentives driving their business model (no more ads). It would also crash their stock. That value hasn’t disappeared though, it has been pushed out to the edge nodes of their network (specifically the companies building on top of their API’s). My thesis is that this model will increase the overall pot while reducing the share the largest players have.
The knock-on effect of this is that investors will see this as the final outcome and be less incentivised to invest. That may be a problem as we don’t want to stop the emergence of billion scale companies altogether. Therefore a mechanism for the people to buy out the company at a fair legally agreed market value should be in place. This will stop crazy upsides and protect the undesirable downsides. The asset then becomes publicly owned but privately operated according to regulations.
AI would fall under the same model. With open API’s and standards anyone can get the data they need to build new AI companies. Especially feasible if we move towards self-sovereign identities and crypto methods of exchange.
To facilitate more small tech innovation we need to introduce a UBI. It will allow more people take risks with their time leading to more cottage innovation. In 100 years it will be a fundamental aspect of fiscal policy.
Additionally education needs to be refocused on making things. People are not equipped with the skills to build things. There is no better way to learn, grow and generate value. If we want a diversified small tech eco-system economy we need to focus on helping people develop the skills that make it possible.
I don't like the idea of government having full control of these services.
I believe that we need fully decentralized system, much like the e-mail, but realtime and E2EE. Sadly, it seems to me that we're taking the opposite direction. Just few widely used messengers, all of them are centralized, some of them have E2EE, but who knows for how long - EU commission seems to like the idea of breaking in. No matter what their intentions are, I didn't sign up for that.
In essence I agree with you, but let's not forget that in most countries, the government has already complete (albeit strongly regulated) control and access to postal services and everything that is sent through them, and I think most citizens (me included) are okay with that as well.
Furthermore; I'd much rather have the government spying in my stuff than Facebook selling my data to the highest bidder; at least if that were my only two choices.
Are you seriously comparing letters and private IM conversations? I don't know about you, but I received/sent maybe 5 letters in last 10 years, none of which were from/to another private entity.
> I'd much rather have the government spying
I consider this very short sighted and dangerours, but that's your choice.
> at least if that were my only two choices
Those are not your only two choices, that's kinda my point. We actually don't have to choose between a greedy company or a state. The only decision people need to make is centralized or decentralized system.
I share most of your sentiments, I really do. In a perfect universe, we'd all be using fully e2e-encrypted messaging systems. But:
> The only decision people need to make is centralized or decentralized system.
They already have this choice; Matrix and others exist for quite some time already. Yet it is evidently clear that your average citizen will flock to whatever messenger is the easiest to use and is already used by their friends/family. Security/privacy are second thoughts at best, if at all; and even if it were important, grasping the different implications of all the available options isn't exactly easy either.
And since we can probably agree that the vast majority of folks already "fail" to make the right choice in this regard, I'd much rather have a regulated, government-controlled messenger than some company like Facebook. The former is accountable to its citizens, the latter to its shareholders - if I have to pick my poison, the choice is clear.
> Are you seriously comparing letters and private IM conversations? I don't know about you, but I received/sent maybe 5 letters in last 10 years, none of which were from/to another private entity.
...because email and IM exist. they used to not exist and people sent paper letters to each other all. the. time.
now there are places and people I need a particular digital post office company to communicate with - and the worst part is, it's because they don't really care and thus force me to risk giving up my data if i want or need (read - am forced to due to life circumstances) to talk with them.
I think this trust difference is a general division between Europe and US. Europeans generally trust their governments more than private companies, and vice versa in the US. I would assume both have valid reasons for this on their own side of the pond.
For what it's worth, I too would trust the government a whole lot more than Facebook.
That‘s a good observation, and I agree, though I wonder why.
It would seem to me that Americans have had more experiences with bad companies, and Europeans more experiences with bad governments over the past 300 years...
If your public alternative can't win the users then "breaking the monopoly" will worsen the user experience. I don't want to live in that world - consider Telegram, a much better experience than WhatsApp, and it won over many users already. Evidently the monopoly is not as strong as is suggested. Telegram might not exist if there was a risk of losing the company. I don't want to be stuck with bad public software. In reality, when you destroy WhatsApp, people won't use the bad software, they will go to the next player and make it a "monopoly" because it most likely will be a better user experience.
At every step of the way, Facebook has leveraged its size and existing troves of data to undermine and buy out the competition. The goals of Facebook, Amazon, Microsoft and Google are the same - world domination. Same as any mega conglomerate of years past. The difference now is tech scale and the willingness of regulators to allow it to happen.
> They will probably be replaced by another company
Nobody has a chance, but different reasons in each company:
* What we have seen with Google - For a search engine, the more traffic you get the better results you can give (you can A-B test different algorithms for different queries, and optimise results). For new entrants they need to be popular before they can be better, which is a catch-22. Additionally Google has significant revenue which is very profitable because of it's monopoly position, and it can use this to reinvest in search technology to further widen the gap. It's going to take more than 2 people in a garage to beat modern Google at search!
* For a social network, Facebook buy out any potential competition when it's gaining traction to further solidify their monopoly. See WhatsApp, Instagram, Friend.ly e.t.c.
> For a search engine, the more traffic you get the better results you can give
Lately I have been noticing the opposite trend. Google search relevance is going downhil for me. I'm not sure when that started but I noticed it in 2019-ish last two years. Youtube search is so bad (note: I have history disabled), I rely on Google to search YouTube.
Playing cat and mouse with SEO seems to have taken its toll. I find myself going to DDG and Bing a few times a week. Before it was only Google.
> For a social network, Facebook buy out any potential competition when it's gaining traction to further solidify their monopoly.
Maybe, but each of those competitors is essentially a fad, and Facebook forcing WhatsApp users to login via Facebook, to me seems more like desperate move, than anything else.
I agree those acquisitions are IMO problematic, but I am not sure if they are strengthening Facebook, or killing it with a thousand cuts.
Blame Carrier. Modern SMS could have been great, but Carrier didn't want to lose the however minimal revenue they had with SMS. ( Not every countries has unlimited SMS across all Network and across the world )
Or Blame MSN, the Instant Messenger, when Microsoft refuse to admit defeat to the Smartphone platform.
So WhatsApp took over in EU ( I believe iMessages or SMS is still popular in France ), UK, SEA, Brazil, Hong Kong. Line in Japan and Taiwan, KakaoTalk in South Korea. Unsure about Australia and Canada. ( They use WhatsApp but not to the extent of countries listed above. )
And it is iMessages in US. I have no idea why that thing even took off. I have tried it dozen times over the years and every few months it has problem with message delivery, people in group not receiving any messages. Poor Searching capabilities etc....
Telegram has gain usage but for different kind of reason. And I dont see it ever being used in the same manner as WhatsApp.
So most of friends just clicked yes and share their Data. It is important to note despite the increasing hostility against FB on HN, and in Tech Circle, most people in the world seems to have no problem with it. I dont see WhatsApp going away any time soon.
Edit: How does this data sharing fit in with GDPR in EU?
> How does this data sharing fit in with GDPR in EU?
It actually doesn't fit at all. As long as "payment" for usage is based on agreement to share personal data it is illegally obtained consent. Either they are ignoring their lawyers or they should fire them.
EDPS Opinion 4/2017 on the Proposal for a Directive on certain aspects concerning contracts for the supply of digital content, 14 March 2017, p. 7.
"There might well be a market for personal data, just like there is, tragically, a market for live human organs, but that does not mean that we can or should give the market the blessing of legislation. One cannot monetize and subject a fundamental right to a simple commercial transaction, even if it is the individual concerned by the data who is a party to the transaction."
I think iMessage took off, because you don't realise it's not SMS. Open the Messages app, type a message, if there's an iDevice in the other end, BOOM, iMessage.
Where iMessage fails is when the device in the other end isn't an Apple device, or perhaps the contact previously used an iPhone, then fallback to SMS is troublesome.
Most of my familymembers will send an "SMS"... except it's via iMessage, but nobody knows or cares.
I have this problem. I use an Android phone, but have a Mac and iPad. My mum has no idea how to send an SMS to me so will send me messages on iMessage that I don't see for weeks because I haven't used the iPad or Mac (been working on Windows for a while writing code).
I'm in the opposite situation. A friend has iMessage on the computer but just SMS on the phone. There's no way to force send an SMS on iOS anymore. All the guides I've found just mention the "Resend failed message as SMS" but messages never fail, they're just queued on the computer.
Carriers now looking to RCS as the messenger alternative, but if they price it like MMS, they will kill it.
To do it cheaper, they have to give a large chunk of the service to Google, which gives Google the data mining opportunities :(
MMS is free at this point, in many countries. The carriers in those countries will make more money by using RCS, because it will use cellular data (at least if I understand it correctly), which isn't free.
My point being that I don't think many carriers care about text messaging, or phone calls. They sell you a fixed cost plan for those. The only thing that can really affect your price is data usage. If Google wants to deal with the hassle of managing a messaging platform, great, that's money save on running a service that isn't making money anyway.
GDPR still holds. The data can only be used in an aggregated from for advertising purposes within platform (facebook, insta, whatsapp) and not be sold to others. You have the right to have your data deleted upon request.
Ditched it about 2 years ago. And man, it's so hard! Literally everybody uses it here in the Netherlands as well.
I'm getting strange looks every day when people hear I don't use the platform. It's horrendous.
I also really fear for the moment where I've to tell a nice girl I met that I don't use the platform, and that we should use X other platform instead. I can imagine that to be a letdown or to be weird. That's insane to me.
I got used to the strange looks. I got the strange looks when people heard I didn't use Facebook. If you asked them to sign up to a website on the Internet that was popular in your circles just so you could be friends, they'd refuse, eg. "please sign up to basschat.co.uk because all my friends like bass guitars".
If their friendship relies on you installing an app on your phone, that's a very shallow friendship isn't it?
> If their friendship relies on you installing an app on your phone, that's a very shallow friendship isn't it?
This argument doesn't make sense. You can't just ignore practical aspects entirely and justify it with a cheeky "if they're truely your friends they'll accomodate ahah".
Sure if I want to send a private message to a friend I don't care whether its via SMS or whatsapp, but if I'm in a group chat with 5 of my friends I won't send a transcript of the conversation to the one person who doesn't participate.
Why not inform your friend of the outcome? Half of the group chats seem to be utter nonsense until a final outcome is made, particularly with arranging something.
Or would you not want your friend to attend?
The choice is: do I want my friend to be included in my activities?
The choice is not: do I want my friend to be included and also send all of his data to some people I've never met?
Your idea of friendship is rather strange. It appears to involve other people arranging your social life for you on your behalf, and then presenting the plans to you for your approval via the communication method of your choice.
As someone who lives in the Netherlands, I feel your pain. I don't think I can get my contacts to really switch to something else, and even if I could, new ones would use WhatsApp anyway.
I think your fear depends strongly on how open-minded/techie the girl is, though: I've used Signal to communicate with all of my Tinder contacts, but I will admit people remark on how it feels like a 'drug deal'.
That sort of behavior is very selfish, wouldn't you agree? You expect everyone to be annoyed and go through the hassle of contacting you, when you can't even keep one app installed to communicate with all of them.
And in a lot of countries you wouldn't lose access to "some groups" but you would lose access to ALL of them, from social, to every other group.
Sadly the law is written in a way that let’s the optional part be disregarded if the business considers the data that’s being shared necessary to run its business model... and advertising companies like Facebook will argue all data can help them sell ads better or for more money, hence all sharing of data shouldn’t need to be optional. This has yet to be tested in court, but both google and Facebook have taken this approach in their implementation of gdpr, leaving us wondering what the point was anyway... law without teeth :( the eu should have already slapped down google hard for their lack of an opt out, but it’s been years and still nothing. Seems the law makers aren’t really on the side of privacy after all.
Here all the kids use it as soon as they get a phone. If they can't write yet they'll send emojis (!!). The minimum age is just a meaningless smoke screen.
Yes, usage by kids is a real problem. My child is one of only two in the class that doesn't use WhatsApp. All the others do. They have what they call a "class group", even though not everyone is there.
When I try to tell parents how much Facebook learns about their kids (their friends, networks, and by merging data from different sources: habits, school, frequented locations, etc), they just roll their eyes. The response is "well everybody is tracking us, who cares".
All this even though there is Signal, which works JUST FINE.
Children luckily are much more flexible and chop and change with the wind. It's the older folks once something is established it ends up becoming bedrock and super hard to change. Parents/Adults are busy if something 'works', there's a lot of resistance to changing it.
Yes, though I feel like people are finally (slowly) waking up to the problems here. Both the US and the EU are finally looking deeply into Facebook and other big tech.
I don't think politicians are going to solve the problem for us entirely, but a bunch of us have been working on technical solutions for decades and they aren't the entire answer either.
A little regulation combined with the right alternatives may go some way. I'm optimistic, though we have a very long road ahead.
Thanks for the positive outlook among many negative ones :) I hope we can find a good alternative in the market. Anyone know of alternatives that allow end to end encryption with group chat support so far?
In Norway WhatsUp is popular, but my dentist still use SMS and email, and so other businesses that I interact with. My son’s school has own app for communicating with parents and teachers use Teams to present online lectures. My son uses Discord to talk to friends, but I think he is an exception.
What is really problematic is Facebook monopoly for organizing any social activities or events. There are simply no alternatives especially among 30-50 years old. Like the saying, “What parents were afraid video game would do to children, Facebook did to parents.”
I'm in Europe, and I'm doing it to the best extent that I can: no permissions allowed to whatsapp, no profile picture, no read receipts, no notifications, sending a standard message to all personal groups that 'lads, I'm moving to signal, ciao'.
Beyond that, I will not entertain personal messages on whatsapp, only work related. Each new person will be greeted with "Do you mind awfully if we use Signal?" Does this come off as self-important? Sure. But it helps that I don't care too much if it does. I had the same attitude quitting FB and Twitter too, I just don't need people that much. I don't have a 100 friends anyway. I have like 15 that I really want to keep in touch with. Those 15 will understand.
What when other new person suggests Telegram? I have like four different messaging apps on my phone: WhatsApp, Telegram, Wechat and Link. Don’t need one more random app lol
I’d love to switch to telegram, but their default messages aren’t even end to end encrypted. And secure messages are not available for groups. So it’s not a great option for privacy actually.
Not only Europe and UK, LATAM is also pretty much governed by WA. I remember one time I had a visit of some folks from Canada, they were very surprised that we used it as our main chat/communication app. When I asked why, they said "we don't hear from it (referring to WA) that much, we all just use iMessage" I guess in their context/community most people own iPhones.
Yep, in Australia I had basically never used WhatsApp. It's barely a thing. (However, Facebook Messenger dominates there, so it's not as if the privacy situation is any better, Facebook Messenger is just a better app/website to use).
Here in the UK I am literally required to be on WhatsApp to live in the building I currently live in. I have no choice in this matter. It's just the default messaging service for everyone.
If you join any kind of club? WhatsApp group. If you want to talk to someone about renting a room or apartment? WhatsApp chat. Live with housemates? WhatsApp group.
Plus the whole fact that if I deleted facebook, I would cut off contact with my friends and family (I can't expect like 25 people all to switch messaging services just for me). I would lose access to my thousand-dollar Oculus VR headset (I hate them so much for buying and linking facebook and Oculus, and hope a better competing standalone headset comes out).
And don't forget, you can't use an Oculus Quest with a blank facebook account you made just for that - they actually check that you're really using the account and force you to verify with photos and ID.
They are the absolute epitome of evil. Facebook, in many ways, but particularly in regard to Oculus, is a moustache-twirlingly, cartoonishly evil organization.
Could I just never buy an Oculus? Hopefully one day. But when not just your hobbies, but also your study and skillset and career prospects are right in that industry, you swallow your pride and make a damn facebook account.
I was also required to be in facebook groups for university classes back when I was a student. I HAD to be on facebook to get a degree. And for an amateur theatre group I joined.
Not to mention everything going on with misinformation about elections, vaccines, etcetera etcetera.
Some of this stuff is now moving to Discord, which is probably better than anything owned by facebook, but being better than facebook is a damn low bar, and Discord is still ultimately a for-profit corporation that would sell your soul if it made them a dollar.
This "just stop using it" attitude you always get on Hacker News and reddit about facebook and their various messaging platforms baffles me. Do you people not have lives? Jobs? Friends? Family? If you (in or out of a pandemic lockdown) want to do just about anything outside your house, or a whole bunch of things inside it, you need to use Facebook services.
It sucks and I've love to stop supporting them but it's not like most of us have a realistic choice.
> This "just stop using it" attitude you always get on Hacker News and reddit about facebook and their various messaging platforms baffles me.
Unfortunately, seems that for many people on HN, HN is almost all their online social interaction, + tech people on signal/mastodon. Some don't seem to understand the concept of having family and friends who are not tech-savy (or even hate tech). Or understand the concept of social capital.
> I can't expect like 25 people all to switch messaging services just for me
It’s not “switching”, they can start using another app and continue using whatsapp. I’ve done it with my family at least twice during the last 12 years, it was not that difficult.
When I lived in Russia my doctor messaged me via WhatsApp. I'm American so I was a little culture shocked, I don't know if this is standard procedure or anything but it illustrates how ubiquitous WhatsApp is.
I'm so anti-Facebook now that it's a part of the way I identify myself, and for all that I can't delete it.
I maintain contact with a friend in Germany via Whatsapp or Facebook messenger, and in this case it would be possible to use email (which is not nearly as casual as firing off a message in your spare moments) or some other service but it doesn't solve the problem about friend groups.
I have friend groups around the world that my only way to participate in is Facebook. I believe moving abroad is in my future again, and Messenger is detestably the only real way to keep up with my friends back home. Leaving Facebook and Messenger is like leaving a bar I hate; I'm only here for the people and I wish we could go somewhere else.
I've lived in Germany for years and I do feel like, if we're going to stereotype people by nationality, they're one of the most privacy-sensitive groups you'll find. This is the country where, by law, if somebody picks up a (land-line) phone in the house, any other phone currently in use has to shut off. I'm not saying you can definitely convince that friend to get off WA / FB, but it's worth a shot.
(I don't know what to replace it with -- I mostly use Hangouts but it really feels like it's falling apart.)
For younger friends, I found that they can sometimes install a 2nd messenger, depending on how close you are. Of course, if they already use 2 or 3, you might need to use one that they have.
I would suggest to check if they use Telegram/Line/Kakao/Hangouts, or suggest it to them. They are all closed source, but at least is the lesser evil?
I am in europe, switzerland and plenty of friends in austria. Yes many of my social circle have whatsapp but none is using it exclusively as it was some years ago.
People have the choice and use it. Not sure what is holding other circles back?
I havent had whatsapp in 4+ years and only rarely have to fall back to SMS
What is the alternative are your social circles using? SMS is the only alternative with a wide install base and the experience is inferior to WA,Telegram etc.
In France, SMS is still the most common, even though it is declining. I think it is historic: we had cheap unlimited SMS plans before internet data plans were common.
WhatsApp is popular but not a monopoly. Not really something to celebrate since its main "competitor" and #1 instant messenger app is Facebook Messenger. Skype and Discord are also significant, and I expect iMessage to be important too.
Based on all the groups my wife is part of, it seems other people get absolutely nothing done in life since they appear to be sending pointless messages on a group constantly. Her phone is constantly buzzing, and 99.9% of it is utter nonsense.
It seems to me that the inability to easily message a group would be a bonus and not a loss!
Net neutrality not existing helps WhatsApp and other services here, one cell provider for example offers 1 year unlimited WhatsApp+Facebook including voice and video calls for a total (not monthly!) cost of 3USD on a prepaid chip. So you can't call, you can't write SMS, you can't use the internet but you can use WhatsApp for almost no cost. If you are on a budget this is a no brainer, for comparison - 5GB full internet access on the same chip is around 5$.
How are you going to break such a monopoly supported by providers? At this point it is something all providers do so if one starts offering it all other providers have a competitive advantage because everybody is already using WhatsApp. I am not sure if Facebook pays these providers, my guess is not - they are pushed into this by their competitors.
Net neutrality is very important to not let this happen. Similar deals exist for other popular services: Instagram, Youtube, TikTok, Spotify, Snapchat, Twitter, Netflix to name a few
>how much of a monopoly WhatsApp has in Europe and the UK
Everything you said applies to the Indian subcontinent, SE Asia and South America which form the bulk of the WhatsApp user base as well but with lesser or no scrutiny whatsoever when compared to EU/UK.
It's a little more nuanced than that. I don't question that WhatsApp is huge, in some countries and social circles, but it's by no means dominating across Europe.
Personally I'm not really sure who's using WhatsApp, I know two or three WhatsApp users. They all use it because they have friends other countries, mostly the middle east.
If RCS actually becomes a thing, then I don't see much of a future for apps like WhatsApp.
I have no reason to believe it will ever take off: It's been dead in the water since 2012 or even earlier. It doesn't support end-to-end encryption. Carriers would like to charge for it.
Assign everyone an IP V6, there's plenty. Then treat that as our internet phone number. Define a chat protocol that contains the very basics and everyone has to support that. Want to send a chat, you have their IP V6. Exchange using QR code. No server necessary for the basics. If a text fails sending device can keep trying or just give up.
This approach ignores all the aspects that made whatsapp / chat services popular in the first place. A short list:
- Contact Discovery
- Group chats
- History / Log
- Shared message order
- Communication beyond text (emojis / reactions / inline images)
- Ability to receive messages while offline
- No need for technical skills
These aren't trivial features, they are prerequisites for any replacement, decentralized or otherwise. Just because we as developers like / tolerate things like IRC doesn't mean the rest of the world will accept it.
Unfortunately, IPv6 addresses have to be assigned by someone, and they typically change when moving around/changing provider. And you have to go trough the firewall...
I prefer something you can generate yourself, like encryption keys. That's the approach taken by yggdrasil (and cjdns before): generate an encryption key, map the public part to an IP address (there's almost enough bits in v6). Plus, it can easily be end-to-end encrypted.
Another plus is that you can generate as many as desired.
As for the protocol, Matrix is experimenting a bit with going p2p.
"Be the change you want to see in the world" -- I'm gonna have a go at switching as many people away as possible; friends, family, co-workers. It's all about critical mass so every step in that direction is a step toward your school and local community communications being on some alternative platform instead.
Why not make a local WhatsApp<->Signal bridge using Matrix (https://matrix.org/bridges/) and a disposable SIM card, and just use Signal app on your phone?
Same case here in India, Sucks to have these apps despite knowing what they are doing just because your School or College groups are on these platforms. I tried educating my fellow mates about this but seems unlikely that it will have any effect.
While WA is near ubiquitous in Germany, from my own experience many non-technical people in the UK prefer Telegram to WA. WA is the only way I can reach some of my contacts in Germany, but with my UK contacts I can avoid it altogether.
Just an obvious point - you don’t have to “change”. You can install both and use signal as much as you can. This costs you almost nothing, maybe just a little app switching. Not much to pay for a better world.
no they don't need to be treated like anything, they are completely new thing, so if you think that their dominant market position is an issue, they can be forced to implement public api(open standart), therefore unlocking their userbase and allowing infinite competition
Almost all public utilities have started as private companies of some kind. Broadcast, telecom and railway companies are the most recent examples. They started as private companies but then, due to limited spectrum, unification pressure, needing to include everyone including remote places and wasteful duplication got transformed into publically owned or at least publically licensed and regulated utilities (depending on which utility and country you are looking at).
So, while they are not yet public utilities, they should be turned into such.
I am in the EU, and this is what I have been presented with:
„ By tapping Agree, you accept the new terms, which take effect on February 8, 2021. After this date, you’ll need to accept the new terms to continue using WhatsApp. You can also visit the Help Center if you would prefer to delete your account and would like more information. To learn more about how WhatsApp processes your data, read our updated privacy policy“ (with an Agree button underneath).
I could close the window. But there is a hard deadline apparently: Feb 8th.
F* you Facebook. I‘d rather stop using Whatsapp altogether.
Edit:
Will start using Signal app, and for the transition period I‘ll keep an old smartphone with a throwaway Sim card and WhatsApp installed on it to keep updates from absolutely necessary groups I need to be part of.
As I understand it even with click thru agreement like this it is still illegal in the EU. Could be an interesting case on the way... I believe that WhatsApp only real option in this case is to stop serving the EU, which I feel as an EU residents could only be a good thing!
In addition, I vaguely remember something about the acquisition of WhatsApp by Facebook to be only approved under condition that exactly this kind of data sharing would not happen.
Although I have my doubts about it happening soon, because the immediate impact it would have on real everyday life could by rather disastrous initially (something Facebook no doubt is aware of), the EU should probably declare/certify Facebook as a rogue/criminal organization. I just can't see it any other way, with Facebook's blatant disregard for anything but its own greedy interests.
If Facebook keeps pushing their "luck" like this, it should simply have all its assets on EU soil frozen. If eventually rules a criminal organization, confiscated too. It would be very sad and unfortunate for any EU citizens working for the company, who no doubt have no say in Facebook's criminal enterprise. But the current status quo is becoming completely unacceptable.
History has plenty of lessons, about criminal organizations rising to (hard to defeat levels of) power. In many cases more than anything because both societies and governments/authorities failed to respond appropriately in time, when they still had a fair chance containing those (with far less effort).
All that is even without opening the can of worms that is the access US government agencies have to all of Facebook's data.
Signal is run by someone who hates repeatable builds and open platforms. Telegram is to the russian government what whatsapp is to the US government.
That is to say, both options are bad. Of course it is conceptually better to spread your information over many separate information silos so that your data is harder to correlate. That should not be the bar we aspire to though.
All of these apps seem to hate open platforms and third party clients; Signal just as much as WhatsApp. I wouldn't even mind using WhatsApp if I could just open a browser window on any modern computer and log on like I can with Twitter. But no, I need to have a smartphone with either Android or IOS. They all want that magic unique personal identifier that is the mobile phone number to prevent you from having more than one persona, and they all want their closed apps as the sole way of using their service.
Of course, that requirement is exactly how they implement the user lock-in, so it's not going anywhere until legislation forces them to open up.
I don't think it's the Russian government you should be concerned about when using Telegram. Sure, TG is far from a secure platform, but the Russians have spent considerable effort trying to shut it down so out of all the possibilities, I'd say TG being in Russian hands is among the smallest.
I've heard that before and the idea is reasonable but I must say if they've actually pulled of that stunt then it is amazing because I've seen nothing to suggest so despite being aware of the possibility for years.
> I know you’re not engaging in good faith but I’m adding this more for the benefit of onlookers
That was uncalled for. Please adjust your troll-detector and I'll adjust my wittyness dispenser ;-)
I am serious even when I'm joking, but I have never heard anyone saying that in full seriousness and also it feels like we should have known something: even the Russian secret service isn't perfect, in fact they've done some really big mistakes the last few years (in addition to their deliberate "mistakes" that they seemingly do to show off.)
that'll never happen - WhatsApp is almost WeChat for Europe, it's ubiquitous and the network effect is so strong you'll really struggle to get masses of people to switch away fom it.
99% of people outside of the HN bubble will just look at the dialog, click OK and carry on as normal.
Instead of surrendering we - technically aware people - should think about possibilities to make them respect privacy or think about ways to change the situation.
Yes but not clicking through the shrink-wrap agreement isn't a real way to do it. Legislation that requires people be able to say no to data collection without loss of service would go a long way.
I did the same. Mixed reactions, some shocked, some shrug and move on. And my friends are academically educated and relatively conscious of this issue I believe. Probably not the most representative sample...
> If you need to force people to use alternatives it's because they are not much better to begin with.
This isn't necessarily true - that's basically the problem with monopolies and the point of anti-trust. The network effect really can entrench an inferior product.
That's not a useful definition of better though. WhatsApp, Messenger, etc. are better because they're reliable and the people I want to talk to use them.
MMS messages are hot garbage but they're still better than a lot of alternatives because everyone with a phone can receive them.
Main reason I use whats app is because everyone else I deal with uses whats app, not because it has specific features. I could probably list a different chat app and social networking site for every time I switched a school and when I started to study.
I do personally believe that for all its faults WhatsApp is the best. It’s a pity about that but I guess FB have to pay all those great developers somehow. It’s up to regulation to set the boundaries for what’s acceptable in business so let’s see what happens.
> It’s a pity about that but I guess FB have to pay all those great developers somehow.
They could just run it as a paid service again? They had a minimal annual charge before the Facebook acquisition and probably could have raised that, instead Facebook made it "free" which should have been a warning sign of things to come.
One of the reasons the founders left was that FB wanted to put ads and track users, and didn't even want to try to make a Business paid version like WhatsApp proposed.
> Telegram is not even encrypted by default and there is no option for encrypted groups.
Friendly reminder that encryption is more than E2E-encryption despite what certain people on HN thinks.
Telegram is encrypted point-to-point by default. Same as banks, modern mail etc.
Can we stop spreading technical misinformation now, please? There's plenty of other issues with Telegram and if we stop crying wolf over the neighbors grand danois people might actually believe us when there is an actual wolf.
Who cares if it's "technically illegal" if there's no fines for it. I seriously doubt that the EU will grow teeth anytime soon (but I hope to be surprised!).
Yes, but both are examples of the EU not actually wanting to do the right thing, even if the courts say so. Privacy shield was shot down by Schrems in court, only to be replaced by the EU mumbling about "standard contract clauses, just do the same as before". No billions in penalties in sight.
Same for the Apple (and others') taxes in Ireland: While the Irish have been told by courts and the rest of Europe to collect the taxes they are owed, they just refuse to do so.
No you're out of date, the standard contract clauses thing was blown out of the water. It's a big problem for Facebook, not sure where it's at now.
Also your understanding of the Apple case is a little out of whack too. There's a lot of subtlety to it, but basically the court ruled in Apple's favour on a technicality and there is a revised appeal pending.
So you are going to move from one centralized, walled garden, privacy hostile platform that hard requires Google/Apple ecosystems to get signed updates... to another with identical drawbacks.
I suggest something that lets you use any client/platform you want, uses the same crypto primitives, and lets you choose what server/country your data is hosted in and change your mind any time, e.g Matrix.
How many times do centralized services like VK, WhatsApp, Instagram, Apple, etc need to get co-opted into enforcing the will of private entities or governments before we learn our lesson?
The only network services this won't become true of at some point in the future are those with decentralized clients and servers obeying a common documented protocol.
Matrix is riddled with bugs. While I agree with you that signal isn't all that great (they do some really good stuff and then make some really weird trade-offs), I've recently compared Signal, Wire, Threema, Jami, Briar, Element/Matrix, and Keybase.
The most mature app is Signal. It has the best usability to privacy trade-off.
Threema is the better choice if you don't mind not having a usable desktop client. For me that's a total deal breaker. It costs a one-time 5 bucks and it's totally worth that, if only it had so much as a usable web client (you need to open your phone and navigate two menus to enable the web client every time your phone changes WiFi or anything).
Wire is the better choice if you can sacrifice a tiny bit of usability for better privacy. It's sluggish is all, and (like Signal and most other services) uses AWS. Full disclosure: I was involved in a paid audit of Wire so I know more about the encryption protocol than I do about the other clients'.
Element/Matrix is the better choice if you'd rather make a trade-off towards privacy. Presumably the clients will mature, and between two years ago and one year ago they've made good progress. It's going less fast today but I still see things getting slowly better, and the decentralization works very well and fairly easy to setup.
If all you really want is a better privacy policy and want to ensure people stick around and don't uninstall it, Telegram is by far the usability winner and has a large network effect already. But it's a trade-off with the devil because there is zero encryption. They could ransom or sell our chat logs any time.
Briar and Jami have limitations that make it unusable for general purposes use with your mom. Facebook and Google's messengers I didn't look at for obvious reasons. Keybase was never end to end encrypted to begin with and now Zoom bought them so they'll probably shut down soon (also, bugs).
Rocket.chat seems only aimed at business users.
You can also do OTR over any platform you like, and I still have to try this overlay encryption system on Android (I forgot its name).
>> I was involved in a paid audit of Wire so I know more about the encryption protocol than I do about the other clients
Seeing as you mentioned Threema in the same post, I think I ought to step in here.
The encryption protocol for Threema is open source, using standard algorithms, not something they invented.
You, like I did for $my_org, can write your own software to send messages to devices running Threema using the Threema API.
Message contents are, of course, encrypted before submission to the API. Threema provide a number of SDKs to help you, but you are under no obligation to use it, you can write your own API submission client from scratch.
P.S. Not saying Wire is bad here. Wire is good. I use it alongside Threema myself for $other_uses. But I'm saying don't write off Threema under a false understanding that their encryption protocols are closed source.
That's a good point. Threema using standard libsodium cryptoboxes makes this easier to reimplement than these Axolotl-like protocols. Still, Wire has a bot API so you don't need to reinvent the wheel to integrate in a chat. Not sure that's any harder than using libsodium.
Afaik Signal doesn't have an API or SDK, there only seem to be third party implementations for bots.
Signal will by design likely be more stable than Matrix in the short term because it is a centralized dictatorship.
China can move fast for this reason too.
You have to decide if the long term consequences of a fast moving dictatorship are worth giving up the freedom of a sometimes messy democracy.
The internet is too important to herd all our services into control of dictators, no matter how benevolent.
We survived the dialup days for all the UX hell of many providers without giving AOL exclusive control in spite of them having the best UX.
I hope we can do the same with something as critically important as worldwide internet communications, but the marketing of dictators and their ability to move quickly is sometimes too hard to resist until it all backfires spectacularly.
That's what they want you to believe for some reason. Moxie went so far as to talk in the biggest hall at the last chaos communication congress about how important it is that we don't use decentralized services and clients.
I'm not buying it. Look at Matrix and tell me it's holding them back.
What's holding them back, perhaps, is not having a shitton of money in the bank like Signal, and they're actively supportive of decentralization which costs developer resources. Signal (or Matrix, for that matter) could not spend dev time on decentralization and just let the open source community do its thing. But that's not what Signal is doing, they're instead actively hostile towards it.
Or look at Telegram, they have an open network and third party clients. There also are unofficial clients that some people use. But what does the 99% use? The official clients. Signal's argument is that people might use insecure, unofficial clients. In practice, that's not what your average mom will do. (And it's not as if the official Signal app was audited either.)
I'm also not buying the "China can move faster" thing. They can be more oppressive without consequences, but is that really better? Does that "centralized dictatorship" allow them to be "more stable"? It's easy to say, and easy to see how indeed an oppressive government's decree can change things from one day to the next, but on that scale I think you need to consider more things than I am qualified to do before you can really say whether that is a superior system in a given situation.
I guess we conclude the same thing in the end, though, as you say "The internet is too important to herd all our services into control of dictators, no matter how benevolent."
> I'm not buying it. Look at Matrix and tell me it's holding them back.
The main argument against federated protocols playing well with security is that they have a harder time evolving. The example always given is email. Once Matrix has reached 500M users and several server implementations with less than 20% market share each, how can you be sure that it will keep improving contrary to email protocols? WhatsApp switched to E2EE in a matter of months, but most of our emails are still plaintext on the servers.
I like and use Matrix as a replacement for IRC, but I don't think they will catch up in terms of security with Signal in most practical situations (meaning, I want to send a message to a non-technical person). Both because of the fossilization associated with federated protocol (see above), and simply because developing a federated protocol is way harder and less forgiving than a centralized one.
Your argument about the "99% use" means that first that you don't need centralization if it's already centralized in practice, and second that it brings very little benefit (benefits only 1% of users). At that point, the (possibly low) costs of decentralization are not worth it.
Signal did not have a shit ton of money until a year or two ago. I like Matrix but it's main issue is still UI/UX on clients (especially around key management) - which is slowly getting better but still too complex for normal non-techie users.
> Wire is the better choice if you can sacrifice a tiny bit of usability for better privacy.
Do you mean better privacy than Signal? I was under the impression that Signal was significantly ahead of Wire in this regard with features like private groups and private contact discovery.
Private contact discovery and other metadata protection claims are largely security theatre. SGX is entirely broken and those with physical (and sometimes even remote) access can dump keys at any time.
They pinky swear they always patch and never dump keys when they have the chance though.
It's a security theater not only because someone broke it, but also because you can always just look at which IPs talk to which IPs. Even Tor has issues with preventing traffic analysis, except with Signal you can observe (or trust) a single party (instead of the guard and exit nodes) to get the data.
It's more of a trust thing than something you can technically solve while still having features like real-time calling. Hence Facebook being objectionable despite having encryption.
They're both hosted on USA-based services, they both have proper encryption on the client and apply it also to calls and video calls. There is no significant difference to me in terms of privacy.
Usability is slightly different, yes, and you might also trust Signal more because they do better PR (they say outright that they're from the USA and get money from Facebook, while Wire has devs in Berlin and claims to be a German company, while taking money from USA investors... which imo comes down to the same thing), or you might trust Wire more because they were actually audited at all.
For a family that are all on the same server, Nextcloud Talk is also nice and "relatively easy" to set up (and 0 effort when you already use Nextcloud). I am still desperately waiting on Talk being able to use the federation features of Nextcloud (so you can chat to users on other servers). That would increase my usage a lot, my parents are on another server (which admittedly also runs from my basement) and I have colleagues with their own server...
I do use Signal and Telegram with some friends, I really find the difference between WA and Signal to be small. Telegram though is a lot nicer as a platform, it has some channels I'm part of and the desktop client is much better. But this comes with privacy/security trade-offs as mentioned in this thread.
I also use Element.io for some channels and groups. I find it surprisingly nice. I may set up a server myself soon.
As someone who doesn't use WhatsApp, thanks for mentioning WA and Signal are not very different and that Telegram has better UX. That matches what I thought, but I didn't know and I was a bit worried what I'd be signing my family up for when asking them to switch away from Telegram.
Yeah, Signal used to handle changing phones pretty poorly but that is sort of solved now (you can store your groups and phonebook in the cloud behind a pin). Other than that it is really nice. The desktop client is arguably better than WA's web solution, although I have run into non-syncing messages, but, you can use the desktop client with your phone off, which is a major + imho.
Honestly, Signal is just super high quality when you take into account how privacy focused it is, I could easily replace WA with Signal, apart from "the network effect".
> you can use the desktop client with your phone off, which is a major + imho
Indeed, if it has to go through my phone it's nigh unusable in my opinion. Wire and Element/Matrix handle this properly since they don't depend on a phone number in the first place (so no need to tie it to your phone), only Signal and Threema are somewhat of a pain in this regard since you need to link it, and only Threema absolutely requires your phone to be online all the time.
They lie about encryption. They call themselves an encrypted messenger when they're not, at least not in the way that people expect nowadays. I volunteered for their support team a few years ago but was rejected because the first test question was about their encryption and I refused to lie (I said regular chats are encrypted but only to the server, i.e. that Telegram can read your messages which was true then and is still true today, and that you need to use secret chats for encryption.)
I ended up adding a paragraph about it anyhow but that's why, when starting to write the post, I didn't add Telegram to the list. There is also rocket.chat further down that I didn't mention on top, fwiw.
I should maybe have put it in the list on top. I initially listed only the encrypted messengers, but later decided to add a paragraph about Telegram anyway.
I don't like Signal's stance on forks (which is that they are allowed but may not use the official Signal network) but it hardly has identical drawbacks. Signal is open source, can be downloaded as an official APK and can be run on LineageOS without Google Play (notifications do require some emulation of Play Services calls, but that can be provided using MicroG).
"hardly has drawbacks" My notes on Signal contain the following:
+ It usually just works
+ Reasonable desktop experience (needs to re-link once a month or so, but otherwise independent and not terrible UX), good mobile experience
- Metadata handled by Amazon
- Phone number is a hard requirement, and changing your phone number means re-connecting to everyone
- Funding comes from Facebook from what I recall, and even with large amounts of their $100M invested, their expenses are 8 times larger than their income.
+ At least it's a foundation and their finances are not a black box!
~ With a build from an untrusted third party, you can make it work on Androids where Google Play Services are intentionally firewalled off.
~ No audit of the clients. The protocol, sure, but most bugs aren't introduced on a protocol level.
These are only things they could solve, i.e. that others do better. That their contact discovery solution (where you upload your phone book) is broken isn't a downside because nobody else has that figured out either.
That's rather broad, which metadata are you thinking about? Especially given the sealed sender feature. Assuming you have access to everything at Amazon, what can you deduce about Signal users?
I can think of:
- IP address (you can tell that this IP address sent some Signal message)
- size of messages
- timestamps of messages (when they were received by an Amazon server)
IP address leaks a lot of information but there are still workarounds, and it seems reasonable if you're in a no-trust model (meaning Signal's servers wouldn't be any better than Amazon's). In any case, that's way less information than other mainstream messengers.
On the other hand, one distinguishing feature regarding metadata is groups: group membership is not known by anyone outside of the group if I understand correctly, contrary to WhatsApp (and others).
The author is a toxic dictator who hates the idea of ceding power so that they can have a constructive and open protocol for everyone. That means the app should never be used, by anyone. If you're going to use software like this, you may as well stay with whatsapp - at least that has a lot of users.
I see mention of the toxic dictator stuff and non-reproducible builds mentioned through this thread - do you have info on that you can point me to? I am asking because a guy at work wanted me to install Signal as voice call quality on Duo was appallingly bad. Thanks in advance.
You can read about the stance in question on a lot of github issues, one of which is this one: https://github.com/LibreSignal/LibreSignal/issues/37 (not actually the signal repo, but moxie talks about the need for iron control over the platform). You can extrapolate consequences pretty far from what is said there, consequences which are well understood by moxie (if nothing else, you can see that time was spent thinking about environmental factors). To me this attitude is baldly toxic because it makes the world worse (in that it reinforces the opinion that centralised is better, which is at the heart of so many problematic digital services).
Thanks. Reading that thread, I think he is saying that he wants to remain centralised and federating third-party servers and traffic isn't his plan.
I know in theory that sounds "bad" but it's their service I guess? In the real world, centralised services seem to be the norm, eg. the postal service. They don't let random third parties take the mail and also mandate that you use their postage stamps to use their network, and only accept mail at their post boxes and mail offices. They don't let people inject mail into the vans along their postal routes, and don't forward mail that is from another delivery company, eg. DPD, DHL, FedEx.
I am not sure how else it'd work?? Surely it'd be like expecting the postal system to deliver FedEx's parcels, whilst not paying the postal system anything at all. That's unfeasible and unsustainable.
There's e-mail for one. A great good everyone uses, which is definitely decentralised (much to the chagrin of a few large providers, which continuously act in bad faith to centralise it as much as they can). Signal could have been that, but for (mainly) mobile messaging. Because they went the jaded route as you do it's now just another way for one person to apply his dictatorial view to the masses. I agree with you that in a mountain of shit you won't really notice a little bit more shit, but that doesn't make it anything but shit. It could have been better, it is not. That's something that deserves a little lamenting.
I can only guess but it may relate to Moxie's at times somewhat brash behavior in Github issues and an ongoing debate over centralized vs decentralized protocols (with him advocating the former). He gave a talk addressing the (de-)centralization topic at the Chaos Communications Congress in 2019:
How would we know? The signal app as most people understand it cannot be built in a reproducible manner. This means that most people will be using something that may as well be compromised. The author does not care. It doesn't matter what the source code behind it is, as an entity signal is hostile to everything a good messaging app should be.
The Java classes making up the application proper have had reproducible builds since 2016 [1]. The Play Services Signal relies on don't, but there are open source alternatives.
Another key difference would be the business model.
Signal being a non-profit[0] does not provide any guarantees for the app to not become 'hostile' in the future, but any such development motivated by personal profits would at least require a change of organization type, which I assume wouldn't go unnoticed.
It was well noticed when WhatsApp changed hands to Facebook, and yet the vast majority of users didn't move to anything else because of network effects.
Once users are in an ecosystem it takes years to convince them to change and only after they hit a high discomfort tipping point.
If Signal ran short on funding and got bought by Google or Facebook all the tracking would kick in and most users would stay.
We must stop herding people into walled gardens. It is unethical and always backfires.
Moxie highly discourages using the APK because it means turning on untrusted sources which is highly unsafe and bypasses signature verification.
It is one BGP attack or compromised CDN admin way from compromising the masses.
This is one of the few points I agree with moxie on.
The only safe way to install software on an Android device requires you bootstrap trust via a system supplied package manager that enforces signature verification.
Lineage grabs unsigned binary blobs from a separate account with little accountability ( https://GitHub.com/themuppets ) to limit the blast radius of illegally distributing them and does not ship a package manager at all.
They expect degoogled users to do disable system signature verification to use an alternative app store like F-droid. Lineage is great if you want to turn an old device into a game system or something, but it should not be used on a device you need to be able to trust.
The only Google-free option to have a signed system-verified app supply chain on Android is use a ROM that bundles F-droid as a system trusted app manager like CalyxOS, RattlesnakeOS, or my projects, aosp-build, and #!os.
While F-Droid is far from perfect it is the only alternative path and Moxie refuses to allow apps to be distributed there because he openly admits he wants the usage metrics that come from Google/Apple distribution.
In effect, you either use Apple/Google ecosystems to run verified binaries, or compile yourself every week or two.
APKs do not bypass signature verification. Android still requires all apks to be signed, and only installs updates to apks that were signed by the same original key.
As for BGP attacks, the apk is distributed using TLS, so it needs more than that. That being said, CDN hacks are definitely an issue. But so is someone hacking their play store account or Google play itself.
You have to turn on untrusted sources to sideload an APK. It will verify a signature. The problem is the OS has no anchor to know if that signature is by the key of the party you expect, or that of a malicious adversary. Once you pin the wrong key it is like getting a bad HTTPs cert on first connection. All bets are off moving forward.
The OS has no anchor when you obtain it from the play store either. Google play can absolutely send you a hacked app with a different signing key if they want to. Signatures play no role in the first installation, they only play a role in subsequent installations.
If you have downloaded the apk using http, you can still verify the signature before installing through other means, e.g. by comparing it to your friend's installed APK, using multiple ways to download the apk, etc. Can you do this with Google play?
As much as I loathe Google I do have a fairly high expectation that the HSM rooted key pinning infra of Google Play itself is less vulnerable to MITM than the standalone signing key embedded in an APK hosted on a CDN somewhere.
You also can directly download APKs from Google Play using Aurora Store and compare them to the standalone APK in theory, though both points of verification are against the same entity so it only rules out MITM on a CDN etc.
Problem is, who has time to do this for every single update? How many would even do it for the initial install? Most technical sysadmins don't even verify ssh host fingerprints unless automated CA infra does it for them.
Even if someone does do this religiously, in practice I suspect they will put off valuable security patches until they can manually verify every new binary corresponds with the published source code to rule out supply chain attacks etc.
If two totally independent entities compiled and published signed binaries and their hashes matched (when signatures are stripped) then there is some automated consensus there are currently no obvious supply chain attacks in play to protect users at large who don't have the time or experience to compile and verify against the published apk by hand or manually compare fingerprints. F-droid could keep the Signal Foundation honest if they let them but instead they say "trust us, or compile your own binaries" as if no middle ground exists.
Meanwhile I can hand my wife a phone with F-Droid and Matrix and know she can update reasonably safely without any manual key verification steps by me or her. Even when the signing key of matrix.org on Google Play gets compromised the blast radius does not extend to F-droid.
The more reputable independent package managers building, signing, and distributing protocol compatible binaries the better. Makes it impractical for even a sophisticated adversary to gain control. Also lets users to have the freedom to choose an easy automated install)update path for apps that respects their privacy by not requiring proprietary Google services.
> who has time to do this for every single update?
Again, you only have to do this for the first install. After that, the local OS takes over and rejects any apk signed with a different key. It's a TOFU system.
Directly installing APKs by hand is something that is only for people who know what they are doing. However, providing the APK for download is something that is helpful for 3rd party package managers, which can verify the hash.
> forks ... may not use the official Signal network
Is it technically prevented or just frowned upon? The former would be strange, because fixing a bug in your own private fork would also exclude you from the network.
There are forks of the Signal client that do use the OWS servers [1], but IIUC they are in violation of the OWS TOS. Certainly moxie has threatened to block forked clients, which is why F-droid won't host any of these forks [2].
I actually do not find this unreasonable, maintaining and providing backwards support everyone's custom version with their own quirks would be a big technical burden.
Moxie openly admits he centralized because it is easier and that decentralizing is too hard. We should all just give up and pick the least bad centralized service.
With that thinking we would all be using AOL.
Making a robust flexible protocol that can support a bunch of different client and service implementations is hard, but that is how we ended up avoiding email and web browsing being controlled by a single entity.
Matrix is solving the hard problem of providing the core functionality of tools like Slack and Whatsapp without sacrificing user freedom or asking you to trust any one entity.
This is what ethical engineering looks like, and I don't mind tolerating occasional growing pains in exchange for freedom.
Exactly this. You don't have to prohibit homosexuality just because you don't want to deal with adding support to your database of married citizens / prohibit forks because you don't want to support them.
The argument makes no sense. I can't decide if Moxie is a double agent with street cred or honestly trying to do good here.
I am generally a pretty decent read of people and in my observations and interactions with him I genuinely believe he believes a benevolent dictator building a centralized system is the only way to bring non-profit-motivated secure messaging to the masses, and that if one accepts this seemingly irrefutable truth, then the best candidate for the job is himself.
He is charismatic, highly intelligent, and lives by his own moral compass, rejecting FOSS ethos and silicon valley capitalist ethos alike.
> I suggest something that lets you use any client/platform you want, uses the same crypto primitives, and lets you choose what server/country your data is hosted in and change your mind any time, e.g Matrix.
I'll bite.
Who's paying for my johnchristopher@whatever.tld and for the data (avatar pictures, transfered files, chat logs) associated with it ?
Will the Matrix foundation let me use their services forever and for free ?
Will there be discussion on HN in ten years about getting your own custom domain and own federated server ? For one account only ? Like we have for mail regularly ?
Maybe you started on AOL and later realized AOL is terrible. You could export your address book and move to a client/server you trust more and notify all your contacts from the new location.
This is the same story on Matrix and what I mean when I say it is a freedom respecting decentralized service.
You are also free to run your own DNS to a dedicated EMS instance then later point to your own self hosted server later much like the freedom you have using your own domain and MX records on Google Apps allowing you to later move to a new email provider without having to update your social graph to change your address.
On Signal, there is no such option. You use their clients and servers forever, or GTFO.
> Maybe you started on AOL and later realized AOL is terrible. You could export your address book and move to a client/server you trust more and notify all your contacts from the new location.
The whole point is in avoiding starting with an AOL like service. So far only big matrix provider are reliable and performant enough to be usable. This is @gmail.com all over again but with @matrix.org tld.
Except you won't be able to carry your messages from a tld to another when you decide to rely on another domain name (your own or someone else's).
How long before Matrix foundation send messages telling users they are going to delete their rooms and messages if they don't log in once a year ? Or that they are now restricted your account to matrix.org rooms to "save operating costs" ?
The whole tech stack is free but operating costs are not.
> So far only big matrix provider are reliable and performant enough to be usable.
I've been running a Matrix homeserver on a 1/1 VM for years without any issues. There is no downside to choosing a small server, you can still federate with everyone else. That's the entire point.
Same here. Except joining rooms on federated instance need something beefier than my $5/month VPS SSD. And much more storage for data (pet peeve of mine: 4K avatars pics that are not resized and stored as is on my end of the federation).
Following the e-mail analogy: Inevitably, there will be contacts of yours who didn't get or read your notification, or contacts of yours who aren't in your contacts list.
Start on a server, but your real identity is attached to a cryptographic key, not an e-mail-like identifier. That would allow you to move around, and maybe one day get rid of domain names altogether (using something like yggdrasil or tor to host and connect servers, for instance).
> The only network services this won't become true of at some point in the future are those with decentralized clients and servers obeying a common documented protocol.
I didn't say all decentralized services are good. Just that decentralization is a prerequisite for something to avoid complete control by a single party long term.
A better example would be HTTP/HTML/JS. Sure it is not perfect and protocol updates are hard and slow due to endless implementations but we got a working decentralized internet out of the deal that is very hard for any single party to take over now, so I call that worth it over a single party enforcing proprietary protocols like AOL having a total monopoly.
Those that won't respect your ethics are not your friends.
I lost many of my contacts moving to Matrix but earned a lot of new high value ones that share my worldview to continue building a decentralized censorship resistant internet.
> Those that won't respect your ethics are not your friends.
This is kind of an unreasonable, one sided, stance. You exact everyone to simply follow you and your preferences with no regard for their preferences. Maybe you not respecting them and their worldview makes you the bad friend, not the other way around.
> I lost many of my contacts moving to Matrix but earned a lot of new high value ones that share my worldview
I don’t know if isolating yourself from anyone that doesn’t’ think and act the exact same way is a good thing.
If someone believe something is legitimately toxic to themselves or society, like being around smoke, consuming certain substances, eating meat, using walled garden internet services etc... They should not be peer pressured into giving up those views.
I for one avoid Google products for personal communications. A lot of long term friends decided they only want to socialize online with Google products fully knowing it excludes me, in spite of easily accessible alternatives like Matrix and Jitsi.
They are not using Google products because it makes the world better, they are using it because they don't like change, and changing to maintain a friendship with me was not worth trying to use less privacy hostile communication mediums.
Fair enough.
I for one would not exclusively socialize at a Brazilian steakhouse if I had a vegan friend in a given social circle.
I will go to great lengths to accommodate people that are acting on authentic ethical convictions but if someone is only doing something that conflicts with my ethical convictions because they can't be bothered to try something new, then they obviously don't value me, and I'll invest more time with people who do.
You should live your convictions and find people that either share them, or at least respect you enough to accommodate them.
I don't expect others to think or act like me, but I would expect that my legitimate desire to maintain privacy in personal communication to be respected by anyone worth my time.
Plenty of friends that don't share my views put up with using some open tools to keep in touch with me. I likewise accommodate some of their preferences that don't make any sense to me. Everyone has a mix of deal breakers and things they can be flexible on in any type of human relationship.
I would also add that Matrix, unlike any of the other networks discussed, offers the ability to bridge to all other networks being discussed so if you so desire you can have your open network cake and communicate with people on walled garden networks too.
Not worth the trouble for me and I don't even want to have accounts in these platforms or let them collect my conversations, but the path at least exists.
> Those that won't respect your ethics are not your friends.
Yeah right. I am not RMS, with lock-downs, curfews, social distancing etc I'm already isolated enough so I'm not losing my remaining contacts for some moral high-ground.
> So you are going to move from one centralized, walled garden, privacy hostile platform that hard requires Google/Apple ecosystems to get signed updates... to another with identical drawbacks.
Ideally we'd have a polished, decentralized app. Signal is a compromise. I don't think the drawbacks are identical:
Facebook's business model depends on violatings the privacy of the users. The Signal Foundation has no such need.
The client is open source. I see no reason to call Signal "privacy hostile".
* There is no OS verified path to install Signal or updates without being in Google/Apple proprietary ecosystems and submitting some usage metrics to them.
* You can't use signal on minority market share platforms even if they offer higher assurances of freedom, privacy, and security (RISC-V, OpenPOWER, etc.)
* Getting a phone number requires KYC in over 200 countries and carriers will happily sell you out as extensively documented and demonstrated by journalists buying owner info and GPS coordinates for any given phone numbers. Any service that hard requires a phone number is not prioritizing privacy.
* All metadata and TCP/IP metadata flows to a SPOF where signal employees, the ISP, or another entity inline could use network heuristics to deanonymize users, of dump the weak keys in SGX and get actual contact lists directly.
* If you want to use a privacy respecting signature verifying app store solution like F-Droid you are SOL. Moxie threatened to fight F-Droid or any other parties compiling/signing binaries from source code or doing forks or alternative implementations. He wishes to have complete control and the ability to rapidly push updates to all users quickly, be they benign or malicious. If someone coerces the signing key out of them, all signal conversations globally could be decrypted likely before anyone noticed.
I call all of this behaviour very privacy hostile. Published source code is moot if you are not allowed to use it or empower third parties like f-droid to hold it accountable.
Depending on your exact needs either Telegram or (preferably IMO) Matrix might be a solution.
(Yes, I think this is correct: For anyone who are currently on WhatsApp or anything Facebook for that matter even Telegram is a huge improvement in most ways.)
I get your point, but moving people to Signal has been an accomplishment on its own, you get to say "we should move to this new private app" only so many times, before your friends and family grab their torches.
The good thing is that matrix can be bridged to Signal[1], to allow for a smoother transition period.
This is also true with Whatsapp[2], but against their terms of service, so you risk getting banned, and built on reverse-engineering, plus you need an android VM of some sort.
I've been personally moving my family to Signal, since that provides the best UX and easier transition from Whatsapp. Once I'm comfortable enough with it, we'll likely transition to matrix.
What Matrix is missing is in my view:
- Client with simple UI, polished UX, and not just a smoking pot of features: FluffyChat[3] is mostly there.
- Server of which I can guarantee the uptime. Dendrite should lower the resource usage for a ~5-100 accounts server, and decentralised identities[4] would allow falling back to another server (such as a friend's).
We're mostly there, so I'm starting to prepare the switch, starting with my more technical friends, by setting a bridge up. Hopefully we can finally break that dependency on phone numbers (ideally, domain names as well with [4]) and move on to bey-based IDs.
If you want people to be privacy minded this is what you have to prepare them for, though. Signal could get bought out by a privacy-hostile company next year, or they could go out of business.
Telegram is not better than WhatsApp in the very important aspect that it is not end-to-end encrypted. You can balance up the risks of facebook inserting malicious code into their client against the risks of your data being accessable at rest on Telegram's servers, but it's not at all clear Telegram is in a better spot there.
e2e encryption is mostly moot considering neither the client-application nor -device are really trustworthy.
then there is the problem with push-notifications passing throu either google or apple as well as device-backups which both hand over your metadata and probably message content.
imo telegram is in a better spot simply because it is not affilliated with the facebook/google ecosystem but in the end it does not make much of a difference due to aforementioned systematic deficiencies.
imo good reasons to cash in on the platform compatibility and convenience of telegrams cloud-messaging architecture.
Perhaps people should be filling their throw away simcards with random people from the phone book.
I am mostly using Signal and will let my WhatsApp expire.
I also think matrix is great and would recommend setting up an account by installing element. I think growth in matrix will more fully undermine FB's position as well as Slack/etc.
It was always a clear business transaction: acess to a messenging service for access to meta data (and now message data).
I wonder how Out of curiosity:
Does anyone know how the new Whatsapp TOS differ from the Gmail TOS in regard to user data and privacy. How does the Facebook group use data differently than, say Facebook or Microsoft?
So what should self sentient person do, just lie down and accept the erosions of our blood won freedoms? No thanks. I have right now all my company talking to thousands of customers explaining this mess to them and helping those who need to switch to Signal. So yeah, fuck you FB!
Signal is no better. You fell into one marketing trap with WhatsApp and have now fallen for another.
Signal is another private entity with complete control of the servers and end client binaries. The fact they happen to open source the code is kind of moot since no services are allowed to write alternative implementations, no one can run their own servers or prove what code is running on Signals servers, nor can anyone even distribute reproducibly built binaries from said source code for accountability (e.g. f-droid).
There are so many better options. I suggest Element/Matrix which can even bridge to WhatsApp and Signal as needed thanks to community contributed bridges.
I thought Signal was open source, and the distributed binaries matched the source, and that is was allowed to run your own servers. Are the servers even open source?
Are there lirerature regarding the technical/conceptional bits Element/Matrix? What is the tradeoff there?
> I thought Signal was open source, and the distributed binaries matched the source
This is sort of true. The source is published and you can build your own binary. But given that you can't distribute Signal outside of official stores and can't pin the version in those official stores (unless you turn off updates on your phone entirely), it's not actually practical to run an audited version, yet alone to make your own changes to the code.
> and that is was allowed to run your own servers. Are the servers even open source?
EDIT: apparently there is now (purported) server source available, not that that means much when there's no way to even know which code a given server is running, yet alone run a server with different code. They claim that their E2E encryption means control of their servers doesn't matter, but their protocol analyses doesn't actually think about what an attacker might be able to do at the server level, IME.
> Are there lirerature regarding the technical/conceptional bits Element/Matrix? What is the tradeoff there?
It uses either the same ratchet protocol as Signal or a very similar one. E2E for group chats is more complicated but I don't think you're giving up anything.
I largely agree with you but I don't want to see misinformation spread even when it supports my view.
The signal server source code is open source now in theory, you are just not permitted to run your own server and have it join the Signal network. We have to take their word for it that they are running the code they publish.
We also only assume the published Signal binaries match the published source code. Moxie and team have exclusive control of the signing keys and Moxie said he will fight any third parties like F-droid doing from-source signed binaries outside the Google/apple ecosystems in spite of the accountability and removed SPOF it would offer.
If you choose to use a non Google/Apple platform or a freedom-respecting architecture like RISC-V or OpenPOWER you don't get to be on the Signal network.
This eliminates me from being able to use Signal. Talked to moxie at length about this but in the end he repeatedly admits he has no problem cutting off the few to enforce his vision for the many. He also frequently implies he sees himself as the only entity worthy of running the world's communications systems.
He is a smart guy and means well, but he is naive. Benevolent dictators are always replaced by less benevolent ones eventually. There is nothing stopping what happened to WhatsApp happening to Signal. You also have to trust the pinky swear offered by the Signal Foundation that they won't dump the keys from their SGX enclaves using any of a myriad of design flaws, and that they, their ISP, datacenters, and any three letter orgs tapping them will all throw away all the TVP/IP level metadata that centrally flows to their systems.
With Matrix OTOH, if those that host a given set of binaries/servers go evil or we simply want control of our metadata for sensitive channels, we can just use one of the alternative independent clients or a fork, switch to our own server or one run in a country or by an entity we trust more. We also still will be able to reach our social graph, just like switching an email provider.
Democratic control is messy, but I will take it over a benevolent dictator any day.
As for documentation, matrix.org documents the API and design choices of Matrix extensively and they welcome people making alternative clients and bridges to other networks because they believe the only safe and sustainable network services are open ones.
Element is really slow on mobile, Signal and WA show my list of conversations in fewer than 5 seconds. Element needs ~10 seconds just to load UI, then 10 more seconds to sync list of active conversations, then I enter into a conversation and it needs between 2 seconds and 2 days to synchronize e2e keys. I can literally leave the conversation open, phone in charger for night and it still can't sync message. How do I explain to my parents that their message from 2 days ago "call me when you're free" didn't arrive because Element couldn't read it? They changed name 3 times already, changing APP ID, forcing me to reinstall it on all devices, update all my bookmarks in browser, having to sync all keys between all devices, not only on my devices, but also my family members who were using it. Their initial-setup of the app is really bad experience. Sometime I can NOT have two devices online at the same time to login and send message from new third device. It's cool on browser, I had nothing bad experience on mobile + web.
Signal is simply best because it works as SMS client AND encrypted messages client. Best UI/UX, one app to rule them all, consistent behaviour, not owned by FAAMG.
Thanks for your insights, I’ll definitely look into Element/Mattix. I didn’t know Signal was just another scheme to collect private data. But I always knew that WhatsApp == FB yet I couldn’t do much due to network effects. Decentralizing the web has never been so important as now.
Signal is not another scheme to collect private data and anyone who makes such a claim has their own agenda to push (as you can see from the other comments in this thread made by this person.) Do a bit more research, get a wide variety of opinions, and then decide which factors are most important to you.
It’s the same as WhatsApp in some extent - always promised that they wouldn’t give up your data while they gained traction and then get acquired by Facebook and get forced to.
No, it is not the same. Signal is a registered 501.3(c) non-profit with a public board and cannot just decide to sell themselves and your metadata at some future point. Signal is also making ongoing improvements to protocols and apps to limit the amount of metadata that must be collected or that can be usefully held.
I don't think they -intentionally- exist to harvest user data. They just create a situation where they can be taken over by an entity that wishes to easily at any point, or maybe they are already tapped by an entity that has dumped their SGX keys and/or is tapping their network traffic to bulk harvest the metadata they helpfully centralize.
The founder of VK had good intentions and was willing to protect his users too. The Russian government replaced him with someone more ethically flexible.
The foundsrs of WhatsApp clearly never intended it to go in the direction it did post acquisition, but it was not their call.
Gathering all users to a single choke point on a single client on a single server infra is irresponsible and unsustainable. We have been here before.
Frankly, I don't even care if it uses end-to-end encryption at all if it's encrypted to my own server.
Of course, email goes between servers and then you definitely want to ensure the encryption is solid (it often isn't, so PGP is definitely good). I'm just saying that Wire/Signal/Threema/etc. having better encryption is in my opinion only important when you use Wire's/Signal's/Threema's servers. If you can and do host your own, especially if you host it at home, then in practice there is no difference.
Since most people don't do that, Signal/Wire/Threema/Matrix are of course the better options than PGP+email, but PGP+email is still an improvement over the status quo.
It doesn’t feel like a feature to me. And neither does the lack of deniability. They both feel like things that leak information that doesn’t need to be leaked.
Perfect forward secrecy requires two-way real-time communication, in order to construct a session key that can't be computed from just the private keys and the encrypted message. Therefore the way that PGP's lack of perfect forward secrecy is a feature is that it allows an encrypted message to be generated in a way that doesn't require two-way real-time communication, and can therefore be sent by email.
The trade-off is that you then don't have perfect forward secrecy.
Seems somewhat like threat model will determine the need for deniability etc. I don't consider myself to need it, and mine seems like a common enough case - compatible with a normal WhatsApp user's use case.
whatsapp and signal have forward secrecy, so if your private key is leaked it means that past conversations can't be decrypted. In reality it does not offer a lot of protection if you don't disable keeping logs (because losing your phone and malware are the only realistic ways of your private key being leaked). In addition the way that they have forward secrecy implemented it means that you have to decrypt every message posted in groupchats while you were offline sequently until the last one, which can take hours in an active (even if small) group if you are gone for a week. The other thing is that both of these apps to my knowledge do not warn you if a new key is added (I might be wrong here) so an active attacker can pretty much nullify the encryption, this is not an issue with openpgp.
To add to this: the point of the disappearing messages in signal is to enhance the value of the forward secrecy by not having the record of the messages (so long as both devices are using correct clients and no one is screenshotting messages.
The other feature is deniability: having an encrypted message and it’s decryption doesn’t give you any more information than a screenshot of the message in signal. There isn’t a way for the encrypted message to prove that it was legitimate as the previous keys are revealed in a way that means anyone sniffing the traffic could make a message encrypted with that key.
Afaik, the messages should be deniable as long as they are not signed, not sure how delta chat handles it though. Regarding deniability I personally would consider it as an anti-feature because the one receiving the message can't prove to the wider world that they received it from a certain person and similarly someone who is falsely accused of posting a certain message can't go and say "show the signatures of the messages or you are lying".
By the way, do you know if the one receiving the messages can force messages that are marked as "disappearing" to be kept?
It is true that messages would be deniable if they weren’t authenticated. The design of signal’s protocol is such that messages are authenticated but deniable: it is possible for the recipient to determine that the message was genuine (the information you want to send) but it is not possible for a third party to prove that a message was authentic (the information you don’t want to leak).
> The design of signal’s protocol is such that messages are authenticated but deniable: it is possible for the recipient to determine that the message was genuine
Via the use of MACs, yes. I never said otherwise. What I said before still holds, as the recipient you can't prove to others that you indeed received a message by a certain someone rather than forged it yourself to incriminate them.
I'd love to give up WhatsApp, but network effects are key here. I tried moving my extended family off WhatsApp onto Signal a couple of years ago and it failed miserably because the app wasn't nearly as easy to use, and they had all their friends on Whatsapp. Has anyone here had any success moving a large group of people onto something like Signal or Telegram? If so, do you have any tips?
I've used Signal for years, and for most of that time only had about three people who also used it in my contacts.
My wife recently got her entire extended family to use Signal. She has always refused to use WhatsApp. They all love Signal now, and use it all the time. However, this was during a family crisis.
During the Covid lockdowns, many companies I know used Signal as their preferred non corporate communication platform over WhatsApp... But again, that was a crisis.
It seems to be difficult to dislodge people from their preferred platforms without some kind of external driver to adopt it.
How well do Signal groups work these days? I tried moving friend groups to signal some years ago and even managed to do that for some large ones but the group chat just didn't really work. Keys changed and somehow the group got into a state where some people got messages and others didn't and the only way to fix it seemed to be creating a new group which, for large groups, isn't really an option and everyone ended up going back to whatsapp.
I'd love to use signal with more people but that, and the ux around changing phones means I can't really recommend it to anyone but the most technical of my friends.
Don't they all? But good news is that they have pushed code to allow for usernames (or not even that). It isn't open to the public (or beta) yet, but it looks like the feature is going to be released fairly soon.
That's my point. I hate systems that require a phone number, as they usually mean that I have a substandard experience when I'm not on my phone and I can't sign my children up so that we have a general chat tool.
The only option ends up being massively over the top team style chats like Rocketchat, Mattermost, Discord, or Slack. So we end up back on Hangouts.
A bit shit for general family conversation.
[Edit] If they do allow signing up/in with a username then I'll probably be all over it. That would be awesome news.
I'm curious why you value your phone number over your data.
I'm unsure if they will allow signups without phone numbers, but they don't store that information. Signal doesn't have it. [0][1] It is very possible they go around this though.
I think these are fair points. I'll mention that I predominately use the desktop client and it works well since I frequently leave my phone somewhere else. But doesn't seem like a right fit for you until usernames and multiple device signup. Both are in the works though so maybe good for you in the future but not now.
> I predominately use the desktop client and it works well since I frequently leave my phone somewhere else.
In my experience the desktop client is slow, buggy, and takes eons to start up. There's also no web version, making it awkward to use on computers other than your own.
I would be more willing to switch over to Signal if it wasn't so lacking in this regard.
Er, The third link doesn't even support your argument and the first two links are written by the same author.
-
Signal IS much better.
It's a nonprofit, not a commerical company.
There are arguments for and against centralized systems and forks of apps. The lead dev of Signal is concerned about interoperability; but still leaves users the option of doing things the way they would like with the open source code; it's just not 'supported™'
For my wife, she had to travel abroad and the family had to stay in contact with her. Since she absolutely wouldn't use WhatsApp, they all installed Signal, and discovered it's actually really usable now.
I can only speak for why one company adopted Signal over WhatsApp, but the main reason was that the company did not want their communication metadata tracked by Facebook. They were regarded as equivalent in terms of E2E encryption and functionality.
EDIT: They also did not trust Facebook entirely not to break the E2E in some way (eg cloud backups or whatever), and the message contents had to remain secure. It wasn't a huge concern, but all else being equal, Signal was the better choice.
In Europe the WhatsApp alternatives are generally framed as tools for pedophiles and organized crime. Even installing them on your phone may alert LEO that you're suspect. This move by Facebook is highly troubling.
My friends and family have mostly been using Signal for over a year and we never had such worry. I also know laywers, lawmakers, doctors and CEOs who are also using Signal for important communications.
Do you have an source for that claim. I am in Europe and have never heard that. The closest I know of is right wing groups using Telegramm for their Anti-Covid agitation.
Sorry, I have now spent almost an hour reading 7 articles of yours and, from my point of view, none supports your claim. Framing implys for me that some other person publicly claims something although that is not really the case (i.e Telegramm is not popular with criminals), else, it is just reporting.
Neither could I find anything matching your second point that installing any of these messengers might make law enforcement suspect you to be a criminal.
Sure the network effect is strong but let’s not forget how WhatsApp got here in the first place: people installing a strange new app, often shared by their friends via a text message invite link. I remember sitting in a circle with a group of friends one night 10+ years ago while each of us installed WhatsApp and had our first conversations on the app. It was a time when BBM was dominant and cross-platform messaging was new. Fast forward to today and already many of my groups are switching to Telegram or Signal.
The move can be made faster now because groups are so prevalent on WhatsApp.
Whatsapp had to compete with SMS, so when I was introduced to WhatsApp I thought it was a godsend and immediately adopted it. Also advertised it to all my friends. Switching now might be harder because there is a lot less to gain, besides some non-tangible “privacy”. What is this thing called “privacy”?
Even my mother, in her 70s, who somehow always manages to have a new virus or piece of crapware on her laptop every time I visit, knows about the importance of this thing called "privacy" and had no trouble grasping the idea that everything she shares on FB is recorded and used for advertising.
It's not a hard concept, and it's not just tech people who care about it. It doesn't require any knowledge of tech to understand.
On the other hand, she knows how to use FB messenger and my efforts to get her to switch to email/telegram have just caused confusion so far.
Am I off the mark in guessing your mother, in her 70’s has some strong opinions about one Senator Joe McCarthy or Hoover? Has she ever spoken much about living through that period-assuming your family are American?
My apologies for the imposition if that’s not the case.
I'm going to guess the downvotes are from people who don't know the history of people like McCarthy or Hoover's FBI and why someone who was lived through that era might be sensitive to and have opinions about topics of privacy[0][1]?
J Edger Hoover was a cross dressing homosexual who collected blackmail on political opponents while he was himself being blackmailed by organized crime.
They call everything "a myth" and then cite strong circumstantial and testimonial evidence that those "myths" are true, only to dismiss everything with hand waving about how "we'll never know" what his extremely private and mysterious sex life was like. Give me a break.
I was nodding along with your comment, wondering why it had been downvoted until I reached your last statement and couldn't tell if you were being serious or not.
The parent poster is likely mimicking the people asking why are you asking me move to another app when this app does everything fine?
To be honest, I'm not well versed in the debate of privacy, but invariably in discussing user tracking by BigCo's a lot of my friends just say "I don't care if they have my data, I've got nothing to hide."
I've been thinking about this a bit recently, and the saying should be extended to "I've got nothing to hide, now."
Things change and either you'll do something which you'll want to hide, or society/politics/community will change which you'll have something to hide.
An example in the first case is that you'll want to buy a secret gift for someone, but because of the tracking the surprise will be spoiled because they'll be seeing ads for it on their systems.
Are they not right though? People don't really care about "privacy", they just want it to work, and work with their friends. You or I can harangue all we want but it doesn't change the fact that people don't care in aggregate.
The next time someone says me "I have nothing to hide" I'm thinking of asking their salary because in my experience when people say that they actually mean they are not afraid of jail but would rather don't have a lot of details being made public like who they vote, their sexual preferences, their wealth or their personal opinion of a lot of their colleagues. Most of these details are easily inferred from their online behavior, not to mention personal chats. Part of the problem is that no one is going to say "I have something to hide". I'm not going to continue this rant because HN is not the audience that needs it but to summarize: defending privacy is an uphill battle and people are not right.
I think (and hope) he’s just relying the difficulty of communicating the concept and value of techno-privacy to his friends and relatives - as opposed to the immediate and self-evident differential between whatsapp and sms texts.
Indeed, I was playing the devil's advocate. I definitely care about privacy and I am quite an ardent supported of projects that try to solve this issue. I just learned that if privacy comes at a large expense (losing their social graph or unfriendly UX), people will not care for it. So I guess we need to do better so we can have both privacy and good UX.
Facebook is a private company. Freedom of speech doesn't mean they are obligated to give you a megaphone for asking your mom how she is doing. They can and do ban people for any and no reason, cutting you off from your social network at a moments notice.
Telegram is getting really popular in India for bigger groups such as those in building societies and for parents in schools as they allow for more members. For one to one communication I don't see a change happening soon.
From the opposite point of view, in the last hour I’ve been added to 3 different group chats on Signal that were all previously WhatsApp chats (in which I did not participate, in spite of many of those friends repeatedly asking me to).
That’s added at least 20 or 30 friends/acquaintances into my signal contact list that I’m 99% sure downloaded signal for the first time this morning.
You can't do group chats in the same way using SMS messages. People who receive an SMS have no idea who else the message was sent to, so they can't even "reply all".
The fragmented and quirky MMS implementations in the wild render MMS functionally useless, especially compared to what feature set an app can have. I've seen MMS implementations that send replies to only the sender of the original (so some replies, from better implementations, end up in the MMS group, and some end up only sent back to the sender, resulting in confusion); I've seen MMS implementations that allow you to "like" a message, and this is implemented by just sending "I liked this." as a message back to the other clients — which can't interpret it as anything other than just a normal message — resulting in confusion.
Did you know that MMS can transmit slideshows[1]? I didn't, until my father somehow sent me one. The UI that Android has for that is — naturally — a complete afterthought. (No way to pause the slideshow, no way to navigate the slides, nothing. Just one run through the animation at Warp 8.)
MMS are available in UK but not popular, because they were heavily overpriced and fundamentally underwhelming when they were introduced 15 years ago. They are also metered like SMS - one of the big wins when switching from SMS to internet-based systems was to stop worrying about yet another limit.
I've lived in several places and nobody really uses SMS unless it's for 1) someone you don't really know or 2) notifications of some sort...
My impression is the US/Canada are one of the only places where SMS is still frequently used for casual text communication and i'm horrified that Apple's iMessage is the one to somewhat challenge that.
SMS prices (or 'lack of price') was something that really surprised me after I moved to Canada, as well as phone voicemail.
In Brazil we hurry to turn off the call if it goes into voicemail, as we pay to leave a message AND nobody listens to them because it costs a lot to listen (or at least used to).
As someone whose mobile data plan is faster than home wi-fi and who does not pay for receiving calls and SMSes, the "fixed landline data first" approach in Android really pisses me off.
That's why I was there already, along with a few of those friends who used to be part of various WhatsApp groups as well - and they've convinced large groups of pissed off WhatsApp users to download and use Signal today.
I don't know how many of the new Signal users will stay (there's already discussion in one of the new Signal groups about "Why aren't we using Telegram instead?")
Same as much of this thread - these people are not concerned much at all about encryption details, they're largely a pissed of mob of people departing WhatsApp. And some of them are already saying "there's no web client! I can't use this!!!"
I suspect I may well end up back being "the guy who's not part of most group chats" if/when they decide Signal isn't for them... And I'm OK with that.
I contact the majority of my friends with telegram, the UX is similar enough and people get on board quite quickly- the difficult part is convincing someone to install /another/ messaging app- if they have network effects too then it's a hard sell.
But once most people have both it gets easier.
Signal (UX wise) is not really super great for my family, I burned a lot of my "technical expert advisor" capital and reputation by pushing that too hard.
Signal has improved a lot. I burnt a lot of the same thing, but it's finally sticking when I ask people to first install it within the last year or so.
"Signal has gotten better" is the new "Linux on the desktop". When I move to a new phone with Signal, is there already an (easy) mechanism to take along all my messages from my old phone? Last time I checked, there wasn't, and this is a core requirement, even if most people don't quite realize it when they start using Signal.
There is a mechanism that works very well and reliably. It involves manually copying an exported backup from the old phone to the new one, and entering a 16 digit (IIRC) passcode. Wheter you consider that easy or not depends on you. For me it was a 5 minute procedure
Right, I used that procedure once, it's completely inadequate. It relies on having access to the old phone, knowing how to get files off it (and onto a new phone; both of which probably assume you know how to navigate the filesystem), and you basically need to follow documentation to do it, it's completely undiscoverable (maybe that last part has changed).
All of which is completely unacceptable in 2021 for a product meant for a large audience. Messaging is integral to people's lives, to the point where people keep 10+ year old phones because they have messages on them from people that passed away and they can't figure out how to move the messages across or to a new system. As much as it pains me to say, there just aren't any production quality alternatives to WhatsApp that can take over. And don't even get me started on Element/Matrix...
You have a point, but one should point out here that WhatsApp makes this easy only if you stick with the same type of phone... if you switch between Android and iOS you're completely SOL with WhatsApp. With Signal on the other hand you can use the (admittedly non-trivial) procedure mentioned in sibling in either case.
Another vote for Telegram here. I tried to get at least the core group of family/friends on Signal or Wire and to their credit they tried but it never stuck. They loved Telegram so much that we now have the entire extended family/friends on it.
Interesting that you had such a different result with Telegram. I'd prefer to use Signal for privacy reasons, but like you I burnt a lot of social capital trying to get my extended family to use it!
It will be a hard sell for me to switch, that's for sure. I am already using Whatsapp for Western contacts, Kakaotalk for Korean contacts, and WeChat for China contacts. I don't have any Japan contacts currently, or else I'm sure I will have to install Line. I installed Signal on my laptop for one heavy-privacy-proponent friend, and had Telegram for a while for another friend's group business chat, but I never really used either.
I had success at least moving my parents and sister to chat with me on Telegram. I was having weird issues with Telegram video call (very low sound on my parent's phones), so I still had to call them on Whatsapp. Also, didn't find any audio call option on Telegram, only video call.
Contrats !
Genuine question: Why don't you use phone call for audio-only calls ? In my experience the quality is better and degrades better. Is it because of bundles quota? In my country most plans includes unlimited voice but not sure what's the "world norm".
You can use a web browser aimed at the Skype website to setup a calling card equivalent system to dial out internationally over plain old telephone service for 2 cents per minute. You don't even need an app installed.
Don't get the subscription, pay as you go with Skype credit.
Does Android not have the equivalent to FaceTime audio? I get that for x-platform you have to use one of the apps being discussed. I use FT Audio with my sister, who's in UK, all the time (I'm in Chicago). Completely free and excellent sound quality.
Google surprisingly has a raft of telephony options.
You can use Google Duo to make voice or video calls for (other than data costs) free, Google hangouts also has voice-only plus video options and of course Google voice integrates with the classic telephone network and has cheap international rates.
Google Fi has free calling from the US to over 50 countries and otherwise their plans start at one cents a minute depending on destination. https://fi.google.com/about/unlimited-calling/
Most of my friends from Asia tell me WhatsApp was and is popular because it carried voice over data, bypassing the PSTN which apparently has very high per-minute rates.
If you want to go slightly higher tech there are telepresence appliances like 8x8, Amazon or Google IOT devices or you can just use sip phones and call between the devices free of charge using your own pbx software or a free service like Callcentric's IP Freedom plan.
There a million options that either let you opt out of Facebook's data collection and trade it for Google's, or just opt out entirely.
Google was pushing Hangouts heavily for a while, and I think that's still bundled with Android but is now on the way out. It did the job last I checked.
Android (at least used to) has native support for SIP through their phone application. I used it quite a bit 5 years ago or so, but moved over to...well, I can't remember. A 3rd party app that gave better visibility over what was happening with the service. I don't use VOIP too much any more, Signal is fine.
This is changing rapidly. Many
people I know are moving Signal. Also, don’t delete WhatsApp right away. Do a “silent” move: whenever people send you a WhatsApp answer on iMessage if they’re Apple users and actively push the Android friends over to signal. Works well in my case.
Fortunately I don't live in a place where WhatsApp is completely pervasive. I personally had luck saying "if you want to contact me use Signal, iMessage or at the very least SMS" and when people asked why, I would cite Cambridge Analytica.
How do you use iMessage if you got android phone? I hate this thing, would rather give my data to facebook then use it because it creates class separation between poor and rich. I have seen it with my kids who wanted iphone because they couldn't communicate with all the iphone kids who used iMessage. That's in itself much worst to me than some privacy which i already gave up on.
Absolutely agree. iMessage is even more cancerous in its social implications than WA.
I have had smart, educated people say "I got an iphone so I wouldn't be left out of group chats". Because downloading an app is too much work. I'm not sure how asking people to take 5 seconds to do something to improve their life and society became such a taboo.
Which turned out to be a bunch of hyped up marketing talk. Why does every person in SV I know seem to love the narrative that we’re being mind controlled by micro-targeted FB ads, which to be fair is what I used to believe.
Everyone on HN switches between “ads don’t work and targeting is BS” to “ads are manipulating our entire country by taking our data”
Even individuals are capable to hold contradicting opinions.
> There are lots of contradictions in people’s strongly held beliefs. Someone might preach self-sufficiency in politics, but coddle their children. An individual might oppose abortion on the grounds that human life is sacred and may still support the death penalty for convicted murders. A person might argue for the freedom of individual expression in the arts but want hateful speech to be regulated.
I think they are both true, but the second is worded differently than I would.
I think ads can work, but don't in many cases (based on recent stories that cancelling certain kinds of ad spend has no effect on outcomes). In some cases, like Uber advertising to get users, this seems entirely plausible.
So I largely think ads themselves are kind of harmless. But ad-backed business models are dangerous, because they optimize for "engagement", which tends to promote content that is divisive over more thoughtful, nuanced content. Sadly, it also seems to require gathering huge amounts of information about users in a centralized spot, which seems risky for a variety of reasons.
The whole thing reminds me of a call I got about 10 years ago to participate in a survey about smoking, and one of the questions they asked was "Do you believe nicotine causes cancer?" I paused because my understanding is that nicotine itself doesn't cause cancer, but the common delivery mechanisms at the time (smoking, dipping) do increase the risk of cancer. They forced me to answer yes/no, so I said "no", but obviously a decade later, I still remember it. Do ads cause harm? Probably not much, taken on their own. But everything _around_ them seems to.
I simply stopped using anything except decentralized ethical services that offer freedom, privacy, and high security like Matrix.
I refuse to help walled gardens get bigger. It has cost me a lot of contacts, but so be it. There is always a choice.
If you had a friend you respected that was vegan for ethical or environmental convictions would you insist on continuing to exclusively have social gatherings at BBQ restaurants with no menu options for them? Would you take them seriously if they caved to avoid being excluded from the group?
When I deleted all walled garden messengers by Google, Facebook etc they knew I wasn't kidding. Anyone that refuses to make small allowances for you living your convictions is not your friend.
The people that need to talk to me use matrix now or found other ways to reach out like e-mail or in person. Those that don't respect my ethics don't get free advice from me anymore.
I managed to get a part of my family to Threema. Just the part of "you are paying for the product, thus you are not the product yourselves" was reasonable enough.
In my friends circle we are all on telegram (after trying wire which is just buggy as hell), but I think this is mainly due to its multi device story and then fact that it is not WhatsApp.
I don't know how you make your loved ones stop using specific software, and generally speaking I wouldn't want to. But if people want to contact me, well, they have to use a mechanism I also use.
I know what you're asking, but I don't think there's a fix unless you somehow have tremendous influence with them. So you either put up with being coerced by your group, or you don't.
This is probably easier if you never used the services in the first place. My mom will occasionally whine that she has to open Imessage to talk to me, and that's about the extent of it. But of course, I am missing whatever they get up to on FB without me. And that's OK with me, but I know it isn't with everyone.
I managed to get almost everyone I know on Telegram in the last few years, to the point I get a WhatsApp message less than once a week. On the other hand, I usually hundreds of messages daily on Telegram. It's not hard if there's already interest among the people you talk with and you find the right way to get them on board.
Don't you think that Telegram has the same monetization problems (it burns "a few hundred million dollars a year" while the owner left Russia with $300m in his bank account a few years ago) and they already announced their monetization plans https://techcrunch.com/2020/12/23/telegram-to-launch-an-ad-p...
Where would you move next?
Signal - moved my immediate family to it, and now have a few friends on there as well.
It had some rockiness maybe about 3 years ago, but with their new group implementation and some other small tweaks I find it just as easy to use as whatsapp, albeit it a little uglier.
#1 complaint is the coloring - incoming messages should be high contrast, outgoing should have the background color. For some reason signal does the opposite and it's hideous.
Telegram isn't serious about privacy. They made my number searchable and notified people who have me in their Google contact list even though I didn't grant Telegram access to my contact list (before the time when Android would enforce this with permissions) and didn't allow them to use my number for anything.
Then it turned out that they have a setting where one can opt out, but what good is that if you already were opted in automatically.
In "Last Seen & Online" I had a deleted account in the exceptions of those who can always see my status, even though I never added one.
Telegram may be better than WhatsApp, but it is far from fantastic.
I'm fairly certain I enabled all possible privacy options when I installed telegram. I went to specific lengths to do so. I still get "xyz has joined telegram!" when a new friend joins up from my contact list.
Yep: just checked. Nothing more I can do to increase privacy settings. Zero confidence in it after that
You're right but I prefer it over WhatsApp/Facebook and I started using it when about 3/4 of my network moved to Telegram (to support their move away from WhatsApp/Facebook).
Consider Threema instead. It recently went open source and it has top-notch, Signal-quality crypto and you don't need to provide a phone number or email.
Telegram lacks end-to-end encrypted group chats and normal chats are not end-to-end encrypted by default, you have to switch to a "secure" chat every time you start a new chat.
You should try it again now, Signal is very user friendly these days. I've moved most of my very non-tech-savvy family and friends onto it without too much drama.
I moved almost all my friends and family to Telegram. I think the secret, once I managed to get them to install it, was to create common groups instead than many one-to-one chats.
Then they got hooked up, mostly thanks to the huge amount of high quality stickers.
I also use email (and Threema), but it annoys me a lot when I then get those "(no subject)"-Emails with multi-megabyte VID-20201225-WA0005.mp4 attachments.
I just wish they would keep all their WhatsApp stuff away from me.
What are you talking about ? Telegram encryption is based on 2048-bit RSA encryption, 256-bit symmetric AES encryption, and Diffie–Hellman secure key exchange
I had success moving my friend group onto Signal, but that was a group of young-ish, privacy interested, anti-Facebookers, so it wasn't much of a hard sell.
I managed to get most of my family to use telegram. I just stopped using whatsapp and convinced a few of them to do so also, the rest came because they couldn't speak to us otherwise.
The key was being stubborn and banking on them eventually wanting to talk to me.
> The key was being stubborn and banking on them eventually wanting to talk to me.
This. Same for me. I just put a message like this in the family whatsapp groups and then deleted the app/account: 'Hey everyone, I'm not going to be on WhatsApp anymore - you can call, text, signal, telegram or email me. Talk to you later!'. It was that simple. It took a little while but now my family is on Telegram. I know they still use WhatsApp but it's honestly not my problem or issue that they use the app - I just don't want to.
My family is on Threema, but I advocated for it heavily and it's still an island and they all use WhatsApp in parallel. But at least family photos get shared on Threema now.
WhatsApp is a masterclass in network effects. You can no longer decide whether or not you want to use it. Because your employer uses it, you have no choice but to use it. The only thing that will disrupt this is if security concerns make companies come out and explicitly ask employees not to use WhatsApp and I don't see that happening any time soon.
If your employer insists on installing and using a specific application on a phone, ask them for a phone to use it on. Don't feel the need to install it onto your personal device.
I'm wondering if someone can develop a product that addresses the networking effect problem. I.e. a service that allows groups to move their member lists seamlessly between networks and to be able to also see at a glance, which networks (e.g. WhatsApp, Signal, FB Messenger, Slack) the members are on. Perhaps a network of network memberships?
Such implicit locks are quite common a hamper to let the best product succeed.
We are all running what most would consider an outdated and poorly designed c.p.u. architecture by modern standards, simply because most software is not compiled to run on other architectures, and it won't be until those architectures see significant adoption.
this is wrong way to look at things, switch is never binary. Yes i have whatsapp, but i also have discord, messenger, hangouts, etc. You need to find an angle to attract user for something different and then keep them for everything else.
This is a genuine question, what is it that prohibits your group from using text messages and phone calls? I do not use any apps for communication, and can’t think of why I would have a need.
The main lock-ins for WhatsApp with my friends/family/colleagues are:
1. Group chats. SMS group chat doesn't exist (or it's next to unknown) in Australia.
2. Sharing images and videos. SMS destroys images/videos/gifs (if they even send).
3. International. Messaging friends/colleagues when they're overseas is easy.
4. Videochat (however, it's usually FaceTime with an older relative).
I attempted a shift to Telegram with a few close friends and family members. Eventually, we started to drop back to the "normal" comms route because our extended network was on WhatsApp/iMessage and juggling several methods was irritating (e.g you message a friend on Telegram and get no response -- they then message you later that day on WhatsApp -- it's irritating to move the conversation back to Telegram).
I don't use any of the private and popular messaging apps on my phone and do rely on SMS and phone calls to stay in touch. But there are limitations:
- SMS is not encrypted.
- SMS supports text only. MMS is not well supported, and often not free.
- SMS is sometimes not as "instant" as it can be delayed.
- Delivery reports and, read receipts are not user-friendly, and maybe unreliable, too.
- Group SMS support depends on your default SMS app.
RCS or Rich Communication Service on 4g and 5g looks to fix this, but support and compatibility between network is still lacking. Privacy laws also need a reevaluation as even cellular providers are looking to data harvesting to make more money and RCS may also lack encryption support.
Thanks for sharing this, good to know. But in the context of this discussion, it is kind of bad news. Those who avoid WhatsApp (and other messengers) do so because they don't want to trapped within it - SMS and RCS promises us more mobility and privacy because it is a standardised technology that works with all cellular service providers. Using a Google app for RCS, instead of WhatsApp, will just trap you within Google ecosystem, instead of Facebook.
- many extra chat features (reactions, stickers, replies, polls, etc). It might seem unnecessary but imo they do genuinely increase functionality and ease of communication
- scalable to large groups (maybe sms is as well, I've never tried more than 3-4 people)
- don't need a phone, can message from a computer instead
Most phone companies on their lower tier plans make you pick 1-2 of free calls, texts or a data allowance. High end plans aren't nearly so popular because most people don't get high end phones and of the people that do, many buy direct from Apple so don't have a contract associated with it, instead just using a prepay or sim only plan. So it's really only the high end android phones which get bought on contract which is a much smaller market than iPhones or the actual big market segment here: €100-200 androids
Nobody picks free texts. This leaves 15c/message as a discouragement for using SMS.
Unfortunately, I'm on the same stand as you. I managed to move my direct family and one group of friends into Telegram, but the rest didn't follow and many have been pestering me to go back.
I was thinking about going back, actually, but using a separate phone number (dual SIM FTW) and a work profile sandbox with heavily restricted permissions. I might still give it a shot, see if that's enough to quell FB's insatiable hunger for personal data.
It’s a shame the technology and usages are still moving quickly enough that there’s no obvious standardization that’ll last the next five years.
Social technologies would benefit from some regulation along the lines of “you must be able to use other apps to send to/receive from your app” for at least a minimal feature set, but it would be super hard to nail down what that regulation should exactly be.
My response to anyone is "I'm sorry, but I don't use WhatsApp or Instagram, and I rarely use Facebook because I don't trust them. You can reach me through X, Y, or Z."
If someone refuses to make an actual call, text me, email me, or use Signal, then clearly they don't respect me enough for me to need to communicate with them.
When I had roommates, one only wanted to use services A, B, ... and another one C, D, ... with no intersection between the 2 sets. So we had 2 group chats on two different services and we had to transfer messages from one to the other.
I don't know whom was not respecting whom, but I didn't feel really respected either, despite respecting each guy wishes.
I had better luck because most of the people I know aren't deeply invested in their apps. I just told everyone to add me on signal and over the years more people have started using it, and suggest signal or a phone call when its time to have a conversation
How's signal different? It's also in the same position as whatsapp was a few years ago. For the time being it may be better, but surely it is not a long-term alternative?
My thoughts as well. If the product is free, who is paying the devs? Who is paying for infra? I'm exclusively on Threema since it's not free, and the yearly external code reviews are stellar. The only thing that bugged me was that it was not open source, which changed by the end of 2020. Multi device coming this year, which was the last thing missing for my use case.
I moved my entire family onto it easily. But they are fairly conservative and so it simply was a matter of explaining the situation about big tech lying and they were sold.
source? I assume you are refer to the thing that went around yesterday? Then no, there is a big difference between the option to share data to get a feature (even though I'd agree the feature isn't well-designed) and what WhatsApp is doing here.
I've had success and you're right that it is about network effects. So you gotta take into account who you can convince first. But also consider that Signal hasn't been fully featured until about last month. So it isn't a good idea to just try to convert random non-techy people. For them you'd need to use current events that highlight how important privacy is (which there have been quite a few this year). But also focus on generating a critical mass. Now it isn't hard for me to convert people because we'll be planning things and 4/5 people have Signal so you just strong arm the fifth person and then they start using it more because they realize a fair amount of their friends are already there. It takes time though and let's be real about that Signal hasn't been fully featured. Until recently it has been more a geeky app.
So tldr target the people you want to convert to develop a critical mass.
Network effects as a emergent principle has been discovered to violate the promises of capitalist economics. We have a right to come together and set the limits and terms by which a few can extract from the many.
Why must there be extraction at all? Even trade seems like it would be better for the majority of parties involved, including having the effect of not having a bunch of pissed off people down the line.
"As part of the Facebook family of companies, WhatsApp receives information from, and shares information with, this family of companies. We may use the information we receive from them, and they may use the information we share with them, to help operate, provide, improve, understand, customize, support, and market our Services and their offerings. This includes helping improve infrastructure and delivery systems, understanding how our Services or theirs are used, securing systems, and fighting spam, abuse, or infringement activities. Facebook and the other companies in the Facebook family also may use information from us to improve your experiences within their services such as making product suggestions (for example, of friends or connections, or of interesting content) and showing relevant offers and ads. However, your WhatsApp messages will not be shared onto Facebook for others to see. In fact, Facebook will not use your WhatsApp messages for any purpose other than to assist us in operating and providing our Services."
Definition of Services: "all of our apps, services, features, software, and website (together, “Services”) unless specified otherwise."
Ads are the bulk of Facebook's "Services" but it's remarkable how they avoid saying it.
Looks like end to end encryption feature is bullshit marketing trick if they for example process my message before my device encrypts it to send it to other devices...
The encryption is also stripped when you back up your WhatsApp messages to Google Drive, along with a sweetheart zero-tier deal with Google to remove any possible downside that might make somebody think twice: https://faq.whatsapp.com/android/chats/about-google-drive-ba...
> WhatsApp backups no longer count against your Google Drive storage quota.
> Media and messages you back up aren't protected by WhatsApp end-to-end encryption while in Google Drive.
Well, let's be fair. The threat model for end-to-end encryption assumes that endpoint devices or the software itself used for communication are not compromised. Or subverted.
It's common knowledge that group chats are not E2E - there is one encryption context from a user to the servers, and another context from the server to each member of the group chat. Bog standard transport layer security, in other words.
However, even if you never used group chats and had E2E on with all your contacts, the traffic analysis ("metadata use") is enough to build associations and clusters. FB doesn't need to know the message contents (although they make use of them when available). You have frequent chats with people who play certain kinds of sports? Fine, for marketing purposes you'll be grouped with people who like those sports. Or if majority of your friends have pets - guess which cohorts you end up as well.
Oh, and if I remember correctly, WA definitely processes your messages locally before sending them: it uses a list of image hashes to prevent sending eg. child exploitation material onwards.
The sentiment of your message almost makes it looks like you are trying to say Whatsapp is no worse at E2E than the others?
This is not the case. Signal for example has open source which allows to verify that it does not use the message texts for commercial purposes so we can with good reason assume that the messages are at least E2E encrypted properly within the app and at least Signal servers.
Yes, of course if you have root access to the device itself, or otherwise hack it, you can compromise any messenger. But that's not even in the same league as having basically a message spying built-in, turned on, always on, inside your damn messenger app itself.
Whatsapp calling their app "E2E" in their marketing is a spit in the direction of the users that have the technical knowledge to understand how it really works. It is inaccurate in all the ways that matter. It is accurate only in one technical way that is completely irrelevant in the real world, just put there so they could use the phrase in the marketing while not caring about the true intent behind E2E.
> * The sentiment of your message almost makes it looks like you are trying to say Whatsapp is no worse at E2E than the others?*
That was not my intention.
I'm trying to say that E2E implies a very specific threat model, and that WhatsApp are in fact in position to subvert theirs in pretty straightforward ways. Their group messages have never been E2E, which means that if they were to force a client update where all communications are always group chats and UI hid this fact, the users would be none the wiser. They could also use their client-side content filtering to build keyword histograms and upload those periodically to their servers, without breaking their E2E.
In fact, I was trying to point out that they do not necessarily need to inspect or store message contents. WhatsApp is owned by a marketing analytics giant. With all the noise about E2E and metadata, people forget (or ignore) that traditionally intelligence about communications has been primarily about traffic analysis ("metadata"). Tapping into the communications has been of course a valuable goal, but knowing the communication patterns, frequencies, memberships and direction/timing of communications within groups has been enough to build valuable intelligence.
Sure. Access to content allows to do keyword and semantic/NLP based targeting. But the aggregation of marketing cohorts and their various relationships is likely a much more valuable asset. These relationships are also known as the social graph. And E2E, as implemented in WhatsApp, does not protect against it. They know who you communicated with, when, and where you were at the time.
Signal on the other hand have done a lot of work to enable not only E2E protected, but also properly untrackable group communications.
> But that's not even in the same league as having basically a message spying built-in, turned on, always on, inside your damn messenger app itself.
You hit the nail on the head. If you can't trust the client, practically any and all E2E promises are worthless. We agree on this one.
You also touch upon a wider problem across the messaging technology space. The term end-to-end-encryption has been hijacked as a high-value keyword by every snakeoil salesman. It confers a high level of trust, precisely because when implemented correctly, it provides guaranteed message content confidentiality. But even in this thread, we see that the term E2E is routinely used to imply even higher standard: that of anonymous communication.
Anonymity, confidentiality and integrity are all aspects of communications security. End-to-end can guarantee the last two, assuming the endpoints remain secure or at least trusted. Getting the first one included is going to require a lot of hard work, and in case of WhatsApp, would go directly against their owner's motives.
> I'm trying to say that E2E implies a very specific threat model, and that WhatsApp are in fact in position to subvert theirs in pretty straightforward ways.
I disagree. For me, E2E implies that the company itself cannot read my messages. It's not true for Whatsapp, but it's true for Signal/Matrix.
But if they were to do so, it could be done so that there likely wouldn't be anything in the visible application or its behaviour to highlight the change to a regular user. Unless you somehow see that the key ratcheting is in use and can confirm the two-sided key state out of band with your peer, you can't tell without disassembling the client.
However, this feels like derailing quite far from the original topic. The contract and assumption of E2E protection unavoidably relies on trusting the client(s) and the devices they run on.
Oh, you're right. It took quite a bit of digging around to get to this part, and I seem to have accidentally copied the part I was looking for, though I searched for "advertisements".
As others have mentioned increasingly small businesses (like my outdoor exercise class) and loose communities (like my child's school year parent's group) rely on WhatsApp. persuading these loose connections to move away from WhatsApp for one's own benefit is almost impossible.
Sacrificing access to these social amenities on the altar of incremental privacy invasion and power transfer to an unaccountable basically malign organisation is hard to stomach. And rather inconsequential taken in isolation.
What technical and legislative means might be effective in limiting the network effect around group chats? For example requiring in law that groups be accessible to an open federated hub and spoke messaging protocol to allow messages to flow from syndicated groups established on other systems (like matrix or signal or whatever) to WhatsApp groups.
What technical and legal prior art is there here? I would be interested to hear some ideas.
I feel like the internet, and the digital activities that happen on it, are this generation’s railroads, power, and telecommunications in the 18th and 19th century. They started as wild free-for-alls and evolved into regulated and stable markets with consumer protections, standardization, right to access, etc., usually after corrupt and unethical monopolies got out of hand and showed the importance of the service as a basic utility needed for a functioning country, and the need to protect it.
It might be enough to use many different messaging apps in parallel. This enabled competition and a smooth transition between them. For example, I tend to slowly move from WhatsApp to Telegram as more new groups I join are created in Telegram while old groups in WhatsApp tend to get abandoned. Also, I often access these groups through opera via their API and not the native apps. This is a natural development in a market where people use multiple apps in parallel: aggregators emerge and with that, the power shifts to them. That’s a good thing as it makes it easier to transition from one solution to the other.
What could be done legally to help this development is requiring services to offer open APIs to reduce the lock-in.
Having different apps is probably a step forward indeed. But (as far as I understand) just having WhatsApp installed on my phone allows them to keep an eye on my contact list. That sounds quite despicable to me.
Better in which terms? UX/Usability? Privacy/anonymity? Reliability? Reliability on never losing contacts/data? User-proof? As in: non-tech people will have it working well without tinkering, and they will not lose their data because they didn't to X procedure?
Such a sham that WhatsApp's privacy policy page still says:
We joined Facebook in 2014. WhatsApp is now part of the Facebook family of companies. Our Privacy Policy explains how we work together to improve our services and offerings, like fighting spam across apps, making product suggestions, and showing relevant offers and ads on Facebook. Nothing you share on WhatsApp, including your messages, photos, and account information, will be shared onto Facebook or any of our other family of apps for others to see, and nothing you post on those apps will be shared on WhatsApp for others to see.
This is hypocrisy!!
Edit: The word "onto" in the privacy policy is so dubious. They said we aren't sharing anything onto Facebook. Probably it didn't mean they weren't snooping our data.
Can someone help and dumb this down a little bit for me so that I can then explain to some of my friends who couldn't care too much about this change in policy?
For example: What should be my response to questions like:
. "What kind of data can now be shared with FB versus what was shared earlier (if any)?"
. "Whatsapp chats are end to end encrypted so how can my data be shared with FB?"
. "As an individual, how different is Whatsapp sharing my data with FB for ad/tracking purposes versus what other networks such as Google do to serve ads? Let's say I'm interested in ice-cream and I chat with someone about it and a couple of days later, I get ads about ice-cream, but I choose to ignore those ads, then how am I impacted/affected?"
* User phone numbers
* Other people’s phone numbers stored in address books
* Profile names
* Profile pictures and
* Status message including when a user was last online
* Diagnostic data collected from app logs
and already was getting:
Purchases
Financial information
Location
Contacts
User content
Identifiers
Usage data and
Diagnostics
technically it is facebook in violation of GDPR considering that all the data in the addressbook is easily considered personal data for a commercial entity and so facebook should ask the permission to each owner of those numbers before collecting them.
Based on this they do not store information of users who have not signed up and only store a cryptographic hash. The hash isn't created on the device, so the servers definitely get it.
"‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;"
Cryptographic hash of phone number is still uniquely identifying natural person and is by GDPR still under the definition of personal data. The GDPR authors knew what they were doing - or they were lucky although also other parts of GDPR suggest that they had some technical think-tank behind it.
Anyway, hashing doesn't solve anything, whatever "obfuscation" is used/invented, as long as information points to "natural person" it is considered personal data.
> Their infra is generating those encryption certificates, so WhatsApp can very well decode the message and store it for further processing.
This is incorrect. The sender's device generates the key with which it encrypts outgoing messages. WhatsApp's infra cannot see the content of any messages sent.
The issue I have with that statement is that it cannot be proven. There is no source code of whatsapp, so this could have been changed anytime.
I mean, it's certainly possible to have an administrative backdoor that just shares the local keys. Even when that wasn't the case when you worked there, and even if we believe that you say the truth: we still cannot be certain that this won't change on February 8th.
I mean, whatsapp was remotely exploitable for more than 5 years before it was discovered (just to make a point).
Yes, of course this can't be proven. I'm reasonably confident what I stated still holds but I can't be certain. If that's enough of a turn off for you then your best bet is to not use the service.
There is no need to rekey or do anything similar. Chats are available locally on the device, WhatsApp may simply implement a side channel to access those (they could already have one to satisfy agencies btw)
There's a configuration option you can enable which shows a message whenever the remote party changes their key (usually meaning they bought a new phone, in my limited experience), so it's not that silent. Yes, it's unfortunate that on WhatsApp this option defaults to disabled (to not confuse the newbies?), while on Signal (which uses the same protocol) this options defaults to enabled.
3 years ago, my friend, an Indian fact-checker, showed me a screenshot of a WhatsApp screen, showing warning from WhatsApp that a message contains a dangerous link
This (the warning) is only possible if WhatsApp can read your messages
I'm guessing that they read your message on the app. So their claim (end-to-end encryption) is indeed true and correct.
But their app can and indeed has been reading your messages, for the past, at least, 3 years
Which I personally don't mind, when it's done fully automatically (no humans involved) and only for this kind of uses (to warn users of dangers)
WhatsApp (the app) can obviously read the messages. It can hash the links and check them the same way that browsers do. It doesn't have to happen server-side.
The app sends a request to a Facebook API for every link that you send/receive. Usually this returns the little image + text snippet that you see in the app, but obviously this could also return a message that the link is considered dangerous.
As a site owner you can probably see a request from a Facebook bot when a link to your site is shared on WhatsApp. (not sure how long they cache this)
Clearly. As with any encryption, at some point it needs to be decrypted for human consumption, and since someone else wrote the code/maintains to do this it's not impossible something naughty/distasteful will happen with the content. I'm just correcting the notion that the encryption is all orchestrated centrally and that viewing the messages in transit is trivial.
Appreciate your response. As a layman, if the service I'm using does not have access to any of the content of my messages, how would you (Whatsapp) be sharing my data? If whatsapp cannot read texts, images, location etc., then what gets shared with FB?
How can you guarantee this? And how about received messages? How can you retrieve all your old messages/conversations when you install the app on a new device? Don't they come from WhatsApp servers? Just curious, not doubting that you are actually an ex-WhatsApp employee.
I mean, I can't guarantee it. As others have said, it's not impossible that things have changed since I left or will change in the future. But I doubt it — e2e encryption is a big selling point for WA and something that is dear to the company's heart.
> And how about received messages?
It's the same deal — the sender encrypts the message with the the recipient's public key, and the recipient decrypts it with their private key (which was generated locally and never goes over the network).
> How can you retrieve all your old messages/conversations when you install the app on a new device? Don't they come from WhatsApp servers?
No, you can only get old messages from your old device or from a backup that went to the cloud somewhere (e.g. iCloud or Google backup). The messages on your phone are stored locally in a DB, so if you copy that DB to a new phone it'll have the new messages. WhatsApp doesn't store messages — they are only present on WA infra until acknowledged as received by the destination.
Thank you for your response. I think I fully agree with the last line - those who do not care about privacy won't really be affected by this.
I have a question to ask. How would this work? Even if for a second we assume that they're able to read all our texts etc., how can they curate that information with insurance companies? What data might the insurance companies be interested in? I would not (and I'm assuming a lot of people would not) specifically enter my age/health issues/Blood Pressure information on Whatsapp.
> They may very well sell also data to insurance companies making it harder for you to get insurance.
Let's say they record your position every 15 minutes.
(Position can be achieved via Wi-Fi AP names, cell towers, GPS).
Let's say you commute everyday to work on a highway and your average speed is 100 Km/h with sometimes a top speed of 150 Km/h.
Let's say your position shows that you're every workday near a pub from 17:50 to 19:00.
Let's say you're never seen near a gym.
Let's say you're sometimes near a medical center specialized in prostatic care.
[To be continued]
I'm not sure it matters. You still have to agree to the policy first. Whether you have an FB account at the moment might change for you in the future right? So FB couldn't be handling all those cases as well. This is a strategic move I think will cover all users.
> "Whatsapp chats are end to end encrypted so how can my data be shared with FB?"
I would stress to them the difference between the encrypted contents of a chat the metadata ("it's data about data!") of that chat.
Hopefully they will get it if you give an example of how just sending a message lets them profile you based on metadata like the exact time, geographic location, and recipient of the message, all without needing to see the contents. Encrypted messages sent from Truist Park at 2PM on a Sunday? Probably about baseball, etc etc.
The part that creeps me out the most is WhatsApp’s aggressiveness towards getting your Contacts. Other apps want them but WhatsApp hardly works without the permission.
Why hasn’t Apple introduced a private/segmented Contacts permission like they have Photos, Location, etc.?
An ability to give untrustworthy software an access to a sandboxed blank copy of Contacts would've been very useful.
As a side note, Telegram is the same as WhatsApp. You can't start a chat on a fresh install unless you give it an access to the contacts. There's no way to manually add in-app contacts. Given how "pro-privacy" they are supposed to be, this was rather disconcerting to see.
Where `<number>` contains the international prefix without the `+` sign. Has worked for me in Firefox and everywhere else I've tried. This is a fb-owned domain btw.
In fact they grab your whole contact list, and according to the updated policy, they share it with the other Facebook Companies. So even if you refuse to use the app, it's still very likely that your contact information will end up on their servers because you're friends are probably using the app.
You can enter a number in that app and it will launch a conversation with them in whatsapp. I think it makes use of the API mentioned in sibling comments.
Once again - Signal[0] as an alternative. It's fully Open-Source (including the backend) and their crypto is public and independently verified[1][2][3]...
Social life is impossible without the mainstream technology. Sure you can find alternatives but if no one uses it other than you, you end up being sidelined. The technology gets enforced and leaves one with no choice but to accept it or be a red flag.
Shouldn't it be possible to delete your whatsapp chat and contacts data regularly from the cloud? Eg. one could delete the whatsapp account, clear data on cloud and make a new account again. Having more control over your data stored by Facebook would give more power to the users of enforced by the government.
While I agree with this 90% of the way, their backup, restore, and phone changing process is very much "tech for tech people".
I've had the joy of trying to explain to my elderly dad why his text message history is lost because he chose Signal as the default sms system, didn't make a backup, didn't sync that backup to the cloud or manually copy it to the new phone, and didn't write down the very long decryption code.
I really don't understand why Signal doesn't just keep a encrypted backup in Google Drive/iCloud. This seems like such a solved problem and yet they instead invented their own Bluetooth sync thing for iOS and manually copying files around for Android.
I'm hoping it will get there eventually. The backup mechanism on Android has improved a fair bit from what it was at the start. It used to be that you had to have the backup file in the correct magic path before starting Signal for the first time. Now at least there is a dialog and you can pick the file whenever.
The usability issues for non-tech people have been getting less and less in the past years which is keeping my hopes up.
Agreed. I understand they are reticent to allow backups for security reasons - but they're treating their users like idiots by doing this. Some people will have threat models where the ability to retain/export messages is worth the risk this may introduce. Let people make their own decisions.
Convenience vs Security - Pretty much any change made at the behest of convenience is at the expense of security. Honestly, once every 2 years having to move some files around...well, if that's the barrier that people aren't willing to push past, then we're pretty much screwed from the start.
Social life is impossible without the mainstream technology.
I've never owned a cell phone nor ever had a social media account in my life. Sure, it gets me the occasional eye roll but trust me, my social life is just fine.
Network effects are real. Financially independent adults can choose their friends among a large pool of candidates. Kids, broke college students, and those generally less well off may have fewer options.
The flaw in that way of thinking is that kids, broke college students, and those generally less well off had no social life or network before social media.
True, but that was because no one had social media. Now that a big majority of people have it and interact over it, if you don't have it the chances of being marginalized are higher.
When everyone was using SMSes to chat, how did the kid that did not have a phone felt?
And people were social before phones existes too.
I think that being outside of the main mean of communication is going to have an impact on your social life, independently of what the medium is
I have never had a social media account (younger person here) and it has gotten me many eye rolls too, but I've never cared. However, whatsapp is different, everyone always treated it like internet texting where I'm from. I call my friends when I want to hear them and properly talk to them, but many things such as planning trips and talking about things that interest all of us are just way better done over some sort of text medium over longer periods of time.
There you have it. Class of 1950 uses letters to organize itself. Class of 2000 uses e-mail. Class of 2010 uses Facebook. Class of 2020 uses Tiktok or idk snapchat.
And this issue isn't just about your class, it also includes any peer group of any kind. For me as a 20s something, the choice is quite binary.
Nowadays you can't even participate in free software communities without using proprietary services. Many free software projects have discords instead of community run matrix or IRC instances.
It's not so much the stage of life, it's that these technologies have become the de facto standard way of interacting in today's younger part of the population.
In other words: even though cell phones and social media were around when I was younger, they didn't play the central role they do today, so presumably it was much easier for me to do without them and still have a normal social life than it would be today.
Here's a sad thought experiment though: if you can only remain an active part of your circle of friends if you use the same technology as they do, what does that say about the depth of that friendship?
Whatsapp is used (at least here in the EU) for a lot more than staying in touch with your friends. E.g. having a young kid, it's used for: the class' group, arranging playdates, etc. Not using Whatsapp makes it much harder to arrange your social life and that of your kids.
Then there are also many organizations/companies that use Whatsapp to set appointments, for chat support, etc.
In many EU countries Whatsapp is pretty much replaced SMS. Only a small minority of folks have Signal or Telegram. iMessage is probably the only other thing that shows as a blip on the radar, but only a portion of the population has iDevices.
I agree that this is a bad situation, but WhatsApp became popular when it was still independent and their profit model was charging 1 Euro per year (which was much cheaper than SMS). Now abandoning Whatsapp is difficult due to network effects.
If seesawtron won't go to the trouble of using WhatsApp (an alternate way than Signal) of getting in touch with his friends, is seesawtron really their friend?
In many countries, WhatsApp equals texting, period. No one will use sms, among other things because they're not free (~20 cents per message, character limited, no multimedia).
The reality is that WhatsApp is a requirement for social life. Any solution that doesn't start from that point lacks any practicality.
Thats fine. You can just accept that facebook is essential to the social life of your country, that the facebook eula is defacto legislation that you just obey. On the other hand, Signal works. My friends and I use it every day. We have not surendered, nor shall we.
It strongly depends on what state of life you are currently at. If you are a 20 something individual and have to build a new life in a new city, being out of the "social apps" gives you next to no opportunities to build social connections.
If you are already well connected with your peers and friends and your social life doesn't depend on finding and exploring via the "social apps" sure you have the freedom to disconnect virtually and still remain connected socially.
On that note, if my family isn't willing to install another application and spend 5 minutes wrapping their head around how to use it - well, I guess I just accurately defined the value of our relationship.
If you're not in one of those countries, then I don't think you can speak for what a social life there is.
If I tell people they can only contact me via snail mail or in person (i.e. not have a phone at all), would you find it surprising that I will have a lot less of a social life?
Even 15 years ago I knew people in countries who had a difficult social life because they refused to use SMS - this was before the era of smart phones.
> HTTPs works with email, email works over data networks.
A lot of younger folks do not use email except for signing up for stuff and official work. When I left university a decade ago, many incoming freshmen were quite upset at the requirement to use email.
You can always have some social life, but in certain locales and circles, whether you use these apps or not will affect what type of social life you'll have.
> Acquiesce and nothing changes.
Sorry, but these types of statements are usually of little value, and only sound good. I could easily write:
Resist and nothing changes.
And it will likely be as true (and similarly lacking in entropy) as yours.
Or realize the overwhelming majority have no interest in limiting their communication and social network due to "privacy concerns", and already have both a Facebook and Whatsapp account that are connected and sharing data. You can do this if you want, but don't preach it as if most people should care.
Most people in the UK use WhatsApp .. the fact that we have WhatsApp groups means Facebook can make this ultimatum with fairly good confidence we'll stomach it.
That's just moving from one silo to another though. Users of centralized services don't have much recourse when the company pulls the rug out from under them.
Isn’t the problem profit motive? Wikipedia is a foundation, so it works the same way it always has. We need this for more basic services like messaging and identity
I've always thought the solution should be an open federated IM standard, like email but for conversations rather than correspondence. If that were the widely adopted solution, you'd end up with large free providers that work perfectly fine for most regular users (like gmail), paid services that fully respect your privacy, and the more technical folks would be free to host their own servers.
I guess Matrix is doing this, but unfortunately, the way history has played out, centralized IM had first mover advantage by a huge margin and that's what people are used to now - that a messenger is an application on your phone that you can only use to contact other users of that same application.
You can donate to Signal too. What has to happen until people realize they should be willing to pay a little money for a service?
We've actually witnessed that people _are_ willing to pay for streaming services like Spotify and Netflix after a long time of illegal torrents. How can we spread this sentiment towards services like email and chat too?
People were willing to pay for WhatsApp. It was exactly that simple, honest, high quality independent paid chat app you are alluding to, back in 2010 or so.
> How can we spread this sentiment towards services like email and chat too?
We can't, because those two things are in direct opposition. Piracy was less convenient and offered fewer features that people wanted, so they moved to platforms that were more convenient. The current giants (Gmail, Facebook, WhatsApp...) are more convenient than their alternatives (generic email, Mastodon, Signal...) and so the pressure is not to move, but in fact to stay.
In general, the pressure is always decentralised->centralised, which is exactly what torrents->Netflix was. Even if we had infinite funds to offer people distributed services for free forever, we would still need to make them more convenient than their current centralised ones - if on top of not being more convenient, we also want to charge them, I see no reason why the average person would ever want to switch.
I think part of the problem is the network effect. Social networks want to maximize the number of users so that anyone can connect to you on Facebook, Twitter, etc. The lowest barrier to entry is free, and that usually means ad supported (and personalized ads for the most revenue).
Maybe there's some space for a freemium model (IIRC one of the questions asked during the Facebook hearing was whether they could add a paid ad-free option) but so far that hasn't happened.
The motives could be many. While Wikipedia is a so called non-profit foundation it has its one biases and various groups use it to push various agendas including political agendas.
Can you clarify what you mean by a "silo"? Do you mean once you start using Signal you're stuck in Signal, and you can't export all your messages into another app?
Yes it is, because you can't join two servers at the same time. You run your own server, I run mine and we can't communicate until one of us decides to drop our whole network and join the other server.
That's fine. As I mentioned, the use case you are talking about makes this pointless.
Someone that needs a special set of phones to be able to communicate securely and not be reliant on a publicly run server? Here's a non pointless use case.
I'll let imagine who might run something like that.
Users want centralized services. Syncing across devices and shared history are mandatory features, and are basically impossible to do well in distributed models.
I have never lost a matrix message (but I am fed up with e2e warning and new session weird insecure messages) but I have come to the conclusion than Signal isn't reliable since it sometimes lose messages. It's no-no.
Yeah the e2e is way too complex in matrix. They really need to work on the UX and make it more like WA and Signal. The way it is now even a crypto geek like me gets annoyed and that means the mainstream will never touch it.
Getting people off of WhatsApp onto Signal means taking power away from a closed platform that makes billions from manipulating its users, which is already a win. Signal is not only not that, but is in fact a completely open non-profit project, so it's basically impossible for it to turn into that.
Even moving from Fb to Telegram is an improvement in almost all respects and it's sure as hell a lot easier to do than going straight to Matrix/Riot/whatever it is these days. Don't be a purist and let people have their compromises, lest you end up like the "GNU/" part in front of "Linux".
“Open source” is sold to the people as “you have the most control”, but in reality once your data reaches their end, you have no idea what is deal with it.
Open source centralized solution does not an will not solve the problem. They can not.
Last time I tried to use it it on my android didn't work without google play services. And they really bury the apk download, which means it's useless(or heavily discouraged) for people without a google account.
(Edit: this is rather a negative comment but its out of frustration -- I want to use it!)
That page also states "Advanced users with special needs can download the Signal APK directly. Most users should not do this under normal circumstances." which IMO is a very good point. Downloading random APKs from the internet is rarely a good idea...
Yeah you can search for it but it's not obvious from the site. I just think it's a shame that it's touted as open source but they don't appear to have given much thought to the open source demographic. It's not on f-droid.
They have given it thought, and have purposely decided not to distribute it through f-droid [0]. Yes you have to search for it, but if you are savvy enough to use un-googled android, you will be likely able to find it.
Telegram is only end-to-end encrypted in a feature called secret chats. Groups and channels and individual chats are not end-to-end encrypted.
In other words, Telegram doesn't even deserve to be in the same conversation. Even if it had the best encryption out there (however you define that), that wouldn't mean anything when it's not used in like 98% of the cases (percentage pulled out of my ass).
It's like comparing Signal to Facebook's Messenger, and I'd still say Messenger over Telegram because at least it uses Signal's protocol under the hood (I believe the feature is called hidden conversations) instead of inventing its own thing and ignoring the expert opinions.
Because at least according to the Threema devs, doing e2e multi device in a secure and anonymous way is not trivial.[1] Maybe matrix solved that problem, maybe they don't care...
I guess it depends what you need and what is "secure and anonymous". Matrix probably leaks a ton of metadata.
In practice it works by each device having their own encryption key and then those devices are bound together with a cross signing key, so your peer can robustly identify all your devices at once (and the list of devices can change as long as they are bound by the cross signing key). Certainly the server is able to correlate device ids (and thus keys) and IPs.
The way threema does it sounds a bit how room encryption works in Matrix amond multiple clients.
Seriously? Both only have crappy web apps that you basically tunnel messages through your phone (at least that's what I remember) and are tied to a specific mobile device with entire companies being built around the apparently extremely complicated task of moving WhatsApp messages around.
Meanwhile, the Telegram desktop client is at feature-parity with the phone app with both running entirely independently on as many devices as you want.
Signal messages are not routed through your phone. Reach has it's own independent queue and the phone can be off and you'll still receive messages on the desktop client.
I would also state that it is unfair to compare an app that doesn't have to worry about your privacy and solving real engineering problems vs basically making a web app that can easily sync your data because it's all stored on someone else's computer.
If that's the level of privacy you're setting you may as well use email for communicating. It's federated, it's easy to use, and everybody has one.
All that said, I do agree the Signal desktop app needs some work, but they'll get there eventually, and in the meantime I don't have to wonder if any of my data will be leaked to anyone outside of my intended recipient.
Funny you say that because Signal is the one with a crappy Electron app which is definitely a deal breaker for me. I mean I lose E2E with Telegram but gain really well designed and featureful platform apps that are native and non-gimped desktop apps (and a functional linux client. Signal's Ubuntu client just crashed for me).
I don't think you can even use the same Signal account on two different iOS devices, much less desktop. Their desktop apps just link to the phone's app.
WhatsApp is a total joke, it loses media (IIRC this includes audio messages as well) people send you after a very short time even when you use it on a single device, so talking about multi-device usage is completely out of the overton window.
Good point. I use irc more than any other IM and nobody ever complained about lack of e2e there. When the usecase is more about meeting new people it doesn't apply as much.
One thing to note about Telegram's secret chats is that they're device-specific. That is, if you start a conversation on your phone, you can't pick up that conversation on your laptop: https://telegram.org/faq#secret-chats
IMHO, Signal main advantage is that you can sell it to your parents and friends like "WhatsApp, but safe".
It tries to have feature-parity to WhatsApp; looks the same, works the same. All this while researching innovations on cryptography that doesn't compromise user experience too much.
In my experience, doing exactly what WhatsApp does (but safer) makes it an easy sell to people around me.
True, though Signal annoyingly wants the user to also enable it
as SMS app. From my own experience with relatives this can lead
to a lot of confusion among non-technical users, for example
when they try to send a picture to a contact and it fails
because that contact does not use Signal. From what I've seen
Signal does not clearly show a difference between those two
groups.
Other than that it's definitely a great alternative.
IMO it works just as well and unlike Telegram it's actually credible... The telegram crypto is an absolute disaster and they have been pretty shady and defensive when asked about it in the past. Not to mention the back-end is closed-source. Also, the desktop clients still don't support encryption, many years after it's been first requested.
Do you have some links regarding their disastrous encryption? The security guys i know speak highly of telegram and AFAIK it has been open sourced recently, but i am open to new information.
The Telegram backend is still closed-source as far as I know. The problem with their crypto is that nobody really knows if it's secure or not because it's closed and unverified.
Ever heard the first rule of encryption? "Never roll your own crypto". Well they broke the rule and they won't let anyone check if the crypto is secure or not.
Not to mention encryption is off by default and your plaintext messages are stored on their servers...
Stored on different servers in different jurisdictions, right? Sure it's not ideal if you want maximum security of your data, but it _is_ a huge difference from simply storing plain text.
Hardly comparable in terms of usability. But then, WhatsApp isn't that good compared to Telegram either. In fact, I wouldn't use WhatsApp at all if various communities wouldn't host there group-chats I belong to. So I don't think usability has that much to do with your ability to switch. And supposed "security" has almost nothing to do with it whatsoever.
So I personally don't even know if I'll keep fighting for my privacy and stuff or if I'm going to give up now. I don't want to, but I honestly don't imagine how on Feb08 I will be telling people who aren't my close friends or co-workers, but communication with whom is really valuable to me, that I refuse to join any WhatsApp group chats anymore, so they will have to notify me about anything important (important to me, in he first place!) personally via SMS, Telegram, email, whatever. Especially now, when people are forced to communicate remotely and stuff gets cancelled/renewed/delayed because of another round of idiotic government regulations, so if I'll fall out of these communities, I'm pretty much left in the vacuum and won't know about anything that happens.
> [The spokeswoman] said there will be no change in how WhatsApp shares provides data with Facebook for non-business chats and account data.
That sounds a lot less alarming, in the third to last paragraph, than the headline or first few paragraphs?
Don't get me wrong, I ditched Facebook years ago, and wouldn't use WhatsApp but for family and a pre-Corona club I wouldn't have (much at all) contact with otherwise. That quote just makes me much less annoyed than my initial reaction was. Which is of course her job, but assuming it's true...
WeChat banned me for an hour for violating the ToS, and it wasn't clear what I violated.
I use LineageOS for privacy reasons, and intercept various things I consider to be privacy violations.
I very much disagree with these ways of operating, for systems that monopolize human-to-human communication. We live in a bunch of walled garden communication apps, people don't use any open systems like e-mail and phone anymore, and those walled garden apps bully us into giving them data? They are all starting to behave the same way.
WhatsApp has such a strong network effect, that a wholesale move off is very difficult. I asked my immediate family to move to Signal and they agreed.
Then came the question - can we talk to people on whatsapp using signal because friends, aunts, uncles, cousins who live international all live on whatsapp. Moving your network, their network and their networks network becomes quite the task.
While the network effects are there, I do think messaging networks are less durable than social media networks, because you can take your contact list with you across networks.
Naively it seems like the problem that will make progress at both ends with the right spark. As I image it, soon enough someone else will have already convinced part of your network to make the move.
People, in general, don't have a qualm about installing another app when it's recommended by someone they trust.
It has been said that companies that build rely too heavily on the public, free API’s of another service are doomed when that service decides to monetize those API’s. See, for example, API users of Google Maps.
I think we are now at the point where this applies to individuals. If a person or group of people rely too heavily on a single free service then they’re going to feel pain when that service finally decides to monetize.
There are no free lunches. All these “free” products out there that seem great have Venture Capital investors waiting until the day that the service reaches a critical mass and they can flip the cash-generating switch.
Its worth remembering that whatsapp used to have an annual charge, and it grew successfully with that. The charge was only removed once FB bought them.
Personally I don't know anyone that started using whatsapp after the fb purchase, so they were all happy to pay for their use of a messaging app.
That's not entirely true. They did charge something tiny to use the app (I think it was ~$2/year) but in many countries (outside the US where they were much more popular) they didn't block users who didn't pay. If you didn't want to see annoying reminders you would just pay and get rid of it. Many people I know never paid.
i paid for whatsapp back in 2012. it was a paid app on the app store. it wasn't much - $1, and everyone had to pay for it to download. later they made it a free app. i am more than happy to pay for a messaging app for myself and my close family, and i dont like the idea of sharing the data with fb. there needs to be a paid alternative.
On the other hand, you will have an absolute pain trying to transfer messages to another device. To move from one android device to another you have to manually make a database backup (hope you didn’t lose your old phone!) and copy it over to a new phone. Moving from an iPhone to another iPhone is slightly better since you just have to have both iPhones and then the app can sync the data across. However if you try to move from Android to iOS or vice versa, you are absolutely screwed. There is no way to get your data transferred to your new device and there is no way to get your data out of signal, even the database backup the Android app has doesn’t include everything. Say what you want about WhatsApp but at least thanks to GDPR my data isn’t permanently trapped in one app forever with no way to get it out.
I had paid for at least one year (just $1), may be two (don't remember exactly). I would be glad to pay more, but Facebook played a big game and now we're all stuck with it because at least in India WhatsApp is almost a necessity.
Thankfully in Russia it is not. Some people prefer it for some reason but there's no hard requirement to have it to be a part of society. I haven't even bothered to set it up on my new phone I bought a month ago and there was no discomfort resulting from that. Though I do still need to download my data and delete my account so people won't even try messaging me there.
Great for you! Here everyone (including the carpenter, plumber, bank/finance people and more) almost expects you to have whatsapp. Even some of the biggest businesses are on Whatsapp offering product/order updates, customer service and more. Not to mention every friend of yours would constantly pester you to be on it. I guess one could live without it, but it will be pretty uncomfortable and you'll lose touch with almost all of your friends and relatives.
Here 99% of my messaging with real people is covered by VKontakte and Telegram. I can't even fathom using WhatsApp for any kind of serious communication because of how inconvenient and unreliable it is. "Can't download media, please ask them to send again", my ass. What kind of engineering does even lead to this?! And the fact that I have to use my phone while sitting in front of a computer is a non-starter. The web version still uses the phone and occasionally wipes itself completely so you have to set it up again.
They didn't monetize it because in countries like India if you were to monetize it most users would stop using the app. This I guess is the alternative. Thing is there is no reason to believe others apps won't do the same in the future.
I have to say that prior to being free of charge, it wasn't nearly so popular in most markets. Viber was king in my country and individuals still used SMS outside a "messaging of last resort" use case it has become.
Been an iPhone prisoner/beaten-wife/lover since 2010. Whatsapp charged $1 per year for update. Happy to pay that in exchange for knowing that my familyand network information and more importantly info about my kids won’t be sold for pieces million times a minute on the digital ad auction markets.
IIRC they charged for the app download on ios, and on android the initial download was free, but with a promise that they would start charging an annual fee soon. But that never happened. They kept extending the deadline and then got bought out.
This is what I remember, tho I guess it’s possible they changed the terms for new users. But I bought it in late 2009, IIRC and it was either $0.99 or $2.99.
Profit/monetization doesn't have to be bad. There's nothing wrong with money being exchanged for a service and both sides are satisfied. The problem is when that monetization is based on something else than money (such as personal data) or that the company abuses their monopoly position to force people into an unfair deal.
The solution isn't to say "profit = bad", it's to break up monopolies or force interoperability and forbid certain forms of "payment" (such as exploiting and reselling personal data) that are deemed nefarious to society.
That's why I'm still sceptical of Signal. It's free as well, paid for by donations but still. At the end of the day I'm not the one paying directly for the service I'm using.
Signal is "owned" by a non-profit. They can't be sold to a for profit, they learned their lessons from WhatsApp.
Lastly, Signal doesn't collect/store any of your data on their infrastructure other than a few hashes required for operation. WhatsApp/facebook on the other hand collect, and likely keep, forever, at much metadata about you as possible. The only way to pay for this free storage is to stay more data so they can target you for advertising dollars.
This doesn't guarantee that Signal will live forever, but at the very least they've learned from previous mistakes and have taken actions to address them.
That's what I was afraid of - in the US, non-profits can be converted to for-profit. So here, Signals non-profit status for its owner shouldn't be relevant to us.
Damn. I really like Signal and it's still a cut above most, but even they must realize the US is a pretty poor place for such an organization compared to, say, Germany or Switzerland?
You would only be able to fork the client, not the network. Signal doesn't want forks or third party rebuilds e.g. from F-Droid to connect to their main network.
Most people use these apps for the network. The app without the network is useless, but any fork would initially be in this situation.
The signal server is also open source. The absence of federation does mean you would also need to get all of your contacts to move to a different service as well, but it is better than a proprietary system. I do wish Signal was more open to federation and/or alternative clients though.
In a way, except that there is no link between my usage and a payment, do you know what I mean? If I paid even $1 a month, I could sleep well knowing they're promising me X in exchange for Y.
With a donation it just feels like I'm rewarding them for their high level promises/values.
I don't know, maybe I'm overthinking it.
Other people who run on donations: Public Radio, The Red Cross, all government services, all religions. It's fine to be skeptical of how they use their donations, but don't be skeptical just because that's their funding model.
Your example of religions is also suspect. To be blunt we perceive it that way in places and times where established Churches are legally independent and separate from the government. It’s not always and often isn’t true, or at least isn’t the case by default in some places.
Taxes to pay for government services are more like protection money than donations IMHO. If I were to stop paying, some angry people with guns would eventually come to my door to take me away.
The protection you get isn't a racket, it's a system that enables you and others to live in a society. If you don't want to live in a society, best of luck to you.
"Protection money" means somebody is illegally forcing you to pay for something that you don't want or need, solely to enrich themselves. But it's not illegal if it's literally the foundation of the society.
Democracy is the most expensive system of government. It has to be paid for or it doesn't work. It's paid for with taxes. It's not protection money, it's fuel for a life support system that you and everyone else is hooked up to.
In this case taxes are paying for the protection of a democratic society, which you can fairly reasonably call protection money.
I mean was it legal when the local Baron came and levied a tax on your wheat? Under the King’s laws, or maybe it was just tradition, but if the alternative is you’re killed and your land is taken and given to someone more loyal, then you just had a tax levied upon you and the payment was your life.
Similarly, merchants which snuck into cities rather than paying the tax at the gates were not entitled to protections from whoever was the guarantor of laws, a city guard or the like.
So what’s going to happen if you don’t pay your taxes? Turns out the IRS, the States and the equivalents in other countries have legal means of taking what you own for what you owe. We can discuss the tradeoffs on this, but in practice it’s not overly different from a Duke or a King or a mobster. What’s different is the process, the expectancy of it, and the legality.
At the end of the day, what we’re paying for is the protection of our police, fire departments, Armies and Navies.
One is a google-style lock into an ecosystem of free apps that a company can monetize at any time. Stay away if possible: the users will be milked sooner or later.
The other is openstreetmap-style set of free data that anyone can download anytime, plus some apps (maybe free, maybe not) using it for some function. I see no problem with it as the lock-in is highly unlikely because the main feature (say, map data) is always available. My 2c.
I agree there is no free lunch. But for that I don't want to sell everything & stand naked. Instead Whatsapp should introduce features on top of their platform - like Payments and make money out of that. Or add a throttle on number of messages people send per day or something. No free lunch is not an excuse for stealing data.
I believe you may have misunderstood my post. I’m not excusing Facebook’s actions around their users’ privacy (or any of their crooked actions for that matter)
I’m trying to encourage people to remember that this is what these companies do when we use their services for free. They seem to think they are entitled to our private data and they are beginning to respond harshly when we try to keep what is rightly ours to ourselves.
There is a free lunch, it just doesn’t last forever.
Use a service until it’s useful, then be prepared to leave when you no longer agree to its terms. The average user will go through many social networks and apps throughout their life.
This is some mafia shit. They're holding users data hostage behind a click-through acceptance of their altered terms. You can either pray they don't alter the deal further, or get the fuck out, abandoning your chat history and social connections.
Tricked people into giving up info they trade like commodities so they can buy more useless crap in life.
Fortunately, it is generally expected Harris/Biden administration will come down hard on these companies.
then again they are wall street people so we will have to see if there's a recession (The simpsons predicted a global recession after Trump administration)
For people looking to switch to Signal without Google Play services on Android (apk installation), the best way to fix the websocket battery drain is this:
Unlike Telegram, WhatsApp, Element etc. which work fine without Google, Signal devs have repeteadly refused to make improvements to the "always-awake" mode which happily eats 40% battery.
I either do not have this issue, or it doesn't show up for me on the battery usage page. Are you sure it is widespread? (I have no GAPPS, LineageOS 17.1 -- on Galaxy S4).
With that said, there is some work being done towards a FLOSS replacement for firebase [1]. Gotify can be used as a backend [2], among others ([3] too, I think). Not ready for prime-time, but almost, and development started pretty recently (mid-December).
It seems to be some very specific bug as neither me nor my contacts seen this happen on their devices. We've been using it at work quite often with people having different devices. On mine it shows 2% battery drain atm.
What I don't get is this, there are real-life people working at these companies. What are the managers and developers at Facebook/Whatsapp thinking? Are there hi-fives in the hallways to celebrate the impending win?
I have worked on many a project in my time, and I can't think of a single instance where we knowingly screwed over users or clients. Our teams' goals have always been to make the product better. What's going on here? I am honestly curious.
Semi-intentional compartmentalization could explain it.
Ads: we could increase revenue if we had access to WhatsApp data, but that's Product and Legal's call.
Product: Ads asked us to access WhatsApp data, but we're just facilitating between them and Legal.
Legal: Ads and Product asked us to change the policy to allow access to WhatsApp data.
Nobody being willfully malicious, just not asking certain questions, and the gaps between departments obfuscate the whole thing.
Maybe these privacy policy changes are not super scary yet (honestly, it's difficult to even read the thing since its littered with legalese traps that confuse me). And at least end-to-end encryption still seems to be on the table, but where are they headed? WhatsApp is so easy to use that most people will just click "Agree" and trade their privacy for convenience.
Messaging in the Netherlands almost universally runs on WhatsApp these days. Nobody uses text messages anymore, understandably, but somehow we all ended up on a platform run by Facebook. "Whatsappen" (messaging on Whatsapp) and "appje" (short for WhatsApp message) are even official words now. Need to contact a friend? Send an appje. Need support from a company? Send an appje. Need to send a message to your team at work? Send an appje in the group chat.
Has anyone managed to get their contacts to switch to Signal? I can't even get tech-savvy people to switch, since they always seem to find some minor annoyance that makes them instantly dismiss the app and go back to WhatsApp.
WA is so deeply ingrained in the Dutch society, we even have this all over the place: [0]
At this point it's just a lost cause. I have some friends on Signal and use NextCloud talk (my own server, yay, still waiting for federated chat to chat to other servers), but so many "official" things are on WA, children's birthday parties, school announcements, sports related announcements, neighborhood announcements. We are really too dependent on WA, and you know, based on WA's original promises this wouldn't really be a problem. Now it is, although I fear I'm one of the very few that sees it that way.
Yeah, I do hope the EU (and your government) do(es) something about this, I feel betrayed because WA became dominant here under very different terms and conditions.
FB: "Yeah we are just going to buy this platform with a privacy focus that everybody loves and grew dependent on and turn it into FaceBook." I don't even understand how that is legal.
Anyone know of a way to backup everything from whatsapp, including video and voice messages? I have 5 years of messages between me and my wife on whatsapp i'd like to preserve some how before moving off.
Seems to be possible unless you live in Germany, just follow this guide [0]. If in a EU country, I wonder if you could also submit a data subject access request (I'm not too familiar on GDPR).
I don't know.
I live in Germany and the files are also stored in /sdcard/WhatsApp/
And also the message databases are under there, ready to be copied and decrypted.
You can also access the unencrypted messagestore database, if you have root access.
For me, it is located at : /data/data/com.whatsapp/databases/msgstore.db
My friends & relatives in India are outright offended when I say that I don't use WhatsApp and so I cannot join their groups.
Businesses here have started using WhatsApp as an alternative to SMS, email for sending spam to important package tracking information (without prior permission).
But I see this as the best opportunity to convert some of my contacts to Signal/Email as this stays in mainstream news for a while(but quite sure that almost all of them have clicked 'Agree' to T&C banner showed on WhatsApp when they woke up morning without giving it a thought and I'm certain that's exactly what FB intended).
I do not know whether to feel fear, sadness or shame on the type of power WhatsApp/Facebook holds only my people.
The protocol isn't really the root issue with interoperability. It's identity. As a start you should be able to easily use your verified identities across the different systems.
Signal would probably be a poor base for an interoperability standard. Which flavour would you use? Signal Messenger, Matrix, OMEMO and allegedly WhatsApp all use the Signal protocol but can not interoperate at all.
Signal Protocol is also more complex than it needs to be. It has two levels of forward secrecy for example. It is basically all the crypto geekery of the last few decades packed into a instant messaging protocol. Something intended as an interconnection standard should be as simple as possible.
Simple as possible?
Than use email.
The security of the signal protocol is necessary if you look who all wants to read the data.
The EU wants to practically abolish encryption so that intelligence services and authorities can read all messages.
Do people still believe that Facebook doesn't collect data from the apps owned by them? Hell even the apps that is Facebook SDK send user data to Facebook even when you don't use facebook owned apps:
How about pay $1 / year to opt out of all data sharing?
I foolishly installed the Facebook app on Android for a while. When I asked for a data dump from Facebook I was amazed at the amount of data it had stolen from my phone, including full contacts list. It sounds like that is exactly what Facebook are planning with WhatsApp.
I'd pay $1 / year to opt out of that and be the customer rather than the product.
Few years ago we discussed these numbers on a pretty popular (top 5 of its kind) local pic-and-discussion forum. Devs said that an average user brings around $2 in a year (including those using adblock, etc). I sent them around $8 and they turned off any ads for my account forever. I could just continue using ad blocking, but they made that “hey you’re using” header that annoyed me on mobile, where it is hard to “pick an element”. Of course their income/user ratio is not comparable to youtube’s one, but they meet their ends well, and also have much much lower megabytes/user ratio. In infra costs they may be even more profitable per user than youtube (just a blind guess).
Only difference is that we've learned that third-party ad placements are much lower quality and barely worth the ad spend. YouTube ads are highly valuable since they're effectively first-party and will offer high(er) assurances of whether clicks are legitimate. And, as mentioned below, people willing to pay for YT Premium are probably more valuable than the average viewer.
80% of population is worth $5 and 20% is worth $30 ; but all of the YT premium subscriber are from the 20%, so despite the average only being $10, offering it for less than $30 will lose money.
Ah true, for US users it would be a lot higher. Seems to be around $10 billion per quarter of revenue for US and Canada[1], which means around 15 per user (for around 250 million users[2]. You weren't that far off! That's definitely a lot more than what the gut feeling I had was (which is why I just googled the first stat that seemed to align with my hunch - classic mistake).
The sooner they take such actions the better it is for everyone in the long run. Someone somewhere will come up with an alternative that is better than anything we have today. And sorry but Signal is not the pinnacle of messaging.
I like what Matrix is doing but they are far away from becoming mainstream. Within 2-3 years a new platform will rise and it will fix flaws of existing messaging apps. This will then be followed by social media but it might take another 6-7 years to fix that mess.
God dammit we've had standards that work. Apple and Google are responsible for killing all of the decent messaging protocols by censoring the clients from their app stores.
When smartphones came out people modified IRC with support for push brokers and message replay but because of app stores this means push brokers for community maintained clients have to be maintained by the individual volunteer paying (yes! paying, shut up about the free dev accounts they don't allow you to send push notifications) for the "privilege" of submitting the app (meaning they have low to zero availability.) The relay Mozilla maintains allows servers and users to choose who brokers push messages but Apple and Google screw over their users for profit and this is the result.
This is a stretch for Android at least, Google charges a one-time $25 fee for a Play Store developer account and provides unlimited push notifications for no extra charge.
I just installed element today (the new name for riot)
It’s interesting and may have some features like rooms that will build interest outside of just being an IM tool. I do miss the days of AIM/Jabber/Google Talk/ where everything just worked. Bringing that experience to phones should be the goal rather than jumping from service to service.
My friends from Europe and Brazil are locked into WhatsApp, my American friends seem to prefer FB messenger. They’re really using 2 versions of the same company’s products which are “incompatible” at this point. Facebook could make them compatible with one another and with each other only OR they could do the socially beneficially thing and use an open protocol. Unless employees at FB push for this, they’re likely to take the former route.
I don't give access to my contacts to any app. And I don't give any access permissions to Signal. Signal must make it easy to invite friends without giving access to contacts. A simple Copy invite message with a mobile install link would be great – so that I can paste it into whatever groups I'm on and as my status message.
I mean, it’s annoying, but I’m at the point where I wonder if it does matter at all. I don’t let WhatsApp access my contacts or photos. I tried very hard for a long time to not give Facebook my phone number. But if any of my contacts agrees to this, my phone number is given to Facebook (without my consent). So, what are my options really? Delete my account? And then what? My number will be given to them anyways.
I don't have a big problem with Facebook having my number, or knowing who 95% of the people are who have me in their contacts. But it is important to me that the contents of my contacts database is private so that I can be trusted by the other 5%.
Is this Riot rebranded? Huh, it seems I'm out of the loop.
Yeah, Matrix is great. I was probably among the first people to install Riot, but the grim reality is nobody (well, one geek-friend of mine and his wife) uses Matrix. Look, even I was surprised when you mentioned "Element": thought it must be some new messenger I didn't hear about...
But I'd surely rather like people to promote Element here, not Signal.
2. Technical lingo like "verify other session" and some buggy emoji shenanigans confuse people. The only passable device linking, based on scanning a QR code, is between Element Desktop and Element Mobile, but...
3. Element on iOS is absolutely awful. The worst interface I've ever seen. Extremely busy and convoluted. Rows of horizontally scrollable icons, duplicated as lists? Chat views where spacing is all off? It doesn't work for small group chats and doesn't work for large public chatrooms.
4. Element on iOS won't play GIFs. Element on Chrome/Electron only uploads the first frame of a pasted GIF. This was actually a deal breaker for my social circle.
Frankly, just compare the user experience of Keybase and Element. Keybase got it right.
I found the encryption really cumbersome. Like I just downloaded the app and its asking me to authorize my account from another Matrix client that I've previously signed into or I won't be able to read encrypted messages people send me. But I'm pretty sure I uninstalled those other clients so idk what to do there.
Also I've previously had the Android app crash and throw Java stack traces, but that was an older version.
No messenger is secure. You never know if the code that is being run is the same as reviewed. If you want true privacy, then you need to encrypt messages yourself (with e.g. PGP)
Signal messenger uses reproducible builds. You can compare the source code to the app that's published to the app store to confirm that they're being honest.
I don't know if any other competitors who do the same. As Signal messages are end-to-end encrypted, Even if their servers were compromised, your messages would still be secure. As they use a rotating key, unlike manually using PGP, even if one of the keys was intercepted, they would not be able to decrypt any of your other messages. Using PGP, if someone steals your private key, all your messages are now vulnerable.
I use Signal to chat with my family and friends. I use sms or an in-house service to communicate with colleagues. I only use WhatsApp with my gf. I don't have fb or Instagram. What effect does this policy change have on me? Obviously, fb will receive some data on me and my communications with my gf, connecting me to her (extensive) network on fb, but how worried should I be ?
(1) claims that Facebook promised Whatsapp would not be monetised, and that Facebook and and Whatsapp's data would not be combined. This information was also provided to European antitrust regulators
(2) missed out on $850 stock option grants vesting by quitting early over disputes with Facebook about monetisation strategy
(3) promoted #deletefacebook on Whatsapp following the Cambridge Anlalytica scandal
(4) Donated $50m to the non-for-profit alternative, Signal.
WhatsApp was an existential threat to Facebook in every country besides the US. They had the data to prove it, obtained from real users via FB's Onavo VPN service. Facebook Messenger 3.0 was to WhatsApp as Google+ was to Facebook (the product), and when the usage numbers weren't going the right way they gave up and bought them out before the gulf got even wider.
Textual messaging is a low-data-use (accessible to the cheapest phones with the smallest data packages) entrypoint to capture a person's social network so you can have other opportunities to capture them again and again with other services in the future. Facebook saw India as an especially huge burgeoning market at that time (hence Internet-dot-org / Free Basics), and afaik WhatsApp is ubiquitous there.
Does it never occur to them to say "Maybe the reason we're under attack is people want more privacy and control"? Not double down and take away people's options?
Zuckerberg is a Utopian. Like all Utopians he sees any disagreement as the other party being too stupid to see what's good for them, so they only rational answer is to force them to do "what's best".
Facebook and by extension Whatsapp needs to be regulated.
Also, I'd be happy to pay for Whatsapp but then they need to isolate themselves from Facebook/third parties and slow down with the feature creep. It works great for what it is. If they mutate the thing further, it's going to become a gross/convuluted app that tries to cater to all use cases.
I'm in the EU. WhatsApp showed me a screen about new term of service right now. There were two buttons, Agree and Not Now. I tapped Not Now, it kept working.
Interesting. I am in the EU as well and got the new terms of service screen. Only an Agree button, but I could avoid agreeing (I hope) by clicking the cross (X) at the top of the dialog.
I'm in the EU and clicked agree before I realised the implications. Now I want to withdraw my consent, but there doesn't seem to be a way to do this. Am I overlooking something or is that not possible (which would violate GDPR)?
They were not asking for consent in the meaning used by the GDPR. They are merely "asking" you to agree to updated terms, i.e. their contract with you.
GDPR allows processing of data under various legal bases. They use consent (opt-in) only for things like accessing your camera. For sharing data with other Facebook services, they rely on a "legitimate interest" (opt-out) instead. In theory, you might be able to object to processing under a legitimate interest, but they make it rather cumbersome. Which processing activities they perform under which legal basis is actually well-explained in the privacy policy, if you manage to find the correct section (it has a rather labyrinthine structure).
This would be the perfect time for the team behind Signal to make registration through username available, for those who don't want to give their phone number away but would otherwise make the switch. Think about it: competitor gets a closer grip on its users' privacy, while we fortify it instead.
I finally deleted WhatsApp, even if here in Europe it’s the ubiquitous messaging application and maybe things will be a little complicated at first. I should’ve done this long ago, the same day it was bought by Facebook.
Anyway we have so many ways to communicate with one another that if someone wants to reach me he can, probably it will be less a big deal than what most of us think.
If all of your tech savvy friends disappear from WhatsApp in a matter of a couple of weeks maybe some other people might follow... I kind of hope in a domino effect right now, let’s see how it plays out!
Is there a possibility that we (us at hn, pro-privacy) are all just paranoid and the worst case scenarios we can imagine are never really going to happen ?
I am a heavy advocate of privacy and the main driving factor for these conversations in my friend/family circle. Trying to get people to a different platform since 2 years now (they did and came back), so now I wonder if I am just wasting time really for a apocalypse that was never going to happen.
The worst case scenario has been happening for years. Didn't Snowden teach us about how these platforms are a gold mine for shady government agencies and oppressive regimes?
And let’s not forget organised crime. It’s not beyond reason that some of the larger organisations could get their fingers into this.
I think in Europe we are more aware of these issues because shady organisations in the past have been able to get their hands on government files and use them for nefarious purposes.
I mean the advent of business computing was very literally the systematic eradication of 6 million Jews.
IBM's custom designed punch cards and the absolute openness of census records (church books are rarely encrypted) was the only reason the third Reich was ever able to census all European Jews and then systematically deport them in any reasonable time frame.
That is obviously very different from new WhatsApp TOS, but this incredibly prevalent opinion of "Well, nothing really bad regarding privacy and tech did actually happen, right?" irks me a lot.
I’m pretty fricken sure they would have worked around not having that specific punch card tech - it’s like saying 9/11 wouldn’t have happened if Linux didn’t exist because the taliban used Linux systems
I was barely awake, and saw the popup this morning (I'm in EU) and with my sticky eyes, I couldn't see how I could send a message without accepting the popup
So does anyone know if there's a way to revert the agreement?
For me, there was also a clearly labeled "not now" option right next to the "agree" button. I quickly clicked that "not now", option (I didn't have at that moment the time to review a pair of long documents), and now I have no idea how to make the popup show again (so I can read these documents). I hope this doesn't mean my account will be banned in a few weeks.
Everyone here seems to be mentioning how they want to move but cannot move because of the network effects.
Even for me, my kids school sends updates on WhatsApp. Bank also sends its updates on WhatsApp etc. But I have avoided using WhatsApp for these purposes. And so far I have survived. Because almost all businesses don't rely exclusively on WhatsApp. Atleast in my case. They send emails, SMS messages etc. It's not as clean as WhatsApp. But everything has its pros and cons.
If we really want to move, then I think we can move. It will be a little harder to start with. But then something better will hopefully come across. Tech has always filled gaps which come up.
The WhatsApp app on my phone already has permissions to access my contacts, so presumably they're already on WhatsApp's servers - how would I go about removing this information before February 8th?
Signal. Open source, non-profit, very good privacy defaults. Telegram seems even worse than whatsapp to be honest because they don't even have encryption on by default.
Telegram always has encryption, just no end-to-end encryption by default. This is a privacy/convenience trade-off. When chatting about groceries/memes/latest Netflix releases, you don't really need E2EE that much, and chats without E2EE are synced to all devices in Telegram, including a fully-supported desktop app.
I get this argument, but for me, needing to moderate conversations "chatting about groceries/memes/latest Netflix releases," to make sure they don't edge into discussions I'd _really_ rather have E2E encrypted is something I just _know_ will go wrong for some of the participants in chat sooner or later. _That's_ a convenience tradeoff in favour of E2E by default for me. (But yeah, not for most people...)
I'm willing to bet you money that virtually nobody adjusts their privacy settings based on topic of conversation, especially not non-tech people which is almost all users. I don't think I've ever seen anyone chat with their girlfriend and go "hey, grocery talk over, switch to e2ee now". Defaults matter and I'm certain almost no telegram conversations use e2ee as a consequence, with private info or otherwise. It's important to have it as a default and to tell people why they should use an app that does.
It’s also important to have an option to turn it off, to benefit from mass-grouping (whatsapp limits groups to 256 users, lurking or not), chat history (new group participants can’t scroll up in whatsapp) and easy continuity (phone/pc job use case). Also it is not clear if whatsapp implements the same:
as telegram does. E.g. whatsapp seems to only have an option for 7 day self-destruction, which may be too long for some use cases, and no instant destruction. Neither of two are superior privacy-wise all things considered, but stating that always-on e2ee is a most important thing is probably naive. And then you have tg bots, ui/keyboards, stickers, etc which for a regular user outweigh the security area entirely.
Also your virtual bet is lost because every time my circle discusses ‘hot’ topics in telegram (company issues, lawyer/audit-related chats, recreational drug use, etc), we go secret and warn users who do otherwise. We can’t check whether that is common or not, because those who have to be ‘secret’ may resist to admit this activity.
I prefer Element, but apparently it's not popular enough even among HN users, so don't even hope. Signal is popular among the HN users, because it was hyped for a long time by tech-journalists as a pinnacle of secure messaging, but as an app it's even worse than WhatsApp. And not very popular outside of HN. Telegram is very popular in Russia&neighbours and only mildly popular in Europe, even less so in USA. Arguably the best of 3 in terms of usability, HN users don't like it because it has some non-standard e2e encryption, which is not enabled by default in private chats.
Also, FYI, Telegram is going to introduce some paid features soon, but it's not completely clear what they'll be. There just was some talking about that's it about the time they are going to monetize it, but I'm not sure if they announced what exactly becomes paid and what doesn't.
Prefer Telegram. My p2p communication is minimal and I manage dozens of groups with thousands of members. Telegram not only handles this but provides a lot of tools to manage groups effectively.
Not sure if it still applies to the latest version of Android and WhatsApp but it might help. However it only mitigates certain real-time tracking and contact discovery, not to mention switching profiles is somewhat of a hassle.
FB: If we're not allowed to track you across the web, we'll use your data captured via our properties to make more money from you via targetted advertising.
fun fact: they also collect data from apps they don't own but which use Facebook SDK. eg. Opera, Duolingo, Kayak and tons of others. So deleting Facebook app and Facebook account doesn't do much as you think it's does.
Host list blocking only works as long as the apps use your host list. Very soon, every app which has something to hide will use DoT to the DoT servers of its own company to look up every host name.
I like Whatsapp, and this change seems in line with what Whatsapp always has been. Of course I'm always wary of advancements, ready to uninstall it if really bad news arrive, but in general Whatsapp has been respectful of its users, especially those that are privacy concerned.
They hired a lead developer from Signal to implement E2E encryption, its functionality is almost completely transperent, which reduces the need to inspect source code to understand functionality. The most severe of privacy criticisms have amounted to "Facebook knows who you message and at what times you message", which is a very good position for a 2B user platform to be in, since it doesn't read message contents.
I have tried Signal, but I cannot recommend it to family (yet), since I don't find what they do with metadata harmful, it's just a price to pay for the otherwise free app, like advertisement. Anyone who has recommended Signal so far sounded like an inflexible Stallman fundamentalist. I reserve my voice for other more serious incidents, if there is a successful warrant for message contents or if there is ad targetting based on message contents, then I will start sounding the horns, but for now: Meh.
I will stop using the fucking app. It is time to change tech industry and to actually charge for a product other then to sell the users. Let's stop this!
On one hand I never read through any TC or license and never agreed to anything in them. I'm just clicking buttons to be able to use the app. Often I don't even read the text on the button. And I think most people behave this way.
On the other hand as tech savvy person I have no expectation about what happens to the data that I enter into the app beyond expecting it not to be immediately published for everyone to see unless that's what the app explicitely does.
I know data I entered might be viewed by unspecified number of people all over the world during normal operation, and that this data might be published at some point in the future. I'm hoping none of the unknown people that can view my data knows me personally or uses this data against me.
There's no end to end encryption hosted service I currently trust to do what they say. If I were to transfer information that I don't want under no circumstances to go public I'd have to research what wikileaks is now using for communication.
That's the contract I'm operating under. I think it's a good balance because it's aligned with physical reality.
Anyone have any opinion why Wire didn't take of? E2E, good functionality (chat, group chat, video chat, voice chat, GIF images emojis yadda yadda yadda), multi-device, clients for all major platforms (eg for the iPad, unlike WhatsApp), open source, phone number or email as identifier, audited, Swiss/EU servers, no profiling, no ads...
Can't find any downside, really - except that few people are on it.
Zuckerberg while waiting to see if FTC would clear the deal: “We are absolutely not going to change plans around WhatsApp and the way it uses user data. WhatsApp is going to operate completely autonomously,”
>The WhatsApp acquisition has raised concerns among some users that WhatsApp would become, well, more like Facebook. Zuckerberg took the opportunity to quiet those concerns, saying WhatsApp would continue to operate independently from Facebook.
>“We are absolutely not going to change plans around WhatsApp and the way it uses user data. WhatsApp is going to operate completely autonomously,” Zuckerberg said. “They might use people and infrastructure to grow, but the vision is to keep the service exactly the same. They do not keep the content you send, and we’re not going to change that.”
I'd like to move my family off of WhatsApp due to these concerns. I've used Signal before, but I am not a big fan of it. I often have to re-register my devices to sign in, syncing takes a long time, and conversations do not persist across devices. I am perfectly happy using a paid service. Does anyone here think Discord or Slack would be a suitable replacement?
Try Telegram. It’s as easy to use as WhatsApp for non-tech family and friends, yet has all the features you want out of an IM without too much of the bloat. It has native apps on all major platforms, and for the techies it has a solid API so you can do fun stuff like write your own bots.
Yes but it does have e2e if you “want” it and for 99.9% of people that’s enough. The other 0.1% who “need” it are more willing to learn/adapt to Signal/Wire/etc.
I use Signal with tech friends, and Telegram with family/non-tech friends. I feel like the latter using Telegram is still better than them using WhatsApp, so I’ll take what I can get.
Jumping out of the Facebook frypan into the Salesforce fire doesn't seem to be a particularly winning move...
(Which also raises the question, whichever alternative you choose, you probably need to evaluate the risk of Facebook (or some equally evil corp) acquiring them down the track. I wonder how likely Discord/Telegram/Signal are to be able to resist Facebook-sized acquisition offers?)
Signal is owned by a non-profit which cannot be sold to a for-profit like Facebook, Google, or Apple. The WhatsApp founder learned the lessons from the Facebook acquisition and improved almost every aspect when developing Signal.
EU citizen here. Not a lawyer so correct me if I'm wrong. :)
WhatsApp uses "privacy shield"[0] to allow it to flow data from the EU to the US.
However, privacy shield was rejected by the European Court of Justice on 16 July 2020 (Schrems II) [1] so we're back to "standard contractual clauses" [2].
There's currently no alternative to Privacy Shield.
I love Telegram because of the wide set of features, because of their bot API and because I can easily use it on any client I want - including Bitlbee. And I like Signal because of its built-in security, although the lack of an API, easy integration into other clients, automation and ease of use from multiple devices prevent me from using it more. But I guess that this is a trade-off to be accepted for having strong encryption and messages stored only on the device.
Let's keep in mind however that these are advanced use cases, and that for 99% of the users these are just apps supposed to deliver text and media from A to B. In 2021 it's not hard to build an app like these, even with E2E encryption and 2FA. Social lock-in obviously plays a role, but I'm really appalled by the scarcity of alternatives that enables companies like Facebook to bully us into reading our private messages for advertising purpose and easily get away with it.
Although the privacy related changes were somewhat expected, the timing and aggresive timeline will likely play out in Facebook's favor.
While giving users a 1 month grace period to either comply (share their data) or delete their account already seems like a pretty aggressive window that limits the ability for users to fully assess options or migrate existing groups/chats to alternative platforms, the short timeline combined with the on-going pandemic, and the fact that WhatsApp has become one of the primary means of communication for many around the world will likely lead to a very limited drop in users leaving the platform as a result of this policy change.
Beyond Febuary, once users have already shared their data, there is likely minimal incentive for groups or individuals to overcome the network effects and move to another platform in the short term.
I’d be surprised if this isn’t just whitewashing some previously shared data.
Also, a preparation for antitrust action - once the data is shared and integrated, even if they are forced to separate WhatsApp, they have all the metadata (which takes 3-5 years to become stale) and now they will have it “legally” (sadly, this extortion is indeed legal. It shouldn’t be)
> Isn't WhatsApp still purportedly end-to-end encrypted? What data is "on the table" when it comes to sharing - just contact lists and phone numbers?
It is, and same is claimed in their privacy policy and ToS. According to the original article it will include, what is already being collected:
User phone numbers
Other people’s phone numbers stored in address books
Profile names
Profile pictures and
Status message including when a user was last online
Diagnostic data collected from app logs
Along with possibly:
Purchases
Financial information
Location
Contacts
User content
Identifiers
Usage data and
Diagnostics
A little more than contact lists and phone numbers.
Dumb question, I assume this means you have to disinstall whatsapp if you don't want Fb to have access to stuff on your phone... but is there a way to freeze and save all those conversations on whatsapp so I can go back later to search for specific stuff, memes, photos, links
There was a political cartoon from the NewYork Times or the NewYorker about pigs in front of a slaughterhouse eating happily and enjoying that the food was free.
And in the background you could see a slaughterhouse with Facebook on its name.
What if I am a WhatsApp user but I do not have a Facebook account? Will Facebook use images from WhatsApp conversations with my friends who do have a Facebook account? So much for "WhatsApp will never cost you a cent"(post acquisition statement)
We need to kill the idea that user growth is a replacement for a honest and legit business model.
This is not just a founders problem - investors are equally compliant since they keep on throwing their money as long as they see that sweet exponential curve.
Once they get tired of seeing their money being lit on fire; they give the founders one option; monetize what you have or shut down.
Since users are now used to your service being free, the only thing you can do is to look at what you have; User data.
At first, you just sell this info to your “trusted” partners because you want to be able to sleep at night, but as the revenue keeps on growing, your investors realize you have a money printing machine at your hands.
At this point you you’ve lost your compass and forgot why you even founded the thing, being stuck at a big table discussing with investors and lawyers how to find loopholes in the new iteration of the GDPR laws, ending the meeting with deciding to funnel a big chunk of cash to lobby the law out of existence.
At this point, everybody looses except from the stock owners. Or maybe you find it hard to sleep at night, because even thought you now have infinite amounts of cash, you lost a part of yourself that day when you threw your entire user base under the bus.
Yes the problem is 'adverstiting based business model' when companies seem to offer 'free services' when in reality they always plan to harvest and sell private data to advertisers. This is what is happening now with WhatsApp and FB so I'm not shocked, it was about time.
What we need more urgently is better open source alternatives that allow us to port out of this wall garden apps easily, that is only way I can see my contacts and data from WhatsApp and other apps migrating out.
The core issue seems to be, that companies want to profit from the information they can extract from communication and governments don't want to create laws, to make end-to-end encryption mandatory and information extraction illegal, as their own law enforcement depends on it.
So the company with the deepest pockets controls our daily communication channels and as consumers we feel powerless due to the network effect.
One way to overcome this would be to make it mandatory that communication services must allow federation. Sure, it would not be a perfect solution, but it would be a lot better than the current situation and should be acceptable by all parties involved.
I live in Europe (France) and I don't have the part "As part of the Facebook family of companies .." in the EULA that is presented to me. Maybe they have different versions and the one in EU is kinda still OK ?
That's a dumb move from facebook unless they are planning to buy every other chat applications and ask their users to share their data with Facebook. I'm amazed that they are asking for it and not doing it already.
Literally noone I know is on Telegram or Signal. Literally everyone is on WhatsApp. Pretty much noone I know cares about privacy, and they're all on Facebook anyway. It's gonna be really hard giving it up :-/
At least they made it unmistakably clear to those who'd prefer to forget it that their tentacles up your every orifice is the price you have to pay for using their "free" products.
Can an iOS dev tell me what data Facebook can gather if I install WhatsApp on my iPhone but disable every permission except the notifications and mobile data access?
And what do those who do not use Facebook or WhatsApp but are in the contacts of those who do?
Facebook grants itself the right to collect data from users whose rights are held by third parties.
Market share of WhatsApp in The Netherlands is somewhere around 90%. It is time for the government to step in here because the free market will not be able to fix this.
I wouldn't really agree here. They are on the same topic, yes, but the Arstechnica article is actual news coverage that explains what's going on, as opposed to the linked page which is just Whatsapp's official corpospeak.
I guess the most valuable data WhatsApp leeches from you is your contacts graph.
Wish Apple would let us choose which contacts to give specific apps access to, like they did for photos.
In the meantime, you can try minimizing what WhatsApp sees about you by turning off access to contacts, using the desktop or web app, and just talking to people via
I was a loyal (and paying) WhatsApp user who would advocate it to anyone I could find. The combination of privacy, features, and ideology was exactly what I wanted in a communication app. Then Facebook bought them for $19B and I knew that, despite any allusions to the contrary, they would want that money back. And you don't get it $5/yr/user.
Either you pay to a service or the service trades you as an asset. Telegram is no exception. You are fooling yourself thinking that you escaped the trap.
What's weird is that I don't know anyone who uses it. This is because (a) I'm an American and (b) nearly everyone I know uses an iPhone, so we all use Apple's own messaging tool instead.
I know some crypto fans who really try to push for folks to use Signal, but there's too much inertia. WhatsApp isn't really on the radar.
It's wild to read how much of a monopoly it enjoys elsewhere.
Can someone ELI5 the ramifications of this change? The WhatsApp FAQ says only chats with businesses are affected.
Also what happened to the "if you're not the customer you're the product" mentality. Do people expect some entities to pay for servers and teams of Android and iOS developers to create a chat app without getting paid and out of pure goodwill?
What would the smart alternative to WA be? Telegram? Line? How can I continue using the WA without giving Facebook sth to work with?
Please bear with me if this doesn't belong here. Normally I wouldn't dare posting on HN (don't want it to become mainstream and have idiots like me gush out their opinions) but I really dunno who else to ask this.
Agree with the other guy suggesting Signal. It's basically WhatsApp, owned by non-profit so that it can't be sold to a for-profit. They've been subpoenaed and the only data they could provide for a user was the phone number that was registered, the first day that number registered and the most recent day the phone number contacted their servers.
I would suggest reading through their blog posts if you're curious about all the work they're putting into ensuring that they collect as little data about their users as possible. they truly are innovating in a field where nobody else seems to care about ensuring privacy first.
This does come at a cost to how quickly user-facing features arrive compared to their competitors, but this is because they think through where you may leak data and engineer a way around it before allowing a feature to go through. That said, at this point it's pretty much at feature parity with WhatsApp, so moving over to it would be a great time to do so.
I'm curious if you've looked into Signal and if you think it's a viable alternative to Threema? Specifically considering Signal is fully open source (client and servers), uses reproducible builds which allows you to verify that the source matches the app you're running, and is owned by a non-profit which can't be sold to a for-profit company.
Not unexpected at all. After all, it is gratis; WhatsApp will jolly well do as they please—until regulators unleash the whirlwind.
On a related note, as a regular Signal user (and I've had a modicum of success converting some friends to it), I worry how they intend to stay afloat with "grants and donations" for the next 95 years.
> Message delivery is "best effort", so there are no guarantees that a message will actually be delivered to its recipient, but delay or complete loss of a message is uncommon, typically affecting less than 5 percent of messages
Maybe 5g will fix something, I'm not current on the spec.
I get frustrated by things like this, these walled gardens of people I know. I wish I could just switch to signal but I've found people would rather just not talk to me than download a new messenger app
I've settled for just talking to the people I can convince on different messengers and now have ~5 messenger apps on my phone.
I don't have a large friend group, but got most of them to switch after I left Facebook. I just don't tell people I have WA and only use it if I'm forced to. You might have better luck since Signal has improved a lot in the last 6 months and there is a good desktop app. But you might need better friends. Friends that might warn you about how your username suggests you're a Nazi (I assume this is unintentional and just your birthday year)[0]
Facebook has also recently started to require a Facebook account to use Oculus VR. It appears they are starting to crack down on the services they have acquired. I assume this more hardline approach of "give us your data or get out" will continue with any other current or future services created or purchased.
It's very interesting how upon news like this, everyone rightly jumps at the throat of the evil corporation pushing for more control of everyone's information. But when the discussion is about free speech—which this stuff is directly related to, just in a subtle way—then suddenly at least half the comments are clamoring in defense of the large corporations' right (to censor) to host whatever they want in their platforms.
All because "the users don't know better, so it's good to filter the information they get access to" or because "information overload is somehow more likely to push people to the extremes than siloing and letting people live in filter bubbles" and other similarly paternalistic justifications. It's interesting how facebook trying to get the information is bad, but using that information, among other things, to filter what its users see or not is apparently good.
I consciously refuse WhatsApp and live with the consequences - but people are coming around slowly or maybe my social circle is small enough to avoid the aforementioned inertia.
Usually people have it installed alongside WhatsApp, i am the only one without it i think.
This is the straw that broke the camel's back, for me anyway..
Just started the process of notifying my connections that I'll be uninstalling WhatsApp. If not Signal, then just Phone, iMessage, SMS and email work well..
Hopefully this will drive larger adoption of Signal..
Must have been really hard to work at Facebook. I often see people shouting at Facebook and tagging their employees on twitter left and right shaming them publicly of their employer's actions. But how do you leave that $$$ on the table.
In India whatsapp is ubiquitous my whole family uses it my college uses it to send information all my friends use it using a alternative would be ideal but convincing people to not use whatsapp is a fool's errand here
If someone's convincing please recommend federated decentralized protocols such matrix or xmpp rather than e2e such as signal or telegram. Its easily to switch it the same fiasco happens with these companies
I got some popup from whatsapp didnt read it and clicked back. It was probably this message and I do not get this popup anymore. Looks like some dark pattern. I did not accept any new changes...
European resident here - ended up deleting WhatsApp and asking contacts to switch to Signal/Telegram. Quite a few people were happy to make the move and some were happy for the push.
At that point, I believe the strategy for Whatsapp was never to snoop into private conversations with other people, but to get all the transactions and interactions made with businesses.
Users in Hong Kong use WhatsApp to stay out of trouble with govt. Like accidentally talking about politics. If Facebook can read msg then govt can make them turn over the msg.
I've been wondering if users should organize or unionize to get more rights on the platforms we use. What do you all think about something like this in this situation?
On a rooted/jailbroken phone, there are apps that just dump the database into a readable format.
Theoretically you might be able to get something out of the local or cloud backups, but they're encrypted so they're probably difficult to get a hold of. The key is stored in the private application data, but there must be some way to get it back/regenerate it because you can restore a backup without copying any secrets from the previous phone.
Actually I bought a piece of software [1] that perfectly exported five years of messages out of my cellphone, then I didn’t hesitate once day to delete my WhatsApp accout.
[1]: „Backuptrans iPhone WhatsApp Transfer for Mac“
If you've got $200 and a chip in your shoulder, Oculus' arbitration clause in their user agreement ensures that if you pay $200, Oculus will pay thousands to handle the arbitration, and case law so far says they can't "combine" arbitration cases just because its convenient for them to do so.
I no longer have an oculus HMD, but Oculus no longer has any profit from me.
You’re telling me! I got my mom an Oculus since she wouldn’t need a beefy computer to run VR. A few weeks after getting it, they want the Oculus account switched over to Facebook. Luckily, she can use the Oculus account for a few more years, but it was still so annoying.
I created a new burner FB account (I don't use FB) to go with my Quest 2.
I used a fake name and a gmail burner account.
However I've had to enter my credit card details to make payments so they have my real name, bank details and address information. They also know what I'm watching, what I'm buying etc
So my question is - do they call me out at some point and tell me to add a real name or prove my ID. Or do they let me carry on under my burner account because they can still profit from me both from my spend on apps/games and by selling my real data?
imo Facebook has enough data that if you want to use it completely anonymously there is no reasonable way to put in half of the effort, and even Visa gifts cards won't be enough.
I'm split here between saying "Doesn't mean you need to make it easy for them." and "How 'interesting' must a completely anonymous account look inside FB?"...
It's very hard to say, and I would imagine it's hard to say even for the average Facebook employee too, given how large the company is. If it was a single coherent entity with its own knowledge map (which, last I checked, it still isn't, but I will check again in 2022), we could probably reason differently about it though.
We all saw this coming, and it’s most unfortunate that the network effects simply make us all share our data with them.
But doesn’t this violate GDPR? Correct me if I’m wrong but I thought asking the user to share data or leave service was illegal under it.
Also the same under iOS 14, again I have almost zero knowledge regarding the app store policies but I thought it had the same condition that an app should be functional without the user accepting data sharing policies.
The information you put in parenthesis immediately rules it out for 99% of users. I can count on one hand the number of my family members who have any concept for what that information means.
I have 2 contacts on Signal and 4 on Telegram, and don't even have WhatsApp installed.
I'm puzzled where Denmark went "wrong". I see other EU users say that WhatsApp is absolutely dominant in their countries, and yet everybody i know uses iMessage, which may not be surprising if you look at graphs like this https://gs.statcounter.com/os-market-share/mobile/denmark
For "social circles", coordinating sports activites and more, people use Facebook or Facebook Messenger, which is just as bad as WhatsApp.
Schools here use Microsoft Teams for remote teaching classes, and Office365 for schoolwork, and there's not a single Google account to be found anywhere. O365 may be just as bad, but the contract is negotiated on a government level, and bound by the GDPR and other local laws, so i assume my kids personal data are relatively secure.
Their privacy policy is full of tricks and clever wording to confuse you, and stop you from revoking your consent to data processing. (...which they likely have, because you were already using the service before GDPR went into effect)
I especially like how their email template asks you to fill out a bunch of unnecessary fields and implies that the request might be denied if you don't.
I think most WhatsApp users would just give up at that point.
I think both of these adresses work:
- DPO-inquiries@support.whatsapp.com
- Objection.eu@support.whatsapp.com
However, I don't really know how to best formulate such a request.
(By the way, the server might refuse to receive you mail, if they don't recognize your domain.)
When will the market be ripe for people/average joe to buy or rent a block data service à la s3/minio so they can plug their app (calendar, photo sharing, blog, messages, etc.) to it instead of being forced to pay for services with their privacy ? They'd just pay for cloud storage that can be used by any apps using buckets/volumes as external storage instead of paying for dropbox like dumb storage.
If I had money I would do a foundation thing to kickstart something like that.
Is that a dumb idea ?
edit: maybe the latency between the app and the block service would be too high to be reliable/tolerable.
edit2: there used to be a lot of applications that relied on dropbox to store things but I have a feeling SSG captured the dev mindshare (or maybe Dropbox restricted the API).
edit3: I just corrected `id` to `idea`, my brain does that when I am tired :D
This was the very question I have. Presumably given this ultimatum they would pull out of the EU market? That’s great that solves the problem of getting my friends and family onto something else!
I also got the notification, but it's strange because WhatsApp in Europe is from WhatsApp Ireland Limited, and WhatsApp outside is from WhatsApp LLC.
They are different companies with different legal requirements.
I've seen some news stating that these new changes apply only to WhatsApp LLC, but the notification seem to say otherwise.
Seems like, no. On their EU Privacy Policy, it says:
“Today, Facebook does not use your WhatsApp account information to improve your Facebook product experiences or provide you more relevant Facebook ad experiences on Facebook.“
As many, many other people have stated here - beyond just burning social capital by forcing your other friends and family to use Signal (which isn't even federated), a lot of social, community, and commercial things are coordinated exclusively through WhatsApp.
Depending on your perspective, Signal is actually a worse Telegram. Telegram has the best UX and feature set ouf of all messaging apps, and privacy does not outweigh convenience for the vast majority of people.
I'm still confused as to why Telegram doesn't have message reactions which every other platform has. I understand that some peoeple feel like it's not needed but if they don't want they wouldn't have to use and in my workflow when talking in groups is to use them extensively and replying with stickers is a terrible experience.
I think the UI is better. Encryption is worse. But I like how they structured their data centers. They have sprinkled them into different countries and they claim that servers from different jurisdictions are necessary to access the data. So if an agency wants to access it, they have to get warrants from different countries. With all the war on encryption going on, e.g. forcing companies to include backdoors, I think this is the way to go.
> They have sprinkled them into different countries and they claim that servers from different jurisdictions are necessary to access the data. So if an agency wants to access it, they have to get warrants from different countries.
That's a neat trick, but not as neat as Signal's "sure, here's all the data we have - the time and ip address of their last use."
(I'm sure a bunch of the "better UX, UI, and features" people like in Telegram rely on them storing more data on their servers, so that comes down to a privacy/convenience tradeoff, which as others have pointed out almost always comes down on the convenience side for 99.99% of people...)
Signal is good for privacy and that's about it. Telegram has voice calls, videos calls, stickers and easy sticker creation, super convenient in-line gif/pic/video search, video and voice messages, and you can add people without sharing your phone number...
Pretty much all of our school and local community communication happens via WhatsApp. I'd change to Signal or Telegram in a heartbeat, but the inertia is so great it's not possible.
It pains me to say, but we're getting to the point where companies like Twitter, Facebook and Google need to be treated like utilities or something so that such moves as these can be scrutinised and controlled more effectively as Facebook could pretty much (within current law) introduce whatever policy they like and users would be faced with the option of accepting or being cut off from their local community.
Given the pandemic and the UK lockdown, this is not tolerable.