Privacy of the new WhatsApp?

But your contacts (those who grant access to their address book) see that YOU have WA, don’t they?

I still have to ask, to be honest…

Sorry, I am not sure I understand what you are saying. I am not on FB
and I will not be; I am just considering to use WP. Therefore I won’t
have a timeline and I won’t post about anything. I might only send
messages, pictures etc.

Is what you say still true in my case?

Il 11/04/2016 18:37, fp1_wo_sw_updates ha scritto:

Hello morgenstern,

"The thing is, as you probably know, social pressure for using WhatsApps is very strong.
Until now the problem for me was automatically solved because I did not have a smartphone; so, no WhatsApp, ".

Same situation for me, but who after all cares if you start off with Telegram, Signal or WA as no one even have had a digital link to you up to now??

I took the easy way for me - who ever respects my considerations will run Signal/Telegram AND if he wants, also WA for the others.
Believe me, any Androidphone can handle this…

2 Likes

This has been my main approach in the last years, also, nowadays
unlimited SMS are basically included in any phone all-included plan. The
thing is, traveling abroad SMS are not an option anymore. Emails are,
but people do not use them so much for daily conversation.

Il 11/04/2016 19:48, Patrick1 ha scritto:

Nope, but I assume all these external services will one day merged into the Facebook app or will behave very “Facebook” like. Not today, not tomorrow. But maybe next week. For now, just use it and if it changes, change the application. Facebook (or other services you will use) will still be able to get your “social graph” (whom do you spend the most time with, when, how often you write them …).

Don’t worry and if needed just switch to Signal or Threema. Or what ever else is out there.

Just did a test. Mind you, the person I got hold of is not very computer savvy, but maybe this makes the test all the more realistic :wink:
He could not see me, even though he has me in his contacts, but he could invite me and start a chat. Tried to exit and kill all WA services and restart it, the chat was still there and could be resumed. Somehow wa offered me to enter him into my contacts, in a way that looked like it did work, but a later inspection showed no traces of a WA code of his…

I’m not an expert, but apparently refraining altogether from a push messaging service and sticking to SMS is not a great strategy to protect one’s privacy either: According to the Whisper Systems blog, SMS is a “security disaster”.

Are you aware that Telegram stores a plaintext copy of each and every regular (non-secret) message on their servers? That is the opposite of secure.

I used to use Telegram, too, and honestly I maybe managed to have one in ten conversations as a secret chat - the UI is not really inviting you to have secret chats, and my little-privacy-concerned friends started regular conversations all the time. Also, group chats cannot be secret by design. I don’t think Telegram should count as a private messenger in the first place.

3 Likes

Alfonso_Muskedunder:

I wasn´t aware of this detail as I at last read some general information about Telegram being a “secure” alternative to WA and the user would have to manually switch on encryption mode when having conversations. But as you write “(non-secret)” means exactly this. I say, out is out, no turning back or entirely deletion. I´m not surprised finding (non)-secret information anywhere on the net since data protection and privacy regulations are often violated.
Furthermore I got the impression while reading posts that many users set Telegram on an equal level with Signal.

Anyway my first choice was Signal as I believe, if it´s good enough for Edward and recommended by him it should do well for me too.

1 Like

I’m sure you are right, but then it depends on what kind of privacy you care most of.

One kind of privacy is the one against the government and police. I personally think that this kind of privacy basically does not exist today. The proof is the San Bernardino case; they can get anything if they want. I am sure SMS are useless for this kind if privacy, but I’m sadly convinced that nothing is safe for this kind of privacy. Also, even if it is unfair, I think it is reasonable for police to check personal communications if they are investigating on someone.

Another kind of privacy is the one from private companies doing data mining for profit. Maybe it is because I’m a social researcher, but I like to choose when I give my personal data for research. I find it to be very unfair to make money out of personal data, especially when these data are collected by basically unaware and uninformed subjects.

So, IMHO, SMS might be very bad for the government-related privacy, but I think they are better than WP for companies-related privacy.

Anyway, the one about the various kinds of privacy is another big debate I’m not sure it’s safe to start here.

SMS are quite convenient from my point of view, but of course they lack features comparing to today’s chat services.

5 Likes

Xprivacy feeds fake data to apps, so it pretends that you do not have any contacts in your phone book. Apparently CM works on another level.

And app ops fpos also. Or they changed wa and accept that they don’t have access to contacts…

Inspired by your post I searched for a way to give WP my landline and apparently it should not be complicated (see this link among the others http://www.techbout.com/whatsapp-without-phone-number-sim-5365/ ). Has anyone tried this way? At least they cannot access the full address book.

Well, the part of it that would not work immediately for me was the Android emulation on my computer (Mac). I know I tried to do that via Bluestacks first as well, but I wasn’t able to get it running. Eventually I succeeded using Genymotion. It works well now, however it seems that it does demand a significant share of my computer’s “attention” (well, not actually CPU load, but the computer sounds busier) to run, so I don’t run the emulation and WhatsApp permanently.

Ok, so if I wanted to use only on my FP2 it should just work?

That’s something I have no experience with, sorry. It would take a different method than the one I used (see the instructions in your own link – I went by method #2, you would have to research method #1).

The WhatsApp encryption is a result of a cooperation of them with Signal over the last one and a half years. Together with the Signal developers, WhatsApp has integrated Signal’s encryption protocol into WhatsApp. So its encryption is as good as Signal’s which is state of the art at the moment.

In contrast, Telegram’s encryption implementation is rather a solo attempt and has not such a high standing in the crypto community. (Maybe I can add references later …)

Moreover, Telegram seems also not that trustworthy to me, though I don’t know that much about them. And I agree to @Alfonso_Muskedunder:

Apart from this, I also agree to what has been said about metadata, open source, address book scanning, server location and governmental intervention. Due to this, WhatsApp is not an option for me, but you’ll have to decide on your own. :wink:

Well, Threema has servers in Switzerland, had a code audit some time ago (but with only very short descriptions), uses a well-known and trustworthy open source library for their encryption implementation and therefore has a relatively high reputation. However, it’s not open source and therefore not really open for review.

Therefore, my opinion is that Signal is a lot more trustworthy than Threema.

5 Likes

I guess one hand it is, but on the other hand, there is a valid reason for WhatsApp to read your entire address book: showing a list of possible contacts within WhatsApp. It simply needs access to your address book for that. The question, of course, is if WhatsApp does anything else with that data.

3 Likes

I just moved to Chile and the motivation to get the damned WhatsApp is increasing. In fact, more than social pressure, here the problem is the economic pression as, apparently, here mobile phones plans do not apply to SMS and then, even if you have a plan, you still have to pay for SMS. Therefore none seems to use SMS here.

Now I’m seriously looking for a way to install it without getting my address book scanned. Do you have any suggestion? I found out about various methods to install it with a fake number, but how to prevent it to access my contact list?

2 Likes