Comment on How do yall go about meeting new people while still maintaining a decent level of privacy?
GigglyBobble@kbin.social 1 year agoThey asked about privacy, not security. WhatsApp is profiling you.
Comment on How do yall go about meeting new people while still maintaining a decent level of privacy?
GigglyBobble@kbin.social 1 year agoThey asked about privacy, not security. WhatsApp is profiling you.
Poutinetown@lemmy.ca 1 year ago
Except it is more private than alternatives like Instagram DMs and FB Messenger (ironically all by the same company), which are not e2ee.
@glacier’s response pretty much covers it all, and it’s confirmed in the Whatsapp Faq.
Sure, they could find out who you are based on someone who added you as contact. But if you don’t have a FB account, or don’t use your real name there, all they’ll know is that you have a WhatsApp account, but won’t see your messages, unless someone reports your messages. Sure, that’s not as great as Signal, but much better than Discord/Slack/Snapchat/etc.
There’s also the issue of trust. Can we trust Whatsapp when they claim it’s e2ee? There’s no way to verify, but the same can be said for other OSS alternatives; for instance, telegram servers are not open source and the client you download might not be the one you see on GitHub., So there’s no guarantee your private key is not sent to the server at any point.
GigglyBobble@kbin.social 1 year ago
They don't need your chit-chat to profile you. Metadata profiling is where it's at and that's why that whole e2ee introduction was just a marketing ruse. It's good enough for the NSA, so it's good enough for Meta. And Meta does collect that data even without an account.
Poutinetown@lemmy.ca 1 year ago
It’s good enough for NSA to catch a terrorist, not necessarily useful enough for FB to produce targeted ads. If one plans to commit terrorism, Whatsapp is definitely not the best platform.
According to the article you linked: “In most cases, if metadata must be generated and/or used, it should be either 1) minimal or 2) encrypted so that it’s unreadable by the server handling the request(s)”. So most of the important metadata from your files will be encrypted, which make them inaccessible by Whatsapp unless they decrypt it (thus breaking the e2ee promises). Maybe they’ll know the file size or the file name, which you can easily change; what will they do with that?
So they are pretty much left with IP (if you don’t use VPN) and phone numbers you have contacted (which is already know by Apple/Google, NSA, etc. if you have a phone number and use it for calls).
GigglyBobble@kbin.social 1 year ago
I disagree. Identifying a terrorist and their whereabouts for targeted assassination is not that different to serving personalized ads. It's all about gathering information about the person.
True, file metadata is unaccessible like message content but I was referring to message metadata which covers ip address and phone number (as you mentioned) but also geo location (possibly live - WhatsApp is an application after all), when you communicate with whom how often. You can derive lots of info from that especially if your communication partners are more careless about their data and may maintain an active social media profile with Meta.
It's definitely easier than finding out info about someone whose life depends on not being found - like a terrorist.