Highlighting the main issue here (from the article):
“This means that it is possible for the WhatsApp server to add new members to a group,” Martin R. Albrecht, a researcher at King’s College in London, wrote in an email. “A correct client—like the official clients—will display this change but will not prevent it. Thus, any group chat that does not verify who has been added to the chat can potentially have their messages read.”
ouch@lemmy.world 3 weeks ago
If you want your group memberships to be known only by the group members, use Signal.
sykaster@feddit.nl 3 weeks ago
Just be sure to add only the people you want to be there. I’ve heard someone people add others and it’s a bit messy
tias@discuss.tchncs.de 3 weeks ago
How bad can it be, it’s not like we’re sharing state secrets
ParetoOptimalDev@lemmy.today 3 weeks ago
Or simplex.chat where there are no identifiers like phone numbers or any other identifier.
Security review was done by trail of bits.
unexposedhazard@discuss.tchncs.de 3 weeks ago
Or P2P stuff like Briar :)
Bahnd@lemmy.world 3 weeks ago
Or Matrix (warning some assembly required)
new_guy@lemmy.world 3 weeks ago
Vanilla_PuddinFudge@infosec.pub 3 weeks ago
I actually found xmpp to be a breeze compared to most Matrix solutions.
Synapse is bloated, dendrite sucks and conduit is in perpetual beta and the uwu forks die too fast.
XMPP:
coconut@programming.dev 3 weeks ago
Just use signal is not a valid statement in a world where vast majority of people aren’t using (and won’t use) it. I have been trying to get people to install it and have a total of 6 over several years. They only use it to communicate with me.