Highlighting the main issue here (from the article):
“This means that it is possible for the WhatsApp server to add new members to a group,” Martin R. Albrecht, a researcher at King’s College in London, wrote in an email. “A correct client—like the official clients—will display this change but will not prevent it. Thus, any group chat that does not verify who has been added to the chat can potentially have their messages read.”
ouch@lemmy.world 2 days ago
If you want your group memberships to be known only by the group members, use Signal.
sykaster@feddit.nl 2 days ago
Just be sure to add only the people you want to be there. I’ve heard someone people add others and it’s a bit messy
tias@discuss.tchncs.de 2 days ago
How bad can it be, it’s not like we’re sharing state secrets
ParetoOptimalDev@lemmy.today 2 days ago
Or simplex.chat where there are no identifiers like phone numbers or any other identifier.
Security review was done by trail of bits.
unexposedhazard@discuss.tchncs.de 2 days ago
Or P2P stuff like Briar :)
Bahnd@lemmy.world 2 days ago
Or Matrix (warning some assembly required)
new_guy@lemmy.world 2 days ago
Vanilla_PuddinFudge@infosec.pub 2 days ago
I actually found xmpp to be a breeze compared to most Matrix solutions.
Synapse is bloated, dendrite sucks and conduit is in perpetual beta and the uwu forks die too fast.
XMPP:
coconut@programming.dev 2 days ago
Just use signal is not a valid statement in a world where vast majority of people aren’t using (and won’t use) it. I have been trying to get people to install it and have a total of 6 over several years. They only use it to communicate with me.