Librem Social Privacy Concern


#21

3 years ago WhatsApp announced they implemented end-to-end encryption so “no third party can access messages“. It coincided with an aggressive push for all of its users to back up their chats in the cloud. When making this push, WhatsApp didn’t tell its users that when backed up, messages are no longer protected by end-to-end encryption and can be accessed by hackers and law enforcement.


#22

Sure, why not asking about Whatsapp security from a completely non biased source such as…
the owner of Telegram!
He is riding on the recent 0-click 0day discovered recently in Whatsapp to shill for Telegram.
A little dirty trick since it doesn’t say anything about neither WA no TG, 0days can happen on any platform.

Now see an actual advice from a person who owns zerodium.com, a firm that is actually buying and
selling 0days for nation state actors:
https://twitter.com/cBekrar/status/1095028550367887360

There is a reason why Signal/Whatsapp exploits are more expensive, because they are harder to produce.


#23

which is bad, but

¯\_(ツ)_/¯


#24

Yeah, let’s compare 0days on C-L-I-E-N-T applications, vs total pwnage of infrastructure:
https://web.archive.org/web/20190412060115/http://matrix.org/

Very fair, basically total apples to apples comparison. Keep your brilliant analogies coming.


#25

Sorry. I stand corrected.

You’re right. Potential full access on all WhatsApp clients is of course not the same as gaining access to the most important matrix node via a Jenkins vulnerability, that did not compromise encrypted communication and would not have compromised users on chat.librem.one.

It is irresponsible to compare putting lawyers and human rights activists at severe risk with compromising a server and I apologize for not making this important distinction.


#26

haha ! you guys saying “i am groot” in different dialects is priceless. :smiley:


#27

Or a Whatsapp exploits is more expensive because there are more user.

A messenger must protect our data from all data greedy groups. Companies whose business model is based on data, criminal fraudsters and identity thieves and intelligence services.

Whatsapp’s backup via Google Play is not encrypted. I think that says it all.


#28

I’m not worried about staff accessing anything, that’s their job. (I’m sure the would comply with a court order or a warrant.)

My main reason for signing on are to prevent third parties accessing and sharing my junk, which other companies do (who-shall-not-be-named) as a matter of course of business. (Or maybe just because I’m a mean cuss, and I want the neighborhood kids off my lawn?)