Librem Social Privacy Concern


#21

3 years ago WhatsApp announced they implemented end-to-end encryption so “no third party can access messages“. It coincided with an aggressive push for all of its users to back up their chats in the cloud. When making this push, WhatsApp didn’t tell its users that when backed up, messages are no longer protected by end-to-end encryption and can be accessed by hackers and law enforcement.


#22

Sure, why not asking about Whatsapp security from a completely non biased source such as…
the owner of Telegram!
He is riding on the recent 0-click 0day discovered recently in Whatsapp to shill for Telegram.
A little dirty trick since it doesn’t say anything about neither WA no TG, 0days can happen on any platform.

Now see an actual advice from a person who owns zerodium.com, a firm that is actually buying and
selling 0days for nation state actors:
https://twitter.com/cBekrar/status/1095028550367887360

There is a reason why Signal/Whatsapp exploits are more expensive, because they are harder to produce.


#23

which is bad, but

¯\_(ツ)_/¯


#24

Yeah, let’s compare 0days on C-L-I-E-N-T applications, vs total pwnage of infrastructure:
https://web.archive.org/web/20190412060115/http://matrix.org/

Very fair, basically total apples to apples comparison. Keep your brilliant analogies coming.


#25

Sorry. I stand corrected.

You’re right. Potential full access on all WhatsApp clients is of course not the same as gaining access to the most important matrix node via a Jenkins vulnerability, that did not compromise encrypted communication and would not have compromised users on chat.librem.one.

It is irresponsible to compare putting lawyers and human rights activists at severe risk with compromising a server and I apologize for not making this important distinction.


#26

haha ! you guys saying “i am groot” in different dialects is priceless. :smiley:


#27

Or a Whatsapp exploits is more expensive because there are more user.

A messenger must protect our data from all data greedy groups. Companies whose business model is based on data, criminal fraudsters and identity thieves and intelligence services.

Whatsapp’s backup via Google Play is not encrypted. I think that says it all.


#28

I’m not worried about staff accessing anything, that’s their job. (I’m sure the would comply with a court order or a warrant.)

My main reason for signing on are to prevent third parties accessing and sharing my junk, which other companies do (who-shall-not-be-named) as a matter of course of business. (Or maybe just because I’m a mean cuss, and I want the neighborhood kids off my lawn?)


#29

You just explained why I bought a Purism. I’m no computer geek, software engineer and don’t know the first thing about computers. I’ve had my “glitches”, though few with this Librem 15V3 and am having one now.

I never thought this laptop was going to “save” me from criminals in the government and the various “tech” companies spying on me, listening to anything I say around my laptop or any other kind of privacy violations.

I just figured it would make it harder for them. I have been able to tell a difference when I use the Librem though. I love it when one online video company threatens to “track me” if I don’t go to their page to watch the video.


#30

Although I didn’t go the Librem One route, I went the LIbrem Five. For a PC I can install any Linux distro.

But phones are more of a mystery to me. And most phone hardware is tied to Apple or Google, just like a few years back when 99% of all PCs were either Apple MacIntosh or Microsoft Windows.

Hopefully this phone distro should break that shell, just like linux did for PCs. (And Kudos to the Pinephone folks too, although I prefer the Puri.sm method.)

(And I wondered how they conviced the powers that be to use a San Marino domain. Someone must have “paid off some guy”, to use a New Jersey term.)