The loophole in WhatsApp's end-to-end encryption is simple: The recipient of any WhatsApp message can flag it. Once flagged, the message is copied on the recipient's device and sent as a separate message to Facebook for review.
That practically applies to every form of digital communication. Sender/recipient has it on their end unencrypted and passes/leaks it on elsewhere
Once a review ticket arrives in WhatsApp's system, it is fed automatically into a "reactive" queue for human contract workers to assess. AI algorithms also feed the ticket into "proactive" queues that process unencrypted metadata—including names and profile images of the user's groups, phone number, device fingerprinting, related Facebook and Instagram accounts, and more.
Pretty sure the more user / privacy friendly options prevent screenshots or copying from an encrypted chat, and also allow the participants to delete their messages after they were read or even a set time.
They want access, they just don't want china to have access. Of course, when you add a backdoor it's best to assume everyone will use it sooner or later.
☝️
If China’s access to your data were actually a high priority to the US security state, then they wouldn’t be installing these back doors. They’re much more interested in 1) accessing your data and 2) convincing you that China is your enemy.
The US security state isn’t interested your security, they’re interested in what the capitalists are interested in: imperialism and screwing over the working class.
Yeah, I'm one of em. I'm well aware it's not secure, but as a frontend, signal certainly was more customizable and pleasant to use even for just the few people I had to sms till I could convince to use signal.
I agree that it helped with adoption. In a way I wish they still had it so I could get my text messaging family to use a messaging app instead.
The flip side was, if somebody tried signal and didn't like it and uninstalled it, then any SMS message to them from signal went to their signal account that they no longer had installed so they didn't get it. You had no way of knowing so it really sucked.
I am one of those. I ditched Signal and went back to the stock sms app and adopted matrix. Haven't looked back since. The reality is that Signal dropping support for sms wasn't going to stop me from using SMS. For that, other people need to be convinced to stop using it at the same time. Signal didn't have nearly the market size needed to make that happen. And now that card is played, and nothing has changed. Signal is just another messaging app among hundreds. At least matrix offers a real paradigm shift.
signal and matrix are both CIA. i'd say it's worse for your privacy than using your standard messengers since they know that's where all the juicy stuff is.
That’s kind of like if iMessage dropped SMS support. Yeah, I know if it’s a green bubble it’s not encrypted. But I wouldn’t want them to just not allow it.
I'm 100% not one of those "I have nothing to hide" people, but I don't text about "things I want to hide" already FFS. In this case if the chinese gov or us gov really want to know about my plan to go get a costco hotdog with my friend later, fine, I don't like it but also "whatever." It's not like I'm texting about federal crimes or government secrets, that's what Matrix is for.
The only thing I don't like is being forced to use texts for 2fa on shit websites that won't except a yubikey (or flipper0-u2f, in my case) which seems to be most sites using 2fa ime.
"I have nothing to hide, I just question your judgement and motives."
In a world entirely populated by empathetic, decent, and sane people we wouldn't need much privacy. Unfortunately that's not the world we live in. There are countless unstable, stupid, and evil people in the world -- some of them are in positions of power or might achieve power in the future. They are absolutely the sort to weaponize "harmless" information against you.
Do you want those people to know your sexual preferences, political leanings, etc?
That's the thing, I don't really text about that stuff because texting is inherently insecure. Hell I'd sooner email about it if I can get someone set up with pgp than text, and email is insecure too.
But until someone can convince my mom, dad, aunt, job, etc to use Matrix, I'll always have to use SMS in some capacity. I hope someone can, I've tried to no avail. I was close with a few using Signal but with the removal of sms support they stopped, and the iPhone ones barely used it a week before switching back because "they don't want to have to use two apps" even before that because they still had to use imessage to talk to most of their contacts.
So yeah, I'm left with "don't text about sensitive subjects."
The mobile standard setter, GSMA, and Google have said encryption will be coming to RCS, but there’s no firm date yet.
GSMA, please don't come up with yet another poorly designed encryption standard.
The IETF is already working on Messaging Layer Security (MLS), please work with IETF and adopt MLS. IETF have more experience and do a good job at designing secure protocols. And multiple organisations and services are already working on adapting MLS (Mozilla, Google, Matrix, Wire, ...)
If cyberterrorists really want to know who's gonna be late to my D&D game and what food we're having, I guess there's no way we're gonna stop 'em. I blame Kamala's weak campaign.
I wonder what they would be saying if they'd been allowed to weaken encryption and back-door the fuck out of everything before the Salt Typhoon folks got involved.
US 2010: "We've created and incentivised this gigantic drag net of information based on insecure protocols, private partnership deals, FISA court orders, and outright black budget illegality"
US 2024: "Pweeze use encrypted communication (that we have vendor relations with or that we have backdoors in or that we built as a honey pot) because China can see what's happening in the drag net and they can leverage that information to compromise our idiot elites."
AFAIK more people in the US use iPhones than Androids, but that is taken care of since iMessage is encrypted (correct me on this, I haven't sent an iMessage to anyone since I got my SM-A536B).