1. 9
  1.  

  2. 5

    Finally! I mean, WhatsApp continues being a bad choice for privacy due to the enormous metadata collection and use for targeted advertisement; but this is going to make WhatsApp much better for existing users who can’t quit it. Telegram will shit their pants when this gets introduced, since their whole «business model» consists on blaming WhatsApp for not encrypting backups, and telling you you should trust Telegram to store everything instead of Google and Apple.

    1. 5

      Telegram’s business model consists on having a better user experience than whatsapp. Good web and desktop clients, being able to join groups under a handle instead of everybody knowing your phone number, big pretty animated stickers, decent UX without sharing your phone’s contacts to the app, support for bots on which moderation tools are built. The kind of people who care about security know telegram isn’t great in that regard, but that’s not at all what the users pick telegram for.

    2. 3

      Meaningless when an app admits it breaks this for moderation purposes. Great tech in this area doesn’t outweigh shoddy management elsewhere.

      1. 1

        If I understand correctly, messages in a group or private chat are only sent to Facebook if the user reports the account. It’s not different from the user taking screenshots and sending them to Facebook manually. No matter which reporting mechanisms are in place, you always need to trust members of the chat not to publish your messages. E2EE does not protect you if you don’t trust the other end.

        1. 1

          It’s slightly different. It’d not be bad for someone to send all their SMSes to a random address at Apple, but it would be very bad if Apple gave law enforcement a tool to read SMSes from locked phones.

          The pipeline exists, now it’s just a flag.

          1. 3

            but it would be very bad if Apple gave law enforcement a tool to read SMSes from locked phones.

            Is there a proof that happens with WhatsApp now? As far as I understand it, WhatsApp only gets a snapshot of communication around the reported message, not persistent access, so that specific case is not implemented.

            Also “The pipeline exists” doesn’t seem like a good way to phrase it. For any company operating in the US this exists in the form of a national security letter. In other countries this exists too under different processes. The local laws are that pipeline.

            1. 1

              . For any company operating in the US this exists in the form of a national security letter. In other countries this exists too under different processes. The local laws are that pipeline.

              Signal can’t exfil data when anybody asks. That’s what I mean by the pipeline existing.

              1. 1

                Sure they can. It will involve a new release of the app, but it’s possible. Non-cooperation is not welcome and will result in being thrown under the bus: https://www.wired.com/2007/10/nsa-asked-for-p/