Two questions.

My family insist on using Whatsapp for the family chats. I have to keep a copy on a device just so I can communicate with them. I do so under protest, as I was always told it isn’t secure. My brother has just said

“oh Whatsapp is encrypted, it’s perfectly secure”.

First, is it actually as encrypted and safe as my brother claims? That would solve everything.

Second, if it isn’t, where can I get some proof that we should switch to Telegram or whatever? Proof which doesn’t make me look like a raving loony?

  • ddnomad@infosec.pub
    link
    fedilink
    arrow-up
    33
    arrow-down
    2
    ·
    edit-2
    11 months ago

    Switch to Telegram

    You know it’s not even E2EE by default, and when it is it uses a homegrown algo that is not exactly well spoken of? (at least V1)

    • PupBiru@kbin.social
      link
      fedilink
      arrow-up
      4
      ·
      11 months ago

      for clarity, i think that the worst thing anyone’s been able to decisively prove about telegrams encryption is that it’s vulnerable to replay attacks… which in the context of privacy rather than full security isn’t suuuuper problematic

      that’s not to say that there aren’t other flaws; that’s kinda the point behind “rule number 1: DONT INVENT YOUR OWN CRYPTO”: you just don’t know what flaws there are… AES (etc) has had a LOT of eyes on it

      but for the most part, the negativity with the crypto boils down to what-ifs

    • JubilantJaguar@lemmy.world
      link
      fedilink
      arrow-up
      4
      arrow-down
      2
      ·
      11 months ago

      As I see it, the key advantage of Telegram is not technical, it is political.

      Yes, Telegram is a slightly shady company with an ambiguous business model and a possibly-dodgy encryption algorithm (when it is even turned on).

      But Telegram is based outside the reach of the West (in UAE, eastern Europe, maybe even Russia). Whatever its other problems, nobody thinks that Telegram is under the thumb of Western governments, as the Big Tech corporate messengers almost certainly are.

      Personally I don’t care much if Russia or even China is spying on me. Because if we can be certain of anything in this world, it’s that Russia and China are not sharing their spyware data with Western intelligence agencies. And as Westerners we live outside the reach of the Russian and Chinese police states, fortunately. So for us it’s win-win for privacy. That’s the way I see it.

      The ideal solution, of course, is a truly private messenger which protects everyone’s privacy, including Chinese and Russians.

      • ddnomad@infosec.pub
        link
        fedilink
        arrow-up
        1
        ·
        11 months ago

        Telegram’s servers are located in US, Singapore, Netherlands (and maybe some other countries) from what I’ve gathered. And all chats that are not E2EE’ed are stored there, encrypted at rest at best with keys in the same database, or somewhere else that can still be accessed in automated way. Maybe it is not even encrypted at rest.

        The point is, all those countries are either in 5 eyes or have information sharing agreements with 5 eyes countries. So as far as I’m concerned, TLAs can still have their fingers in those pies, in addition to Telegram’s overall shadiness and Russian ties. So maybe you get KGB strongman keeping a watch over your chats too.

        This is not something I’d have much confidence in to be honest.

        • JubilantJaguar@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          11 months ago

          For the average Westerner, the threat from shady Russian agents seems orders of magnitude less serious than that from their own governments and police forces.

          For EE2E, the corporate spyware messengers are asking us to take their word for it. Hard.

          About the server locations, that’s interesting and does indeed undermine my argument a bit.