Given the recent detainment of a French person who got detained because he said something bad about the current administration in his WhatsApp messages. It makes me wonder if WhatsApp is truly end to end encrypted as they claimed. How did they even single him out?

As a corollary question, if I were to pass Customs, and if I delete WhatsApp , Reddit etc just before I reach the counter, will they be able to find out that I just deleted the apps minutes ago? I’ll be deleting them from my phone but keep them on the cloud.

you are viewing a single comment's thread
view the rest of the comments

[–] kitnaht@lemmy.world 26 points 1 week ago (3 children)

Any time you hear about anyone high profile using a chat app - what are they using?

They're using Signal.

There's a reason why they're using Signal; as far as security it's the best one out there. Sure, it's tied to a phone number, but a phone number isn't an identity.

[–] Draconic_NEO@lemmy.dbzer0.com 6 points 6 days ago (1 children)

I agree with what other people are saying, the whole phone number requirement of Signal isn't great since, for the most part phone numbers are intended to link to your real world identity. That means they are a very big weak link.

Also let us not forget that Signal is a centralized service run by one company. They have been very resistant in the past to the idea of decentralization and interoperability. I'm already very skeptical of people who claim to be a savior or hero of Privacy and security lie this, even more so when it's a centralized service. You do know that WhatsApp started out like Signal did right? Look where they are now. You cannot trust a centralized service like Signal, especially one that forces you to provide real world identification. Signal can just as easily be sold and backdoored like WhatsApp was, decentralized services are much more resilient to that kind of thing.

[–] easily3667@lemmus.org 6 points 6 days ago

Whatsapp was bought by Facebook and then one of the folks dumped their money into signal making it a self-funded org.

[–] Onomatopoeia@lemmy.cafe 25 points 1 week ago (3 children)

Phone numbers are heavily tied to a person.

What signal had going for it is encryption, but that major flaw of tied to phone number makes me doubt everything else they say.

The phone number link means forward security isn't possible. If ever the encryption is hacked, all your messages could be forfeit by anyone who's simply kept the encrypted data.

[–] koper 7 points 1 week ago (3 children)

The phone number link means forward security isn't possible. If ever the encryption is hacked, all your messages could be forfeit by anyone who's simply kept the encrypted data.

Can you elaborate on that? Obviously the phone number has privacy implications, but I don't think it can be used to decrypt messages. In the signal protocol, encryption keys are exchanged using ECDH (so wiretapping doesn't work) and periodically rotated (so even knowing the encryption keys at a certain point doesn't let you decrypt messages after that).

[–] curious_dolphin@slrpnk.net 4 points 1 week ago (1 children)

The comment that you replied to does not imply the phone number can be used to decrypt messages. All they are saying is that because Signal accounts are tied to phone numbers, a potential adversary already has one piece of the puzzle (who is talking to whom). If somehow, some way, the encryption were ever compromised, then the adversary would have both pieces—in other words, they would know not only who is talking to whom but also what they are saying.

[–] Telorand@reddthat.com 3 points 1 week ago

If the encryption is ever hacked, knowing who you are is probably the least of anyone's concerns. I would imagine that any adversary could build a profile or plan a response without knowing a particular phone number.

"These two people are planning civil rights activism here on Friday," is just as useful as, "MLK Jr and Malcolm X are planning activism here on Friday."

Thankfully, they'd have to not only break encryption but also MitM the conversations, since Signal doesn't actually store chat data on their servers.

[–] Trihilis@ani.social 4 points 1 week ago

A phone number can be traced back to a person. If there is ever a hack or backdoor it can be traced. There are plenty of alternatives that are open source and don't require any kind of identifier.

[–] sunzu2@thebrainbin.org 2 points 1 week ago

I think he is going for the idea once encryption is broke in the future... You name is tied to the content forever.

Without phone number it would be just some random content.

[–] absentrevision@lemm.ee 3 points 1 week ago* (last edited 1 week ago)

https://simplex.chat/

[–] DragonTypeWyvern@midwest.social 2 points 1 week ago

I'm really not sure what the point is other than to track identities after they got rid of SMS. Sure, have an optional number to make calls, but is this some legal requirement to be on app stores or what?

[–] sunzu2@thebrainbin.org 9 points 1 week ago (1 children)

Phone number is KYC'd

It is literally an identity and thats why everyone forcing you to use it now.

[–] LoveSausage@discuss.tchncs.de 2 points 1 week ago (2 children)

Phonenumbers are easy to fake, I have two signal accounts without any ties to my person.

[–] sunzu2@thebrainbin.org 2 points 1 week ago (1 children)

That's jurisdiction dependent... I thought that this ability is very limited now

[–] floquant@lemmy.dbzer0.com 3 points 1 week ago (1 children)

Yeah, in some countries you can buy SIM cards at 7-11. In others you need to submit your ID, connect your bank account etc