• smeg@feddit.uk
    link
    fedilink
    English
    arrow-up
    108
    ·
    9 months ago

    Meta … can’t guarantee “what a third-party provider does with sent or received messages.”

    I’m more concerned with what the first-party provider is doing with my sent or received messages when that first-party is Facebook!

    • unrelatedkeg@lemmy.sdf.org
      link
      fedilink
      arrow-up
      11
      ·
      9 months ago

      Meta … can’t guarantee “what a third-party provider does with sent or received messages.”

      We (Meta) can guarantee that we do all the bad stuffs to your data!

  • jherazob@beehaw.org
    link
    fedilink
    English
    arrow-up
    20
    ·
    edit-2
    9 months ago

    I dislike when they say in news clips that Signal represents the “current gold standard” for E2EE chats, it doesn’t, Signal is a helluva lot better than the commercial stuff that mines user data but there’s stuff like SimpleX Chat that doesn’t leak even metadata because it doesn’t have it.

    Still, this is a good thing, these megacorps have their iron grip on people because they have raised walls around their services making it painful for people to move to a different service, tearing down those walls can only help us all.

    • shrugal@lemm.ee
      link
      fedilink
      arrow-up
      14
      ·
      9 months ago

      A standard is also about broad adoption though, so I don’t think you can call SimpleX a standard yet.

    • Syfrix@lemm.ee
      link
      fedilink
      arrow-up
      5
      ·
      9 months ago

      Thanks for the tip about SimpleX, that looks interesting! I could never use Signal due to the way they operate and force you to rely on their and Google’s servers, actively blocking forks from their network. So much for FOSS…

      • Miss Brainfarts@lemmy.blahaj.zone
        link
        fedilink
        arrow-up
        4
        ·
        9 months ago

        They do provide an apk outside of the Play Store, that uses a Web Socket for push notifications. Not he best way of going about it, but hey, it exists.

      • Joe Cool@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        9 months ago

        SimpleX is very neat. But it cannot do multiple devices unless you count shutting down, exporting database to new device replacing existing database as a sensible workflow. Using the database on two devices at once will break encryption and cause all sorts of weird problems.

    • Natanael@slrpnk.net
      link
      fedilink
      arrow-up
      4
      ·
      9 months ago

      The standard is about the protocol, not every bit of the implementation. 3DH / X3DH and double ratchet, etc, are among the best for E2EE.

    • smileyhead@discuss.tchncs.de
      link
      fedilink
      arrow-up
      2
      ·
      9 months ago

      Signal encryption can be taken out of the app and applied elsewhere, because it has been already done. SimpleX is nice but this is single app single implementation thing.

  • Kir@feddit.it
    link
    fedilink
    arrow-up
    14
    ·
    9 months ago

    Would this mean I could finally ditch what’s app and use only Signal?

        • anlumo@feddit.de
          link
          fedilink
          arrow-up
          34
          ·
          9 months ago

          Yeah, this worked so well for XMPP when everybody federated with Gmail chat.

          • Avid Amoeba@lemmy.ca
            link
            fedilink
            arrow-up
            25
            ·
            9 months ago

            There’s even less privacy if I have to have the WhatsApp app installed on my phone to send that message.

          • InfiniWheel@lemmy.one
            link
            fedilink
            arrow-up
            13
            ·
            9 months ago

            You have the big plus of not having the WhatsApp app installed and snooping around with all those permissions it has.

          • n2burns@lemmy.ca
            link
            fedilink
            arrow-up
            3
            ·
            9 months ago

            Would it not be E2EE? Isn’t that one of the reasons for using the Signal protocol?

            • muhyb@programming.dev
              link
              fedilink
              arrow-up
              11
              ·
              9 months ago

              Yes, the “delivering” part would be E2EE. Do we really know the afterwards if they can read their users’ messages? They probably can.

              • falsemirror@beehaw.org
                link
                fedilink
                arrow-up
                10
                ·
                9 months ago

                Whatsapp CANNOT read messages when e2ee is enabled, this client-side snooping was discussed when the protocol was first implemented. Whatsapp collects a ton of metadata and social graph info, but not message content.

                • blackstrat@lemmy.fwgx.uk
                  link
                  fedilink
                  arrow-up
                  4
                  ·
                  9 months ago

                  Well you type messages in in plain text and they decrypt it to show you the messages at the other end. So they can do the nefarious processing on the client side and send back results to the mother ship. E2EE is only good when you trust the two ends, but with WhatsApp and Messenger you shouldn’t trust the ends.

              • n2burns@lemmy.ca
                link
                fedilink
                arrow-up
                4
                arrow-down
                1
                ·
                9 months ago

                Sure, but any messaging app (including Signal) could have these backdoors in place. Heck, there’s even vectors for unrelated apps on your phone to read this data once unencrypted.

                • muhyb@programming.dev
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  9 months ago

                  That’s actually true. We don’t know the real-time server code of Signal. Though other apps cannot read what’s written inside Signal, that’s the good part. I prefer private server + Matrix but Signal is the easiest for regular people.

            • authorinthedark@lemmy.sdf.org
              link
              fedilink
              English
              arrow-up
              2
              ·
              9 months ago

              if i remember correctly, it would be E2EE (WhatsApp and Messenger are too) but Meta stores the encrypted message on their server

          • ViciousTurducken@lemmy.one
            link
            fedilink
            arrow-up
            10
            ·
            edit-2
            9 months ago

            Them being nonprofit has nothing to do with the pursuit of marketshare. Plenty of nonprofits want to maximize marketshare. Them being nonprofit means they are mission-driven.

            And what is that mission?

            Per the Signal Foundation’s website:

            Protect free expression and enable secure global communication through open source privacy technology.

            • helenslunch@feddit.nl
              link
              fedilink
              arrow-up
              9
              ·
              edit-2
              9 months ago

              Them being nonprofit has nothing to do with the pursuit of marketshare.

              Um, of course it does? LOL

              Them being nonprofit means they are mission-driven.

              And what is that mission?

              Let’s talk about what the opposite of their mission is: Mainly operating as a source of data collection and revenue for a corporate surveillance and advertising agency.

              Do they want more users? Sure. Are they going to compromise on their core principles out of convenience for their users? Abso-fuckin-lutely not.

              There’s also the opposite to consider: that users would decide to use WhatsApp instead of Signal because they can, which then puts you in the uncomfortable position I find myself in often where I have to tell people I’m not accepting their messages from insecure platforms.

    • spdrmx@beehaw.org
      link
      fedilink
      arrow-up
      12
      ·
      9 months ago

      Not if signal doesn’t want to support WhatsApp, and I don’t think they’re going to unfortunately :(

      • Piece_Maker@feddit.uk
        link
        fedilink
        English
        arrow-up
        3
        ·
        9 months ago

        So I [in theory, I don’t know how to start with this on a technical level] could make a third-party Signal-compatible app, but allow it to connect to Whatsapp instead of Signal? Even if I can’t use my Signal account to contact Whatsapp people, that’s still potentially useful. Although I imagine the terms I’d have to agree to to do so would be full of nonsense that stops this being remotely feasible.

        • noodlejetski@lemm.ee
          link
          fedilink
          arrow-up
          3
          ·
          9 months ago

          could make a third-party Signal-compatible app, but allow it to connect to Whatsapp instead of Signal?

          you’d have to create a messaging service, not just a client.

          • Piece_Maker@feddit.uk
            link
            fedilink
            English
            arrow-up
            2
            ·
            9 months ago

            I guess I’m misunderstanding here - I thought Whatsapp would be the “service” in my case, I’m just making a client to hook into their, presumably open [to people who agree to whatever their terms are] API. So it’s more of a federation thing between services?

            • noodlejetski@lemm.ee
              link
              fedilink
              arrow-up
              1
              ·
              9 months ago

              So it’s more of a federation thing between services?

              yeah, I guess you could call it that.

    • 4dpuzzle@beehaw.org
      link
      fedilink
      English
      arrow-up
      5
      ·
      9 months ago

      Last time they touched an open chat protocol, they hung it out to dry. That was XMPP. That’s why more than half of the fediverse is reluctant or outright hostile to federate with anything meta.

      • AMDIsOurLord@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        9 months ago

        XMPP is used in many, many places. It’s just not usually explicitly known that the backend is using that protocol

        • 4dpuzzle@beehaw.org
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 months ago

          You are underplaying the damage Google and FB did to XMPP. It wasn’t supposed to be relegated to an obscure backend protocol. The involvement of those companies ensured that it didn’t become a popular user-facing protocol.

    • penquin@lemm.ee
      link
      fedilink
      arrow-up
      25
      ·
      9 months ago

      I’ve read somewhere that iMessage wasn’t considered “big enough” to be considerate a monopoly. Which is bullshit if you ask me.

      • PonyOfWar@pawb.social
        link
        fedilink
        arrow-up
        44
        ·
        9 months ago

        Kinda true in Europe though. Don’t know anyone who uses iMessage, it’s pretty much irrelevant. I know the situation in the US is quite different, but ultimately they don’t regulate for the US market.

      • InfiniWheel@lemmy.one
        link
        fedilink
        arrow-up
        19
        ·
        9 months ago

        Its only big in the US, most of the planet only sees iMessage as that borderline useless app Apple bundles in their phones.

      • Hirom@beehaw.org
        link
        fedilink
        arrow-up
        3
        ·
        9 months ago

        Apple would still feel pressure to add interoperability if all other big players do. iMessage would have a competitive disadvantage if it’s the only one where users are unable to message the rest of the world.

          • Hirom@beehaw.org
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            9 months ago

            Yes. Still, it would be harder to not give a f if others walled gardens open up, and iMessage get disadvantaged by that wall.

            It’s as if iPhones were only able to make calls to other iPhones. Whereas all other devices where able to make calls to any device from any other vendor.