WhatsApp's New Policy Has...

… finally been the final push all my friends needed to dump it and move to Signal.

Several of the WhatsApp groups I’m on have, as of this morning, been disbanded and re-launched on Signal.

Facebook say the new policy applies to business accounts, but heck, the cat’s out the bag and gone.

What’s most amazing to me is that a lot more people seem to be a tad more concerned about their privacy, when they ordinarily wouldn’t have.


Same boat here. I don’t even have a FB account but I am in a handful of WhatsApp groups. Most are family related but one is a tight-knit men’s group at church where privacy is important. The “hey men, I’m struggling with <insert really difficult topic here> and I need support” type group.

We’re ditching WhatsApp likely for Signal as well. I trust satan himself more than I trust Zuckerburg.

There is also Telegram, which is quite good :slightly_smiling_face:

Ge Dupin

This might be anecdotal but there is a ton of debate about whether or not Telegram is encrypted.

This is not anecdotal though, on Wednesday night I saw an interview with a security expert on CNBC and he indicated that they knew that the riots in DC were going to happen because they had been "monitoring the extremists Telegram groups". What they didn't say was whether or not they were simply members of those groups, or monitoring from a "networking/technology" sense. I'm not sure if Signal does groups the same way that Telegram does but that one is widely believed to be much better than Telegram as far as privacy and security.

Telegram is a tremendously useful (and free service) for connecting to Elastalert for all manner of notifications, but we have since moved to Teams for that just because we can't really be sure what is going on under the hood with Telegram.

Just some things that I have observed, not trying to start a holy war.

For my education, how is Teams doing this better, and can I
independently verify it?

Well, I suppose you can't really know for sure that Teams is following any sort of best practices but Teams does let you set standards for security and privacy in the admin center a couple of other points:

A) It seems like if there is an issue with Teams they have more of an imperative to fix it (as well as financial and technical resources)
B) If you do a few searches on your favorite search engine regarding Telegram there appears to be debate about what it's doing in regards to security, privacy, storage/custody of data, etc.

Everyone can and should use whatever signals they want to make their own decisions.

Sorry, I'm still confused. What was the signal that you used to change
from Telegram to Teams?

Personally it was the inability to set policies/controls on usage and not having any visibility with what Telegram was doing.

But again, everyone should do whatever everyone wants to do.

Ditched my Facebook account in 2012, after some glitch posted private messages to one's time line. Never looked back.


My rough formula:

 Signal &gt; Telegram &gt; iMessage &gt; WhatsApp


My rudimentary understanding of Telegram is that group messages are client-server, which is why new members can read old posts when they join a group.

Signal, on the other hand, is p2p for members within the group. No messages are ever sent to their cloud.


Has anyone considered or used Keybase?

Has anyone considered or used Keybase?

Didn't they sell their customers recently. I may be talking out of my posterior.

But on a more serious note, which of these are provably correct?

One of them used to offer you a local message and outgoing data
(signal?) so you could independently verify that they send the correct
data out, reflecting the algorithmic choice you have. So instead of
trusting that(signal?) you have to trust the algorithm, which they
don't control.

Keybase was purchased by Zoom (https://www.cnbc.com/2020/05/07/zoom-buys-keybase-in-first-deal-as-part-of-plan-to-fix-security.html). From what I’ve gathered, Zoom is too tight with, owned by, or run by China, so I believe there was a similar mass exodus from Keybase for lack of trust.

Zoom bought Keybase.
Keybase also has a bit of technical overhead that prevents casual users from adopting. It’s why my group chats are migrating to Signal. Having non-tech friends generate key strings and all that… definitely not going to happen.

Thanks Dave,

I missed that… he says as he deletes Keybase

Hopefully not before you told your Keybase contacts where you were going. :slight_smile:

I've been maintaining a page of relevant links concerning Zoom since
late winter 2020. It's here:

  Zoom security/privacy issues

I need to add a link there concerning the complaint filed in the EDNY,
USA v. Xinjiang Jin (JIN). As pointed out by File411, there are repeated
references in that complaint to "under 1 minute", as in:

  Employee-1 explained that "The current requirement" -- apparently
  referring to Company-1's internal restrictions -- "is that domestic
  engineers cannot access the data of us clusters" -- indicating
  that PRC-based software engineers were not permitted to access user
  data stored on U.S.-based servers. JIN responded "Net Security's
  requirement is that [the employer] must have the authority to
  directly handle it, and it must be handled within one minute.
  For example, including U.S. users, if the issue of June 4th is
  being discussed in a meeting, it must be handled within one minute
  of [the meeting being reported], otherwise will be [rate] as
  security non-compliant."

("June 4th" refers to Tiananmen Square - June 4, 1989.)

It's unclear yet exactly what this means/implies, but my working assumption
for the moment is that everything passing through Zoom is being made
available in real or close-to-real time to the PRC.

Also in the complaint:

  JIN wrote in an electronic messages to other individuals who are
  Company-1 employees stating that, even if other U.S. social media
  and search companies had no business in the PRC, they still terminated
  accounts and posted at the request of the "CN zf". Based on open
  source information and my training and experience, the "CN" in "CN zf"
  refers to "China" (the PRC) and "zf" is shorthand for zhengfu,
  a Chinese word for government.