It’s not about crediting the original. It’s probably more about whether the information presented is accruate.
1 Like
WhatsApp is only “recommended” over SMS and even Telegram.
I don’t think there’s anything to investigate really. Everything in that image seems technologically sound from what I can see. WhatsApp really can collect all that data if you give it the permissions that it wants. I don’t see why they wouldn’t collect it given their business.
Well ok but signal can collect more data than they show, signal just doesn’t. So it’s a bit inconsistent in that case don’t you think? That’s what I’m trying to figure out, is this all stuff they could theoretically collect, or that they definitely do, and what’s the source that they do or can in that case.
1 Like
It’s all theoretical. No one can answer that question to a certainty without breaking an NDA which I’m sure all Meta engineers have to sign.
So then what is the image showing, because signal could be collecting your IP address etc as well.
Here is the CEO of Signal describing how push notifications work.
Edit: Stop spreading fud.
If you are stuck using WhatsApp you can use an app such as watomatic.app which can automatically remind people that you are on another platform such as Signal.
Facebook likes to market whatsapp as being “secure" and “private” to lure unsuspecting users into a false sense of security and privacy. In reality its closed source so we have no idea how really secure it is and it’s Facebook who make money from your data. Even the co founders of whatsapp don’t use whatsapp anymore and have since joined Signal development.
You most certainly do not need a whatsapp account for an Instagram account.
That’s just Facebook trying to get you to sign up so they have more info about you.
There are better options than Instagram for posting such as Pixelfed.
They could, but any time they have been subpoenaed to give up any information they have, they only have two pieces of information.
Open Whisper Systems founder Moxie Marlinspike said the company doesn’t track who users communicate with, and it was able to tell the government only the date and time that accounts were created and the last date a user connected to the service.
Pretty sure there’s other sources better than what I found while on the go, but it’s widely known knowledge that Signal keeps only two pieces of data.
It is possible they are collecting a little more information to make sure they can send a message, but they definitely aren’t keeping it. And I’d imagine with the open source app, people can verify what information is being logged.
As for WhatsApp, everything on there looks plausible but who knows what the heck WhatsApp is doing in the background.
Edit: did a bit more digging.
Signal’s Privacy Policy & Terms of Service
https://signal.org/legal/ shows what technical information is stored (push tokens, auth tokens, keys), phone number registration, third-party providers
Signal’s “Big Brother” Government Request Page
https://signal.org/bigbrother/
Index of all subpoena responses showing the “only two timestamps” they provide
Sealed Sender Technical Blog Post
https://signal.org/blog/sealed-sender shows how sender identity is hidden, delivery tokens, IP address concerns, metadata resistance
So based on code and privacy policy we know when sending a Signal message, your IP address, device information, and push notification tokens are transmitted to Signal’s servers (and tokens are shared with Google/Apple for delivery with minimal information as possible), along with the recipient’s identity and timing metadata, and Signal claims not to log most of this. With Sealed Sender enabled, the sender’s identity is hidden from Signal’s servers, but traffic patterns and push notification timing could still reveal when you’re communicating along with delivery and read receipts could reveal a bit more information about you… Ill go more into detail when I’m on a computer.
Signal could technically be collecting it to send to 3rd party systems although we could audit their server source code to see that they’re not. Of course that alone doesn’t prove anything and there are no 100% assurances when dealing with massive distributed systems. We’re trusting AWS that nobody is messing with their customer’s servers without authorization (this would be catastrophic for the business’s reputation) and we’re trust Signal that they’re deploying their open sourced server code without fudging it during deployment.
What’s your point? You don’t understand tech well enough to understand the conversation.
That’s because the image is outdated.
The image got shared from other, while it was in the progress of getting created not in its finale state.
I’m not sure of the current state, but I know that the latest version I saw from the author himself (like @anon39279085 I have contact with him on Signal) has more information on it.
the one shared was the latest version
ive shared it, they seen it but did not respond
No it isn’t that I know for sure.
The latest version I know also contains the phone number that Signal collects.
my bad that is correct
also I see a venice watermark
which that confirms the image is indeed AI
but im sure the other parts are uniquely made by the individual
I appreciate the thorough discussion, but I think we might be losing sight of the forest for the trees here.
This image serves as an ELI5 comparison to illustrate a fundamental point: not all E2EE messengers handle metadata the same way. For that purpose, the image is accurate enough. WhatsApp collects significantly more metadata than Signal; that’s well-documented and not in dispute.
Yes, there are technical nuances we could discuss endlessly like theoretical collection vs. retention, sealed sender limitations, push notification metadata, etc. But unless the image contains OUTRIGHT FALSEHOOD (which I don’t believe it does), these edge cases don’t invalidate its core message for a general audience.
The image isn’t meant to be a comprehensive technical audit. It’s a visual aid to help people understand a privacy concept. Perfect accuracy down to every technical detail would make it unreadable and defeat its purpose.
I think the question of whether this image effectively communicates the metadata difference between WhatsApp and Signal has been answered. The deeper technical discussion is valuable, but it’s a separate conversation not suitable for this ELI5 thread.
7 Likes
Since it is meant to answer your question I’m sure it is ok
basically check the github link I shared
any subsequent questions/answers the creator in question is now in PG @registrationRefused
2 Likes
I always wondered if this thing was worth enabling and the potential tradeoffs. 
To use WhatsApp as privately as possible:
- Don’t invite meta ai bot in groups
- Switch off notifications
- Use Graphene OS contact scopes or don’t give any contact, maybe use inbuilt contacts
- Disable when not using
- Don’t use payments
- Don’t use the business app, only the consumer app
- Maybe Don’t use Google e2ee backups (make local backup and move it from android directory to new Mobile)
- Switch on privacy toggle in each personal chat
- Can use https://faq.whatsapp.com/764072925284841/
Notes:
when you are interacting with a Merchant, only that Business has your data, not Meta/Facebook unless you tag @MetaAI
1 Like
Thank you for help like this.