Your question was about security. “Does anyone have any resources at hand that could explain to him why neither facebook/meta nor any of its companies are SECURE?” The problem with your framing is that you’re looking for a specific answer. Even the first answer to your question was “WhatsApp isn’t so bad”, and when you don’t get an answer you want, you challenge their opinion “The fact that it’s decentralized is exactly what makes it a lot more private and secure than Signal”.
I didn’t say Signal is the “best possible messaging app”. It’s another alternative you could recommend since your friend doesn’t want to use Session. You said you “have offered him several alternatives, all of which are open source and very secure”. I didn’t think Signal was off the table, especially when you said the Techlore video was “the kind of thing I was looking for”. I don’t know if you watched the video, but even in the Techlore video, Henry said if you’re going to use a messenger with Signal Protocol, you might as well use Signal.
When discussing privacy with “normies”, sometimes, you have to meet each other half way. Again, watch the Techlore video. He said if you have to use WhatsApp, here’s what you can do to lock down the app. He didn’t say “Here’s why WhatsApp is bad and why Session is good and why you must switch and here are resources that explain why Meta is not secure”. I understand it’s frustrating when you can’t communicate with others under your own terms, but it goes both ways. It seems like your friend doesn’t want to compromise either. Why should your friend be the only one to make compromises?
The position you’re in right now seems to be that you only want to use Session and nothing else. If Session is truly “the best of the best”, it shouldn’t be too hard to convince your normie friends to switch. After all, who wouldn’t want to use “the best of the best”? But since you’re having this issue, you can either stand your ground and not communicate with anyone who’s not on Session or you can continue to convince your friend to use Session until they give in. In which case, I wish you the best of luck!
Yes I do, of course. I make millions shilling for Session on privacyguides.net lmao
Never heard of it, but that’s good to know. Doesn’t seem like it’s done by default thought. Is it decentralized?
SimpleXChat sounds great on paper, I actually tried to onboard people onto SimpleX, which turned out to be a mistake. Its functionality is ass, or at least it was when I last tried it.
I deeply regret not having recommended Session instead, as I managed to get two different people to use it only to not be able to communicate. I don’t know what the problem was, but neither party received the messages the other sent.
The reason I recommend Session over SimpleXChat is because I know it works and I’ve never had major problems like that. If SimpleXChat worked with no hiccups, I wouldn’t have a problem shilling for SimpleX as well, as you can send large files on it, something that can’t be done through Session.
True in a world where especially everywhere you go feeling like people are clueless it’s just something
I’ve only just had some of my hope raised when I saw a brave share QR code on a truck livery/decal
It’s not big changes sure but small steps for bigger gains obviously, and honestly, bless them for doing that. Reminds me I also knew someone in college who would use brave on their laptop.
Personally I have made a stance to only respond via RCS (preferably E2EE) and Signal when it comes to communication, I don’t respond fast elsewhere ever
Sure RCS has metadata issues (and is documented on the technical paper) but it is miles better than SMS, and the next step to me from RCS is basically signal and that’s where I stay at
I did watch the video, which doesn’t mean I agree with absolutely everything Henry said in it. In fact, that’s the part I disagree with. I’m trying to show someone why using WhatsApp or Instacrap for communication isn’t private or secure and why privacy and security are important. If I tell him to use Signal I’m being a hypocrite, since I know Signal isn’t the best option when compared to Session, which is objectively better when taking into account everything as a whole. and not just le PFS.
Even if Signal was on par with Session, as long as they require a phone number to be used, I won’t recommend it, as it normalizes the practice of giving very sensitive data to be able to use certain services. This is a problem, because most people aren’t going to bother getting a disposable number (many services don’t work with disposable numbers, maybe Signal does, but that’s besides the point).
No, you can “meet each other half way” and compromise if you want to. You don’t have to. Yes, using WhatsApp in certain ways can be better than using WhatsApp blindly and with no security measures, but still, I think the best possible course of action is not touching anything related to Meta with a 10 foot pole. Henry has his own thoughts about that and that’s great, I have my own.
My acquaintance makes zero compromises by using a service that is completely respectful of his privacy, while I do make compromises when I’m forced to use a service that disregards them. That’s what I try to make him understand, and if he doesn’t understand that, then it’s okay. He’s a free human being with free will and I’m glad about that. I don’t want to force anyone to do something they don’t wanna do.
At the same time, I won’t compromise on this issue, and if that means there’s no communication between us, then so be it. We’re at a point in time when I believe it’s important to stand for our values and principles, and this is one of those that matters greatly to me.
Actually, no. I offered other alternatives, like Briefing - Secure direct video conferencing, which is also great and requires no installation, it’s not an app. It works over browser, it needs minimal effort to use. If the other person isn’t comfortable using it, it just tells me that he either doesn’t trust me (no need to trust me as he can read the documentation about it), or he doesn’t wanna bother in the slightest. In which case, I don’t see as much of a problem not having communication with that person, as it shows a lack of interest or a lack of trust.
I can’t do anything with a lack of interest, and I can only do so much with a lack of trust.
Yeah, we all know it’s perfectly simple and easy to convince normies of the importance of privacy and security, I’m sure all your contacts are using Signal at the moment, 100% guaranteed :,)
If you don’t understand why decentralization is important for privacy, security and most importantly, the resiliency of apps and services, I highly recommend you start looking into it. Having centralized servers, as is the case with Signal, means that if the US government ever decides that encryption is criminal, like the UK government is trying to bring about into law, that would mean that it’d be extremely easy to wipe Signal out.
Censorship becomes extremely easy when everything is centralized. Decentralization is crucial to having resilient and secure services that are reliable long term.
Rob Braxman is not someone to be fully trusted unlike Graphene, Here and Techlore. His video should always be taken with a grain of salt (and no it’s not just rob, I would more or less give it to SomeOrdinaryGamers & Mental Outlaw just not at the extend of rob braxman for both of them)
Also decentralization can be very insecure, it does in no way contribute to security, Privacy is varied by the server you’re trusting.
Resilience yes, Decentealization make sense but so is open source? Signal shut down? I guarantee you there will be a community there (maybe the most trusted being Molly) that would spin up their own servers using signal’s server code
You clearly know nothing about decentralization, then. No one should take anything you say on the matter seriously, since you clearly have no clue what you’re talking about.
Doesn’t negate in any way that decentralization is a further barrier, and one that can be potentially extremely difficult to overcome.
It’s preferable if people don’t even have to resort to building a different platform off a fork, which would probably make them lose contact with many different people. Better to prevent bad outcomes than to react to them.
When asking questions, you have to be open to different answers. If the answer is Session isn’t great because it lacks PFS, you have to accept it as an answer to your question. If you were looking for a different answer, why bother asking questions at all?
Sure, you don’t have to compromise, but you’re expecting others to compromise. You don’t see it as a compromise because you don’t have to do anything, but it’s a compromise for your friend because it’s what you are demanding of them. Switching providers is always a compromise. What if their mother doesn’t want to switch? Should they stop talking to their mother over WhatsApp? Even if I agree with the premise that Session is the absolute best messenger, it’s hard for people to switch when nobody uses it.
Signal is more accessible because you can use your phone number to discover contacts. If you have a higher threat model, you can use a disposable number and ask your contacts for their username. If you don’t have a high threat model, you might be comfortable giving Signal your phone number. That’s not something that should be considered unacceptable.
But if you’re willing to cut off contact with your friend because you can’t make compromises, that’s another answer you have to accept.
This and you should probably tone down your obsession with decentralization and think of a different perspective than “Decentralization only is the best” at this point as I said, join the web3 community, they would welcome you if you are that obsessed
I’m
Just
Saying
If you wanna live in that echo chambers, by all means but as ImTooPhaT said, you have to accept some things as answers
I think you may lack some reading comprehension, since I never asked about Session. I asked for resources to share about the importance of privacy and security in general, and specifically about the downsides of using WhatsApp and other big tech platforms.
edit: Also, I accept whatever answers people are kind enough to provide. It doesn’t mean I have to agree with those answers, though. I can also voice my disagreement. That’s what a forum is for.
I’m not demanding anything, I’m merely telling them that I don’t use those other platforms. If they want, they can use mine as well, if not, that’s 100% okay. The possibility of communicating is just very slim, then.
Also, I never said that they need to stop using whatever they were previously using. I’m not demanding that they stop communicating with their mother through WhatsApp, if that’s what they wanna do. You seem to have a lot of assumptions.
Yeah, Signal is more accessible and more convenient, and a lot worse in terms of privacy and security, which is why I also would rather not use it for all the reasons I’ve already provided. It’s perfectly fine if others are willing to normalize handing over sensitive data in order to have access to services, it’s just something I personally have a problem with and that I cannot abide by when there’s an alternative.
I don’t know why you’re beating this very dead horse, I’ve already said multiple times that if it’s not possible for the other person to understand why privacy and security are important and they aren’t willing to give Session or even Briefing - Secure direct video conferencing a try, I’m fine with not communicating with them.
I never said this was a friend, by the way. It’s an acquaintance at best.
Where exactly did I say that “decentralization only is the best”? Saying that decentralization is important is being obsessed? Sure, okay lol
Where did I “not accept some things as answers”? Disagreeing doesn’t mean I don’t accept other people’s rights to voice their opinions. Those are two different things.
I think you are overstating the difference based upon broad assumptions. Tor isn’t ideal for sharing personal information. This doesn’t mean you should never use Tor.
At this point I’m sure anyone who searched could find my phone number in a publicly leaked database. Almost everyone who has added me to their contacts has given my info to Meta.
You are correct about avoiding unique identifiers but it does reduce spam. I use Signal like texts. None of it is private, merely more difficult to obtain. Recipients of my messages could have hacked phones. They can take screenshots. Messages can be faked. Session allows for plausible deniability but that’s it.
Even though WhatsApp is owned by a big tech company, you can’t even accept that WhatsApp’s encryption is better than Session. Accepting an answer is not the same as agreeing with an answer. If you don’t agree with my answer, you have to accept that it is an answer to your question. But you were looking for a different answer, one that could explain why WhatsApp’s security is weaker than Session.
You said your “friend” (your relationship to this person isn’t important) wouldn’t be compromising anything if they switched to Session. Even if they use Session to talk to you and WhatsApp for everyone else, that’s still a compromise for them.
Another answer you have to accept is that switching to Signal is still a privacy win. Your only disagreement is that it’s not Session, so we would have to agree with you that Signal is a privacy loss because it requires a phone number (and it’s not a decentralised service).
This Signal discussion slowly getting off topic, but I’ll say a few final points.
E2EE, in the case of Signal, means you don’t have to trust the centralized server as it’s encrypted. This same concept is the same for encrypted decentralized protocols: there are just more computers involved in passing messages around.
You didn’t say what metadata outside of a phone number, which is what I had asked. Hand waving metadata without saying what precisely is being exposed is a way to make it seem like a boogeyman.
I’m not expecting to have every single thing listed out, but if it’s just the phone number, and the risk of leakage requires Signal (whose value proposition is being secure, so they have reason to invest in it) being hacked or state threat level actors, it’s something that mostly very precarious threat models will need to account for.
—
Signal specs aside, I think the main thing you need to sit down and really asses is based on this:
You need to think about your threat model. And you need to know the threat model of your friend (implicit, even if they haven’t thought about it) is not your threat model. A more strict threat model has more friction, ergo weaker threat models (your friends) will focus on usability and network effects.
The replies you are receiving are described as this: you gotta meet people where they are at and compromise if you can. WhatsApp works, their friends likely use it, and it has caused them no problems.
Your friend is concerned about European privacy standards. Signal meets GDPR standards and there is a non-profit your friend can see to help evaluate this. Signal is one of the top most downloaded apps,
You may not care about it being a non-profit, and think centralization is a sham. But it’s not about you, it’s about your friend, who does not care about decentralization or centralization. They may think phone discovery is actually the reason they’d greatly prefer Signal way over Session, as it’s way easier to find their other friends who use it. Gotta sell the usability of these things as well. Signal solves usability and network effect problems that Session by design does not have. And Signal > WhatsApp, which would be a win for them.
Matrix is a great example of a service with shoddy UX. They’ve been fighting their service for a while, and it has greatly suffered adoption. It would be like pulling teeth to get my friends who use Discord to use Matrix, and they’d hate me for it if I pushed them onto it and it sucks.
Hypotetically speaking, if you realise that your university uses WhatsApp to communicate with you you’ll quit uni? I mean, I understand your point but living life and enjoying relationships are activities that are more important than privacy. Sometimes we have to compromise our values and principles if we want to achieve certain things in life.
Almost no one (especially normies) will do this anyway. If you unironically tell a normie that, they’ll be life WTF.
