It is the last big-tech service I am using. Not enough people use Signal, and SMS texts are not encrypted, and often viewed as overly personal. But I still hate the sight of it on my GrapheneOS phone, and am wondering about other peoples approach to using or avoiding WhatsApp.
I don’t think there’s much difference between your use of Whatsapp and that of others, we’re all forced to use Whatsapp to communicate with people who don’t give a damn about their private lives and refuse to switch to Signal or the like.
5 Likes
I don’t use WhatsApp at all.
I encourage my contacts to use Signal, and suggest they use it to talk to their contacts too (helps the network effect).
My main problems with WhatsApp:
- Metadata collection is provided to Meta.
- WhatsApp is a large attack vector.
- I don’t want to contribute to the network effect of non-privacy apps. If everyone keeps using Facebook, WhatsApp, Google etc. privacy respecting companies never have a chance to grow.
2 Likes
I feel forced to use WhatsApp too if I don’t want to get isolated. Most of my conversations and groups are in Signal now, but I still have a couple of groups I can’t manage to get to move to Signal. Luckily, I managed to get the most important people in my life in Signal, so I don’t need WhatsApp that much.
I have it on my old Samsung phone, which I keep at home. And I self-host a Matrix WhatsApp bridge, which I access from my GrapheneOS phone using SchildiChat.
1 Like
How does this protect you from anything lol?
1 Like
I don’t want to have WhatsApp installed on my phone, which has all my data and goes with me everywhere. But I’d still want to be able to be able to communicate with some people that refuse to use anything but WhatsApp, so that’s the solution I came up with. Happy to hear alternatives.
I know it’s irrational, but I deeply distrust Meta, way more than any other big tech company, so I don’t want any of their apps installed on my phone.
The app hides some features behind permissions it doesn’t require. For example, if I don’t give it media access, it won’t let me listen to audios or open an image I received, while SchildiChat allows me to do both things without that permission granted.
The Android permission system allows apps to create media files without permissions, and it also allows them to read the media files they created, so why is it requesting that permission at that point? If it were a small developer, I could assume it was due to laziness or because they didn’t know any better. But coming from one of the most valuable corporations in the world, and one that has been proven to be nefarious over an over again, I can only assume they have ill intentions. I can only assume they request that permission at that point because it sounds plausible to request it at that point, while being almost necessary to be able to use the app, so they ensure that almost everyone will grant that permission.
Why do they want that permission so badly? Coming from Meta, one can only assume that they want it to get more data about you. I highly doubt they do anything with the media content itself, as it would require quite a bit of resources to run any sort of analysis on them on-device, and quite a bit of suspicious network activity if they were to upload them to their servers. But nothing is stopping them from getting the exif data of all the photos you took and take to get a timeline of where you’ve been and when.
Using GrapheneOS’s scopes would let me use the app without granting them that permission, so I should be fine. But given my distrust on their intentions behind the misuse of the permission system, how can I trust them not abusing whatever else they might have access to. Cell tower IDs and connection strength, the same for WiFi and Bluetooth to get approximate location or identify any other device they might know for which they have more information, such us accounts, location etc.
If I tighten my tinfoil hat a bit more, I would even think they could use the speakers to emit ultrasound and the accelerometer to detect those ultrasounds, which they could use to share information between air-gapped devices. So they could be emitting an ultrasound with a unique pattern that identifies each device for which they don’t have location data, and then the swarm of devices with meta apps with location permissions could be reading accelerometer data in search of those patterns and get the location of those devices and users who don’t grant location data.
All of those things are highly unlikely, but if they are possible, I think Meta would be a company with the reach, resources and motivation to do them if they find value in them.
1 Like
My coworkers and relatives use WA, so I use WA as well. Only 1 person in my phone book uses Signal.
Only with my parents, they’re 80 and don’t understand how to install and use other apps or send emails.
I still have a couple of apps that I don’t trust. GrapheneOS helps a little bit to shield my privacy but like you said thanks to how others don’t care about their privacy I’m forced to get exposed. It all depends on your level of comfort, if I was an activist I’d never use WA. Some other apps that really annoys me are Telegram (I’m using the FOSS version but it doesn’t do much about the info that I share using it) and DeepL (only translate app alternative to Google that I found with camera translation that seems privacy oriented but is closed source).
I wonder if you (and other people), isolate WhatsApp in a separate GrapheneOS profile? I’m considering this, but not sure if I’ll be splitting hairs which will make no difference, besides making things inconvenient for me.
I also wonder, do people set a default timer to delete messages?
I don’t (I use WhatsApp in my owner profile) because doing so would mean having to unlock that profile after every reboot. This means that if you ever forget to unlock it (which has happened for me), you would be missing out on critical notifications from WhatsApp.
This isn’t specific to WhatsApp (it applies to all apps for which you want notifications forwarded to your current profile), but I highlight it here because you’re likely dealing with time-sensitive/timely notifications.
Nope, I refuse to use Whatsapp even if that means being not being able to message some people. Only a handful of my friends use Signal, but I don’t mind. I despise Meta.
1 Like
For those who refuse to use it. What do you do in situations where you need to contact someone who doesn’t use Signal? SMS? Email? Surely they are inferior options from a privacy standpoint? Physical letters perhaps?
I have it on my old Samsung phone, which I keep at home. And I self-host a Matrix WhatsApp bridge, which I access from my GrapheneOS phone using SchildiChat.
I’m curious about this bridge. I never knew it was possible. So you can communicate with people through WhatsApp, without touching the Samsung phone? And WhatsApp thinks you are using the Samsung? How does this work? Is it complicated to setup? Major drawbacks? And can it be used for other applications, such as Telegram, Gmail, or standard SMS?
Any “standard” option is fine (email, voice call, sms), even unencrypted I vastly prefer those instead of giving Meta more data.
I use WhatsApp, because every one around have it. It is about being social or use some Signal and have chats with myself only, lol.
I don’t isolate WA in a separate profile, because of convenience, it needs access to share items that are in my main profile and the sandbox profile. I do have default timer to delete messages in chats.
About the question of what people do without WA. Some countries are hyper invested around this IM (Brazil, India, Costa Rica, etc). It is popular for a longer period, I managed to live in one of them for 5 years without it and people would look at me like if I was from another world. It is doable but you will face a lot of trouble. The social part was the easy one, there was hotels, banks, even government partitions that would contact you using WA. It was basically insane. There isn’t a single day that I don’t wake up, look at my phone and think how lame is to have this app installed. If at least they would hide my phone number like Signal. Anyways, yeah, I don’t know if there is an easy path for getting rid of it to be honest.
1 Like
Yes, the bridge acts as a WhatsApp web interface. I have to turn on the Samsung phone to reauthenticate every couple of weeks, and then I can turn it off again.
There is support for many other platforms. Check out Matrix.org - Bridges.
But it’s not easy to set up if you are not used to self-hosting. There are services that offer these bridges without going through the trouble of self-hosting, like Element One or Beeper, but these services will have access to your messages, so you’d have to trust them if you go that route. Another option is ekte.cc, which hosts matrix for you, and people seem happy with it, but I don’t know how much access they have to the servers and data once they set it up.
1 Like
For my sanity, I continue to use WhatsApp. However, I manage to switch many people to Signal. Maybe in the future, I can completely get rid of.
This is interesting.
Since these unencrypted communications don’t provide much privacy, have you considered getting a separate device for normal calls and texts?
A simple phone bought cash, stored in an RFID pouch when not in use.