So how secure is this sack of shit, exactly...

So how secure is this sack of shit, exactly? I'm having such a hard time switching over Whatsapp because every colleague in my supposedly "enlightened" clique will not use any other service to contact me other than phone calls and it's getting really troublesome. Is it worth a shot?

Other urls found in this thread:

whatsapp.com/faq/en/android/28000019
privacytools.io/#im
riot.im/
eff.org/secure-messaging-scorecard
matrix.org/
twitter.com/SFWRedditVideos

It's end-to-end encrypted using methods they publicly released and audited. You can set it to tell you when someone's private key changes (which should be only when the app is reinstalled). That makes it pretty good in theory, but it's proprietary as hell, so who knows.

If I remember correctly their terms of service now give them the right to mine and analyze metadata.

I'm more or less forced to use it and want to get rid of it, but it could be much worse.

Just make sure that it's not backing up your conversations in plaintext to your google drive account.

whatsapp.com/faq/en/android/28000019

It's safe enough if you don't have a google account on your phone.

XMPP/OMEMO would be better of course, but Whatsapp is probably the least-awful normie messaging app available. You don't even need an active google account like Moxie "Google's Cum Tastes Fantastic" Marlinspike demands for Signal users. It'll work fine on no-gapps-installed Cyanogenmod phones.

Yes, you can, in theory, test if it is actually Spyware by monitoring your network. But you won't do it. Of course it's bwtter to use Signal for example but this is not bad either

Just use Telegram. It has fucking stickers.

isis use it so it's secure enough

privacytools.io/#im
>If you are currently using an Instant Messenger like WhatsApp, Viber, LINE or Threema you should pick an alternative here.
I use Signal on my phone (encrypted SMS and calls) and Tox on my computer.

After considering the privacy and security issues, I tried all alternatives and finally settled on riot.im/

So far, so good.

Nigger can you not read?

i'll reinstall botnet now

...

to be fair i didnt get invited to a single party after dumping facebook. effects are real yo.

it doesn't help

(Note: I assume we're talking about Android phones, because fuck everything about IOS.)

Signal requires Google Play Services. It's basically an instant messenger for the paranoid, that only runs on a phone that someone who is paranoid wouldn't use. Plus, there's that whole phone number registration bullshit.

I'll stick to Wire for my normie-friendly chats. I can get the APK from their website, I can register with just an email address, and normies can do their app store/phone registration thing if they want. And there's no phone required.

eff.org/secure-messaging-scorecard

EFF saves the day - again.

Outdated comparison

I was planning the other day on starting a project to make some phone program that has dead-simple UI for normal people, and uses IRC (or XMPP, now that I think about it, but I'm not that familiar with it) as the protocol below. The idea is to bring people away from non-universal protocols, and instead have it so any other client, with just compatibility with the protocol can connect to their friends. Thing is, now I read that Whatsapp uses XMPP, but modified, and I wonder, how modified is it? XMPP webpage doesn't list it, and I've read it was actually the "original protocol" that might at some point have been completely changed.

Just use matrix, it can use any of those.
matrix.org/

Conversations already exists for XMPP, you'll never catch up to it in any meaningful way

it's some bullshit normie technology and it's an "app". that alone is already 2 red flags

if that's not a red flag yall niggers retarded and beyond hope


ooh I'm sure glad they documented a bunch of shit about how their proprietary crap purportedly works so they could masturbate with HN about it


Telegram is shit too.

Play services for push notifications. If yoi don't have it, fine but if use play services, there is no reason to choose anything else. It is pretty good. As far as the security goes, it is pretty secure and comes from well trusted company.

You can test if it is spyware or not.

How do you guys get people using tox and signal? My won't use this shit.

Looks like we have ourselves a "real computer wizard". Come back when you have as popular an FOSS implementation of a IM ,,app,, on android.

I am glad about it. It's much better than typical proprietary IM and I have to use it either way. There can be a meaningful quality difference between two bad things.

worked for me

Well, think about it:
• by default there are no alerts when someone's key changes.
• (unlike Telegram) there's no way to prevent stealing your account by Cell service provider, FBI, or even every schoolboy who owns the hardware for intercepting SMS, because all that is needed to log in is to receive a SMS. (Telegram on the other hand allows to use additional password, though it's still crap)

So in practice someone else may start talking to your buddies instead of you, and you will not notice, not even see the messages the attacker sends.

Now you can answer it yourself, how secure is this sack of shit?

Read yowsup source code, it contains all the answers.

It's somewhat similar to XMPP but the compatibility with XMPP is impossible because Whatsapp requires its unique encryption scheme.