If it's not opensource (so you can check the code for trackers) and you can't change servers (so they can't track your IP, location etc), it's not private.
Check out what What's app does, which uses the same Signal protocol lots of people love. Emphasis on "WhatsApp may start collecting..."'
> What data does WhatsApp disclose in response to government requests?
> WhatsApp scrutinizes every government request and produces only the information that is narrowly tailored to respond to each request. Depending on the request WhatsApp’s response may include, if available, basic subscriber information (such as their name, service start date, last seen date, IP address, device type, and email address), and account information (such as a user’s "about" information, profile photos, group information and contacts list). In the ordinary course of providing its service, WhatsApp does not store message logs once the messages are delivered or transaction logs of such delivered messages. In order to comply with a valid legal request, such as a valid Pen Register Trap and Trace Order in the United States, WhatsApp may start collecting message logs and call logs for a particular user indicating who the communication was to or from, the time it was transmitted and from which IP address, and the type of communication (such as a text or call).
https://faq.whatsapp.com/808280033839222
We give the bare minimum information unless they ask, then we dox all of your friends and family too :)
We don't track. But people can ask. Then we do track. And we can track everything because our app can see the text being written before we encrypt it.
Tbf it doesn’t mention logging the actual content of the messages.
And my family can't comprehend why I won't use WhatsApp.
Absolutely fucking nope.
This is true for any closed source software. iMessage included.
Preaching to the choir here. Been an righteous advocate for FOSS for almost 15 years.
Personal devices are all FOSS, or GTFO.
Work forces me to use only 2 proprietary applications. I loath having to use that many.
agree, thats why we need nostr based solution. People ephasizing how "secure" is ios or signal app forgot that security without freedom is temporary and accidental.
Properly implemented like keychat would be good. But it can be done without nostr too as Simplex is already becoming mature
yeah, but no. Nostr is horizontal and decentralized from day zero, simplex is a platform well documented unless people start doing third party implementations of clients and server.
I think projects that start like simplex dont end decentralized and open. Would be happy to be wrong!
Yep. Even keychat on Nostr is likely to get centralized over time.
You either incentivize multiple clients, multiple servers, which goes against the duty to maximize revenue of a company, or you end up centralizing everything.
There are a lot of servers outside the pool the run. I run two of my own
a some instamce of the same code, nit different implementations
That is true... Fixable though, but it will cost a lot of development time
fixable by real adoption, we will se if it will ever happen.
Probably not. Even Signal is a tiny percentage of WhatsApp. But let's say Simplex does eat a significant percentage of the market and remains open. What is the incentive for a group to invest millions into building alternative but feature wise identical implementation?
More likely there will eventually be forks to implement things core won't
Sooner you quit whatApp better you are .. not because it is NOT open source .. simply because it is designed to be an addiction ..
It's not about WhatsApp. Every app that is closed source and close servers can do the same. Even those who claim they are private. Including Signal themselves.
I know .. but whatAp is double a whammy .. it is closed source evil :-)
Signal leaks metadata and group membership
TLDR: they can and they are already tracking and giving whatever information that's available.
SimpleX!
Only if you never use their own servers.
I run my own server, but how are the central servers insecure when only the client can locate it's messages?
If both of you connect to the same server, the server can see encrypted content being uploaded downloaded by both in similar times. Then it's easy. IP gets location. Location over time gives your home and work address. Home and work address give your name.
Not really. There are lots of connections to that pool of servers at any given time. Not really possible to correlate which belong together. They do have my IP but so does any public nostr relay I use unless on Tor
I run a server last year and decided to add a huge number of logs into their code. It's definitely possible to map who is talking to who. Especially if you run it over time. The link between users is possible even through Tor if the connection is not constantly refreshed to get a new exit node. The only thing Tor adds is that I can't get your location from your IP. But who is talking to who and when is still fully traceable.
I run my own off of my start 9. For friends and family only
True. Trusting end to end encryption requires at least that the client is open source. Any closed source client can contain backdoors that trigger insecure resends of your messages like WhatsApp does when group messages are reported