Israeli espionage firm hacks WhatsApp. Can install spyware with missed call.

My advice: dump WhatsApp today and start using Wire ( Tell your friends and family to do the same. (It’s a simple, free download on all app stores. Easy to use, doesn’t require your phone number, and their business model is based on charging for commercial use and for pro accounts.)

You can find more alternatives on (

@aral @switchingsocial i like wire but the fact contact lists aren't encrypted is problematic

@aral What about Matrix? Or good, old fashioned XMPP? (via Xabber / Pidgin)

@GothFvck xmpp does not work for modern use cases. Not because of the protocol but because of the many many ways it can break.

@aral @switchingsocial I've read a lot of comments from people saying Wire is not a good messenger, so I guess I'll stick with Signal for now.

The only annoying thing is that I need to give people my phone number.

@DC7IA Can you give me a few links to those comments. I’d like to see what the actual arguments are.

@aral @switchingsocial I'd need to google again for opinions. I did not read them today.

@aral @switchingsocial My issue is I can't seem to find good arguments to convince my friends to switch to a privacy-friendly app like Wire, they're always like "do I care if my conversations get spied on, I'm not a Minister," and I don't know what to tell them

@gaperst @aral @switchingsocial

If you don't mind risking some smugness, you can ask them for permission to install a recording device in their house. "I promise not to do anything bad with it, I just have my reasons."

Typically people are fine with privacy invasion because there's no face attached and they can't foresee consequences. Remove one and or both and people start to piece the problem together.

@gaperst @aral @switchingsocial Such people need to understand that it could have bad personal consequences in the future especially when multiple datasets from different sources are combined & that it's a danger to democracy if so many people use one centralized, proprietary messenger. Both points have nothing to do with being a minister, activist or just an ordinary person.

@aral @DC7IA
I'm curious as well. Largest problem of #Wire is the lack of users, but otherwise it's not worse than others, and its security is on par with #Signal. And in contrast you can run Wire server on your server (theoretically, since it's heavily wired into amazon).

@DC7IA @grin @aral
yes, signal and wire has desktop version, I am using both on my linux

@grin @aral @DC7IA I wouldn't say Wire's security is on par with Signal's. People can sign up to Wire without giving away their phone number, that's true, but Signal has some really clever security and privacy features that Wire currently lacks. Here are 3 of them:

Encrypted profiles

Private contact discovery

Sealed sender

@tobiaalberti @aral @DC7IA I stand corrected, it is not on par with Signal in the general sense; however its security regarding e2ee is the same, it is completely anonymous in contrast to signal, and can use self-hosted server. (I'm not sure what's the current status of Signal group size and usability, and some long-standing unfixed bugs. Same for wire.)

@grin @aral @DC7IA Didn’t Telegram’s MTProto encryption protocol receive some pretty worrying reviews from the infosec community over the years?

@tobiaalberti @aral @DC7IA I cannot recall any part of #Telegram (including #MTProto) which did not get some pretty worrying review… Unless it's been changed radically it is not much more secure than #hangouts in the general case (when you don't select manually secure one-to-one chat, which is only as secure as mtproto, which is believed to be not very much).

@aral @switchingsocial According @privacytools , Wire keeps a list of all the users you contact until the account is deleted, and therefore is not so privacy-friendly.

@aral @switchingsocial I would recommend #riot / #matrix all open source and federated. And you have your choice of clients.

@aral @switchingsocial gsocial I'd suggest start using Delta.Chat because of it's 100% #Decentralized, Free (as in #Freedom) server backend! #DeltaChat #Email #EmailIsCool
@aral I am somewhat skeptical that this is a hack or exploit, from what I've read into this, it appears more they found a back-door not intended for them and used it for interception.

@aral @switchingsocial
>"Attackers could transmit the malicious code to a target’s device by calling the user and infecting the call whether or not the recipient answered the call. "

"Infecting" a call? How is this possible? 🤔

@aral @switchingsocial

Oh wait. I thought Whatsapp was just a messenger app, but apparently it does VOIP calls too, so I guess they're talking about calls via the app, not regular phone calls on the phone line.

@leadore @aral @switchingsocial My understanding is as follows: Whatsapp asks for permission to make and answer phone calls. Now when an incoming call sends some crafted code with it, this crashes whatsapp and allows for running the exploit.

Sign in to participate in the conversation
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!