Israeli espionage firm hacks WhatsApp. Can install spyware with missed call.
My advice: dump WhatsApp today and start using Wire (https://wire.com/en/products/personal-secure-messenger/). Tell your friends and family to do the same. (It’s a simple, free download on all app stores. Easy to use, doesn’t require your phone number, and their business model is based on charging for commercial use and for pro accounts.)
You can find more alternatives on @switchingsocial (https://switching.social/ethical-alternatives-to-whatsapp-and-skype/)
@aral What about Matrix? Or good, old fashioned XMPP? (via Xabber / Pidgin)
@GothFvck xmpp does not work for modern use cases. Not because of the protocol but because of the many many ways it can break.
what about Signal?
@clerical I use it. But they want your phone number and they’ve let themselves be used to whitewash both Google and Facebook on privacy so I prefer Wire. They’re the best options at the moment. But also keep your eye on Jami.
If you don't mind risking some smugness, you can ask them for permission to install a recording device in their house. "I promise not to do anything bad with it, I just have my reasons."
Typically people are fine with privacy invasion because there's no face attached and they can't foresee consequences. Remove one and or both and people start to piece the problem together.
It's not just government spies that spy on people, those are just the ones that get the headlines.
Smaller criminals use privacy exploits to steal people's money, to commit fraud in their name, or distribute all kinds of dubious/illegal material.
(A friend recently asked for help moving to a better email account because their yahoo had been hijacked to send all kinds of dubious spam.)
@switchingsocial @aral I'm convinced we should use as many means as possible to prevent ourselves from this kind of threat, but you can't deny the chances it happens to some random proprietary software user are low, and the risk doesn't really justify the effort of changing your habits : if you get your money stolen, you have insurances, if your identity is stolen, too bad but nothing actually *did* happen to you, etc.
That is why I can't convince my friends to change their habits.
If you leave your front door unlocked, it's probably going to be ok. But the consequences if some violent person comes in are pretty terrible (and that has happened to an acquaintance of mine).
Identity theft is a hideous thing to get out of, especially if you live in a country with heavy dependence on credit rating agencies etc.
@switchingsocial I like your comparisons. Thank you for your answers.
@gaperst @aral @switchingsocial Such people need to understand that it could have bad personal consequences in the future especially when multiple datasets from different sources are combined & that it's a danger to democracy if so many people use one centralized, proprietary messenger. Both points have nothing to do with being a minister, activist or just an ordinary person.
@grin @aral @DC7IA I wouldn't say Wire's security is on par with Signal's. People can sign up to Wire without giving away their phone number, that's true, but Signal has some really clever security and privacy features that Wire currently lacks. Here are 3 of them:
Private contact discovery
@tobiaalberti @aral @DC7IA I stand corrected, it is not on par with Signal in the general sense; however its security regarding e2ee is the same, it is completely anonymous in contrast to signal, and can use self-hosted server. (I'm not sure what's the current status of Signal group size and usability, and some long-standing unfixed bugs. Same for wire.)
@tobiaalberti @aral @DC7IA I cannot recall any part of #Telegram (including #MTProto) which did not get some pretty worrying review… Unless it's been changed radically it is not much more secure than #hangouts in the general case (when you don't select manually secure one-to-one chat, which is only as secure as mtproto, which is believed to be not very much).
This is my personal Mastodon.