Signal and Threema want nothing to do with WhatsApp
Signal and Threema want nothing to do with WhatsApp
Signal and Threema want nothing to do with WhatsApp
It’s a good move; it shows they are no interested in popularity but Privacy and Security
In a statement to the publication, Signal president Meredith Whittaker says, “Our privacy standards are extremely high and not only will we not lower them, we want to keep raising them. Currently, working with Facebook Messenger, iMessage, WhatsApp, or even a Matrix service would mean a deterioration of our data protection standards.”
Ugh, okay Meredith, let's pretend it's impossible to handle this with user experience that makes the user acknowledge their conversation with a WhatsApp user is not secure. Meanwhile if the only viable way for this conversion to occur is to have WhatsApp on both ends, the situation less secure. So according to Meredith, the choice is between less overall security or not having conversations with people who don't use Signal. That could makes sense for her salary but it surely is a net negative for Signal users some of which will have to install WhatsApp since they won't be able to afford not to have those conversations.
It's the same argument they used when ditching SMS-support ☹️
I'm not nearly as salty about SMS because of the following differences from the WhatsApp scenario. Signal-SMS was only supported on Android, call it half of Signal users whereas a potential WhatsApp integration (or lack thereof) would affect nearly all Signal users. Then the Android users who have to reach others over SMS already have a built-in system app that does this, so they don't have to install third party app that exists to vacuum data. So the downgrade for the Android Signal user is in ease of use, not in overall security.
a net negative for Signal users some of which will have to install WhatsApp since they won't be able to afford not to have those conversations.
I just had to do exactly this for a little league group 😭
Yeah we’re like super serious about privacy so we require you to make you’re account based on a unique, hard to change, personally identifiable, insecure data point and require you to show it to everyone you talk to. The fact that they’re only now starting to test hiding your phone number is beyond asinine. Any arguments signal has about security I might listen to but their concept of privacy is laughable.
Ugh, okay Meredith, let's pretend it's impossible to handle this with user experience that makes the user acknowledge their conversation with a WhatsApp user is not secure. Meanwhile if the only viable way for this conversion to occur is to have WhatsApp on both ends, the situation less secure.
It is a privacy concern, not a security one.
So according to Meredith, the choice is between less overall security or not having conversations with people who don't use Signal.
Could you cite this please? Because I do not see this beeing said or implied.
That could makes sense for her salary but it surely is a net negative for Signal users some of which will have to install WhatsApp since they won't be able to afford not to have those conversations.
Entirley different conversation, accusations and projections. So dropping this.
It's doable we are not in the kindergarten and school groups we might miss a few things but worked so fast for us. And I convinced both my job teams to use Signal
Ugh, okay Meredith, let's pretend it's impossible to handle this with user experience that makes the user acknowledge their conversation with a WhatsApp user is not secure. Meanwhile if the only viable way for this conversion to occur is to have WhatsApp on both ends, the situation less secure.
I don't agree with this. The only way to have the conversation is to have Signal at both ends.
while i see where you're coming from, being able to message WhatsApp users from a client app that respects privacy would be better than being forced to have WhatsApp installed on your device, with it snooping casually on your everyday device usage and your contact list and so on.
WhatsApp is the only Facebook app on my phone and i'd love to get rid of it without losing the ability to message all those buffons using it (which make up for 99% of my social circle)
me neither
Signal refusing to federate with WhatsApp, even though meta says they will still use the signal protocol is the most bone headed decision I have ever seen from them.
There no better chance to break the network effect than this.
Meta could easily have the WhatsApp client upload decryption keys to their servers without any notification to the user.
Not sure what you mean, of course WhatsApp can disable it's own encryption. That would be an argument for open source third party apps and interoperability.
No body said it's going to have the same level of security, but that still doesn't mean that should just give up on it, just put a small icon indicating this is a WhatsApp user.
Yeah that sucks, Signal is my preferred app and I wish I could get rid of WhatsApp without having to convert everyone.
Yeah this is very stupid. But I never liked Signal anyway.
Is there a matrix protocol based app that is planning to "federate"?
Realistically there is going to be a bridge which you can either self host or use to federate matrix.
Every Matrix protocol server, excluding some experimental or internal for a company ones, are federating? And it's not an app as you can choose an app, the protocol defines client<>server spec too.
Meta wants to federate with the whole fediverse eventually. This is first up, then Threads. Remains to be seen if they’ll bother with a Lemmy instance but I wouldn’t be shocked.
So far though the response by the fediverse has been “nah”.
It's... I guess the ghost of their XMPP abandonment.
EEE at its finest, like they did to XMPP
Wasn't it google?
I really wish my country didn't rely so much on whatsapp
This is why it annoys me every time someone brings up that SMS/iMessage is a US only problem. Whilst this may be true, for a lot of us WhatsApp is no different. Particularly now that Meta owns WhatsApp.
Whatsapp has been owned by Facebook since 2014. It was created in 2009. That's 5 years without Facebook, 10 with :/
This is a centralization problem. Come and force federation upon my SimpleX server in Iceland!
Indeed. I wish your comment was the most visible here.
Signal and Threema can be all about privacy, but they are still companies which can make money only by keeping their service as centralized as possible.
Decentralised messaging like Matrix, XMPP, Jami, have no issue with interoperability.
You'll be happy to know it's the top comment thread, at least in Sync
Signal is developped by a non-profit.
upvote for SimpleX
SimpleX looked pretty intriguing...is it basically a better / private / more secure replacement for IRC?
pretty much, though it's pretty basic in terms of functionality at the moment
I was hoping to move to signal in the whatapp network. Unfortunately in Brazil you cannot live without whatapp.
You could try and run both
Keep whatsapp, and slowly switch contacts to Signal (it might just be close friends and family). That's what people around me are doing
My wife told me to fuck off when I installed signal on her phone 😔
I managed to convince one long distance friend a few years ago. So now I need to keep Signal just to be able to communicate with him.
I have both WhatsApp and Signal installed.
In the 3 years or so since I installed Signal, I haven't had a single conversation on it. Only a handful of people from my Contact book are showing as Signal users, and none of them people I speak to regularly.
I live in anticipation of someone deciding to message me on there, but I'm not exactly optimistic at this point.
It's not about converting people close to you. In some situations, you're asking them to install an app just to talk to you, while everyone else they talk to is on WhatsApp. I personally have to use WhatsApp for work and for personal, otherwise I'd literally not get those messages. There's no option when, if you stop a random person on the street, regardless of what OS their phone is running, and ask to look at their phone, it's going to have WhatsApp installed. It's like your phone having email; who the fuck doesn't have email? It's the same with Whatsapp, it's just assumed you have it.
On the one hand I agree with them sticking to their guns re: adamantly protecting privacy.
On the other, the number of contacts I have using signal has dropped off a cliff, from 12 to just one. It certainly isn't rising. The people I know who used it have abandoned it and went back to WhatsApp.
Getting rid of SMS support was a mistake.
I'd personally prefer that when messaging with someone using WhatsApp, they make clear to you that Facebook can and will have some metadata, but not the contents of the chat itself. Shit, make it opt-in.
A big part of why nobody uses signal is because... nobody uses signal. If you could still talk to people on WhatsApp, the de facto standard in most of the world bar the US and China, more people might give it a try, and thus more people over time would be having signal-to-signal conversations.
IMO a good but imperfect solution is preferable to nobody using Signal, which is the realistic alternative.
I'll continue donating to Signal, but much like their SMS decision, I believe this to be a mistake that will severely hamper adoption.
I would state it even more generally, something like "when chatting with WhatsApp/Facebook Messenger users Signal can only ensure no data is shared with third parties from your device …" or something around the lines of that
Perfect is the enemy of good
This is exactly the problem. If they support interoperability then they will allow their users to continue using the Signal app which has high security standards, even if the particular conversation is not as secure as native signal conversations and they can't control what the third-party app does. This will help grow the Signal network (because now it is easier for WhatsApp users to incrementally switch to Signal) and become more secure.
By rejecting interoperability they may be slightly improving the privacy of the 1% of users where their conversation partner would have switched to Signal, but are harming privacy the 99% of users that will now need to switch to WhatsApp for those converstions and are harming their future network growth (which would bring even more users to a private solution).
they make clear to you that Facebook can and will have some metadata, but not the contents of the chat itself.
You thought you're safe and private when the content is encrypted? LOL, no. Metadata are much more useful to Facebook, and to the intelligence services.
“We Kill People Based on Metadata.” -- General Michael Hayden, former Director of NSA and CIA
My point isn't that metadata isn't useful for them, there's no need to be condescending about things I never said.
I disagree. When sending SMS you are leaking info like when, to whom and how big message you sent to a lot of spying agencies.
You do that regardless of which app you use to send SMS.
I'd personally prefer that when messaging with someone using WhatsApp, they make clear to you that Facebook can and will have some metadata, but not the contents of the chat itself.
If you believe that, then I think you're one of Zuckerberg's proverbial "dumb fucks". Not that I mean to be insulting, but that's literally what he thinks of his users.
Facebook's WhatsApp is almost certainly filled with backdoors and exploits. In particular, with Android they often bypass Play Store checks by bundling system apps directly via the manufacturer.
Calling someone a dumb fuck, even indirectly by using Zuck's famous quote, is quite rude. People aren't dumb fucks because they are forced into using WhatsApp.
Maybe you're from the US or somewhere where iMessage, SMS, or WeChat dominate, but here, you either use WhatsApp, or you become an outcast. Whatsapp is de facto mandatory. Even half of my delivery notifications and 2FA comes to my WhatsApp, not SMS. When people say "just don't use WhatsApp", they may as well be saying "just don't use email".
I don't want to be one of Zuck's users. That's why I want an open and secure protocol for cross-client messaging. So I and others can use something else without being isolated from friends and family. Being lonely isn't pleasant.
Facebook's WhatsApp is almost certainly filled with backdoors and exploits
Perhaps it is. We can never know due to its proprietary nature... which is why I don't want to use it.
As it stands, I can use Signal with one contact. The rest refuse to use it, or used it and abandoned it.
It would be amazing if everyone woke up tomorrow and flocked to signal, but here in the real world, outside of my fantasies, I have to go with the standard, which unfortunately is WhatsApp.
The only other alternative is SMS which is far worse in terms of both security and privacy, and would also cut me off from talking with friends as I'd have no group chat access and because nobody uses SMS.
My choice is between:
To me, there's an obvious answer there. It's not perfect, but it's better than the others.
Extremely bad take in my opinion. Not supporting alternatives means you force users into installing the alternatives
People could be using WhatsApp if they cared about it, but they chose signal for a reason. And making signal weaken its privacy for the purpose of reaching more people is against everything they stand for.
The trouble is we end up having to install both when we could be only using Signal
I would use signal if I could convince people to use signal.
I could convince people to use Signal if all their conversations were on signal and they could talk to people on WhatsApp in a seamless way.
Right now you MUST have WhatsApp if you have any kind of social life. Signal is the other app that no one has because it's kind of a pain in the ass to have two messaging apps.
I would love to switch to Signal, but inter-compatibility with WhatsApp is a must. The EU is essentially handing them a golden opportunity on a silver platter to become a mainstream app, and they are like nah, we good wtf
This is correct, and everybody who complains about how "hard" it is to use more than one messenger app is pathetic. That's like the epitome of first world problems. People should be GLAD that they have the option of using Signal, instead of whining about how they didn't build it the way they wanted it to be.
Nope. Fuck people stupid enough to use FBInc at all.
Using whatsapp is an absolute necessity in most of the world, its the only way to communicate with coworkers, classmates, businesses and even some government services. Not using it means you are essentially disconnected from the world. Good luck convincing more than 2 close friends to install Signal just to talk with you. No one uses SMS. FB really is that dominant.
Clearly written by someone from somewhere where WhatsApp isn't de facto mandatory.
There is one thing about interoperability that I don't see many people talking about:
Your messages going to and being handled by other services means you'd be subject to their TOS and privacy policy as well.
As long as services are transparent about it so users can make informed decisions based on it, that's generally fine.
But then services like Beeper, or just Matrix bridges in general, make it so anyone can setup such a connection between services without their contacts even knowing about it.
Your messages going to and being handled by other services means you'd be subject to their TOS and privacy policy as well.
This is true of literally every one of your contacts, too. When you send someone a message, they can screenshot, copy, archive, and forward however they see fit (and most people don't govern themselves by any kind of TOS or privacy policy). Which then means that if any one of your contacts chooses to use another service as a bridge, or as an archival tool, you're naturally going to expose your messages to that service, on that contact's terms.
But that isn't about interoperability per se. It's about how other people store and use their copy of data shared between multiple users. Apple iMessage isn't interoperable with anything, but users still have conversations archived all the way back to the beginning of the service over a decade ago, and can choose to export those messages to be saved elsewhere. (For example, I use a bridge for iMessage so that I can view them on my Android phone, but the mechanism is software that leverages the Mac's accessibility API).
Some of us are data hoarders. If you're gonna have a conversation with people like me, you'll have to trust that we don't use those archives in a way that either inadvertently/negligently or intentionally exposes that data to some bad actor. I'd like to think I do a good job of respecting my friends' privacy, and secure my systems, but I'm probably not perfect.
You're not wrong but a friend (maybe even inadvertently) being negligent with my message, and a business structurally sending my message (received from my friend's app) to third parties seems like a different ballpark.
Matrix will implement a bridge using the new api, that's enough for me.
What sort of irks me is what a mixed bag EU regulation is. Some is good (GDPR), not denying that. Some is annoying (you're going to be accepting cookies 100 times a day until you're dead thanks to them), and Whatsapp runs on all devices, so while interoperability nice, even as a free-software, Linux person I don't really care.
However, if you have to deal with friends or family in the US and you don't have an iPhone though, god help you. They don't care about this.
I guess my complaint is that EU regulation may seem legally elegant, but I think it is sometimes quite blind to the real situation on the ground.
It looks good on the books but we still, say, don't have a standard ARM boot process for smartphones that would help users not be dependent on whatever shitty ROM the OEM wants them to have. That would be life changing, but it will never even be talked about.
I partially agree with you, and of course I hate those cookie banners, they're completely annoying.
But please remember that it's not the EU's fault is every website is trying to violate your privacy.
If websites weren't tracking everything you do, then cookie banners wouldn't be needed.
I think we should collectively ask for websites to stop spying on us, not changing the cookie banners regulation.
That's already a solution to cookie banners: the "do not track" setting. It's been tested in court in Germany and confirmed to count as rejected permission for GDPR purposes. Websites dinky have to obey it.
It's currently slowly gaining traction, there's a privacy advocacy group suing high profile targets over this to create awareness.
We also need a formal change to the cookie law/GDPR to acknowledge "do not track" as the preferred method. Then the banners will slowly go away.
Yep, all the EU done is forced websites to have consent if the website want to process personal data. There are many analytics that does not process IP address or fingerprint and so does not require consent banner. Be annoyed on the websites, not this law.
The cookie consent also has a huge fail whale of unintended consequences - training users to click [accept], or really [anything], to make the annoyance just go away.
And nefarious actors have their run of the place now. They can slip onerous terms into EULAs and know they will largely be accepted.
As well as random [Continue] boxes to install malware or whatever they want since users are so well trained to click just to get it the fuck off their screen.
That wont hold in court tho
Whatsapp runs on all devices
Nope. Android, iOS, Windows and Mac are not all devices. And web versions are far from ideal (some may suggest expanding web capabilities, but please don't).
Mimimimimimimimimi
Wait and see what happens when Google removes traditional tracking from Chrome and every sites start requiring registration to access content !
Right. That's a very different business model. I don't necessarily have an opinion about whether it would be better or worse. It is easier to look at our current problems and say it would be better. But, eh, I can block most trackers and be a leach off of websites that stay up by selling other people's data. shrug
just get an extension and adblocker filters to automatically dismiss/block cookie dialogs and use an allowlist for sites from which you actually need to persist cookies in your browser's settings and set your browser to delete everything else on exit. With Firefox and browsers based on it you can, in addition to that, use container tabs (try sticky containers extension) for even better context isolation.
Obviously. But that is very difficult on mobile.
Back in the 80s and 90s we imagined a world of interoperable standards all agreed upon by the industry leaders for the benefit of all.
Then capitalism took over and shat on EVERYTHING.
That's a bummer. Means I have no alternative but to keep using WhatsApp then.
you're getting downvoted for not being American 💀
I've had this conversation before. The consensus last time was that I should tell every single person on my contacts list to download Signal if they want to stay in touch and if they refuse it means they're shitty people that don't care about me but I'm totally not a shitty person for forcing my preferences onto others.
People don't realize that in most of Europe WhatsApp is more popular than iMessages are in the US. Not having WhatsApp means you're not texting to anyone.
Americans have something even worse: SMS
I never really understood why is it so complicated to also have Signal on the phone? I mean most people have a shit ton of stupid apps anyway. It's not like it slows your phone down or anything. Just use Signal as well until most people also have it, and then you can choose to ditch the other apps. It's like one extra icon in your app list. Also this is the fastest way to ditch shit apps, have everyone use Signal in parallel with the shit ones.
I've had Signal installed for years. There's like 3 of my contacts that I never talk to anyway. Most people use facebook and tiktok and can't even bother installing an adblocker. They're not interested about a privacy focused messenger when they already got WhatsApp.
Wholeheartedly agree, but most people wont do it, so you end up with signal for 1 or 2 friends, telegram for a few others, and all the crap ones for the rest (whatsapp, slack, teams, messenger, etc)
Ive ditched every messaging app but signal and telegram, and its really annoying sometimes
Like another person said, most people don't even bother installing adblockers on their browsers and yet complain about ads anyway, despite them being like 4 clicks away. Even after being told they exist and how to do it. Now imagine that with an entirely "new" "unheard of" messaging app.
I understand her point and imho that's what makes signal a superior option to the others but because of these extreme choices I've seen the usage of signal gradually go down (might be wrong for the total number of users) around me. Now I don't anyone who uses signal anymore.
it's a real shame it's ridiculous to be using whatsapp but I have whatsapp installed on my phone not signal because that's what everyone uses.
Signal were fools to remove the SMS support from their app. That was a good way to get people in to use the system - they could have insecure SMS chats with those not on signal, and secure signal chats with those on it. The app would warn you when someone didn't have signal and the chat was insecure.
It was a really good "trojan horse" route into people's lives. I was using signal every day and it was easier encouraging others to make the switch because it was a convenient app.
Then the devs removed that and dumped all their users back onto other SMS apps.
Now I have 3 apps - an SMS app, Signal and WhatsApp. I barely ever use Signal now. I want to use it more but so few people I know use it, and it's not the first place people message me from.
Removing SMS support was a huge strategic misstep. They should have been the bridge for people to move from SMS to secure chat.
While I do think you are correct, you have to remember a few things:
So then it seems completely absurd signal is "not interested" in allowing any integration. They could just notify their users communications with WhatsApp users are unsecure.
I got my whole family on it, and generally all my closest friends have it as at least a backup. As the other chat apps falter it's been easier to convert people.
I tried switching to Signal a couple years ago but I had to return to WhatsApp since literally no one of my friends and acquaintances did the jump. It wasn't even considered an option by many. So it was either returning to Whatsapp or being cut off from everyone.
If people were a bit more open-minded Signal could be a good alternative. But alas...
can't have 2 apps installed?
I'm indifferent, since I've got both installed, there's no escaping having to use WhatsApp in many countries around the globe. If I want to keep in touch with family/friends then only one or two contacts use signal, for everyone else it's WhatsApp or the alternative is SMS.
I'm also indifferent though because of I want the interoperability, Beeper is doing fine.
It's different, because not being forced to use their app and have WhatsApp account to still talk to someone there?
It's certainly different, but for signal users who want to maintain that level of privacy, it's probably something they want, right? From their perspective this is probably a good decision.
I'm indifferent because I'd personally rather have interoperability and Beeper gets the job done.
That is one good thing about america, whatsapp never caught
Yeahhh it's amazing, your choices are a closed platform that forces you to buy their expensive devices, or SMS, or another proprietary platform ran by a notorious privacy predator.
NP using Ublock Origin, goes right in and no ads.
Also got nextdns running on my router
seriously, don't use the ddg browser, it sucks ass. just get firefox and install ublock origin.
give whatsapp users green bubbles
😂
Use matrix, setup bridge (defederate from matrix network if you want), meet your friends where theyre at.
Hi, average idiot here, whats matrix?
Its an open standard for communications (like xmpp, but the new hotness) with a focus on federating IRC chat. (lot of cool work on state resolution by them wrt that). So you can communicate with people on different matrix servers as long as they federate with each other. Additionally, they have built in support for bridges that let you connect to other people via matrix giving you a seamless experience on that service via matrix. Lemme know if you need more clarifications.
I tried to make a bridge to my telegram and Whatsapp account, but I didn't get it to work. Do you have any guide to follow?
I just used the guides by mautrix for the respective bridges. https://docs.mau.fi/bridges/go/setup.html there are instructions for a bunch there that work well. What was the issue you faced?
This is what I hate most about the privacy community, too fanatical and purist to allow extremely useful optional features that would allow them to reach more people.
I use Signal whenever I can because I'm not comfortable with Meta harvesting metadata of my conversations with people. guess what would happen if Signal made it possible to talk to Whatsapp accounts?
You could go on without doing it. I would like to use signal to signal, but there are literally zero people interested in my environment :-(
Using signal just me would be much better than using whatsapp directly, and would reduce the data collected.
If signal suddenly stopped being mostly a geek desert and people could still talk to all their contacts, don't you think they would be much more willing to move? The more people, the more people interested in migrating, and the less data for meta.
If it's an optional feature why are you complaining that the other businesses are refusing their option to federate with Facebook?
The issue is simple: Facebook will work to leech users away from other services, strengthening their position into a monopoly (if it isn't already in some places). It is not a good thing for Facebook to get access to more users and steal their data.
Using Threema is not an option. This is paid software and it is too difficult to purchase a license for this software when Google does not allow us to pay for purchases through their Android app store. No one from my entourage will bother paying for a license for this software using cryptocurrency. They will just install another messenger.
Know many people who bought Threema on Google Play
I think you can buy keys for Android on the threema website
I’ve bought Threema for my whole family on iOS and Androids. Never paid in crypto but always with my normal credit card.
It works perfectly fine and I love it👍
You can buy a license directly from Threema via credit card, btc or cash in the mail.
I know this. That's why I wrote that it's too difficult to deal with cryptocurrency payments on their website. Most people won't do it. Other payment methods are not available from my country.
Honestly would love to use signal to chat with my whatsapp contacts. Signal could just throw in privacy notice when messaging with someone whatsapp or facebook messenger.
Currently I have signal installed and used to use it to message with my so but we have both moved to discord and use whatsapp to communicate with those that do not use discord. Still holding on to signal if and when some oddball from my contacts decides to use it instead.
moving from signal to discord is not going to be exactly helpful for your privacy, discord is completely unencrypted
I am aware of that but when all our friends or communities either use whatsapp or discord then it's just more convenient. Honestly messaging these days is a mess
Then too bad.... Dont talk to them. If people want to talk to me they have to install signal.
If.
This is the only path forward.
This is the way!
Threema seems to solve a problem signal has that is it does'nt need a phone number to open account . But i haven't used any of them so can't say . (If anyone wanna know i use telgram foss which is a debloated fork of the original client)
Doesn't signal now have username support? I thought i saw it released a week or so ago.
It still needs a phone number for registration. You just don't need to share it with people you want to talk with.
That doesn't solve the issue that you have to give them a phone number to start an acc.
That's not really a problem. The biggest problem Signal has is people not caring about privacy enough to use another messaging app.
If Signal dropped the phone number requirement they'd get a handful more users. If people started to care about privacy they'd get millions of new users.
or even a Matrix service would mean a deterioration of our data protection standards
Why? They use same algos, same scheme. Just add support for matrix message format in your app.
WhatsApp is closed source, and obviously it must be able to decrypt messages for the end user to read them. Anything could happen to the unencrypted data at this point. Therefore it's less secure allowing conversations to flow into that app.
Re-read my comment please. I'm talking about Matrix, not whatsapp. Not downvoting because you are correct, but it is out of context.
I believe Matrix doesn't have nearly as strong (if any) metadata encryption as Signal
Unfortunetly no. Can be shown when you reset the encryption keys, relogin and see that times of messages, who you are talking with and even reactions are visible. But I know for reactions and replies they are working on it.
Same
Me neither lol
Both Signal and Threema can now theoretically ask Meta to open access for basic messaging interoperability
Why is it a one-way thing? Would Meta ever be in a position to force Signal to interoperate?
Maybe eventually, it has to do with market share and if the service is a "core platform". Signal doesn't have enough market share to warrant it yet, even iMessage wasn't forced to since it's not that popular in EU. The law was mainly targeted at WhatsApp as that's THE messenger in the EU.
WhatsApp is end-to-end encrypted. How does all the data magically show up when you change phone which doesn't have the same private key as the old phone? It's like having a lock on your front door and giving the keys to a random neighbour. Most folks trade convenience for privacy or security. That trade is looking less and less appealing by the day.
Ehm, they don't show up magically.
You have to backup directly to your new phone, otherwise it won't get transfered.
I just did this, and I can 100% confirm that not backuped data won't go to the new phone.
Which is also exactly how Signal works too; I migrated both two days ago. Process was virtually identical.
I much prefer Signal, but can't judge WhatsApp to harshly on this tbh.
Also when logging in on the website version on pc, you need to keep whatsapp open on your phone to sync old messages and media to your pc if you want to be able to see them there.
Thanks. I stand corrected. I was one of those that paid $1 for life when WhatsApp was a new kid on there block but haven't used it since news broke that Facebook acquired them like a decade ago. At the time, you had a new phone, your messages would transfer. Dunno how it is today after all those years but seems to be similar to Signal.
Based on the stories coming up on Facebook and their lack of moral / humane boundaries I still won't trust them not to have access to a private key when their app is so invasive. Their whole model is based on behind the curtain trafficking.
If you get a new phone and don't import anything from your existing phone, then messages you receive will be unable to be decrypted. Since WhatsApp uses the Signal encryption protocol, it's fairly detailed how receiving a message which can't be decrypted can start an initialization to the sender to retry sending the messages: https://signal.org/docs/specifications/sesame/#retry-requests-and-delivery-receipts
The signal app will prompt you when a contact's public key is updated, but IIRC, by default Whatsapp will not do this, and it will automatically happen under the hood, which is why it appears like magic.
Thanks. Haven't used them in like a decade so things seem to have changed. At the time, new phone meant your messages transferred automatically.
At the same time, even if Facebook requires a backup for the messages to show up, as the app is close sourced, how would one know for sure whether the app doesn't harvest the private key anyway?
With Signal's default settings, Google reads your Signal messages when they come in through push notifications.
Correct me if I'm wrong.
Edit: For those in doubt, last year, I started seeing content-aware auto-reply options in my Signal message notifications; that is not a function of Signal, but a function of Google's Android. One could escape it by using a de-Googled Android like Lineage or Graphene, or by hiding the message content (which is not the Signal default) and would surely hurt Signal's adoption, when you have to unlock the app to read each message.
You are wrong ;-) The push stuff is just used to signal the receiver that there is a new message. No meaningful data is sent that way. Not even an encrypted message.
Call me paranoid, but Google owns Android. They can easily read the content of a notification as it's displayed. They even have a Notification History app where you can see all applications from all apps.
At some point, Android is reading the message to generate the quick replies that were showing in the notification. They're content-aware and this is not a function of Signal; if someone sent me a question, there were "yes" and "no" quick replies. If someone sent that they were going to be late, there were quick replies like "That's OK", etc.
that's not how push works. usually, google would only know you received a notification, but not it's contents. that "dummy" notification wakes the app up, which decrypts and shows the real notification.
content aware stuff runs entirely locally on your phone, so no data is sent to google (unless you have telemetry enabled, in which case the reply or action you used will be sent to google together with the next telemetry data upload)
yes, some apps actually push the content directly through the push system, but that's not how this is handled in most apps that handle private data in notifications.
Or... And hear me out, Molly FOSS with Unified Push notifications. Problem solved!
I'm looking in to this, thank you!
Edit: Molly (UnifiedPush) isn't something I can reasonably expect friends and family to set up.
Please note that to receive notifications, you will need to set up a server to run MollySocket, available on https://github.com/mollyim/mollysocket.
You need the right flavor of Molly to use UnifiedPush: https://github.com/mollyim/mollyim-android-unifiedpush. You can install MollySocket via: Docker/Podman: docker pull ghcr.io/mollyim/mollysocket:latest Crates.io: cargo install mollysocket (see INSTALL.md for the setup) Direct download: https://github.com/mollyim/mollysocket/releases (see INSTALL.md for the setup) A distributor app (easiest is ntfy) You can optionally install your own push server like ntfy or NextPush. For beginners, you can use a free service like ntfy.sh (do consider donating if you have the means).