
A Plea for Responsible and Contextualized Reporting on User Security - CiPHPerCoder
http://technosociology.org/?page_id=1687
======
gcp
[https://twitter.com/zeynep/status/822301430933573632](https://twitter.com/zeynep/status/822301430933573632)

The responses here are telling. The reasoning of a lot of people seems to be
"WhatsApp isn't perfect, we should tell people not to use WhatsApp" without
serious enough consideration what alternatives are actually likely to be
usable and/or used.

Good example of "perfect is the enemy of good". In my experience this kind of
behavior is extremely common in the security/privacy space, and it is
_exceptionally_ harmful to getting real user improvements out (which tend to
require measured compromises).

------
tptacek
With just a few exceptions, the people who signed this are sort of a who's-who
of practical cryptographic research and, in particular, of research into
cryptographic backdoors.

~~~
baby
If that can help, I agree with "this particular issue is not a backdoor".

------
CiPHPerCoder
As a contingency plan in case this article gets the HN hug of death:
[http://archive.is/ACTOT](http://archive.is/ACTOT)

------
Terretta
_Caveat -- personal reaction opinion, off the cuff_ :

If casual use is at stake, and you could care less about your metadata /
network graph, agree with the gist, WhatsApp is fine, better than most
options.

But Author's narrative shifts UX "Personas" multiple times, appealing to one
Persona (general public) to argue for low friction usability, prioritizing
delivery over confidentiality, and a different Persona who is under real
(dismissively called 'imagined' when it is not imaginary) threat when talking
about need for confidentiality and deniability (quote: 'very few people are
the kind of “high risk” users that EFF refers to–and such users have very
different considerations').

Even as the 'journalist talking to the public' persona, your sources graph is
recognized as important enough that journalists will go to jail to protect it.

If you are one of the very few with 'different considerations', then (a) the
original concerns are not wrong, and (b) switching your behavior based on a
given message's stakes is probably bad.

And if you are one of the few, having people with nothing to hide more broadly
adopt the less common apps too is healthy, as then they are not only used for
dissembling.

Railing against Signal or other apps prioritizing C & I over A as less usable
than WhatsApp doesn't further that end for Personas with something to lose.

------
bostik
The latest episode of Risky Business podcast (risky.biz) had a good section
with Alec Muffatt about this too.[0]

It's well worth listening to, with Alec being both considerate and colourful
at the same time.

Disclaimer: regular listener, otherwise not affiliated.

0: [http://risky.biz/RB439](http://risky.biz/RB439)

