

WhatsSpy Public - bsirkia
https://gitlab.maikel.pro/maikeldus/WhatsSpy-Public/wikis/home

======
unicornporn
My wish: WhisperSystems finally gets their act together and releases the
TextSecure for iOS that they've been talking about for two years[1]. I still
can't send a message from my Android phone to an iOS user. TextSecure is one
of the best secure messengers out there[2], but until iOS support is out it's
mostly proof of concept to me.

[1]
[https://whispersystems.org/blog/sure/](https://whispersystems.org/blog/sure/)

[2] [https://www.eff.org/secure-messaging-
scorecard](https://www.eff.org/secure-messaging-scorecard)

~~~
stingraycharles
The last HN Who's Hiring? had an iOS dev job posted by Moxie [1], so I guess
it's safe to assume they're working on it.

[1]
[https://news.ycombinator.com/item?id=8982023](https://news.ycombinator.com/item?id=8982023)

------
rikkus
I'm confused about what is being leaked here.

The information which the writer says is somehow available unintentionally to
my contacts is pretty much the information I provide freely to my contacts,
e.g. my profile picture, status.

Okay my online/offline status, if I set that to hidden, fair enough, they
should fix that, but I'm just a bit confused about the other bits.

~~~
blowski
Agreed. Telling the world I'm online on WhatsApp is little more than telling
them I've got a mobile phone. This proof of concept doesn't know who I'm
talking with, what I'm saying, my location or any other personal information,
so I don't really care.

I'm a law-abiding middle-class white Western male, so I don't want to assume
that my flippancy should be shared by everyone. So, who should be worried by
what the OP is saying?

~~~
rikkus
It's not clear from the article whether the data is available to the world, or
only to my contacts. If it's public, that's worse, but, while it's not good to
leak 'private' information, I've seen a lot worse.

------
dserodio
"WhatsSpy Public is an web-oriented application that tracks every move of
whoever you like to follow" is a stretch. When I read this clickbait headline
I thought it could track GPS location, but the actual privacy leak is much
less scary:

\- Online/Offline status (even with privacy options set to "nobody")

\- Profile pictures

\- Privacy settings

\- Status messages

------
losvedir
I've been using WhatsApp on Android lately since I thought they partnered with
TextSecure and were encrypting recent Android <-> Android messages behind the
scenes. Is this not the case?

My impression was that WhatsApp was the most private/secure text messaging app
at the moment, but this is making it seem like maybe it's not.

~~~
mtmail
Then the PR worked. The partnership was announced but the encryption isn't
enabled yet.

~~~
losvedir
I don't think that's correct. I was going off of WhisperSystem's
announcement[0] where they say:

"Your messages may already be encrypted. The most recent WhatsApp Android
client release includes support for the TextSecure encryption protocol, and
billions of encrypted messages are being exchanged daily."

[0]
[https://whispersystems.org/blog/whatsapp/](https://whispersystems.org/blog/whatsapp/)

~~~
spdustin
It's not clear to me at all from that quote - I want to know that my
communication _is_ encrypted end-to-end, not that it _may be_ encrypted. The
rest of their statement is marketing speak.

(Not negative toward you, of course; you're just quoting)

------
fffrad
What happens when the user changes the privacy settings? Whatsapp allows you
to stop publishing this information.

