
Germany's data chief tells ministries WhatsApp is a no-go - rguiscard
https://www.dw.com/en/germanys-data-chief-tells-ministries-whatsapp-is-a-no-go/a-53474413
======
Hokusai
This is part of a broader problem.

Many "apps" from WhatsApp to Zoom are treated as public spaces by citizens.
But, legally the app-space is closer to a private space. This creates a
mismatch between reality and expectations. (Zuckerberg can delete his chat
history and you could not until Europe passed legislation forcing Facebook to
do so.)

I suffered the "Windows only" of gubernamental applications that excluded
Linux users from using them. I see a new wave of iPhone/Android apps,
WhatsApp/Twitter official accounts, etc. creating the same monopolistic
synergy where the government decides what apps the citizens have to install
and what Operating Systems to use. The abuse of monopolies is not fight
against but government officials take sides and choose which monopolies to
grow.

Finally, a point missed in the comments: WhatsApp is an American company. The
misalignment between Europe and the USA has grown the recent years meanwhile
the technological dependence of Europe towards the USA has increased. That
will not end well. The USA is in a position to shutdown all the technological
infrastructure of Europe (AWS, Google, Facebook, Azure, ...) and to openly spy
its citizens. When the two blocks were in more friendly terms that was seen as
acceptable, today that is creating an uneasy feeling.

As an European citizen I do not feel safe with such an American oversight of
my private and job-related activities. And, this is the most important point,
when citizens feel threatened they will react or over-react to the situation.
The USA has not been a trustworthy partner for some time. And ,the rise of
TikTok and other Chinese apps are bringing that fear to public attention.

The solution is trivially easy and has existed for long: open standards. Mail
has been around as long as the Internet and proven its value, the same applies
to the World Wide Web. The only reason for the rise of apps is that companies
see them as a good way of lock-in customers, gather data and increase
influence. All that reasons are bad for the economy, for the freedom of
countries and individuals. Open standards should be pushed as a leveling field
for competing companies, as a form to increase freedom of expressions and
communication and to avoid single-points-of-faiulre that risk big parts of the
economy.

I hope for a return to sanity and open standards. The alternative is heavy
regulated monopolies, no government is going to allow this situation to go for
long, like the telecommunications industry. And, that does not work so well.

~~~
ChuckNorris89
_> The USA is in a position to shutdown all the technological infrastructure
of Europe (AWS, Google, Facebook, Azure, ...) and to openly spy its citizens_

OK, and what can we do about that?

We build our own successful cars, we build our own successful planes but it
seems like when it comes to building highly scalable world dominating software
we are powerless even though our universities churn out tons of talented CS
engineers and researchers.

What does the US do right that we do wrong here? Besides paying our devs
worse.

~~~
vbezhenar
I thought that in US salary is significantly higher than in EU. Probably
that's the main differentiator.

~~~
dijit
It tends to be a fabrication of people miscalculating. You look at the total
income sum "Wow!, 120k is twice 60k!" and you judge based on that.

It's similar to items appearing cheaper in the US because they do not include
taxes, salaries "the sum" does not accurately reflect the quality of life. The
number is higher but it doesn't reflect purchasing power accurately.

It's hard to explain, but I did these calculations a whole bunch of times
because I keep considering moving to the US, but ultimately it comes down to:

A) Having a huge benefits package (which is not optional for an employer to
avoid paying out for in the EU, especially Scandinavian countries)-- this
includes insurances for loss of employment or sickness, but also pension
contributions which are actually illegal to avoid in most European countries
(5% matching contribution being pretty standard).

B) QoL differences up to and including healthcare, paid vacation time, paid
sickness leave and paid parental leave. (from 2w-480d depending on country)

C) Childcare.

D) Taxes (and an accountant's time to file them on your behalf, this is
assumed to be a minor cost)

Ultimately I did the math, and I'd have to dig it out again, but unless you're
20-30, very healthy, childless and a low-risk taker that enjoys driving: it is
unlikely that you'll be better off working in IT in the USA.

Obviously there's 10x developers who would out-earn me there though.

If you want to earn large sums of money in a European country, that can still
be done in Ireland or Switzerland.

FWIW: in my calculations 120k USD in Los Angeles was roughly equivalent to 55k
EUR in Stockholm (50k SEK/mo)

~~~
eeZah7Ux
> It tends to be a fabrication of people miscalculating

No: salaries are obviously higher.

Cost of living can be also higher and quality of life depends on that and many
other things.

Incidentally, I know a number of engineers who turn down offers to move to the
US.

~~~
dijit
Objectively, pendantically, you’re right. The actual sum of money being paid
to you the employee is higher.

However, if you are “earning more” but also “paying more” then your purchasing
power is lower. And when people mention salary, what they really mean is
purchasing power.

It’s also true that US companies don’t have to pay certain overages that are
required in the EU.

For example. I earn 60k (SEK) per month, my employer pays out 90k (SEK) due to
insurances, social securities, pension plans and so on.

And things like that can’t be factored in easily, as it’s not usually known to
the employee- so it’s often apples to oranges.

------
est31
For further reading (in German), there's been a nice and well-researched
article on Golem a while ago: [https://www.golem.de/news/datenschutz-duerfen-
aerzte-lehrer-...](https://www.golem.de/news/datenschutz-duerfen-aerzte-
lehrer-und-anwaelte-whatsapp-beruflich-nutzen-2003-147259.html)

Also, Microsoft sending Cease and Desist letter to the German city-state of
Berlin as it wrote a policy advising against Skype (German too):
[https://www.t-online.de/digital/internet/id_87890600/skype-u...](https://www.t-online.de/digital/internet/id_87890600/skype-
und-teams-warnung-vor-videokonferenzen-microsoft-mahnt-berlin-ab.html)

~~~
liotier
And the German army just announced it follows the French government in
migrating its instant messaging entirely to Matrix.
[https://www.golem.de/news/messenger-bundeswehr-will-
komplett...](https://www.golem.de/news/messenger-bundeswehr-will-komplett-auf-
matrix-chat-wechseln-2005-148407.html) (and recent discussion
[https://news.ycombinator.com/item?id=23152780](https://news.ycombinator.com/item?id=23152780))

~~~
est31
I'm very glad of this development. Kelber has repeatedly made public
statements in support of Matrix. Hope that more German government entities
will adopt it.

------
ThePhysicist
From my experience a lot of people will not hesitate to contact you via
WhatsApp even in a professional setting if they can get hold of your phone
number. After this happened several times to me I made sure to have a separate
phone for business where no messengers or any "social" apps are installed.

The funny side of this behavior is your client messaging you via WhatsApp but
forgetting their profile picture shows them drunk emptying a giant beer shoe
:D

~~~
tasogare
I’ve never understood the appeal of WhatsApp: it requires a phone number (so
it’s useless or hard to setup abroad, and it’s tied to a very personal data),
handle very poorly wifi connection (somehow it seems to only update when
connected over 4G) and force me to download pictures and videos to see them,
trashing my photo folder in the process. It also has no killer features in
comparison to any existing messaging app, nor the defunct MSN. And finally
it’s now owned by Facebook, so using it to avoid Messenger is moot. Yes, this
app success is truly a mystery for me. I have it for speaking with two family
members, otherwise I would not bother.

~~~
kxxsc
I think you are underestimating the degree to which requires _only_ a phone
number is a killer feature:

-you download the app and can immediately get started after verifying your phone number (no ID or password required) -you don't need to share any ID or connection details other than just your phone number

I spend a lot of time in India, and I think this lack of complexity has
contributed significantly to its virality (I'd estimate that a pretty
significant percentage of the user base does not have or regularly use an
email account, which is usually a prerequisite to setting up many accounts).

~~~
mjevans
It's amazing to consider this killer feature for _normal_ people is one of the
kill-worthy features in my will never touch it category.

~~~
oezi
Whatsapp has replaced SMS as the defacto standard mobile messenger for 98% of
users in Europe (or many other places). It doesn't matter if they do things
badly, there is no way around them at the moment.

~~~
1bc29b36f623ba8
I just don't see the appeal. MMS works well for things like pictures, doesn't
it?

~~~
etherealG
An anecdote from South Africa: SMS was charged per message at very high rates.
MMS even higher. Mobile data, while expensive too, was much cheaper per
message. Also, free wifi was quite common in many urban areas. All this at a
time when WhatsApp was much much simpler and easier to use, with good UX. The
person to person advertising for WhatsApp at the time was “it’s free”, which
while not 100% true factoring in mobile bandwidth, it was effectively true
since mobile data and WiFi was at least 1 or 2 orders of magnitude cheaper
than SMS or MMS.

That stayed true for a few years, and so WhatsApp became the de facto standard
for messaging.

I can’t speak for other countries but in South Africa that’s why. And the rest
is just networking effects.

~~~
1bc29b36f623ba8
Ah, that makes sense. I'm fortunate enough to live where we have unmetered
SMS/calls/data so I've never had that issue (at least not while WhatApp's been
around).

------
b0tch7
I'm an Android lifer (all my smartphones) and now live in Australia. I use
Whatsapp for 99% of my personal messaging and frankly, I _love_ it.

Same messaging experience for everyone (including emojis), great desktop app,
easy backup & restore as you switch phones, was early on the reply-swipe
functionality, easy forwarding, voice messages, . No, none of these are
"killer" features, but it's honestly one of the purest examples of 'Just
Works'(TM) I can think of in my digital ecosystem.

SMS on Android is pretty crap, and it's a particularly shitty experience
communicating with an iPhone user or in groups.

Every time an article about Whatsapp on HN or Reddit pops up I fearfully look
to see if there are legitimate privacy concerns. Afaict, all my messages are
still E2E encrypted, and all my stuff is saved to my Google Drive.

Unless you're in a sheltered circle of only iPhones (probably in America),
Whatsapp is the best choice by miles IMO. (Edit: sure if Apple would
democratize iMessage for x-platform I'd consider it, but given that will never
ever happy, Whatsapp is the great equaliser)

No other messaging app has the reach and consistency. And yea, this is a hill
I'm willing to die on.

~~~
dijit
FD: I'm an iPhone user. (not a die-hard, but I haven't found a decent android
I can get along with permanently).

Aside from the number of people (network effects) on WhatsApp, what does it
have over something like telegram, signal or any of the other cross-platform
messengers?

Devils advocate for a moment:

Signal is pretty consistent, for a "no frills" chat solution, the UX is worse
but it is still consistent across platforms.

Telegram does everything WhatsApp does but "better", native desktop apps,
voice calling is clearer, it still very consistent. You can even have
"usernames"; the UX is clearly superior. But the security model is
questionable.

And if the answer is: "but network effects", why not Facebook messenger? it
has the same reach if not greater.

So, why WhatsApp?

(this is a genuine question, I'm not trolling).

~~~
lucideer
> _Aside from the number of people (network effects)_

Network effects is it.

> _if the answer is: "but network effects", why not Facebook messenger?_

This is a good point, and I'm not really sure, but some guesses:

\- Branding. During it's initial growth WhatsApp was a FB alternative and FB
was in decline. Even after acquisition, awareness of the ownership wasn't
immediately widespread.

\- Contextual app differentiation. Facebook didn't separate its messenger from
it's main platform quickly enough and even when they did, they're both
conceptually considered a single package. People these days like separation of
contexts.

\- Phone numbers. WhatsApp was hard-linked to your phone contacts from the
off, making it familiar to SMS users. Facebook jumping on phone numbers has
followed slowly in a less focused manner.

\- Less confusion for tech-illiterate. There's no posts or pages or walls.
It's just like SMS.

> _it has the same reach if not greater._

Anecdotal, but I don't feel this is true anymore. I certainly know a lot more
people without Facebook than without WhatsApp.

~~~
m_mueller
phone number pairing is not just about familiarity - a person's phone number
is still a natural contact handle to put on a signature, business card etc.
Being able to then WhatsApp this person is very powerful.

------
BjoernKW
Just a few years ago, paramedics in Germany were routinely (and probably not
entirely legally) using WhatsApp for communicating with the hospital while en
route because there wasn't (and still isn't) a reliable, secure and
interoperable system allowing healthcare providers to communicate with each
other.

It's not like people in Germany are using tools such as WhatsApp in a
professional context because they're negligent or careless (at least not
entirely). Often, the digital infrastructure available to them is so woefully
inadequate they have to resort to non-official tools.

~~~
ganzuul
TETRA isn't interoperable?

~~~
BjoernKW
Its introduction has been an unmitigated disaster in Germany (as apparently
and unfortunately is wont in Germany), see [https://de.wikipedia.org/wiki/BOS-
Funk#Einf%C3%BChrung_in_De...](https://de.wikipedia.org/wiki/BOS-
Funk#Einf%C3%BChrung_in_Deutschland) (German-only, sorry).

It's still not universally implemented and hospitals aren't part of the
network either.

~~~
martinald
That's funny. UK is now switching off TETRA to a new ESN network; based on
LTE. Quite a few issues with it, so it will be a while yet, but most of the
masts are built. It will also allow coverage in rural areas to improve (as
operators can share the masts built for the emergency network).

------
openplatypus
Let's hope that Germany and other EU countries, including EU institutions
adopt or at least consider Matrix, like French did.

[https://matrix.org/blog/2018/04/26/matrix-and-riot-
confirmed...](https://matrix.org/blog/2018/04/26/matrix-and-riot-confirmed-as-
the-basis-for-frances-secure-instant-messenger-app)

~~~
WanderPanda
And they did, what governments do, they failed...

[https://techcrunch.com/2019/04/19/security-flaw-in-french-
go...](https://techcrunch.com/2019/04/19/security-flaw-in-french-government-
messaging-app-exposed-confidential-conversations/)

~~~
liotier
There was a bug, not exploited, fixed immediately... And you hold that as
government failure... I won't try and lecture you about government efficiency,
but you really should do something about your confirmation bias.

------
patja
I was appalled when I went to install it and there was no way I could see to
avoid handing 100% of my contacts to it.

Do people keep a private offline contacts list, or a clean phone just for
this?

Or do folks just not care about giving away the mobile phone numbers (and
addresses? email addresses? birthdays? other notes on the contact about kids
names, etc.?) to an app?

Am I behind the times and everyone just knows none of this stuff is private
anyways due to leaks etc.? Even if that is your attitude, it seems you are
feeding more links to the graph someone else is maintaining. Did you get
consent from every one of your contacts to do so?

I feel like I must be missing something here. Am I over-reacting or paranoid?

~~~
pccole
No, you're not over-reacting. I refuse to give access to my contacts to any
app; however, that doesn't stop my friend, mom, or a cousin from giving access
and Facebook/Google building a profile on you. The other issue here is Apple
and Google have not updated these permissions to only get access to certain
contacts you choose, its either all or nothing.

------
VMG
From personal experience, I can tell you that the consequence of this will be
that ministries will be using unencrypted and unauthenticated email and SMS.

~~~
rmoriz
At least in Germany companies and government are required to configure
mandatory TLS for SMTP and IMAP so the biggest attack vector is gone. No end-
to-end encryption though.

~~~
mercacona
The most significant attack vector might be the admin of the email service. In
European public institutions, the admins have access to your work account
(which is healthy and ok). WhatsApp, it’s the equivalent to share a coffee
some blocks far away from the office (which is healthy and ok).

~~~
rmoriz
true. Keep in mind that specific industries (e.g. finance) have transparency
requirements so end-to-end encrypted messengers are not acceptable (prevent
insider trading, collusive behavior, data theft).

In private, personal communication, everyone must have the right to use end-
to-end encryption but in commercial and governmental communication, there
needs to be some archive, accessible on judicial request.

------
qznc
In german companies, I see an increasing use of Threema as the "official"
messenger. Is that only a german trend?

~~~
Markoff
threema is not open source and it is not free, Signal (better some European
fork) without recent baggage would be better option

user base is extremely slow, in Slovak media Threema is associated with mafia
and murder of journalist, it will be hard to convince people to use same app
as mobsters

~~~
jacquesm
People also use money, mobsters do too. They breathe air, mobsters do too. I
don't think mobsters using something that is otherwise legal to use is going
to stop adoption.

~~~
orr721
[https://spectator.sme.sk/c/22231150/threema-as-evidence-
in-t...](https://spectator.sme.sk/c/22231150/threema-as-evidence-in-the-
kuciak-murder-case.html) [https://china-cee.eu/2019/10/11/slovakia-political-
briefing-...](https://china-cee.eu/2019/10/11/slovakia-political-briefing-
threema-messages-another-affairs-of-the-slovak-coalition-government/)

The parent did not say it is a mafia app. But it's use really is strongly
associated with mafia in Slovakia. That for sure will never make it very
popular choice for people in Slovakia don't you think?

You can look for yourself, the only thing which pops-up on google when you
search for threema and slovakia are the murders and mafia dealings with
government officials and lawyers.

BTW the Threema encryption was not broken. The messages were extracted from an
unlocked iPhone X of the main mafia operative (Kočner).

~~~
jacquesm
Slovakia is not exactly the largest country in the world and to extrapolate
from 'Slovakian mobsters have used it' to 'this app is associated with the
mob' is a bit of a stretch.

It may only be hard to convince non-mob Slovakians to use it, but that's a
relatively insignificant number of people on the larger world stage.

------
lambentor
I wasn't aware that the German government had a "Data Chief" position. This
article refers to the Federal Commissioner for Data Protection and Freedom of
Information. Because of the federal structure, his authority is complicated
with many important decisions based on the regional level (Bundesland). While
some people do use Signal, most people, don't care. Many doctors communicate
via WhatsApp, as it's just faster / easier.

~~~
maltelandwehr
There is a company in Germany that will do remote flu diagnostics via
WhatsApp. They even send you the sick note for your employer via WhatsApp.

Schools use it to communicate with parents.

------
switch11
Google, Facebook, Whatsapp (part of Facebook now), Amazon are all basically
spy companies

They are 'America's Edge'

Let's consider the narrative ->

That one corner of the world (Silicon Valley) is so good at technology that it
produces nearly ALL of the world dominating technology companies

 __ __ __ __ __ __ __ __*

Let's consider another narrative ->

While most countries were asleep at the wheel, the US (or some group of people
in the US) figured out that the next wave of imperialism would be

\- technology \- data \- surveillance

And they devoted all their resources to making sure these 'big data collection
and surveillance companies' would be American companies

 __ __ __ __ __ __ __ __*

If you remember the example of the spy hardware company in Switzerland that
turned out to be owned by the CIA

If you remember how US tried to fund a social network app in Cuba but failed
to get traction

Then does it not make sense that all the things we think are 'accidents' are
perfectly reasonable when considered as a collection of dots that link
together

Cisco hardware = backdoors

Intel chips - backdoors

Amazon/Google/Facebook - data collection and surveillance

 __ __ __ __ __ __ __ __ __ __ __*

All the smart countries are gradually ditching Facebook and Google

 __ __ __ __ __ __ __ __ __ __ __ __

If you look at actual innovation, there is now lots of great stuff coming out
of Europe. China, etc

US seems completely focused on

A) data surveillance companies

B) advertising tech

C) 'Outspend everyone else to become market leader' type companies

 __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ _

------
edejong
Then provide useful, technically complete, secure alternatives that are vetted
by the government. The expectations of your employees are changing, so the
technology you provide should change along.

~~~
anoncake
Banning WhatsApp actually accomplishes that by creating demand for these
alternatives.

~~~
VMG
nope, people will use SMS and email

~~~
anoncake
Temporarily. Unless SMS and email actually fulfill everyone's needs, which
would be quite surprising.

------
rsynnott
> "WhatsApp cannot read messages because they are encrypted throughout by
> default," said its spokesman.

Feels like a bit of a non-denial denial, given that that's not what the
official claimed.

------
chakalakasp
If you like WhatsApp but don’t like Facebook having your meta-data, and don’t
like the fact that your Google Drive back-ups are not E2E encrypted, then use
Signal. WhatsApp’s encryption algorithm is based on the protocol that Signal
invented, so you get the same and E2E security — but without the potential for
Facebook snooping on you.

~~~
dividedbyzero
In my case I'd also lose about 98% of my contacts, who're non-technical and
don't care enough about some very abstract threats to abandon their social
network or use yet another messenger app in parallel. Also, since it's not
well-known here, people tend to be very suspicious of it at first, because
it's not known to be super safe like Whatsapp.

------
javieranton
Why would FB have paid top dollar for Whatsapp if not to use its data? Come on
ppl

------
Leace
Germany already experimented with a couple of hosted open services:
[https://www.golem.de/news/whatsapp-matrix-oder-xmpp-bmi-
such...](https://www.golem.de/news/whatsapp-matrix-oder-xmpp-bmi-sucht-einen-
messenger-fuer-bundesbehoerden-1912-145326.html)

The Conversations.im team also leaves in Germany so I wonder why won't they
just utilize their own solutions? Or maybe that's being considered...

------
throwawaylolx
And does the German government care what the data chief says or is this just a
HN-feel-good article of no consequence or substance?

~~~
rsynnott
This is the data privacy commissioner giving an advisory on what the law
means. The government is bound by the law.

------
pjmlp
I also had the same experience in some client projects where we were
explicitly told not to use it for anything work related.

------
ho_schi
There are very good messengers, they are just not pushed by big money and
group pressure. The problem is always, that people don't care about what they
do (to others) and apply group pressure for the benefit of the company.

matrix.org For professional usage and IRC like chatrooms. Free and open source
software, with several native desktop and phone clients. Doesn't require any
phone number and offers E2E encryption. You can use the central server or host
your own ones and connect everyone through federation. The official app for
iOS/Android is getting currently a rewrite because it is chubby. I'm using
Fractal happily on Linux as IRC replacement, because it lacks E2E at the
moment. Developed by a company which offers support and libraries for
development. Therefore you could criticize that there are no RFCs floating
around, but looking at XMPP which created a lot of RFCs this is probably
quicker and better.

The germany army will use Matrix and also the french government. No joke! The
germany army is here an example to follow.

signal.org Also free and open source software, but you won't get your own
server and federation. Very easy to use for everyone, hard linked to phone
numbers with default E2E encryption always on. Childs can use it. No native
desktop clients, only the fat Electron "Flash for the desktop" thing.

The european parliament is using it in future. Probably a wise decision in
their case ;)

PS: Facebook claims that WhatsApp uses the E2E of Signal. Nobody can proof
that without source code. Nobody is allowed to write own clients for other
platforms than iOS and Android. Nobody ever has seen the server code. Haven't
we seen enough greedy monopolies since the 80s?

~~~
akvadrako
There are not really any good messengers across the board.

I have most experience with Signal and though I think the security side is
good and it ticks lots of boxes, I often encounter bugs; overall a much worse
UX than Whatsapp or Telegram.

------
j7ake
What are the chances that this could be solved by having the German government
(or EU) overpay to poach a team of instant messaging engineers from around the
globe (give them 2x their current salary, have milestones to unlock more
money) to have them develop a Whatsapp alternative that can be used in EU?

~~~
jeroenhd
Several European government bodies are looking into/starting to transition to
self-hosted Matrix servers. Further development on the protocol with
government funding could very well happen.

France already started developing their own alternative:
[https://matrix.org/blog/2018/04/26/matrix-and-riot-
confirmed...](https://matrix.org/blog/2018/04/26/matrix-and-riot-confirmed-as-
the-basis-for-frances-secure-instant-messenger-app) The German government is
trialing it already: [https://www.heise.de/newsticker/meldung/Open-Source-
Bundeswe...](https://www.heise.de/newsticker/meldung/Open-Source-Bundeswehr-
baut-eigene-verschluesselte-Messenger-App-4623404.html)

Advancements are definitely being made, though because of the way governments
operate I doubt we'll see their contributions be open sourced very soon. It's
nice to know there are developments in the right direction, though.

------
MichaelMoser123
i think the federal government also doesn't quite like the fact that it can't
wiretap WhatsApp calls upon court order or decree; i don't know which
possibility is worse - possible privacy violation or possible wiretapping.

------
tgsovlerkhgsel
WhatsApp is a no-go. Unencrypted e-mail is a no-go.

Please send a fax instead.

I wish I was joking.

------
jillesvangurp
The bigger issue here is that while currently there are quite many
communication tools with various degrees of central control, effective
encryption, cross platform availability, user adoption, etc., none of them
nail a optimum on all these dimensions. You are always compromising on
something.

Uneducated users just use what everybody else uses that is "free". This tends
to be stuff that is provided by big US based companies like Google, Facebook,
Apple, etc. Free here is primarily about pricing and convenience. Recently,
people value encryption a bit more but most users lack the expertise to make
good decisions for this. So, they'll use something that supports encryption
without realizing that might need configuration or turning on.

Companies have to deal with employees using non-sanctioned devices and
solutions (i.e. uneducated users), which means the above tools are used.
Additionally, they tend to have internal tools that are required to used for
internal communication. Typically these too are provided by big US based
companies (Slack, Microsoft, Facebook, Google) but are optimized for corporate
requirements (better security, team features). A problem with these tools is
that they are useless for communicating with people outside the company. Most
companies are part of a complex supply chain involving companies that
typically don't align on this. So, things like Skype, Google Meets, Zoom, etc.
are popular in this space. Or email. A surprising amount of communication
still happens via unencrypted email.

Finally, educated users tend to pick solutions that are a bit more on the
paranoid side of the spectrum when it comes to privacy, encryption, data
ownership, etc. Additionally, open source clients and servers are important in
this space. Signal, Matrix, etc. are some better known solutions in this
space. Unfortunately, these solutions tend to be not widely adopted and make
it harder to communicate with "normal" people in the above two groups. I have
signal on my phone but less than 99% of my phone book actually is reachable
via it (not counting sms messages here for obvious reasons).

Companies are increasingly valuing this type of solutions from a security
point of view. Industrial espionage is a thing and it's a thing companies with
representatives in countries like China, Russia, or even the US have to worry
about. These countries have very active intelligence agencies and a long track
record of actively serving local businesses with basically any information
they can get their hands on. Therefore companies that care about keeping
secrets ought to be highly paranoid about popular solutions controlled by US
incs that must be assumed to be actively under the attention of intelligence
agencies.

IMHO OSS, federated solutions, with multiple implementations, clients, and no
central control is what is needed. Unfortunately the dominant business models
in this space favour closed source, non federated solutions with maybe some
OSS clients but typically no independent server side implementations. Signal
and matrix are exceptions in this space and neither has meaningful (> 1%)
traction in the any market. I guess matrix is growing nicely regardless. Also
signal has one big flaw: it uses phone numbers for authorizing users. This
gives a large amount of control to operators.

------
captainmuon
Generally I'm for stronger data protection, but German officials relationship
to WhatsApp is a bit silly, I always wonder what their conrete worry or attack
scenario is. That a rouge employee at WhatsApp can see your metadata or access
your telefone book? That the US government can see your metadata? Criminal and
state actors have access to most of that information anyway.

~~~
bad_user
WhatsApp is a proprietary app and Facebook did plan to implement client-side
agents that would extract info from content, or blacklist it. This means
Facebook has the capability of backdooring WhatsApp and by extension the US
government has this capability.

This isn't just about the metadata, you would be naive to think so.
Proprietary apps, especially those that get automatically updated, will always
have this loophole.

[1]
[https://www.schneier.com/blog/archives/2019/08/facebook_plan...](https://www.schneier.com/blog/archives/2019/08/facebook_plans_.html)

> " _Criminal and state actors have access to most of that information
> anyway._ "

You don't have evidence for this and regardless, metadata access can be
prevented and it's in a country's best interest to protect its affairs from
governments of other countries or from organized crime.

~~~
throwaway3603
> WhatsApp is a proprietary app and Facebook did plan to implement client-side
> agents that would extract info from content, or blacklist it.

This was debunked. Read Schneier’s correction:
[https://www.schneier.com/blog/archives/2019/08/more_on_backd...](https://www.schneier.com/blog/archives/2019/08/more_on_backdoo.html)

------
kome
Here on HN people want to believe that WhatsApp is more secure than Telegram,
when all the evidence points to the contrary. Also: don't trust closed source
protocols.

------
Markoff
If they discourage people from using something, they should tell people what
is the alternative.

I've been user of Signal for years, but with recent changes especially with
screen nagging me and everyone else to enter PIN I'm going back to Whatsapp,
which was my secondary messenger, but which has most contacts anyway.

What are the other options - Messenger, Telegram, Skype or whatever Google
kills this year, which are all not even E2E encrypted by default (let alone
colecting metadata)? Anything else has zero users and it's not user friendly.

It's not like there is user friendly completely safe service, after all even
Signal now collects and stores your contacts in cloud after forcing you to
create PIN nobody asked for, while they still keep asking for phone number and
nag you with other prompts instead of adding basic features like pin
conversation to top.

~~~
urxvtcd
> forcing you to create PIN nobody asked for

You do realize that user profiles is one of the most requested features,
right?

~~~
0x006A
Nobody asked for spaced repetition nagging, and no way to turn it off. its so
condescending and stupid of them. If you don't give users a choice, the only
choice left to them is to stop using your app.

~~~
urxvtcd
Yeah, maybe they could leave an option to disable this. But it takes like 30
seconds to input your pin if it's really long, and that's every few days. I
for one think it's a neat solution of "now give us an 8-digit pin you've set
up a year ago" problem.

