Hacker News new | more | comments | ask | show | jobs | submit login
Telegram gains 1M users after Whatsapp ban (thephonesgsm.blogspot.com)
272 points by sultansaladin on Dec 17, 2015 | hide | past | web | favorite | 260 comments

I'm a judge in Brazil. Even tough I'd pray to not be the one that had to give such an impopular order (affecting more then 100 million Brazilians - WhatsApp is really a hit here), we have laws in this country and we must prosecute criminals.

Mark's talk about privacy is, in my opinion, totally misplaced. No right is absolute, and that includes the right to privacy. Criminals, for example, simply don't have it. This is not me saying; this is our Constitution saying it (and the Constitution of every Western country that I know).

We are biased to see all measures against privacy with bad eyes, specially after Snowden. But that's because you are good people and see the matter with those eyes, not with the eyes of a criminal. Do you guys think that pedophiles, terrorists and drug dealers have the right to privacy ? I don't.

Also, what the NSA was (is?) doing is a complete absurd, with no judicial oversight, mass collecting everything they can get in secrecy. This has nothing to do with what we have here. In Brazil, only a judge can authorize someone to be wiretapped, it can only be done in criminal cases with jail time (no civil cases). Also, the judge must specify a single phone number or single e-mail account and the decision must be reviewed every 15 days, otherwise it expires. Also, there's a national database of wiretaps that every judge must feed by the end of the month, specifying how many wiretaps there are currently running.

WhatsApp and Facebook are not, by any means, above the law. If they want to provide a communication service here, the law is clear that they must abide by judicial orders that allow wiretapping in very specific cases.

> No right is absolute, and that includes the right to privacy. Criminals, for example, simply don't have it.

I know nothing of Brazilian law, but in America, criminals have rights, including the right to privacy. Convicted criminals and convicted felons do not, but that is an entirely different category, and your wording seems woefully imprecise.

> Do you guys think that pedophiles, terrorists and drug dealers have the right to privacy ? I don't.

Alleged pedophiles, terrorists and drug dealers have the full panoply of rights available to them as anyone else until such time as enough supporting evidence may be provided that the police can say that a) a crime has been committed, b) the alleged had the means to have committed the crime, c) the alleged had the motive to have committed the crime, d) the alleged had the opportunity to have committed the crime, and often e) the alleged is very likely to have committed the crime.

Only after THAT hurdle is cleared may the rights of the alleged criminal be intruded upon by the state, and without a grand jury, even those intrusions must be minimally invasive.

At least in America, a judge cannot issue a warrant for the wiretaps you described on the mere accusation that "so and so is a {pedophile,terrorist,drug dealer}."

>Alleged pedophiles, terrorists and drug dealers have the full panoply of rights available...

For starters, lets throw right to privacy out the window, from the US perspective what we are talking about is 4th Amendment "right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures."

>Only after THAT hurdle is cleared may the rights of the alleged criminal be intruded upon by the state...

No. In many instances police are not limited to obtaining a warrant/judicial oversight before conducting searches and seizures (including communications). Just a few examples: (a) if an officer conducts a lawful traffic stop, and smells marijuana (plain-view/plain-smell doctrine) the officer can lawfully search your person and the vehicle,seizing any evidence of a crime, even if unrelated to marijuana; or (b) subsequent to a DUI arrest, an officer can impound the vehicle and conduct a search/inventory of the vehicle and seize any evidence of a crime (even unrelated to the DUI). These are some of the many lawful Government searches and seizures without prior judicial approval.

>At least in America, a judge cannot issue a warrant for the wiretaps you described on the mere accusation that "so and so is a {pedophile,terrorist,drug dealer}."

A judge certainly can issue a warrant based on accusation as long as the judge makes a finding there is probable cause. In fact an officer can obtain a warrant from a Judge based on an anonymous tip, or what would be called hearsay evidence which would be inadmissible in an actual trial.

> I know nothing of Brazilian law, but in America, criminals have rights, including the right to privacy.

I think your post rests on uncharitably interpreting what he means by absolute rights. Your post itself is a demonstration that the right to privacy is not absolute - if the criteria you describe are met, a wiretap can be permitted. He was talking about the fundamental question of whether or not a state has the right to set and apply those criteria (at least, within reasonable limits) within its borders.

Possibly fair. I set out only to amend the sloppy use of 'criminal'. Many varieties of criminals in America still have rights that prevent mere allegation from allowing the infringement of those rights.

I am not a judge, nor a lawyer, but as someone who's been casually studying law for years, the thing I've noticed most about lawyers is that they tend to not speak in anywhere near such sweeping generalities, and felt it worth correcting as it would be unfortunate, and potentially dangerous if the wrong person were to take the word of a judge as canon and start enacting social justice against alleged criminals.

I deliberately avoided touching on the "no rights are absolute" statement because it is charged, and while it is grossly overused to the point of being tired, I was specifically trying to not open that particular can of worms. Also, any such discussion would possibly have furthered the gulf between "rights in Brazil" and "rights in America", which I can't begin to comment on intelligently, whereas "criminals are still entitled to due process" is a shorter bridge in either country.

The US does not have a general right to privacy; the 4th amendment is very limited, and does not apply to information held by third parties.

4th amendment litigation is full of really questionable reasons for "probable cause" for warrantless searches, and then there's things like the FBI fake base stations and the NSA listening programme.

The EU has a general right to privacy .. with a law enforcement exception.

>The US does not have a general right to privacy

Yes we do. It isn't enumerated, but our rights are not limited to merely those which were enumerated.

In the US convicted criminals still have privacy rights after release. They are slightly less than a non criminal, but after probation ends cops can't just enter a criminals home on a whim.

Correct, but they do have other rights-restrictions.

Regarding privacy though, I think we're in agreement that the only people who don't have it are those that are currently incarcerated as a result of due process.

in America, criminals have rights, including the right to privacy. Convicted criminals and convicted felons do not

It sounds like you are rather pedantically making a distinction between criminals and convicted criminals.

Indeed. It is the very crux of my post. I view the distinction as worthwhile. In fact, I should probably have gone further and drawn distinction between convicted criminals and convicted criminals who are currently serving time.

You know what you call someone who hasn't been proven guilty? Innocent.

You reap what was sowed. Yes, what the NSA was (is!) doing is completely absurd. The net effect of that is a backlash against all information gathering by authorities and the practical effect of that is that companies will now be differentiated to greater or lesser extent by the amount of privacy their communications platforms give to ordinary citizens. This is what drives https anywhere and other such efforts.

That 'well meaning judges' have a harder time obtaining evidence in those cases where wire-taps are authorized with sufficient reasons and specificity (sp?) is a direct consequence of that.

But you shouldn't complain about the companies that merely provide what the market now wants.

Technology is strange that way, we, technologists can relatively easily make boxes that we ourselves can no longer open and those boxes can be used to transport information from one private individual to another.

Yes, the existence of such boxes may be an obstacle to law enforcement. But the rights of ordinary citizens are trampled to such an extent that I'd be willing to live in a society where those rights are restored if the consequence of that is that the police will have to work that much harder to gather evidence or that some criminals will get away with their crimes.

Authorities have overstepped their bounds to such an extent that this is now an acceptable compromise.

First time I've read something by you I completely disagree with.

"If they want to provide a communication service here, the law is clear that they must abide by judicial orders that allow wiretapping in very specific cases."

I didn't the grandparent to be complaining. Simply stating that they are upholding the law of the country, which WhatsApp decided to ignore. The fact that it had massive popular adaption means WhatsApp may decide it should play ball, or the citizens of the country will get the laws changed. All of this is GOOD and indicates a WELL functioning society. Nothing is broken or bad because an App gets banned.

> First time I've read something by you I completely disagree with.

That's scary. Well, there is a first time for everything.

> Simply stating that they are upholding the law of the country, which WhatsApp decided to ignore.

Have a read:


Brazil is not exactly a paragon of virtue when it comes to police force and legal affairs. Let's give the GGP a free pass for being entirely of 'good intentions', that still leaves you with a police apparatus that is involved in, amongst other things, unlawful killings and the use of torture, they rank 69th on the world corruption index, roughly around the region of such examples of upstanding morality with the authorities of Bulgaria, Romania, Greece and Italy.

If this were North-Korea or China everybody would be cheering on Whatsapp and FB for making a stand and not cooperating with the authorities.

Companies can make it easy on themselves by avoiding hard choices on which regimes to support in their quest for wire-tapping and which not by not having a footprint in a jurisdiction where such abuses are common and at the same time make it has hard as possible technically to actually cooperate in the first place. What you can't do you also can't be compelled to do.

The people of Brazil then have the option to make the use of such software illegal or not.

Most of the numbers about brazilian police are totally out of place and don't count the way our country is right now about violence.

We got the highest homicide count on the planet, being a country that banned guns. That, for sure, makes police more agressive.

How can those numbers be 'out of place'? Just last month the state of São Paulo started to remove assassinations by the police from the official murder stats [1] to make it look like things are getting better.


"Between January and November in 2014, 816 people were murdered by military police officers in the state of São Paulo." - and it did not reduce crime [2]

[1] http://www1.folha.uol.com.br/cotidiano/2015/11/1704292-morte...

[2] http://ponte.org/pm-de-sp-bate-recorde-de-mortes-e-nao-reduz...

Do you realize we got a civil war in Brazil, where 60k people die every year?

It's the media like CNN that make my blood boil. I am not sure why Trump is in every other story on the international channel. Actual reporting does not sell.

The point of secure communication is that nobody except the sender and receiver can read it. It's not that we all agree not to read it unless we really really think the people are bad. That is not security.

So, you either have secure communication systems available for everybody, and accept that the government is not always going to get what it wants, or you don't.

There is no such thing as a secure system that a third-party can read if it chooses to. By definition.

That would be the first system like that available to public ever. "It's not that we all agree not to read it unless we really really think the people are bad" is pretty much the definition of the secrecy of correspondence we had since pre-digital era.

We do not live in the pre-digital era. We do now have the technology to make secure communication possible. The question is whether it should be legal. I think it is overwhelmingly the case that it should be.

People have been coming up with and breaking codes for thousands of years. The Caesar Cipher is not named such just because of some fascination with ancient Rome, for example.

One-time pads have been around for more than a century. Book ciphers can be quite secure and are centuries old. Criminals have been substituting phrases (e.g. "I gave the flowers to Wanda" -> "I murdered Bob the Snitch") since they've been aware they might be eavesdropped upon.

It has pretty much always been the case that you can encrypt your correspondence if you wish and then the state can attempt to read it anyway if they wish, and in states which require this sort of thing, if they can get a warrant.

Encrypting your correspondence has gotten easier. Nobody would have bothered to use a good cipher for "Don't forget to get eggs at the store" (meaning, actually get eggs, not some substitute phrase for "murder Bob the Snitch") twenty years ago, but now we do it all the time.

But that doesn't change a whole lot. Criminals who gave a shit about not being spied upon have always had ways to ensure it couldn't happen.

I am confused because what you are saying negates your main point, no?

I'd say the point of security in communication is being able to verify that all participants are who they say they are. More so than hiding the content from third party. ;-)

That's a debatable definition, to say the least. I'm not saying authentication is not an important part of security, but saying it is the only important part is quite a stretch, don't you think?

I was only trying to make a point because d_theorist seemed to only think security is about hiding the message from third party. Secure communication could even mean not to get a electric shock from your phone while using it.


WhatsApp could not deliver what the judge requested, even if they wanted to. Messages are encrypted end to end and not kept in their servers.

The Judge requested something impossible. predictably, WhatsApp and Facebook did not comply. The Judge threw a hissy fit and decided to block the service, affecting everyone who uses it (95% of the Internet users in the country).

A similar thing happened years ago when a Brazilian actress tried to get a paparazzi video out of YouTube. The heavy-handedness of Brazilian government got the whole website blocked.

Mark Zuckerberg's complaint is about how any local judge can just order a country-wide order (which is something I also find baffling). This was not a supreme court decision.

Apparently, Whatsapp is only end-to-end encrypted on Android, where it uses TextSecure. On iOS, it still uses RC4.

Do you have a cite for this?

Signal (née TextSecure) runs on Android and iOS, with an in-development Chrome extension (or whatever) to run where Chrome runs.

The initial announcement of the partnership between WhatsApp and TextSecure ( https://whispersystems.org/blog/whatsapp/ ) states that it was only for the Android WhatsApp client, and I'm unable to find an update saying that it has been added to the iOS client.

Oh. Thanks for digging that up.

This quote from the post really stands out to me:

"WhatsApp runs on an incredible number of mobile platforms, so full deployment will be an incremental process as we add TextSecure protocol support into each WhatsApp client platform. We have a ways to go until all mobile platforms are fully supported, but we are moving quickly towards a world where all WhatsApp users will get end-to-end encryption by default."

It seems... unlikely that the crypto integration would be left half-done. I guess I could find a Whatsapp user with an iDevice and another with an Android device and look at the software UI for clues. :D

You are probably correct. They adopted TextSecure on Android near the end of 2014, but I'm not sure of the state of iOS.

Banning the middleman in this communication here is kinda like banning pen and paper because people are writing notes to each other.

"Hey someone committing a crime is writing notes to each other! Quick, order all pen manufacturers to send us copies of everything people are writing!"

"Sir the pen manufactures said they can't comply"

"Ok that's it, stop the sales of all pens"

Then everyone starts using pencils.

Seems okay if the pencil manufacturers are complying?

I guess I don't get the analogy.

Pencil manufacturers can't comply, either, because their pencils are not equipped with sensors and antennas. None of the mass-market writing instruments do.

To extend the analogy, the government might order all manufacturers to build sensors and antennas into every writing instrument. That might work, until people start smuggling cheaper, foreign-made, non-spying pens into the country.

that is correct, I would also add that through the current Marco Civil law, the requests must be technically possible, if not they shouldn't be taken into consideration.

"No right is absolute, and that includes the right to privacy. Criminals, for example, simply don't have it."

You determine who is a criminal so you determine who has the right to privacy? Maybe you are a reasonable person but I think it is naive to operate under the assumption that governments/judges will always be reasonable. I think indeed that you may be spied upon when you are suspect of a crime but to force Whatsapp to store all messages (diminishing everyone's privacy) due to a couple of criminals sounds like a bad idea to me.

So the right to privacy should be absolute, until you disrespect other people's rights (the only thing that should be a crime). So do good policing, don't take privacy away from innocent, free (wo)men.

I think the right to privacy should not be absolute, it must be balanced against other rights.

Same goes for the right to free speech.

For example, if someone is broadcasting to 1 million people, their message should adhere to some standards. If something is really a popular message, it can be spread using "totally protected" speech to up to 1000 people at a time. I think giving a platform to ISIS and others to easily spread their mind virus and continually infect some susceptible 0.1% is irresponsible. Inciting violence on public television would have been unacceptable and regulated.

It's an economic concept known as the free rider problem. If you guarantee total protection to speech for ANY number of recipients, people and organizations will find ways to abuse it. The free tier should be limited.

Ideas replicating, on the other hand, is only limited by the amount of attention / allegiance any given person has. The only way we'll get a free rider problem there is when computers spread ideas among each other like computer viruses. And for that, we need to secure our protocols and implementations.

if someone is broadcasting to 1 million people, their message should adhere to some standards.

I don't agree with that statement at any level! Those 1 million people have absolute freedom to listen or to not listen. This puts you in the position of telling people they can't hear something they want to hear.

As a bonus, those standards you mention can easily become a cudgel against people the government wants to implicitly or explicitly silence.

No, they have freedom to listen or not, but is it not automatically clear that the broadcaster should have that freedom.

The government won't be able to silence a true message that doesn't "hijack mass media" and spreads by 1-to-1000 at a time.

You are saying freedom of speech is a bad thing. You are endorsing state censorship.

Do you realize that at one point you yourself could be in a position where you disagree with your government and you want to speak up only to find your message being silenced constantly?

Either all people are equal or they are not, some people can not be more equal than others.

Yes I realize that. If I disagree with my government and my message cannot spread by any method other than hijacking mass media, then perhaps most people don't feel as I do. And that is super significant. Everyone is equal, and giving random people the chance to control a huge megaphone makes you LESS equal, not more. The one who gets their megaphone spreads their message more. And with great power comes great responsibility. Think of Apple, Amazon, Google, Microsoft and others who control a platform. Think of FOX and others. Can they do absolutely anything they want?

When you let mass media be used by ISIS and others in the name of free speech, you're giving them a free way to do super-untargeted advertising to their new recruits.

> giving random people the chance to control a huge megaphone makes you LESS equal, not more

People can choose what to hear. It's not random, It's the complete opposite of random.

When it comes to mass media, they can choose the channel that they listen to from a limited number of platforms. On this channel, they hear something because a few elites made a decision to broadcast it. For example, how many Messengers are there? Apple, FOX, Telegram have a responsibility because of their reach.

Anyway you haven't addressed the downsides I posted. All you do is ignore them in favor of the upsides. I could be an anarcho capitalist and insist on the unlimited right to property, also. Saying it's a moral right and ignoring any downsides.

Roughly 3/4 of Americans have access to the internet[1] (and more than half of them are over 65) as of two years ago, which blows the "limited number of platforms" argument away quite handily. The number of individual outlets you can get your news from is functionally unlimited.

The mass media has a responsibility all right, but not the one you think they do.

[1]: https://www.census.gov/history/pdf/2013computeruse.pdf

What makes you think that there is an unlimited number of mass media platforms?

And what do you think their responsibility actually is? I thought they had rights to say whatever they want and responsibility is optional...

Functionally unlimited, not mathematically infinite. No human has the time to meaningfully evaluate all of them.

And I think their responsibility is the conditions under which they were given broadcast licenses in the first place. Something about serving the public good.

So there you go. That's regulation.

I find it very dangerous if anyone would capable of -or should have the power to- determine the standards that messages should adhere to. That is precisely the type of behavior that will once prevent a resistance from speaking out against its oppressor.

And we are not talking 0.1%, we are talking about a lot less than 1 in 1000 and that is important here. I strongly believe that taking freedom away, i.e. by prescribing what the standards are that messages should adhere to, will breed disrespect, anger, hate, feelings of oppression.

A mind virus does not ignite among happy, free people, it ignites among oppressed people. We should avoid oppressing people.

"No right is absolute, and that includes the right to privacy. Criminals, for example, simply don't have it."

The problem is, that by definition, you can't take away privacy from criminals without taking it away from everyone else. Especially when term criminal varies from country to country -- in this case it might be a drug lord, but i.e. in Russia it might be an opposition leader or journalist that dug too deep.

...or a gay person. Or a Jewish person. Or a Christian. Or a woman. Take your pick, somewhere on this planet it's against someone's law to be that and communicate freely.

Then fix the real problem of the bad law. Deflection only makes things worse.

Muslims or Arabs should be there too., unless you want to ban them!

> Do you guys think that pedophiles, terrorists and drug dealers have the right to privacy ?

Do you mean _alleged_ criminals? Yes, they do.

Convicted criminals, on the other hand, don't have that right already.

Whatever you think, our Law says that if the police has enough evidence to strongly suspect somebody, a court can restrict his right of privacy to gather extra proof.

You may hold any opinion you want, but the above is in Brazilian Constitution, and not even contested by anybody.

I don't know brazilian law, but in my country (Sweden. I'm ashamed...) the Military office for Radio Communications (FRA) is recording all data crossing the border (which of course includes the data of all citizens, since the internet is borderless).

They certainly do not have evidence that every citizen and every foreigner (total 7 billion people) is a pedophile, terrorist or even a jaywalker.

I for one have lost any faith in governance in the information age, and will happily encrypt my communication. If I can sabotage for the organisations spying on me, that is a net win.

Well, as far the it's publicly known, Brazil does not monitor data that crosses its border, nor has implanted capacity to do so.

What I don't understand is why you bring that point to a discussion about WatsApp hiding information about an specific crime.

The discussion turned into what rights a government should be able to take, and that is what I tried to reply to.

No they don't. Your argument doesn't make any logical sense.

Wiretapping is needed during the investigation phase, which you need to gather evidence BEFORE trialling and convicting anyone. And is only authorized if you have strong evidence that a crime or criminal organization is in place.

If only convicted criminals didn't have right to privacy, how would you get them convicted in the first place ?

Also, you really got it 100% backwards. Convicted criminals have right to privacy after they are convicted, because we don't assume they will commit new crimes.

Everybody is presumed innocent until proven otherwise. We must have new evidence that convicted criminals are commiting crimes to start a new wiretap.

Its absurdly simple to make someone an alleged criminal. You simply need to accuse them of a crime. There are many countries where the government does exactly this - they accuse people such as human rights activists of crimes like "fomenting discord" and "promoting unrest" and lock them up. Under your enlightened regime of revoking the human right of privacy from alleged criminal, these people would have no recourse.

So no, your argument doesn't make any logical sense.

I think the reasoning proceed from two different opinions of the citizenry.

It's my opinion that in any reasonably developed and old democracy a majority of the population are currently criminals in the sense that they have broken at least one law.

In reality, that law is either trivial, inconsistently enforced, or generally ignored. But the important thing is that it's still on the books as the law of the land, and therefore makes the citizen prosecutable in a court of law.Whether or not that individual is prosecuted then becomes the folly of most systems -- a choice that can be arbitrarily made (as it's never incorrect for the government to enforce its current laws, even if it can be unjust).

As a consequence of all the above... pre-investigation is tantamount to power-to-convict. And privacy is the only effective deterrent against "I would like to find some crime you're guilty of and then charge you with it because {unrelated and non-legally-based rationale}". Imho, this is the fundamental and most dangerous type of corruption a democracy can fall institutional victim to, because it only requires that there be a large number of rarely-enforced laws on the book (a systemic weakness of democracy where repealing a law takes more effort than leaving it valid) and individuals of questionable motive (human nature) in positions of power.

(I'm perfectly willing to accept that others may have a different viewpoint on democracy, but I think I historical support as to this is the actual way a mature legal system functions)

Those are called 'fishing expeditions'. And given the complexity of the legal system if someone is active in enough fields there will always be something they did that you can use to throw the book at them. You'd have to live like a hermit not to break the occasional law. What is harder to establish is how many of these transgressions would be serious enough to materially impact someone or to cause them to go to jail.

In countries where legal expenses are high and punishments are sever (i.e. the USA) it can be trivial to find something damning enough to put someone behind bars. In countries where the bar for prison sentencing is substantially higher and legal costs are more manageable the most authorities could do is waste someone's time. This is one of those aspects in which societies the world over markedly differ.

You've described a problem privacy only exacerbates. Complete enforcement is the best way to get bad laws adjusted or removed. Privacy makes that harder.

Disagree. Money always buys privacy / leniency.

In a completely transparent system, you'll still have bad or questionable laws. You'll just have them only applied to people who can't buy their way out.

Unless complete transparency also solves the corruption problem. ;)

Historically, true. But we are rapidly approaching the point where there will be no privacy available to buy.

No, it's not, at least not in Brazil. As mentioned above, wiretapping need to be authorized by a judge. The police must provide a reasonable justification. If the provided justification is weak or deemed unlawful, a lawyer can exclude all the data collected in trial.

If privacy is a human right that cannot be violated ever, how are going to deal with criminals that use services such as WhatsApp?

> If privacy is a human right that cannot be violated ever, how are going to deal with criminals that use services such as WhatsApp?

By finding evidence that does not rely on services such as WhatsApp. How did anybody ever get convicted before the age of WhatsApp, or for that matter the invention of the telephone. It's not as if wiretaps and cell phone messages are the only kind of incriminating evidence that can be found on the vast majority of crimes. And if that is the evidence that stands between a free man/woman and their conviction then maybe it is better that they go free because it is all too easy to forge such evidence or to plant it.

> How did anybody ever get convicted before the age of WhatsApp, or for that matter the invention of the telephone.

A nitpick, but I really dislike this line of reasoning. Before WhatsApp criminals communicated using different means which were easier to monitor. Now that they have WhatsApp (or whatever), they will use that instead of easier to monitor methods. A move to modern communication tools gives them an edge over law enforcement, so it's no surprise LE feels a pressing need to do something about it. It's an arms race.

> Before WhatsApp criminals communicated using different means which were easier to monitor

Perhaps sloppy criminals did so, but the careful were engaging in schemes more like what we see on "The Wire". Meeting in secluded, noisy locations wherein privacy was all but guaranteed.

People, including not-convicted criminals, have the right to privacy. If the NSA and law enforcement are going to make it harder and harder to find private places through dragnet collection, it should not be surprising that the populace will seek to reclaim privacy.

If it's an arms race, as you say, it's an arms race that law enforcement was winning at so one-sidedly that the relationship was becoming abusive. Tools like WhatsApp, Telegram, Signal, etc., are the citizenry's first efforts at serious competition.

There is no obligation on the part of criminals to make it easy for law enforcement to catch them, and criminals will use whatever tools they can to stay out of jail. Yes, that's an arms race, but that arms race has nothing to do with whatsapp. That's just a general purpose tool that has been re-purposed. This is what I was getting at with my recent comment that knowledge (and by extension technology) is dual use. You can't make something that will not somehow benefit the bad guys too if it benefits the good guys.

I appreciate that Brazil has implemented this well. Suppose I told you that it was exactly the same in China - the police provide reasonable justification, judges approve the request and only then is someone's privacy violated. Would you buy it? Or would you point out that judges in China are merely rubber stamping authorities?

And lest you think that this is only a problem with China, America has the exact same issue. The FISA court was supposed to hear requests for people's private info but it was a glorified rubber stamp, granting 99.9999% of requests. And that's the problem, you cannot have a free and vibrant democracy when people's privacy is negotiable.

Perhaps that sounds like hyperbole, but have a look at what other commenters are saying about fishing expeditions and tell me if you still think so.

This is a false choice. Apparently in Brazil, if you are suspected of a crime, you have no right to privacy at all. The reasonable alternative to that is not an absolute, unviolable right to privacy, but a limited right to privacy with a presumption of innocence.

No, that's not how investigations work. The police gets some information about some crime (told by the victim, a witness, etc.). Investigates. Then asks the judge "I have a potential crime here, to be sure about it I need to wiretape". The judges gives it or not.

After someone is convicted, there's no use on wiretaping him about something that was already solved.

How simple is it to make someone an alleged criminal, well, that's country specific. Can also be thought on how easy is to have a government receiving data directly from Facebook, or using gag orders, or bombing another country without proofs of any wrongdoing.

I can't reply to replies, so I'll post here.

1. No, you don't make someone an alleged criminal by simply accusing them of a crime. You need preliminary proofs that a) a crime is happening and b) your target is most likely the author of that crime. Judges are really demanding when analyzing this proof before authorizing a wiretap.

If you authorize a wiretap and you find out a crime, but later the lawyer can demonstrate that the wiretap was illegal (because the judge didn't have enough preliminary proof), the crime discovered is considered to be discovered "by chance", so it nullifies the entire result of the wiretap, based on the theory named "fruits of the poisonous tree", and unless you have enough evidence that doesn't derive at all from the wiretap, the defendant won't be convicted.

2. Read the newspaper in Brazil and you'll see the country is harshly investigating our politicians. We have a senator in jail by a supreme court's order as we speak for god's sake.

3. The same law in Brazil that authorizes wiretapping (Law nº 9296 from 1996) criminalizes with 2 to 4 years of jail anyone that does a wiretap without judicial order or with abuse of power.

> You need preliminary proofs that a) a crime is happening and b) your target is most likely the author of that crime.

Definition of "most likely" varies wildly. Without concrete proof, any breach of privacy seems corrupt to me.

> I can't reply to replies...

Click the timestamp of the comment (or find another way to access the permalink for the comment). The reply link should appear.

Wiretape your politicans. How would you get them convicted in the first place otherwise?

You convict them by having proof.

Not by fishing for something you can construct into proof.

In an ideal world, what you said would make sense. But unfortunately many governments and judicial systems around the world are corrupt and they misuse their powers - they have and they will. There is a reason most countries have laws against unlawful search and seizure. Otherwise going by what you said and assuming the judiciary is incorruptible (which is almost probably never by the way), why would we give citizens rights against the government?

Thank you for reaffirming my priors on what kind of people judges are.

The ones involved in the crimes of this case had been convicted already but then they were released recently after a habeas corpus, but are still under investigation and being prosecuted.

I love these two parts:

> Also, the judge must specify a single phone number or single e-mail account and the decision must be reviewed every 15 days, otherwise it expires. Also, there's a national database of wiretaps that every judge must feed by the end of the month, specifying how many wiretaps there are currently running.

Great way to apply natural negative pressure on continuing wiretap operations. It's not impossible to have a wiretap span a long period of time, but it will create work for the judge and (possibly?) the officers, so in general it will hopefully only happen when it's actually useful. Kudos.

Nothing there that can't be automated with a simple shell script.

Not saying the oversight system in Brazil is unreasonable, but you can't rely on the natural disincentives alone.

At that level, I would actually guess that it's more likely that an assistant would prepare the documents to be rubber stamped. It's not perfect, but at least something has to be done.

Yeah we know that but for some reasons most jobs don't automate anything. Certainly not a POST request or filling an excel sheet line.

I'm Brazilian (not a shaddy judge though) and this comment is baffling. It reminded me why I left it in the first place.

> No right is absolute, and that includes the right to privacy

Indeed true.

That's why you see Brazilian politicians embezzling billions of dollars and running away with it. At the same time, impoverished individuals are imprisoned for years after stealing a basket of eggs (literally).

No, it's not the same as in the U.S. Many innocent Americans are put in jail because they didn't know their rights. Impoverished Brazilians are not even given that choice.

The law isn't the same for everyone. If a Brazilian with a college education is arrested, he goes to a different, more pompous, prison "by law".

> "No right is absolute, and that includes the right to privacy. Criminals, for example, simply don't have it."

Unfortunately, no technology can differentiate between criminal and innocent, only human can. The implication is to decide the priority: privacy for criminals or no privacy for innocents.

> Do you guys think that pedophiles, terrorists and drug dealers have the right to privacy ?

I have to disagree with you on this Sir. Criminals have the essential uncontested right to privacy like everybody else. However, law enforcement have the right too to collect and gather info on subjects to prepare a case and prosecute in a court of law but that gathering and collecting should only be limited to the scope of investigation and suspected criminal activities without going after their personal lives and tiny details of their intimate relationships and also without feeding the shameless media these bits of information because if you cross that line, you'd gradually but assuredly lose the moral high ground for your position and then those suspects/criminals would look like victims in the eyes of the public and you guys as the bad guys and trust me you don't wanna lose the public opinion battle.

If you think this is going to do anything other than cause criminals to develop their own secure apps, quite frankly you're delusional.

With the amount of money the drug cartels have, it will be trivial for them to simply hire developers to write them a secure messaging app.

They don't even need to build anything. The code exists. The secret is out, my friends!

All you do by restricting things like WhatsApp is deny secure communication to law-abiding people and make the criminal's life slightly more inconvenient if he wants to be able to communicate securely. But you can't stop it.

Exactly. Cartels build their own radio networks[0], compared to that, building secure communications out of the available OSS projects is trivial.

0. http://www.wired.com/2012/11/zeta-radio/

Because infosec is so easy.

What does the ease of infosec have to do with anything? They've got literally an unlimited budget, and there are countless open source apps they can build on top of to get started. FFS they've built their own cell networks, their own submarines, I'm confident they can have a secure messaging app commissioned.

First, every person has rights, even criminals. Those rights are limited in some way after having been convicted of a crime.

But your real mistake is in the _presumption_ that somebody is a criminal. Convicted pedophiles shouldn't have a right to privacy. But we're talking about the general population. Everybody who has not been convicted does have full rights to privacy, and you cannot violate that right simply to "check" if every person has committed a crime or not... that is the literal definition of a police state.

I doubt that you're actually a judge.

I mean, yes, we don't think that criminals should have the right to privacy, but to me large companies and governments have abused the shit out of a lack of complete privacy for everyone to the point where I don't trust them to make this reasonable compromise.

I would rather the rest of us have this right protected in spite of the fact that some criminals will get it as well.

> Do you guys think that pedophiles, terrorists and drug dealers have the right to privacy ?

If you already have proof that somebody is a pedophile, terrorist or drug dealer, why would you need to wire tap them and invade their privacy anyway?

While you're right that as a judge you must respect the law, we as a society must re-evaluate it's usefulness and purpose.

You're looking at this the other way round. It's not that privacy makes it harder to foster a civilized society, but removing makes it totally impossible.

Is amuses me that you would see this as post Snowden or even American issue. As a Brazilian I know our state is much more corrupt and inapt, and the risks are an order of magnitude higher for us, Snowden or not.

See here for some of the rational: http://www.thoughtcrime.org/blog/we-should-all-have-somethin...

> In Brazil, only a judge can authorize someone to be wiretapped

In https://news.ycombinator.com/item?id=10749400, it is claimed that "It says basically that police can require records of visited CONTENT without a court order and the ISP is required to supply that without informing the user." He is corrected by someone saying the text means metadata and not content.

Which is true? Do you not consider grabbing metadata to be a wiretap?

This distinction between metadata and data is getting old. Metadata is personal, revealing information to a large degree. The analogy with envelopes and the address written on the outside is absurd. There is a huge difference between that and the huge electronic logs they create from our mobile phones and internet activities (such as cell tower based location, search keywords on http sites, etc)

Metadata is still privacy infringing personal data.

That's my point. He said a judge's order is required for a "wiretap", but other commenters have said (and provided text) that metadata is available without a judge's order. So unless that statement is incorrect and a judge's order is actually required, the entire argument that there's a high bar to wiretap is false. He's just redefined "wiretap", that's all.

Other commenter here. The text says that any autority (autoridade policial ou administrativa -> police force or administrative power) may require that the metadata be recorded for a period of time , but access to this metadata needs the judges order.

For example, if the cops starts investigating John Doe they may ask the service provider to keep metadata for a fixed period of time, stated on the Marco Civil (six months IIRC). But access to this metadata can only be authorized by a judge.

Edit: Reread the Marco civil an refreshed my memory. What I said is not entirely correct. All metadata is kept by default and needs a court order to be accessed. What authorities may ask without a court order is for the service provider to keep the metadata for a time longer than specified on the Marco civil.

Also, as I said on my previous comment, the intention of the bill was that only metadata was recorded, but the term "registros de conexão -> connections log" is vague enough to be interpreted in other ways :(

That's useful, thanks.

By being developed and run internationally by foreign companies, WhatsApp and Facebook are, in a sense, not bound by local law in many countries. Even if Facebook, Inc. had a subsidiary branch in Brazil, the branch is hardly the entity developing and deploying the app.

This is part of the problem, in a way, and why - for example - Russia and China are developing their own versions of operating systems, so as not to have all their communications be snooped on by Microsoft and its host government's spooks. The latest Windows is a notorious privacy hog with nary a way to opt out anymore.

But notice the difference: facebook and WhatsApp are centralized by design and all traffic goes through their servers. Windows, on the other hand, is installed locally and only "phones home" as an auxiliary feature (for now). So, theoretically, once it is set up, you can install a DNS proxy between you and servers out-of-the-country and it will still work.

We need MORE open source software that anyone can install, inspect and administer. Perhaps Free software in the sense of FSF. We need this kind of software to run our social networks, on our own servers under our control. There is very little reason why messages between people in an African village or a cruise ship have to bounce halfway around the world through Facebook's satellites to its headquarters before going back. Also, a lot of document collaboration in classrooms would be faster if it used IPFS and intranets instead of Google Docs. And so forth.

Decentralize all the things! Then, the developers of the software would indeed not be bound by the law, but only the hosts. And the hosts would be small and distributed enough that only warrants issued to a specific host would be effective, and not general sniffing of all traffic on a social network!

If you want this future, we are building it: http://qbix.com/platform

"The injunction was sought by a plaintiff before a criminal court in São Paulo state whose identity was kept secret."[1]

So let me get this straight. The president is risking an impeachment, there is renewed discontent with the unprecedented levels of corruption... And some unknown judge, representing an unknown plaintiff, bans a mass communication tool used by 93 million Brazilians daily, by requesting something the people responsible for the tool are capable of producing...? That sounds like an awful lot of bullshit to me.

> But that's because you are good people and see the matter with those eyes...

Good point. Similar thing can be said about law enforcement. They see bad all the time, so they are more likely to see everything as bad and push for legislation that is privacy restrictive because of that. Good people who see good need to be vigilant so that their rights are not diminished.

Rights must be absolute. One only needs to see how every post here ignores the difference between someone born with an attraction harmful to act on and someone who does act on it to see why we must afford all people their basic human rights. To say nothing that governments, including the judges that are part of them, cannot be trusted.

Isn't blocking a form of communication for millions of citizens also a gross infringement on freedom of speech? I don't know what legal rights the Brazilian Constitution reserves for its citizens vs the U.S., but blocking a service individuals use to communicate with others on seems to fall within that realm.

By blocking WhatsApp nation-wide you are putting the burden of losing the main means of communication on the backs of 100 million Brazilians, for a matter that concerns only to a few people.

Of course WhatsApp and Facebook are not above the law, but was the decision reasonable at all?

> No right is absolute

What about the right to life, or the right to not be tortured?

Right to life is not absolute, otherwise there would be no army; nice thought, but not going to happen.

Right to not be tortured is debatable

No right is absolute, and there is no single hierarchy of rights. Read Isaiah Berlin's seminal Four Essays on Liberty on why.

If the right to not be tortured is debatable, why do you refuse to debate me when I assert that it is absolute?

I'd love to debate you on it, but first I need to formulate my own thoughts.

Prima facie, there may be a case for there to be an absolute right not to be tortured, but depending on the moral framework - utilitarian, say - one can make a case for allowing torture in specific circumstances. Hence, not an absolute right.

Wouldn't it be more reasonable to ask for communication services to start recording after someone is suspect instead of wiretapping everyone?

Isn't that's how it works with phone calls?

Do you share data with foreign governments, who then could perhaps side-step your local laws? Just curious as it sounds like a loophole I've seen people talking about.

> No right is absolute, and that includes the right to privacy.

I'm glad you're not a judge in my country. I'm sorry if it sounds to violent, but that phrase...

> Criminals, for example, simply don't have it.

At least in the US we presume innocence. Defendants are not criminals and their rights must be respected.

> Do you guys think that pedophiles, terrorists and drug dealers have the right to privacy?

Yes until they do something illegal.

Privacy that relies on trust in the state is no privacy at all. You are an opponent of privacy. A shame.

Society relies on trust in the state. If people have none, then you have bigger problems than police seeing your dick pictures.

Trusting in the state blindly is like waiting for fascism and totalitarianism to happen.

Well I hope this ban bites the Judge who ordered it in the rear. This is a stupid thing to do and should never happen again.

What really happened: a drug smuggler with ties to a major criminal organization had been investigated and sentenced several months ago and since July Facebook and WhatsApp folks had not complied (actually they simply ignored all requests) with some users data the justice demanded to keep prosecuting the guy and his associates. Allegedly, according to the new https://en.wikipedia.org/wiki/Brazilian_Civil_Rights_Framewo... if a company does exactly what they did, they can be temporarily blocked by a court decision as some sort of punishment for obstruction. Mark Zuckerberg complained saying it was just one judge who ordered this but AFAIK the block was requested by PA's office.

To be fair, some Brazilian judges are pretty stupid and have no idea how the internet works so it's quite possible the original users data request was super broad and that's why Facebook and WhatsApp just ignored it. On the other hand, it's only through very effective wires and digital data examination in recent years that the Brazilian justice is finally putting some big sharks into jail. That's why I have mixed feelings about all this (and I'm a Telegram user myself).

Source, in Portuguese: http://gizmodo.com.br/investigacao-trafico-droga-bloqueio-wh...

The order wasn't super broad, it was actually specific to a single individual, like you said.

Also, even if it was broad, you don't get to ignore judicial orders. You answer to them giving your reasons and appealing if you don't agree. Ignoring them will get you either punished or arrested.

WhatsApp notoriously doesn't even have an office in Brazil. No way to even get a judicial order to them.

Facebook, the parent company, simply says they are Facebook and not WhatsApp, so they can't help.

By the way, the judge in case actually demonstrated quite a deep understanding of the web. Unable to get WhatsApp to comply, he ordered all telecoms to block WhatsApp IP addresses, which was quite a smart move.

You do get to ignore judicial orders if you are outside of their jurisdiction.

If, say, a valid legal authority in Iran issues some judicial order that affects me or some content that I have published (even if it is accessible in Iran), then it is perfectly reasonable to ignore it as long as I'm not in Iran, don't have an office there, etc.

I am not and should not be bound by Iran's laws and judgements, I reside elsewhere. Whatsapp is not and should not be bound by Brazil's laws and judgements, they reside elsewhere. If their host country allows (or requires!) them to protect user privacy, then they should follow their own laws, not those of Brazil.

Should Whatsapp censor messages critical of Thailand's royalty because they are illegal there? Should Whatsapp censor messages that are blasphemous and thus illegal in some places? Should Whatsapp give up personal details of the users who have made such illegal messages? In my opinion definitely NO.

Countries should not get to export their restrictions across the globe, they can either participate in the global network with an understanding that foreign companies will follow their laws and not yours, or countries can self-isolate as in this case Brazil has done.

I agree, very much with your point.

The judge's decision to block WhatsApp in Brazil, hoewever, is completely within their jurisdiction. So in order to fight it, WhatsApp would have to go to Brazil. Otherwise they'll just lose a very big market.

Fair enough. WhatsApp doesn't have to obey the laws in Brazil. It also means they don't have a right to complain when a country blocks them.

Why not? They can complain all they want. You might be more likely to dismiss their complaint when they don't follow the local laws, but it doesn't make their complaint outright invalid.

yes, and by ignoring those laws it's perfectly reasonable for that judiciary to ban your service within the bounds of their jurisdiction

You are right but you are not giving full respect to the fact that it is a company doing business there.

The company is free to chose not to operate in their country. It can chose to not answer to any official /judicial question (I'm not even saying agree with, only answer). It can do so even if it concerns a citizen of the country in question.

But if it does all that, it cannot expect said country to let them operate their business freely on "their soil", and that it is on the Internet does not change that, it's still accessing the Brazilian market.

I'm not agreeing with what Brazil is doing here, but I don't like the "I'm not on your soil so I can ignore you and still operate on your market" logic.

> You do get to ignore judicial orders if you are outside of their jurisdiction.

That's nice to say in theory, but in practice it doesn't work. Just ask Microsoft. [1] [2]

Fact of the matter is, if the Metropolitan police came to Facebook with the proper paperwork requesting data on a British user as part of a criminal case, Facebook would cooperate with them.

> Should Whatsapp censor messages critical of Thailand's royalty because they are illegal there?

No. But if Thailand decides to prosecute someone for making these statements via WhatsApp, then they have every right to legally request the data from WhatsApp. A user in Thailand broke Thai laws.

> Should Whatsapp censor messages that are blasphemous and thus illegal in some places?

Again, no. But if the jurisdiction decides to charge someone for breaking the law, WhatsApp and Facebook must cooperate with the legal request for data. To ignore such a request is circumventing due process.

> Should Whatsapp give up personal details of the users who have made such illegal messages?

Yes. If the request follows the legal process in the jurisdiction, then of course WhatsApp should be obligated to hand over the data.

What you're essentially saying is that if someone in the US plans a bombing of American citizens via WhatsApp, and if the FBI finds out of this plot and decides to request the data from WhatsApp, WhatsApp has every legal right to tell the FBI to fuck off. [3]

Obviously this is ridiculous. Someone did something which was against the laws of their country of residence, and that country has every right to legally prosecute them for breaking the law. To claim that WhatsApp is somehow immune from this simply because they're a foreign company operating in that country is ridiculous.

> with an understanding that foreign companies will follow their laws and not yours

Sorry, that's not how business works. Just ask VW about their recent 'dieselgate' incident if you need an example.

[1] http://www.theguardian.com/technology/2015/sep/09/microsoft-...

[2] https://en.wikipedia.org/wiki/Microsoft_Corporation_v._Unite...

[3] http://www.latimes.com/world/middleeast/la-fg-terror-messagi...

The countries have every right to legally prosecute their residents for breaking the local law. This doesn't mean that everybody worldwide has a duty to assist this prosecution. Even more, there are many cases (e.g. those I listed above) where a honest person should not cooperate but hinder and obstruct this foreign legal prosecution as much as their own local laws allow.

Whatsapp has a duty to protect their user's privacy. Unless they receive a binding legal order from their authorities (in Whatsapp's case, USA) it is entirely right to ignore nonbinding requests from judges in Brazil, Thailand, Iran or everywhere else. Simply submitting to out-of-jurisdiction authorities is not due process, it is sharing personal data with third parties without the user's consent which (IANAL, IMHO) is legal in USA but would be prohibited if, for example, Whatsapp was headquartered in EU.

In your examples, the listed companies (or their appropriate subsidiaries) are subject to those laws because they are headquarted there, those laws are their local laws exactly unlike the nonexistent legal relationship between Whatsapp and Brazil.

Some countries will have bilateral agreements to obtain evidence from abroad - a process on how e.g. Brazil law enforcement could cooperate with USA law enforcement to get a request that has some legal force in USA (and vice versa). In the absence of that, a provider should side with their users privacy and ignore foreign requests as a policy.

Fact of the matter is, if the Metropolitan police came to Facebook with the proper paperwork requesting data on a British user as part of a criminal case, Facebook would cooperate with them.

That's because they are British. No, seriously.

Some countries have most favored nation status in diplomatic and economic affairs. As a result, if you piss off the wrong partner nation then you will get stomped on locally.

Brazil doesn't. So the US is not going to force the whatsapp guys to do shit.

>By the way, the judge in case actually demonstrated quite a deep understanding of the web. Unable to get WhatsApp to comply, he ordered all telecoms to block WhatsApp IP addresses, which was quite a smart move.

Because VPN services do not exist in or are not accessible from Brazil?

Because the % of people that have a VPN configured on their phone, among 100 millions users, is likely to be very small.

No worries, in a few years, corporations will be able to sue governments into oblivion for lost revenue on cases like this...

I'd love to know what your background in law is to say such an absurd thing. What case would they have ? "We failed to comply with a judicial order and decided to protect criminal's privacy instead, and we got blocked. We want damages". Seriously ?

I think he's talking about TPP or TTIP which so far have nothing to do with Brazil. But who's to say such a deal is not on the plans of some politicians there as a quicker way out of the economic mess currently happening there?

It would require an international treaty with appropriate language to do so (not that it is likely IMHO), but then it can be analogous to the "your environmental laws caused us to shut down our polluting factory, so you owe us damages" cases.

Brazil is not a party to the trans-Pacific agreement.

I'm seeing more and more news article saying that Brizilian judges want to shut down the social web? This seems like a huge over-reaction, no?


Shame they went there instead of to Signal, but I guess it may still be a marginal improvement.

For me it would be a huge improvement if this happened in my country. It would mean that if I'm sitting in front of a keyboard and a screen as I am most of the day, I would be able to reply to my friends comfortably using them. With that joke of an application called Whatsapp, I have to choose between replying from a tiny smartphone screen and on-screen keyboard, or going through a ludicrous ritual of photographing a QR code (which works only if my phone has wifi signal and enough battery).

To be honest, privacy in a general-purpose messaging app is the least of my concerns, as I have other means of sending important messages to select people. What is really annoying about Whatsapp is its extreme device dependence* which forces me to depend on a single device for casual chat with friends, family and acquaintances (and not the most comfortable use one) when multi-device messenger apps have been around for more than a decade. Telegram is like a return to sanity in this respect, so any news about Telegram invading Whatsapp's space are great news to me.

*I say "extreme" because Whatsapp doesn't even like if you switch your SIM card from one phone to another. It's insane. I used to have two phones (one for regular use and a cheap old one for activities where it could get damaged easily) and I had to give that up because Whatsapp would force me to re-register every time I made the swap.

>or going through a ludicrous ritual of photographing a QR code

You know you have to do that only once yes?

You have to do it every time you use WhatsApp web. Not for each message, but it's an unwanted ceremony nonetheless.

No. It's only the first time. Then the key is stored in the browser forever (or, at least, for a very long time)

Not for me. It's every time, even though I can see right in the app my exact computer & browser it still wants me to re-scan.

Signal, and in extension the other privacy-aware messengers (Threema etc), can not replace Telegram or iMessage because they lack basic features like multi-device sync.

The hard problem of messaging has not been solved yet, what people should build is a service like iMessage but with the public key pool per account publicly auditable and verifiable.

Signal has multi device sync now, and it's cryptographically secure. It works by sending Signal messages to the other linked devices. This enables Signal-Desktop (the Chrome app that is now in beta). Sync is only implemented in the Android client at the moment though.

That's quite literally multi-device >>sync<<, as in there is only one receiver and the rest is dependent on that.

Seems like a low effort solution and would not satisfy my requirements, but it probably works for some people.

I receive messages on my desktop regardless of whether my phone is connected to the internet or not.

Edit: just verified. Phone is in flight mode and chatting away on signal-desktop works just fine.

This is false. I've tested this possibility by turning off phone and Signal Desktop still receives messages. Description of plan around which protocol was build is here [0].

[0]: https://gist.github.com/TheBlueMatt/d2fcfb78d29faca117f5

That's slightly better but still cumbersome to set up and with the primary device as a SPOF. What does the recovery procedure look like if you lose the master?

From what I've read in docs posted above, identity key is copied from S-Android to S-Desktop. If you lose S-Android, there are two possibilities.

1) Your keys are safe (device was encrypted and/or you've wiped it remotely, whatever). In such situation you could be able to transfer keys from S-Desktop to new mobile. AFAIK there is no such functionality yet (remember, its Beta).

2) Your keys are not safe. In such case no recovery is possible. Notify all contacts about the fact that they should "reset secure session", forgetting your Signal identity and establish new Signal identity.

Anyway, this is the only solution on market with secure chats and multi-device sync.

No, your claim is false. This has been claimed about Signal multiple times now on HN and I've never understood how people came to this conclusion, because it's just not true and never was. All your messages arrive on all your devices, even if all of them are off at the time the message is sent. It's stored in an end-to-end encrypted fashion on Signal's servers until you switch on one of them, at which point the message will be delivered. When you switch on another one, the messages will be present at that device as well. The only thing missing right now is the sync of old messages when you link a new device, but that's only relevant in the first couple of days/weeks of use.

Since when was it possible to sync whatsapp over multiple devices?

That unnecessary limitation really disgusts me, since I am the type who deletes his whole chat history weekly because I don't want to carry it around with me in case of another targeted stealing attempt. I'd love to integrate my whatsapp xmpp account into pidgin.

Signal is currently beta testing "Signal Desktop" which introduces (somewhat limited) multi-device sync capability. I use it and I'm happy about experience.

I basically don't need other communicators right now for close family and part of my friends.

Occasional video call can be made using other platforms.

> they lack basic features like multi-device sync

I've never used multi-device sync, ever. Not on iMessage, Viber, WhatsApp, ... The only one that I use across devices is Skype, but I don't use it except for video.

Not even Telegram supports multi-device sync for 'locked' chats. So if you really care about security, multi-device sync is not a feature, it's a bug anyway.

I know only 1 guy who uses Signal and he is an AT&T systems administrator and linux addict. He understands the difference. The rest, use either iMessage or Telegram and don't really care about the rest.

Telegram has the same problem with "Secret Chats" which can only be read on the device from which they are initiated.

People don't use Telegram (or whatsapp) for secret chats, but because it's a UX friendly messenger that replaces paid SMS services.

Yes, but the amount of people who actually use secret chats is tiny.

It reminds me a bit of the CAP-theorem: Security, Device Sync and Usability. Pick two.

My personal preference is solving DU, because I can do security aware stuff with GPG.

WhatsApp also lacks multi-device sync. The feature that made people adopt WhatsApp was saving money in contrast to using expensive SMS (which is the reason why it doesn’t have much adoption in countries with reasonable prices).

Multi-device sync and privacy-awareness both are maybe reasons for a few individuals to switch but they both have problem with the number one feature of messengers: actually reaching other people.

Why something gets adopted is way more dependent on soft factors than on technical factors, as long as the basic requirements are satisfied.

>(which is the reason why it doesn’t have much adoption in countries with reasonable prices).

Huh? I don't think this is correct. WhatsApp is huge in Europe, nearly everyone I meet prefers to use WhatsApp over SMS yet almost everybody has "unlimited SMS" plans.

The unlimited texting plans came after whatsapp in most countries. In Sweden seemingly nobody uses Whatsapp. Here in Germany there are many people with unlimited texting, but it's far from everybody.

I just wanted MSN Messenger back. That was the only messaging app that worked well for me.

What I want is a messenger which has all my friends in it.

Sadly at the moment that's only WhatsApp and Telegram to some extent. If only there would be some protocol or standard that would allow me to communicate across different providers.

But unfortunately such a standard must be technologically impossible, otherwise it would be implemented and widespread already.

This has to be a joke. Multi-device sync? Most people don't know what that is.

They just want a pretty GUI, their friends to be on it, and an easy way to send videos/photos/voicemails/whatever.

Granted, I've never wanted to send videos and sending photos works well on Signal right now. But until recently the GUI wasn't very polished.

Of course they know what that is - and actively use it - just think of Facebook messenger.

They might actively use it but not because they want to.

In fact, Brazil's most popular chatting app that is recently banned there doesn't have multi-device sync. Hangouts does. Everyone could use hangouts, but not nearly as many people do.

Using your phone number and address book to find contacts is what made it really easy for me. Also, iPhone users don't use Hangouts, but were somehow "forced" to use Whatsapp to talk to people on Android phones.

multi-device sync means you have to store the private key in the "cloud", or something else which could directly identify you.

No, iMessage for example generates a unique key pair per device and submits your public key to the key pool for your account. Devices can then sync old history using each other's keys and new messages will be encrypted for all devices.

The problem is that the key pool is in Apple's hands. You cannot guarantee that they don't go and add a key do the pool and get all your messages anyways.

Marginal improvement in what sense? When considering privacy, Telegram is by far the worst option. They store the plaintext message history on the server of every message that every user has ever sent or received.

Even if WhatsApp weren't using end to end encryption by default, they would have no way of complying with government requests like this one, because they simply don't have the messages. Telegram, on the other hand, is a surveillance dream.

Only in the limited sense that Telegram appears to at least have an intention of really providing private messaging and one might hope that they one day drop the delusions of grandeur and start to take seriously constructive criticism about how to do it right, as you and others have presented in other threads here.

My understanding of the Whatsapp end-to-end-encryption is that the use of the term is completely misleading, as the "ends" they are referring to are the client and the Whatsapp server (https://www.whatsapp.com/faq/en/general/21864047). Unless you know otherwise, I take that to mean the communications are in the clear at Facebook, and in my estimation that's tantamount to piping them straight into the US surveillance machinery through whatever they call PRISM these days, or some more or less distant relative of it. (This arrangement would still offer protection from bad actors that don't have some form of easy access to Facebook's internal information).

Both seem like dreadful options in absolute terms, but if we're comparing I'd slightly rather have that user base in the hands of someone possibly sincere and incompetent than with someone competent but almost certainly treacherous. At least there is a sliver of hope for improvement and, who knows, maybe once they're off the paved road of Whatsapp they'll wobble their way though other alternatives to something like Signal eventually.

Since we're fortunate enough to have you here anyway, would you mind commenting on how Signal would fare under a similar blockade? https://news.ycombinator.com/item?id=10750898

Would the service be taken down? Do you consider it a priority to try making it difficult to block in the default configuration?

It's actually the exact opposite. Telegram has made design decisions that prevent them from ever being able to provide private messaging by default without radically altering their design and re-writing all of their clients. The Telegram "client" is really the server -- everything happens there, and the client you use is just a view onto the server.

Thank you for pointing that out.

That structure seems enlightening to understanding how Telegram has been able to create clients for so many operating systems in a relatively short time.

I like how the Signal app (at least on Android) also works for insecure SMS to give me one place for messaging... well apart from everyone who uses WhatsApp at least.

What I'd love is if they could also make it an email client too. Letting me send/receive insecure emails or (if the recipient has Signal) encrypted email using the same key management. I'd much prefur to give out an email address (totally in my control) than a phone number (could be taken away from me at any moment).

One digital communication app please.

I have used both, but never heard of Signal I'll try it.

+1 for Signal (used to be TextSecure). They now have a desktop app in beta which synchronises perfectly with my mobile

Installing Signal to try as well!

Can Signal be taken down like WhatsApp if the same happens again in the future?

Yes, Signal's advantage is the cryptographical security of the messages. It's NOT server independent.

I practice I agree, for now.

In principle, since both the Signal client and server are FLOSS, it should be possible to resist a block in some ways that might not be so easy with for example Whatsapp, but as far as I can tell, as things stand right now there is no built-in way to switch server, and asking millions of regular people to make changes to the source code of their cellphone software, recompile and manually reinstall does not seem like a recipe for success. I wonder if one might sensibly work around these things by fallback/optional connection to the server through Tor if Tor is available on the device?

>They now have a desktop app

It sit on the top of a close-source browser...

Chromium? No more closed source blobs [0]

[0]: http://www.theregister.co.uk/2015/06/26/googles_not_listenin...

No it doesn't. If you're going to wave this flag, you should be complaining about the management controller inside of your CPU (presuming you are already running an open source OS).

>you should be complaining about the management controller inside of your CPU

And I am! I can't wait for Novena! Also notice a difference. Having a close-sourced CPU is different than having a close-source browser which has much more possibilities to compromise you. It can start camera, microphone, read disk files, locate you and transmit everything to "cloud".

You can also use it with chromium, which is open source.

Which downloads blobs from google when you're not looking...

Edward Snowdon recommends Signal.

A superior ranked judge ('desembargador') just revoked the ban. And said (my translation):

"In face of the constitutional principles, it does not seem reasonable that millions of users are affected in result of the company (whatsapp) inertia"

In portuguese:

"""em face dos princípios constitucionais, não se mostra razoável que milhões de usuários sejam afetados em decorrência da inércia da empresa"

The judge also said that a fine would be more appropriate.

source (in portuguese): http://g1.globo.com/tecnologia/noticia/2015/12/whatsapp-just...

I miss the days of ICQ, MSN, AIM, Yahoo, Zephyr, Gtalk, Facebook's XMPP, and all those other messengers. They had relatively open or decipherable protocols, and on almost all OSes there were at least a couple decent applications that allowed you to login to all messaging services using a single piece of software. I could even write gateways and plugins to use NLP and autoreply, encrypt messages, and all kinds of other awesome things which I can't do anymore.

It seems like we've taken a step back in technology.

Me too. A lot of those open standards still exist, but everyone has walled off their garden. It's infuriating. I don't mind using whatever protocol my contactee wants, but I'm not going to install 10 different messaging apps with various permissions just to communicate with them. Inter-connectivity is the name of the game, not exclusiveness.

When startups say being lucky was a big part of their success..I guess this is what they meant

Facebook/Messenger is sending a message to Brazilians stating they're working to get WhatsApp back up and suggest to use Messenger while WhatsApp is blocked. https://imgur.com/kx4B3na

I am from Brazil and I can say: we are almost becoming the new Argentina.

And this is quite interesting because Argentina is becoming the new Venezuela (at least they were, but few weeks ago they had elections and the left wing lost). And Venezuela clearly is becoming the new Cuba.

Your pessimism is undeserved. You seem to have formed your mood 5 years ago, and not revised it since then.

Venezuela just officialized a huge change in direction with a complete majority for opposition in parliament. Argentina has just elected an opposition president that is already undoing the policies of the previous governments.

Now, I'm also Brazilian, and, of course have more detailed info about here than those countries. I've never been so optimist about our country. You know, I've watched the TV news yesterday (I guess first time in the year), and 2/3 of it was about the president's impeachment or criminal persecution of corrupt politicians/businesspeople. Yesterday there was nobody thrown into jail, but just last week there were 11.

You know, those people didn't start yesterday. Corruption was smaller before the current government, but those businesspeople now in jail have been living from government contracts since before the military coup. Some of the politicians now in jail have been in power since the military government.

Can you explain each of those statements in turn?

"Argentina is becoming the new Venezuela": formerly prosperous country adopts ridiculous economic policies (key industries nationalized and handed over as private fiefs to incompetent cronies, exchange rate controls, price caps), sees economy go down the toilet and inflation rocket out of control

"Venezuela clearly is becoming the new Cuba": Not content merely with wrecking the economy, leadership squashes all opposition and turns country into a straight-up dictatorship (of the proletariat!)

Fortunately both statements are hyperbolic, as both countries have just held reasonably fair elections where the electorates decided to kick the bums out, but there are still choppy waters ahead...

Argentina cannot into economic prosperity since 1700s

Weren't they prosperous for a while after World War I?

They were prosperous when they had surges of incoming white immigrants from Europe, yes.

It was more about them selling food to war-thorn countries. Even Paraguay had a budget surplus after WWI for similar reasons, and they didn't get many white immigrants.

If you followed the latest news you will quickly realize that Argentina will not be like Venezuela and that Argentina could be in better shape than Brazil.

I am from Brazil and I can say that we are nowhere near becoming the new Argentina.

How can one country become another?

They all swap names to confuse the rest of the world. :-)

(As a brazilian) Do you have something to say about WhatsApp and the judicial order? No?

This is Hacker News, not Reddit, lets keep it that way, ok?

All three countries have better HDIs than Brazil. Argentina and Venezuela also have higher incomes. So lets hope you're right!

HDI is the worst metric to begin with.

And Cuba is becoming the new Mexico? :)

And Mexico will become the new Brazil, completing the cycle.

These messaging apps are worse than... well, I don't know. This is as bad as it gets. Bicycles maybe? Incompatibility, fragmentation.. the worst thing you can have for application that is supposed to be used for communication.

At least Telegram has an API and a documented protocol... It could have been a lot better, but WhatsApp is a reminder that it could have a lot worse too.

There has always been fragmentation with messaging apps. In the 90s/00s it was MSN and Yahoo and IRQ etc etc

In the 00s, we had multi-IM clients like Trillian, Gaim/Pidgin/libpurple, Kopete, Telepathy, etc.

Now, there's so little work done in reverse-engineering IM protocols. It's really sad. Part of this is because Sean Egan got hired by Google to work on Hangouts, so he's out of the reverse-engineering game for good, and it's sad that nobody took up the mantle from him.

Depends... in eastern-ish Europe it was ICQ only. That was kind of fine.

What I don't get is why mobile carriers still charge for SMS. They could have all deployed their own SMS apps with ads/premium where you could write messages for free. Some did that, but rather badly I think. They just let that market go.

Messaging apps are worse than bicycles? Sure, but to be fair, almost everything is worse than bicycles.

Bicycles are pretty bad when it comes to dozens of incompatible standards for each part.

I'm sure that the phone operators were very happy to comply to ban, they hate WhatsApp. When WhatsApp first got popular here it ended their very lucrative business of SMS and more recently they introduced VOIP calls which considerably cheaper than normal phone calls, especially long distance.

Three of the major phone operators (Vivo, Claro, TIM) implemented the ban, while the fourth (Oi), did not. The CEO of Vivo, one of the major phone operators, came out a couple of months ago saying that WhatsApp is "piracy", since they are not affected by the same regulations as the normal phone operator.[1]

[1]: http://www1.folha.uol.com.br/mercado/2015/08/1666187-whatsap... (portuguese)

All of this is good. The more competition the better. Pity they aren't all compatible. Then we might actually have an real email killer on our hands.

This is how regulations can influence you're business. Unrelated to this, but in corrupted countries a relative of the guy in the government can easily kill your business by asking him to ban yours or promote his!

So what does this tell us about Telegram? Are they willing and able to provide the authorities with the relevant info should a request such as the one made to whatsapp be made to them?

Would it be possible to get the messages if FB/WhatsApp decided to do so? I heard they started doing end-to-end encryption, with the keys only on the user's phone.

Also, if you've designed a system like this, could you also design one where you'd be unable to comply with the shutdown order? I suppose one of the Bitcoin related message services would be like that.

Perhaps I'm being hard-headed here, but I don't understand the need to debate secure communications here, beyond the benefit of opening doubt in the minds of those ignorant of the underlying physical process.

This boils down to the fact (for me, and by proxy, my community) that I (and by proxy, my community) will not use insecure communication because someone or someones wants me to do so.

Shake your fist, rattle your sabres, put me in your sights, it will not change my (and by proxy, my community's) resolve.

And if I (and by proxy, my community) is to be prosecuted for using secure channels, then I (and by proxy, my community) will resort to steganography. Exact circumstances aside, there's no getting around the effects of a dedicated mind and an overwhelming power (of math) on my communications' transit.

The only means by which a paternal element can mediate the policies of my interactions would be to mediate the interface by which I (and by proxy, my community) communicate (in this case -- electronic/digital computer<->human), and enforce this with vigilant, and economically costly violence.

This matter-of-factness is similar to that in traffic stop interactions. I'm not happy that men with guns can systematically stop my transit, search my belongings, and steal my assets (at least in Texas), with ex post facto logic applied to the inherent justice, and I have no way of stopping this. The exact circumstances aside, there's no getting around the effects of a dedicated mind and an overwhelming power on my transit.

So I work around it, I try not to get stopped, and I deal with it when I do get stopped. I don't shake my fist or pout, beyond for the benefit of opening doubt in the minds of those ignorant of the underlying physical process.

So facebook\whatsapp is criminal in Brasil because they broke the law.

Wow. Merry Christmas indeed.

I'm a judge in Brazil.

Your comment history says otherwise: https://news.ycombinator.com/item?id=4167143

Seem to be a run of the mill dev to me. I'm surprised you got as many credulous responses as you did.

What you did here is not cool.

On HN, we start from the benefit of the doubt. A person can be both a programmer and a judge. pqdbr's comment was coherent and plausible. The null hypothesis is therefore that pqdbr is making a valuable contribution.

It's fine and interesting to look through someone's comment history for background. It can also be ok to ask questions based on that, but this is always delicate and must be done respectfully. But to dig around for a bit, leap to a sinister conclusion, and fling it at them with a couple insults for good measure is a serious violation of civility on this site.

HN members with outlier backgrounds (and 'judge' certainly is one) are some of the most valuable contributors we have; doubly so—if not more—when they speak computing too. Imagine what it would feel like to share from one's expertise in the most on-topic way possible, only to be randomly slapped in the face and have your character impugned. You owe pqdbr a lot more of an apology than "Cool! Always happy to be wrong when evidence supports it." (Edit: which, now that I think of it, reads more like a humblebrag than making amends.)

We detached this subthread from https://news.ycombinator.com/item?id=10751003 and marked it off-topic.

Totally respect moving it as it is a distraction at this point.

That said, my comment wasn't particularly harsh and I think it's reasonable to be suspect of such lofty claims, especially with basically no proof to be found anywhere in a cursory search. One commenter did some serious research to find Portuguese language proof and that is why this was even an issue.

Had the commenter been full of BS, which is the overwhelming majority in these cases, nobody would have made much of a fuss about it.

I also expressed my gratitude for pointing out the errant conclusion to the other poster who did research, so I have no problem admitting a false conclusion. Being wrong with a lot of support (upvotes) seems to be my primary sin here.

You're misinterpreting the upvotes on a comment like that. They simply mean what GIFs of popcorn mean.

Outrage and drama drive more upvotes than intellectual curiosity does. That's why upvotes, though vital, are not the final arbiter here. HN is a constitutional democracy, and what you did was unconstitutional. Please don't do it again.

Very weird indeed. Although I agree with the reasoning, despite of the authority.

Agreed. This feels like some sort of inverse appeal-to-authority. "You can't be this kind of expert, therefore your assertions are false."

If you start your post with "I'm an authority" then you are inducing the appeal to authority implicitly through Priming.

You are committing the same folly you accuse him of. It would be fine to simply point out his use of it, but following that up with: "I'm surprised you got as many credulous responses as you did." You are basically doing the same thing. Prime that he is not an expert, then state that he should not be getting credulous responses. The implication of course being that his not being an expert means that his argument does not deserve credible thought and response.

Also, there's always a fine line with appeal to authority with regards to experts, which you would hope a judge would be in the field of law. For instance, is it folly to point to consensus in science? That is, after all, nothing but an authority.

Similarly if you start your post with "I am not an authority, but..."

Why do you assume they aren't someone with a website and have a career?

Anything is possible of course but what is more likely:

1. An elected Judge in Brazil also has a side business of running a marginal tourism website and the time to comment on HN

2. Someone is lying on the internet

We can extend your logic to just about everyone on this website.

That just doesn't sound reasonable. University students, to me should be a full-time focus, also very often have one or multiple part-time jobs or even a full-time job while attending classes and doing their school work. Surely being a judge doesn't take 100% of someone's time, and this is also a topic likely close to the commenter. Also, did you look at the date of his tourism website post anyhow?

The real question is what does it matter to you? Nothing a person says is correct just because they have the right title or label.

Speaking only for myself, obviously, I don't find the argument itself to be particularly interesting, but I do find it interesting to find a Brazilian judge posting it on HN, just because that's really unexpected to me. If it's all fake, then the comment ceases to be interesting at all.

If the goal is to simply make a compelling argument then stating your title immediately induces bias.

My point is that you have nothing to gain by calling into question the title. You give people the benefit of the doubt because that's the way to maintain civil discourse.


Cool! Always happy to be wrong when evidence supports it.

I was a bit surprise too. Was writing the exactly opposite of this text until I found his full name and the judge thing.

There's a large number of HN posters who just come in and turn everything into an anti-US screed. This guy took something unforgivable in Brazil and turned it into a very questionable commentary about the NSA and pretty much blaming the US for all the world's woes.

I believe there is a lot of evidence of autocratic regimes like Russia and China paying people to promote anti-US views. Who knows if this guy is one of them or what Stalin called a "useful idiot" but its amusing to see obvious trolling in action. Did he think no one would go through his posting history?


Please post civilly and substantively or not at all.


Ok, I will. I'm sorry.

What a strange remark. Are you envious of those who have someone to talk to?

Please don't feed comments like this. Instead, flag the comment by clicking on its timestamp to go to its page, then clicking 'flag'. (This requires a small amount of karma, currently 30.)

Yes, I am alone crying in my empty room while I write this.



Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact