After all he bought Instagram and WhatsApp for peanuts, and copied the best features of SnapChat.
Signal also has nothing he can emulate. Its most meaningful selling point is that it doesn't have an association or integration with a scummy social media company, and people using it for that reason are already lost to Facebook. This is a feature he cannot ever hope to copy.
Even if there is nothing to emulate, downloading the app at least gives him a feel for how close it is to WhatsApp's capabilities and would help him understand if it is a major competitive threat or not.
Both of them now have some variation on encrypted chats.
I bet the CEO of McDonalds has been to Burger King at least once to check out the customer experience. It really doesn't mean anything.
Assuming that his threat model is "my phone number will not be leaked", signing up on signal with his personal number seems fine.
Further: LAN Manager era Microsoft had a Novell Netware group, Microsoft also continued to use (Windows port) of sendmail while selling Exchange, had an entire Macintosh enthused business group.
TLDR: Of course Zuck has a Signal account.
Just consider: if you're looking for privacy-respecting, actually secure, reviewed, audited and tested to bone tech -- short of replicating the work yourself, who's assessment can you trust? Perhaps paradoxically, you should foremost trust the unspoken opinions of criminals. Because those people are likely betting their lives and freedoms on the tech choice. Barely any other group will approach such a choice with more vigor.
So, morals aside, that a technology is being used by criminals is actually a compliment to that technology.
I’m not totally convinced by the narrative that Mark doesn’t trust his own tools so he prefers Signal.
"I was curious to check it out.. it wasn't very good, so I reverted back to Messenger/Whatsapp."
IIRC, he made similar comments when he was spotted using G+.
Disclaimer: My views are my own (and not necessarily shared by my employers).
I will take this moment also to mention that "re-implement" isn't exactly right in that they modified the protocol slightly to allow for someone in control of the administration server to change a user's private key without their knowing, so that the admin can decrypt the E2E communications using the known key.
Do you have a source for that claim?
The GP claim is far broader that all E2E communication can be compromised without user awareness permitting ongoing communication between two unaware parties to be monitored.
Both points (security vulnerability and user experience prioritization) can be true simultaneously. This is the root of all plausible deniability when it comes to installing vulnerabilities in technologies.
I don't see why we should care at all about WhatsApp's intentions with the change when the effects are so pernicious. Facebook et al. definitely do not deserve the benefit of our doubt anymore.
Regardless - you still haven't given a source for you original claim. "not deserving benefit of the doubt" does not qualify. If the linked article is in fact you source then in the future please do not exaggerate such claims as you have done. I would have expected a claim from the article to read (along with a link to the source!):
> WhatsApp have modified the protocol slightly auspiciously for user experience but this allows a third party attacker to intercept messages sent offline only alerting the sender after they have been disclosed.
You mean, no-longer-E2EE.
Who is your employer? It's not mentioned in your profile...
On the other side of the spectrum are people who won't just install some random app without due dilligence, make a pass on appified websites and don't care about how many messengers they have on the phone because it doesn't really matter anyway due to the reactive usage pattern. I suppose MZ is like that.
If he really wanted to that, he would have several phones with separate numbers for exploring other messaging apps as not to cross business and personal matters.
(2) Lugging multiple phones is clumsy enough that most people won't consider it, most CEOs, even more so. Two is somehow tolerable. And you need competitors' apps always available, to try things while you have an idea, and to easily compare.
He has tape over the camera of his own computer in Facebook HQ
No matter how you trust your software, some malware may want to activate it, especially at a high-value target like Zuckerberg (or Bezos, or Nadella, etc).
Alas, microphones are not as easy to deactivate.
If someone can access my camera and spy my unkept beard, why won't they also be able to access my keyboard and spy my main email account password?
Lots of young girls were being lured into installing malware and had their bedrooms recorded.
¹(Edit) You can't make this stuff up: https://support.apple.com/en-us/HT211148
That’s why eg. all Purism products with them have hardware kill switches (to physically disconnect them).
Easier on desktops that don't have a built-in mic.
I use a mic with a hardware power switch.
He might be just trying to experience Signal here and there, and see how to take something from it to facebook.
I don't think he is using this seriously.
Not sure how this paints Zuckerberg in a bad light. The bad guy seems to be the developer who was going to use his fame to advertise, thus exposing Zuckerberg to way less privacy than a normal person. This was Zuckerberg’s way to eke out a bit more privacy in the vein of a normal human. I mean he left the people in their homes.
This sounds more akin to a discussion about Oligarchs after the collapse of the Soviet Union than a discussion about an American CEO in California.
Kind of eerie, even if you didn't intend it to sound that way.
> sounds like a HUGE safety problem for him AND his family.
You watch too many action movies. No one's going to spend the months of background checks and negotiation and tens of millions of dollars it would take to buy a mansion next to Zuckerthing's just to kidnap him or something.
The threat to rich people are from career criminals, not other rich people.
Also, what's to stop him from kicking those people out if he changes his mind? I doubt Zuck would ever write a honest contract that held him accountable for anything.
He purchased the homes in a free market, they were not granted to him; the residents are not serfs.
So I guess it's like feudalism in that...there's a landlord?
(not to mention serfs could not be bought alone, they could be sold with the land. Maybe you are thinking of slaves?)
A wealthy individual (WI) coming to his neighbors.
WI: "I'm worried your homes might be bought by individuals that affect my privacy, I know you don't intend to move, so let's make a deal that you can still live here and pay rent."
Random YC Comment: "(WI) left them in their homes, rather than reneging on his deal and casting them out of their familial homes to the street."
A Feudal Lord (FL) dies and his heir receives the fiefdom.
FL: "You are now my serfs and I've decided you may continue to live here and pay me a percentage of the crop yield, I am a generous lord."
Serf: "OK, m'lord"
Random YC Comment: "(FL) left the peasants in their huts like the generous lord he is."
A state industry has been privatized and is now owned by an Oligarch, to include the housing provided to the workers.
Oligarch: "Party land now my land, you may continue to live and work here to provide me profit, I am a generous businessman."
Random YC Comment: "The Oligarch left the workers in their housing, as long as it still provided him a profit."
They were offered a lease agreement, and they accepted this offer. They were not "left" there.
The idea that capitalism guarantees liberty is dangerous and absurd.
You think that I'm joking about Zuckerberg being a poor comparison to those specific oligarchs?
I mean this unrhetorically, what part of my comment could you possibly misinterpret so horribly?
That's just... creepy from the developer.
Also how is living next to Mark Zuckerberg a perk? Unless you want to build an illegally zoned Startup Incubator focused on IoT and the main acquirer you're targeting happens to live next door and notices your product everyday...
>I mean he left the people in their homes.
how good of him . /s
Generally if someone does something you don't like you ask them to stop; if they don't you sue them , or if conditions allow you ask law enforcement to step in.
>This was Zuckerberg’s way to eke out a bit more privacy in the vein of a normal human.
on what planet do normal humans buy all the surrounding real estate in some of the most expensive places to live to 'eke out a bit more privacy'?
This is quite clearly a show of finance and power that few 'normal human' people would ever be able to demonstrate themselves.
Good on him, i'm not upset about it, he SHOULD spend his money how he wants -- i'm upset that people try to paint the behavior as normal and run-of-the-mill.
There is nothing normal/every-man/run-of-the-mill about Mark Zuckerberg's existence.
In tax-exempt organizations or any organization with "self-dealing" prohibitions, you can still get any benefit you want with asset prices.
So for example, your own private foundation can own all the houses around yours (and be rented if so desired) and be sold strategically to give newer indications of market value for your own house. Sell them all at once and you may be cratering market values for your personal property, or you may be raising the property value, but as long as the funds come from the market and you don't have a self-dealing prohibition. Your personally held property being eligible for contribution to that foundation too (or other tax exempt organization type that you might not have any control over), with its current value being a consideration. Although Zuckerberg famously has an LLC that is not tax-exempt for their philanthropic missions, it doesn't mean he/they don't have any tax-exempt organizations, and they're definitely not precluded from forming or using one in the future and transferring those assets when convenient.
Yes, you also have the privilege of aiming to get more privacy.
Latching on to any one thing just reveals how little privilege you have in comparison. Many other people wouldn't talk about it, as they employ similar strategies.
However when you have enough money you can afford such privileges.
people don't care about privacy but it's not exactly his fault. then his job is to capitalize on it. why would he care. you would probably do the same ..
What is probably closer to the truth is that people care little about privacy from someone they think they will never come face to face with, and who they believe won't leak that information to anyone they will come face to face with.
The problem comes when people don't have the knowledge necessary to assess the risk of that happening in any given scenario.
Funny you phrase it like that. When I discuss with people about 'privacy', nobody has anything to hide. When I take 2-3 minutes explaining to them why 'someone' (data markets) out there knows: what type of porn gets them off, what they shop, how much money they have, what diseases they have (that may impact their chances to a life insurance - theirs' and their kids'), their drinking habits (that may impact their premiums on car insurance), who they meet/greet/f..k..
Then their expression changes a bit. Ignorance is bliss. I awaken 1-2 people at a time. BUT (big but - sorry for the caps) "all my friends is on FB, and Chrome is such a nice browser".
> you would probably do the same
I used to know a guy who geniunely had the opinion: if it wasn't illegal to sell heroin to kids, I'd be a billionaire right now selling to all my kids, starting with my kids' friends.
Unfortunately this person has kids, voting rights, walks among us. Yes I want to be a billionaire (I'm many-many zeros away from this target). No I wouldn't sell heroin (or your kids' photos you post on social media) to anyone else. Zuck has no problem getting 13yo on Instagram, profiling them, and trading their data. So NO.
The reason is people care is because this information can be used to harm them.
The reason I care about my credit card number being public is because it can be used to stole my money but If my credit card number can be public while still keeping my money belong to me then I would much prefer that.
The better way would be to make everything as public as much as possible then fixes the issue that arise due to that information being public.
When you share with FB (imho) it is clear that you don't share with a person, but with a hungry-for-information beast. Didn't people hear about Cambridge Analytica? Is anyone so naive so as to believe that this was 'the end of information leakage' by FB? (or other similar platforms, such as Pinterest - in the case someone makes a "medicine for my X disease" table).
So the real issue is can't get insurance/too expensive insurance, not the privacy itself.
If this is fixed then I don't care if the information being public.
Non-technical people within my circle appreciate GDPR. They fall into recent Apple's privacy advertising, FWIW. Many of my non-IT business peers have moved to private email services long ago — e.g. Protonmail, Mailbox.org, Fastmail, etc. — regardless of Google's Eric Schmidt anti-privacy stance back in the day. Almost everyone I constantly communicate with use Telegram, and privacy of comms (FWIW) was among selling points at the time of switching the IM.
I won't exaggerate the value of privacy for a general public. But since Snowden's publications, Cambridge Analytica scandal and GDPR discussion with a widespread media coverage, common citizens became much more privacy-concerned, at least in Europe.
Below I quote highlights from the recent FRA (EU Agency for Fundamental Rights) survey report "Your rights matter: Data protection and privacy - Fundamental Rights Survey", June 2020:
> 41% do not want to share any personal data with private companies, almost double the number compared to public bodies;
> the type of personal data influences people’s willingness to share. Only around 5% want to share their facial images or fingerprints with private companies;
> 72% know the privacy settings on their smart phones. But 24% do not know how to check the privacy settings on their apps;
> 55% fear criminals or fraudsters accessing their personal data. Around 30% worry about advertisers, businesses and foreign governments’ access to information without them knowing;
> 33% do not read the terms and conditions when using online services compared with 22% who always read them;
> 69% know about the GDPR. A similar number know their national data protection supervisory authority (71%);
> only 51% are aware that they can access their personal data held by companies.
 https://fra.europa.eu/sites/default/files/fra_uploads/fra-20... (PDF)
Do you know him personally or has he done something for you? Why do you believe he is a person of integrity?
Never been to US myself, but fair enough.
Anonymous messaging is an entire category by itself. It is a much more difficult problem. Fortunately, most people don't need anonymity, most of the time. I really don't care who knows that I am communicating with friends, family or the people related to my business. If anything, I care less that someone might find out I use Signal. If I encounter a situation where I need to be anonymous I can and will have to take special measures for a while. Temporary anonymity is relatively easy. The identity management is a cinch.
That is aside of the obvious problem of phone numbers being recycled for re-issue after having been abandoned for a stretch of time.
Taking over a Signal account requires access to the phone number and the password used to register it (or waiting a week). And this will still not give the attacker access to the private keys; When these keys change, Signal will put an alert message on ongoing chats and ask for confirmation.
So yeah cool I can see that my boss, 4 ex-coworkers, my ex-bosses ex-wife, and I think a recruiter have all leaked my personal info to Clubhouse.
me and my friend want to communicate on signal. If he messages me on Signal there won't be any way to know if that's actually him. I would have to call him and confirm if its really him. For a tech-savvy person who is like crazy about privacy this is not a big deal. But for a normal consumer this make them remove the signal.
You want to message someone who you already communicate via WhatsApp or calls on signal. Again from an average consumer point. Calling them and asking them for their signal ID is again inconvenient. Imagine doing this for 400 contacts if you try to move from WhatsApp to signal.
There are other secure messaging app which doesn't require number or even email. But then again, you meet the person or call him and then get his id.
Not sharing mobile number is really for few selected cases and those people form a very small percentage of the market.
Having a feature similar to telegram where you share your number with selected people. Or have a disposal ID which can be used to start a chat and then dispose that ID so that it can'be used again or linked to your account. Something like this would make more sense and probably serve that small percentage of people as well. An ID which gets destroyed once it's used to make a connection. One time use ID only. This is a good way as well. Secret chats which stays on one device only, or you need separate credential for.
I should be able to make a sample app like this. It can be a good demo project.
yes. That is the point.
IIRC there was also some Android API that could be used in the app to help, but I don't remember what it actually did atm.
Worse still, even if you block IME internet access on a device with a factory-maliciois IME, they could just upload the data using some other service on the device.
Installing a known-good IME seems like the only fix I can think of?
It would be the same if there were usernames, although those would be far harder to assign to a person. Thankfully, Signal is working on that feature and hopefully it's released soon. I'd like to one day not have any phone number at all. It's a system that feels very much antiquated...
> Wire's instant messages are encrypted with Proteus, a protocol that Wire Swiss developed based on the Signal Protocol.
That doesn't sound like "Wire uses the Signal Protocol" to me.
Yes, with published reports, but it looks like they haven't published new ones in a few years.
Has it been audited by security researchers?
This is usually a good assumption.
Bitwarden is open-source (both the server and clients) AND has been independently audited for a security review.
I am curious, what did send to him? Also, do you often send messages to people you don't know via chat apps linked to phone numbers?
Haha, thanks for the chuckle.
Do you consent to be tracked? Doesn't matter we're going to do it anyway. And we're going to make a s** ton of money off of it.
Do you consent to having your location tracked? Doesn't matter we'll figure it out anyway and we're still going to sell it.
Do you not want an online ordering system? Too bad you're getting one anyway and we'll have robots harass your employees with phone calls.
Move fast and break things simply means do unethical things before regulators catch up to you.
$ curl -s https://elonmusk.today/ | grep BMW
Obviously I have no way to show you Facebook proprietary source code, but equally obviously Facebook can make their code do anything they like, including MITMing on an account-by-account basis.
That is always true when all the code in use is controlled by a single closed organization.
Nope, just an expectation that sweeping claims get backed up either by reasoning (like you just did) or a source
As for your reasoning vs your claim: you had made it seem like there was some well-known flaw or tool within FB to disable/intercept E2E. Or that we should expect an E2E-disabler functionality already exists.
I'm no FB developer, but I doubt it's as simple as one or two rogue developers adding in an "intercept mark's messages" functionality.
> That is always true when all the code in use is controlled by a single closed organization.
Fair enough, but FB/whatsapp messengers are probably some of the most scrutinized by third parties, as well as developers who would sooner or later blow the whistle (would hope so anyway). I would not take "mark is on signal so his messengers suck" to be a reasonable conclusion - and I'm not even FB's biggest fan.
"So he put his tongue in, and took a large lick. “Yes,” he said, “it is. no doubt about that. And honey, I should say, right down to the bottom of the jar. Unless, of course,” he said, “somebody put cheese in at the bottom just for a joke. Perhaps I had better go a little further... just in case...”
- Winnie the pooh, Chapter 5 in which Piglet meets a Heffalump