Their tactic of degrading ux when you don't give them permissions has been happening for a long time.
Accounts in WhatsApp have a username, but if you don't enable contact permissions on your phone, they will only display the contact phone number in the conversation list view. The username is there if you click into their profile from the chat, but WhatsApp wants to punish me instead.
The tactic of pushing users by deliberately degrading ux has been obvious for a long time with mobile websites vs mobile apps as well.
Usability of mobile websites has intentionally been kept worse than that of mobile apps. Probably from not long after smartphones and mobile apps first came to be popular.
Just one example is the local ads service by eBay where the mobile website is usable, but just so much more clumsy than the app.
And all just with the goal of pushing users to the apps because they enable much more valuable data collection.
Reddit's mobile site nags you constantly to download the app. They started restricting the comments you can read without an account. And their site redesign is just bloated and bad. Seems like every social media site gets popular and then starts turning on their users to squeeze out more ad money, more data, more rent and metrics and growth. I'm super glad HN exists.
Everything on mobile is so brazenly user-hostile. The result of a tightly controlled ecosystem (at all levels) where the end user is just something to be consumed. Everything about it is so incredibly unpleasant, that I try maximally to stay away from mobile anything.
And people keep repeating the lie that the app stores somehow created a better experience for end users. Dark patterns and deliberate sabotage of the UX is pretty much only confined to the mobile ecosystem; Desktop-friendly companies also tend to be much more open (e.g., Discord, and Telegram have bot APIs, Tumblr publishes RSS feeds for all its blogs), while the more mobile-first a company is the more user-hostile it acts (e.g., TikTok uses UUIDs in its share links to track the fuck out of you).
The lies about malware are the most laughable. Malware ultimately only matters for business usage (if for that). I have seen (non-tech-savvy) people here use Windows PCs with all its software pirated (completely typical here in Iran, and presumably in most of the developing world), and they are just fine. They needed to install some antivirus software before Microsoft upped their game, or their computer would break after some (rather long) time, but installing a (pirated, of all things) antivirus app isn’t that hard. People could just pay the computer retail shops to do it for them for a small fee.
Note that this is still the state of affairs even for most enterprise PCs in Iran. Malware just isn’t that pernicious for end users. Ultimately, WhatsApp itself is nothing but malware. There isn’t much difference between poor users who are forced to use a malware-injected cracked app, and people forced to use a privacy-invasive app like WhatsApp because of network effects.
You may still be hurting yourself more than you hurt them. I say may since I don't know your circumstances, but I am missing out on communications from my employer since they insist upon using WhatsApp.
I agree since they should not be using WhatsApp for internal communications. The problem is that they do not see it that way since it adds additional hurdles with respect to communications from their perspective. That is especially true since I am the only holdout and few people seem to know how to use the organization's email system with any degree of proficiency.
It's too easy to do and can be done from quite far away. Also you don't need eyes. An innocent pic or video taken in public can capture that info.
I think long ago, Signal used to display phone number just beneath name when you are chatting someone. That always made me a bit uncomfortable. Now they don't do that, only displays name.
If they are that close.. they can see the words you are writing. If you are sending winky love icons who you are sending it to may not be as important your actual content.
I am bridging WhatsApp to my Matrix server. On Matrix it shows the username when the number is not in your contact list, and only then did I notice how unnecessary access to the contact list actually is (as long as you don't start new chats with people)
If you talk with a number that is not in your agenda, WhatsApp will display the number. If you talk with a number that is on your agenda, WhatsApp will display the agenda name. WhatsApp never displays the nickname (on the list) no matter if you accept everything or not.
They could display the nickname, that could be a nice addition, but anyway removing the contacts permissions is the same as having an empty agenda. WhatsApp isn't degrading or punishing you.
So what, who cares how this works technically. They made it work that way, hiding usernames on purpose to push users to give their app contacts permissions that aren't needed to display usernames.
That's why I said 'on the list' referring to the main screen (where you can see the list of all active chats). As far as I know the nickname is shown on messages on a group, next to the number, and on the info screen (of both a private and a group chat).
Otherwise, I can impersonate anyone with any name and contact image that I want. The way it is set up, you are the only one who has control over the displayed name (with fallback to the phone number). I actually like it that way.
No, it's not a security feature. If you do allow contact access, but don't add people to your address book, you see the name they chose for themselves. And it looks different (slightly faded gray instead of color coded, a tilde in the beginning, slightly smaller font). At least on my Android.
That's exactly what I was referring to. I think I have misunderstood the parent comment. I thought he was complaining about this being the default behavior when you don't enable access to your contacts.
What confuses and worries me is that Telegram (on iOS) seems to be doing the same. If I don't allow it access to my contacts, it won't let me add anyone manually either, even by username.
This is why the os shouldn't let apps know what permissions they have. Apps should have access to an empty address book or fake gps coordinates if they don't have those permissions.
This is my #1 peeve. I have friends who work at FB, and the mental acrobatics they do to justify this would have been quite amusing, if it wasn't such a daily annoyance.
Great, I will eventually uninstall it when they make me. I only keep it around to deal with people that haven't switched to Signal or Telegram yet. I have all three on my phone. Whatsapp usage has dropped a lot lately in my circle of friends. I removed Facebook Messenger ages ago (nobody I know uses that anymore). Just like the Facebook app and instagram. Whatsapp is the last bit of Facebook software on my phone.
I've been watching this corporate stupidity train wreck play out over the last few months. Every time I open whatsapp I get an obnoxious dialog urging me to pretty please accept their T&Cs. I click it away because I can. The fact that I can amuses me because it signals a certain amount of despair by Facebook. It's not normal for an app to be usable without accepting the terms and conditions.
The dilemma Facebook has is the very real problem that people are opting to uninstall rather than accept. Their users are angry and disgruntled. Which is why they are allowing people to use the app without accepting the terms and conditions. Which is of course highly unusual. From a legal point of view, until I agree, the old T&Cs apply. Basically they are saying those were actually fine and nothing really changed and it's all cosmetics but bla bla bla could you please accept the new ones anyway. It's a very weird position to take legally.
Either the old T&Cs were fine and there never was a reason to change them or the new ones materially change the old T&Cs and they should just state in plain language why and how. Instead we get this months long weaseling that is no doubt partially inspired by the fact that they are under a lot of scrutiny by authorities in the EU and US for privacy violations, monopolistic tendencies, data leaks, etc. The real issue is that the new T&Cs are of course designed to carve out some legal wiggle room there for Facebook to do user hostile things like ads and tracking. So they are in fact a change and they need users to swallow that.
> Great, I will eventually uninstall it when they make me.
1) It's likely you won't because of 2)
> I only keep it around to deal with people that haven't switched to Signal or Telegram yet.
2) The likeliest moment for that to happen has passed, so that might just not happen. Biggest ancedotal indicator is prevailing usage in age group < 20
I was mostly worried about friends in Asia and Africa, because phonecalls and SMSes will be prohibitively expensive, but my worries were unfounded: north'ard of 90% of my contacts have already migrated to Signal and WhatsApp — about fifty-fifty, as far as I can tell — so out went WhatsApp. No more Facebook apps for me, thanks.
Just out of curiousity, why do you write "northward" as "north'ard"? The contraction doesn't make sense as you are omitting one character to replace it with another. Is it to convey accent or is it common where you are to write it this way?
> The contraction doesn't make sense as you are omitting one character to replace it with another.
Are you saying that it's pointless to replace the w with an apostrophe because the number of characters doesn't change? If so, this is not how contractions work. The point isn't to reduce the number of characters in writing, the point is to indicate in writing where letters have been omitted in the spoken pronunciation of the contraction.
As I said elsewhere when I said convey accent, I meant pronunciation. So in that situation I understand it's use, I just hadn't heard it pronounced like that before.
Huh. Your comments made me wonder if there are any English words, perhaps acknowledged in a dictionary, containing punctuation. A quick poking around suggests the answer is: no.
I don't think that is true. Look at what your sentence fragment would be:
the a'os'rophy can al'o in'i'ate pro'nun'i'tion
If you leave out those letters you are omitting the important beginning sounds of each sylible. You generally want to highlight that sound and hide unnecessary characters.
If you had taken the time to listen to the video, you would have heard that the 'w' in 'northward' was indeed omitted in the pronunciation as well as in the spelling.
In your case it is probably because of name-calling.
Personally I usually don't downvote people for asking nicely why something was downvoted (when it isn't totally obvious) even if I know it is against the rules but the the moment name-calling starts any hesitation goes out the window.
I keep WhatsApp around to reply to people that try to get hold of me there telling them that they can find me on Signal. I've made a few converts this way.
But I think the new policy changes allow WhatsApp to read business messages. So be weary. Also I think you gotta accept the new terms to have WhatsApp Business.
There's Watomatic. Author claims it doesn't connect to internet even though it has full network access permission, so idk about it. But the code is FOSS. It's on fdroid too.
> Author claims it doesn't connect to internet even though it has full network access permission
Hi! Watomatic developer here. The newer version does access internet (Github API) for following reasons:
- To show release notes in the app
- (in works) To warn users about outdated versions. This is an issue esp in the non Google Play landscape.
- (in works) To show recent contributors list in the About section
...
Having access to internet made lots of things easy so thought that was a pragmatic choice :)
You accepting the new terms was never really important. It is an extra legal protection.
You gave them the right to change your agreement when you first signed up. Agree or don't agree, in the end they will collect and use your content however they please.
To me, this is an example of why individual and collective action on gigantic things, like climate change or privacy, are both important.
I salute everyone here who is able to switch away from WhatsApp. I wish I could dump it as well, but I can't.
Why? I volunteer with a group where one of our main things is to have a small army of people out doing coordinated-but-physically-separated tasks. Everyone has a smartphone of some kind but they're of varying types and quality. We tried using group SMS but that was a disaster, as group-SMS is bad enough but group-SMS-with-30-people is one level below "just fax everybody."
WhatsApp, meanwhile, lets us make daily groups, have a QR code that volunteers can scan at check in to join the day's group, app versions that work on the shittiest Android phone all the way up to the brand newest iPhone. And as a bonus, since almost all of our volunteers have friends and family outside the US, pretty much everybody already has Whatsapp installed and knows how to use it.
The one time our Executive Director tried switching apps, I had to spend an hour talking him out of WeChat, of all things. Point being, we need individual action to pressure our friends and family groups along with regulatory action so that massive platforms can't abuse us like this.
Telegram might be worth a try. Also has the ability to join a group via Links (which also means QR Codes would work). There are a lot of options to manage groups, and even though it might not be as good as signal at encryption etc. it’s definitely better than WhatsApp
>even though it might not be as good as signal at encryption etc. it’s definitely better than WhatsApp
By default Telegram doesn't even do E2EE, you're 100% trusting them not to read your messages unless you start a secret chat. In what objective way could you consider Telegram to be technically more secure than WhatsApp?
> In what objective way could you consider Telegram to be technically more secure than WhatsApp?
Firstly mahnouel didn't write "more secure" but better.
Secondly: if backups are enabled WhatsApp at anyone of the group members then WhatsApp is automatically uploading unencrypted copies of the group chats to Google.
I'd say that brings WhatsApp security for groups down to Telegram level at least.
Thirdly: forcing others to use WhatsApp to be part of the group gives away their group affiliation to Facebook. This might or might not be a problem for you.
At the time, joining groups in Signal was an involved process and the friction was higher than "a volunteer lead stands at the check-in desk and shows the QR code to each volunteer as they arrive for the day." Plus, most people didn't have Signal installed; almost everyone, and realistically the "almost" doesn't apply any more, has WhatsApp.
Signal's new groups work much more akin to WhatsApp and maybe I can bring it back up again once the pandemic has fully subsided.
that's been my approach (meanwhile years ago). People never said it to my face but I'm pretty sure they thought I was strange. The only effect it had on me was missing out on spammy gossip group chats which filled my phone with memes and annoying notifications of people's micro-emotions that they felt I needed to somehow be part of.
When I now meet these people IRL they seem often very happy for being able to break news to me. Not being in the loop added quality to my friendships and I'm also genuinely happy to meet somebody because "it's been ages". Have created the same rule with my partner some years ago and we do not text each other little updates during the day so that we can have "quality time" in the evening which we always look forward to. It felt weird at first because nobody else does this, but it helped us carving out "us time" in which there is always something interesting we can share (e.g. "delayed gratification"[1] is grossly underrated in our time)
Most friends have meanwhile switched to Signal so I'm now more in the loop than 2 years ago. Though I never bring it with me when I leave the house so making an appointment with me and cancelling on last minute will be a problem (one I actively want to have - as strange at it sounds). Also I bring respect to any IRL conversations by _not_ having the chance fiddling with my phone. (I don't demand the same courtesy from my peers but I like tho think as of leading by example). So my mobile is a landline that uses radio :-)
I get that people don't like facebook but what's wrong with FB Messenger? For me I use it about 98% of the time. I does not require my phone number or access to my contact list, unlike many other messaging apps. It easily accessible on all of my laptops and desktops at messenger.com, no stupid "must login via QR code on only one device at a time BS". Also no app required on desktop (I trust the browser's security more than native apps on desktop)
It's also accessible across multiple phones if I decide to use a different phone. I have 2 with different sims and so sometimes, especially when traveling, use the other phone.
It supports groups just fine.
Also I've had almost no issue using it for audio or video calls.
I detest Line, and I detest WhatsApp. I only use them for a few friends who prefer them.
FB messenger = Facebook. If people don’t like Facebook then they by default don’t like the messenger app it created because that is another method to suck up all your data and personal information. They read what you wrote and if you say send something they deem offensive will have your account permanently deleted. Hard pass as a daily messenger service.
>> Which is why they are allowing people to use the app without accepting the terms and conditions.
Are they? For a couple of months now when I try to see my messages I am asked to "Agree" with their terms and there's no way to go past that screen that I can see, other than pressing "Agree".
I'm in a weird position though: I'm an EU citizen with a UK number. So I'm not even sure the GDPR covers me proper. If I understand correctly, under the GDPR I should be given an option to not "Agree" and still continue to my messages.
I've been clicking the X everytime i get the popup for a few days now. I haven't really thought much about it or actually read it yet. I honestly fucking hate WhatsApp and wish I could convince the few people i talk to on there to use something else, even SMS. I've tried, yet they always message me through WhatsApp. They're not people i can really ignore either.
Anyway, i guess this is mostly a rant. But fuck WhatsApp, they actually manage to somehow be worse than Facebook messenger. At least messenger let's you appear offline.
While you're still stuck "using" Whatsapp, I've had great success using the Matrix bridge [0] on the homeserver I run [1]. Your contacts still message you, but you don't have to give Whatsapp your contacts list, other apps installed, or location via ip/wifi network.
It won't work for calling (as it's not supported on Whatsapp Web), but images and groups (which I use) both work perfectly.
Doesn't that use the whatsapp web api? Which requires you to have Whatsapp installed on your phone as it routes all communication to the phone where it is decrypted?
It requires a VM (as noted below) or an old phone you no longer use. I wasn't actively using my Nexus 5 anymore anyways, and this is a better use for it :p
And yeah, it's be forwarded and re-sent through the phone/VM. But this is the best trade-off I've found for dealing with people that refuse to leave WhatsApp. I look accommodating and don't just cut out someone I presumably need to care about, but also limit how much data FB gets.
And while I haven't tested this, I'm now curious how always having WhatsApp Web active affects my "Last Seen" time...
I use that too, works really well. Bit fiddly to set up but it's surprisingly resilient, and at least the WhatsApp app is stuck in it's own VM with nothing else on it.
I never saw that 2013 thing. My friends and I all had access until 2100 or something. Considering that implementation never really happened, it doesn’t mean much.
Yeah. Everyone in my country uses WhatsApp. There's nothing I can do about it so I've made peace with it. At least it has end-to-end encryption. It's even proven its effectiveness against my government's justice system.
For what it’s worth, OWS (whose co-founder created WhatsApp and which is now known as Signal Foundation) implemented Signal protocol for WhatsApp’s E2EE. WhatsApp’s technical paper[0] (last updated October 2020) describing the implementation indicates that only public keys, not private keys are stored on the server.
Unless there’s been an incident I’m not aware of, all I’m seeing is you claiming that WhatsApp/OWS engineers are lying with the only substantiation being questionable ethical practices of the parent company.
That's likely true about the protocol, as far as I can tell. But that's never been true about data-at-rest on your device; which wouldn't have been much a of a problem, except ...
They used to have encrypted backups, but at some point in time, the Android backup (and AFAIK the iOS backup as well) dropped encryption. And since 99% or so of users back-up to the cloud, it means that Google and Apple have the unencrypted history for essentially everyone (remember, every message has two sides - they only need one side from each message)
> They used to have encrypted backups, but at some point in time, the Android backup (and AFAIK the iOS backup as well) dropped encryption.
Is this actually the case? I know they say it's not protected by E2EE, but my understanding is:
- images are unencrypted (just like they're accessible on your phone's external storage, where many apps can read them)
- the text messages are encrypted, but the key is escrowed with Facebook, who will provide it to anyone who can pass SMS verification
This means that an attacker has to get access to both your Whatsapp account and your Google/Apple account. This isn't a very high hurdle (for governments, this likely just means two subpoenas, and for other attackers, it just means getting access to your phone number through one way or another, because in many cases that will let them hijack most of your accounts), but it seems slightly better than unencrypted.
The copy of the backup on Google drive/storage (whatever they call the app backup) is completely unencrypted.
Google won’t just give it to you - if you want it, you have to impersonate the WhatsApp app.
The local backup on your device is encrypted. Facebook will give it to anyone who can read their SMS message, as long as they also impersonate WhatsApp.
The bottom line is that without much work, google has full access to your data in whichever way they desire, but you only have access through the sanctioned app.
Which means for a state level actor, it’s at most one subpoena and likely they have streamlined that XKeyScore style, so not even that.
> The copy of the backup on Google drive/storage (whatever they call the app backup) is completely unencrypted.
Any idea why they do that, instead of applying exactly the same encryption? Also, is there any place where this is documented (where I can point people to that ask me the same question)?
Can WhatsApp’s own backup be turned off? On the iOS side of things, if WhatsApp data gets backed up to iCloud alongside the rest of the device, it will be encrypted but not E2E (which makes it largely pointless)—however, you can turn iCloud backup off.
This is an issue separate from “X owning your private keys”, but I agree it’s a problem.
Either way, secure messaging requires care from both sides; even if you both use Signal your counterpart can, say, let some spyware screenshot her jailbroken Android, and then it’s all for nothing. The only way of avoiding that is probably handling communication on a dedicated device, or a thoroughly locked down software ecosystem.
Anecdotally, a couple years ago I lost the entirety of my WhatsApp conversations and contacts after changing phone: I missed the opportunity to enter a code at some point and it got wiped without any way to recover it. I don’t know if that was an indication of backup encryption, but it sure felt like security trumping convenience.
Just pointing out that there’s a difference between one person being owned (your signal example) and essentially everyone’s data being available to state-level actors (what’s happening with WhatsApp)
As another one who dislikes WhatsApp these day and defend Telegram I think we should still stick to the facts instead of going down to this level:
I've seen no credible or verifiable claim that Facebook currently has access to the keys.
That said: credible and preferably verifiable sources are very welcome.
However, depending on your threat model WhatsApp might still be a huge problem, and this is public information so you can verify it for yourself:
If anyone you communicate (or you) enable backups in WhatsApp, any chats that person is part of is uploaded to Google as unencrypted data, i.e. I believe the upload channel is encrypted but it is stored in a way that everyone who can force Google to give them access can read them.
Which means that you group chats might very well be readable to Google and everyone they have to obey without you even knowing.
It's apparently possible [1] to use an android emulator like anbox [2] to run whatsapp in a sandbox. I'd like to know if anyone here has experience with this approach as as a long term solution?
> wish I could convince the few people i talk to on there to use something else
You can use Watomatic to give these people an auto-reply each time they send you a message, and tell them about the better alternative you prefer to communicate with.
Signals two day outage with zero explanation killed a lot of their momentum at least with my contacts. Few months later 80% are back on whatsapp.
Honestly after what Signal pulled with hiding their server code for a year to implement mobilcoin and still not releasing some parts of their code, Im fine with WhatsApp
I never understand this reasoning. It's the same kind of thing that people do with Firefox versus Chrome: Mozilla does stupid stuff sometimes, so that makes Chrome okay. Signal does stupid stuff sometimes, so that makes WhatsApp okay.
Never mind that Facebook and Google are awful, user-hostile companies and neither Mozilla nor Signal has done anything even close to as bad.
Don't let perfect be the enemy of good. Why does the alternative need to be immaculate in order for you to drop a bad company?
> Signal does stupid stuff sometimes, so that makes WhatsApp okay
no, it makes the people who recommends the switch (to their non-tech friends) look bad. The majority of people don't care about these sorts of issues regarding privacy or open-ness. "Normies" care about the usability, reliability and speed.
I had convinced a few (non-tech) friends who used to use whatsapp to switch over to Signal. Then signal went down, and they immediately switched back, and that downtime made it look like i made a bad recommendation. Signal also has a bigger spam problems than whatsapp (you get these fake Amazon people trying to spam/phish you on signal, which never happened with whatsapp). I will no longer be trying to get people onto signal, not because i don't like signal (i use it myself with friends that do remain), but alas, whatsapp is still the "main" messaging app.
So in all, the dominance of whatsapp is due to their reliability and momentum - no amount of privacy intrusion is going to change that. So signal needs to up their game, but i fear the opportunity has passed already.
The downtime I understand being a concern, especially for laypeople. The GP comment specifically identified Signal's secretiveness surrounding their server as the dealbreaker that made them "fine with WhatsApp", which is what I was actually responding to (didn't make that clear).
That said, Re: downtime, I've been using Signal for years now with non-techie family, and I've never had any complaints from them outside of that one two-day window. Signal is doing remarkably well even today. It seems like they just failed to adapt to the massive spike in load they had that week.
The GP wrote "Signals two day outage with zero explanation killed a lot of their momentum at least with my contacts. Few months later 80% are back on whatsapp."
They also wrote this, which is, as HEAD~2 already said, the sentiment being addressed.
> Honestly after what Signal pulled with hiding their server code for a year to implement mobilcoin and still not releasing some parts of their code, Im fine with WhatsApp
It's such a binary view; it's either "good" or "bad". No in between. No nuance. This is one of my main gripes with the Free Software crowd to be honest (and the part of HN that overlaps with it).
Is Signal perfect? No. But overall, it's not bad, and if we compare them to the average mobile phone app filled to the brim with dark patterns and tracking to the point where Apple felt the desire to build an entire feature to prevent this, they're almost mother Theresa.
Mother Theresa was not really a good person, she probably did more harm than good with her "suffering takes you close to god" approach to helping people. [1]
Christopher Hitchens was great; one of the few public people whom I never met where I was genuinely sad when he died.
But in this, I'm not so sure he was right. He let his penchant for being contrarian and dislike of religion get the better of him. Not the only time this happened.
Any more reason for this other than a psychological evaluation of Hitchens? He made an argument, you can speak to it. Is it a complicated objection that can't be summarized?
There have been loads of refutations of many parts; I don't have a full review at the ready and can't be bothered to research it again in-depth for just this comment to be honest :-)
Hitchens not infrequently exaggerated some alleged crimes or misconduct from religious figures unfortunately. He usually had it by the right end of the stick in the general view IMHO, but could be sloppy on details. Classic case of "say something with enough confidence and people will believe you, especially if it confirms their preconceived notion" (in this case, religion=bad).
Mozilla has never made Firefox completely stop working for 2 days. Even if they did, it's still a false equivalence: if FF stops working for a few hours you'd just use Chrome pretty much seamlessly. With Signal you have to switch to a different messaging service (easy) AND persuade all your contacts to switch too (hard).
I wasn't talking about the downtime. The GP comment said that the thing that drove them away from Signal was the Mobilecoin debacle. I was drawing a parallel between that and Mozilla pushing Pocket (or any of their other missteps).
I totally get why the downtime turned a lot of people off, but that's not what GP identified as what drove them to be "fine with WhatsApp".
The downtime is what drove a lot of my contacts away. That was the most significant factor in the move back to Signal.
I have been using Signal for a long long time, right after they dropped their dual messenger approach. My trust was high in them where I used to bug my contacts to move to Signal.
For me hiding the server code ( parts are still hidden ), adding in mobilcoin, promising an AMA on reddit to explain and then cancelling it has broken trust, 2 day outage with zero explanation and more so I wasted so much tech influence to get people over, only to have them move back has made me meh about Signal. Facebook might have taken a few years to abuse its power, Signal took far less time while pretending to be high n mighty.
Oh and those recent 'facebook ads' scheme. At least be truthful that your account has not blocked because of the ads. If they are so shady about basic things, cant trust em with the big things.
It doesn't matter if the network effects (due to the downtime) make it unusable anyway. Who are you going to talk to if your contacts are using something else?
That's American sentiment isn't it? Let's vote for X because Y sucks. I buy Samsung because apple sucks. Google sucks I buy apple. Left Vs right. ... Nowhere else in the world is the elusion of only two choices bigger than there
Also, apparently they include Goolge play services and wont permit an F-Droid maintained version from federating. Correct me if I'm wrong, I saw this on the Signal github re F-Droid packages.
It can run without Play services (it does for me). I'm sure the code is there somewhere in the APK, but since it doesn't actually execute if you're not using Play services, I don't see a problem with that.
They've also not categorically dismissed F-Droid; just given a list of things they need it to do first. Some of those have been resolved by now, some are unlikely to be any time soon.
You are unhappy and disagree with the decision but are they really "red flags"? In the GitHub issues you mention Signal does provide what seems to me to be good-faith reasoning behind their decisions.
Yes, I definitely see those as red flags. And I'm not unhappy, just being helpful for those who maybe aren't paying close attention. Would hate for them to end up in another WhatsApp situation!
That's a key difference between Signal and Whatsapp. The first now comes with a lot of evangelization from current users, and people in general are just sick and tired or just deaf to any kind of "activism" trying to determine their lives. We live in a very loud world.
To be successful, Whatsapp's replacement, whatever that is, should be perceived as not a huge leap but have the right ingredients for people to naturally switch (think Unix worse-is-better philosophy), or just come with lots of positive, not negative, associations. "X is evil" is just not doing it for a lot of people.
I see people in the comments discussing applications for instant messaging. What is worth talking about is protocols.
Once upon a time there were IRC and XMPP.
But for whatever reason people stick to silly corporate funded gimmicks.
Support open protocols.
I am really happy that for email we still have SMTP and IMAP. And if my current email provider decides to screw me up I will just jump over to another one in a matter of hours.
There is no added value in signal, imessage, whatsapp, threema, icq, viber, telegram, slack.
All these “apps” want to substitute open protocols the same way google and facebook try to replace world wide web.
If we talk about Signal. I am still not convinced. Yes, they are a 501c3 nonprofit.
But what they lack is transparency of decision making process. And their governance model is not clear. In other words there is no guarantee that they won’t irreversibly switch from good to evil.
Now, on protocols. Imagine signal was a protocol similar to smtp or xmpp in the sense that you would not be tied to a specific app or server or company or people. Matrix looks promising in this regard but unfortunately matrix is too complicated and at this level its adoption rate will be even lower than signal’s
So why don’t we put some love into creating a protocol for a secure e2e instant messaging and video conferencing that we would stick to for the next 30-40 years?
That would be a real innovation and value for everyone excluding corps and rotten political regimes.
The vast majority of the population does not know what a communication protocol is. They know whatsapp is a messaging app, their friends are on it, and they can use it to reach them.
If you speak in a language they understand, such as "there are approaches that enable different apps to talk to each other, so you only need 1 instead of a handful", they might get interested.
Another protocol will not help if you don't have an app and a network of users that can compete with whatsapp. As far as I know, whatsapp implements just that for IMs exactly (whisper protocol made by signal) and its still a walled garden.
Yep, I agree. It is like a consequence of hick’s law. The more options you have two choose from the higher probability you will choose the one already chosen by the majority in your circle.
In this regard, I recall an old advice: if you’re a linux newbie and aren’t sure what linux distribution to choose, choose the one used by your friend/neighbour.
Your messaging app wants to screw you over? If only there was an alternative. Or dozens.
Seriously, is there something so sticky about WhatsApp (other than being a new vector for Facebook to invade your life) that almost any alternative isn't preferable? We block it outright.
The sticky part is the social network effect. Its by FAR the dominant messaging app in much/most of Europe. Some switch to Signal/others has occurred... but if you have _one_ friend who doesn't switch that you want to continue to communicate with... you're stuck too.
Not to mention, the alternatives aren't great. I'm sure others will provide a better breakdown, but at a high level:
- Signal is the best alternative but missing features like crazy that really do matter to "normal" people (can't change your phone number! Stickers only can be added from the desktop app)
- Telegram a) has a poor reputation in my greater social circle b) doesn't actually encrypt by default
- Matrix is simply not accessible to anyone who isn't highly computer literate
I don't know what everyone use (feel free to provide a source but until then I'll treat it as an anecdote) but I live in Northern Europe (Denmark) and the only person I know that use WhatsApp regularly is my 63 year old British uncle (to keep up with his family in the UK). Everyone else use SMS, old and young (well actually more and more of the younger contacts in my phone doesn't even own a smartphone and refuse to use MMS. Hipsters I say!).
I can't see a single thing WhatsApp or Facebook messenger can do for me that signal can't do better because I simply don't need SoMe on my phone. I need encrypted SMS. Anything more than that is worse than what I already got.
To paraphrase someone young from my family: "Facebook is for old people". So is WhatsApp and Facebook messenger. But of course it's just an anecdote that covers 100% of the people I happen to know. So from my bubble I don't believe for a second that they have a future. Signal might. As encrypted SMS but not otherwise.
Welcome to Latvia where I have to think hard to find someone that doesn't use WhatsApp.
I find that whatever number I call from the "local craiglist" where people sell items, I find them on whatsapp.
Nearby "home depot" accepts orders over whatsapp. I can even send pics for what I want!
Kindergarden - all parents and teachers form a group and communicate there, ask questions, make announcements. Teachers may share pictures what kids are doing.
School classrooms form groups.
...
SMS unfortunately cannot share pics and videos, and location which is sometimes handy and cannot form groups.
So getting out of whatsapp is, well... big inconvenience. No one has even invited me to Signal.
Welcome to Latvia where I have to think hard to find someone that doesn't use WhatsApp.
Same here in Wales. We are in the insane situation where local taxpayer-funded bodies such as schools compel people to use foreign, tax-evading commercial services in order to fully participate.
I'm not doubting it is different in other places and circles. I personally just haven't seen it.
>SMS unfortunately cannot share pics and videos, and location
MMS can. Not only that but it is only old people that use these things according to the younger people I know. Just today I read an article about emojis: It's only for old people. Matches my experience perfectly. These chatsnsill soon die out and be replaced by something different.
I live in the U.K. Basically everyone I know uses WhatsApp. My friends mostly use WhatsApp (it was to be a pretty reasonable choice even for the privacy conscious). My family use WhatsApp. My landlord uses WhatsApp. Some of my colleagues use signal but I work in tech so they aren’t very representative. I might use text to contact a stranger for some reason (say arranging pickup of something bought on eBay or Gumtree, or some other service) but they might also use WhatsApp. Some of my friends use Facebook messenger so maybe I shouldn’t care that much about WhatsApp’s privacy policy if messenger’s is so much worse.
Also in the UK and I've just opted to flat-out refuse to use WhatsApp. I think a lot of people want to stop using WhatsApp but are afraid to do so because of the imagined repercussions or a fear of missing out. I say to hell with that and I've found that, since there are, in fact, plenty of alternatives that work, people who need to communicate with me are able to do so perfectly well. A few non-tech oriented contacts have even installed Signal as a result of my stubbornness, including my landlord funnily enough.
There's an app, Silence[1], which encrypts your SMS if your contact uses it as well. It does so over the actual telecom SMS network, and doesn't break non-Silence user messaging either. Been using it for years.
There once was an app called TextSecure, who pioneered E2EE on phones, that used to work both with SMS and its own network. When they realized maintaining both networks was hard, they ditch SMS and remained on their own network. Some unhappy devs wanted to keep SMS compatibility so they forked the app, focused on that, removed the custom network named their fork SMSSecure and, after some time, called it Silence. The original devs used the opportunity of a groundbreaking change to rename their app... Signal.
You are absolutely right. I started out with TextSecure myself. I switched over to what became Silence eventually.
I'm not a Signal user though after giving them several tries, and that decision seems more final by each passing days. I find I disagree too much with how their leadership and organization have behaved in relation to other projects and the direction they continue to take Signal.
Yes, it was like this here back when WhatsApp was new too. Not anymore though, so the point stands: around here young people see these apps as being for old people. Just today I read that they also see emojis as something grandmothers use. Matches my experience as everyone I know younger than me will at most use "(:" and not any emojis (yes, they are upsidedown too). I know many with no smartphone (old Sony Ericssons are getting expensive!).
I get the feeling from your comment that you are proud of the fact many in India use these awful apps. It's not something to be proud of. You are paying with your privacy and in India that can cause you harm a lot easier than in Denmark.
Not me. I've NEVER installed any app owned by Facebook including WhatsApp. Never missed it, but then I'm not a social person. My stubbornness forced a few acquaintances to install Signal.
I don't know anything about the source, but on the bottom left I can see it says "Source: Facebook internal [something]". Various other searches corroborate similar numbers. There are about 80 Million people in Germany, so this is substantial.
It also matches my (anecdotical, yes) experience of pretty much all my friends and family in Germany using WhatsApp, and me having done so as well before I moved to the US. I remember the impetus being that at that time (long before they were acquired by Facebook), SMS were expensive in Germany, but WhatsApp over data was (effectively) "free". I believe this to be the main reason why WhatsApp took hold in many countries, while it didn't so much in others (e.g. the US, where I think individual SMS were always free, but not sure).
Nowadays, some of my folks in Germany at least use Signal or iMessage.
Afaik this applies exactly like this to most of/all of europe.
I still pay $0.15 per sms. Ok i'm on a prepaid plan but still, that's ridiculous. And my separate (very slow, but more than good enough for HN, voip etc.) mobile internet only sim is $4/month. Of of course with signal that is effectively almost a flatrate for all calls and texts.
I don't know where you are at but here in Denmark I have unlimited/free SMS and using Netflixs test servers (Fast) I get 80mbit/s right now, inside my house out in the country.
Many I know have basically zero data in their plan as they don't need it for anything so there's no way WhatsApp or FB messenger can be cheaper than SMS. I think the price with only 1gb data and free SMS/MMS is something like $6.
I mean, by now several people have pretty much told you that things were and are different in other (and larger) parts of Europe than they seem to be in Denmark, likely having a big effect on the initial proliferation of WhatsApp and potentially other messengers.
Most metropolitan areas of Denmark use Facebook Messenger primarily. People will just as gladly speak to you over SMS. Contrary to the experiences of many others in this thread, I've experienced virtually no resistance to asking close friends to install Telegram to speak to me. One close friend has flat out refused because they are a Signal diehard so we just SMS.
Clearly not as they use SMS only in my circles. I can't even send a picture to some of my younger friends as they refuse to use even MMS. It's all Nokias and Sony Ericssons.
I think the problem is with the whole virtue signaling thing. Telegram is so much ahead of the competition in everything except video calls and having E2E enabled by default. (Which doesn’t matter to normal users, and will make the multi-device UX much worse.) Signal’s UX is almost as bad as WhatsApp. Their only upside is that they are more privacy-conscious. Most people don’t care about that level of privacy, when they’re so many features missing, and so much free UX money left on the ground.
Why is SMS not used more widely in Europe? It's less ergonomic than a dedicated chat app, but in the states it's the one thing everyone is guaranteed to have.
Telegram, Signal and Whatsapp have tools for handling tens or hundreds of people in a group. (Telegram more than the others).
Also, everyone here has (near)unlimited data, so using a non-SMS communication tool is free. SMS have either a flat budget (1k SMS per month) or cost per message.
Oh, and sending pictures/videos over plain SMS is just horrible.
Nope. I don't, and I never have any issues with not having it. I communicate with my wife's family through Signal and everyone else through SMS, and my not having WhatsApp has never even drawn a comment.
Well, I'm happy for you. But the question was about Europe.
"Everyone" (scare quotes) does have it in Europe. Not having it absolutely draws comment, in a similar way that not having a Facebook account drew comment some years back. And as to why nobody defaults to the lowest common denominator of SMS, WhatsApp is vastly superior to SMS:
-seamless picture, video, and audio messaging - this is always super janky / broken on MMS
-built-in interface to Giphy
-integrated video and voice calling
-group chats (especially this)
These features are optimized for use by a meme-loving, highly social, audio-visually oriented userbase. Posting a reaction gif to a funny group chat thread is 1) vital culture and 2) impossible on SMS. That's why.
You are of course completely correct. I downplayed the network effect that drives the ability of these companies to say "screw you peon...accept whatever crap we shovel on you or your grandma's IMs get it".
> Matrix is simply not accessible to anyone who isn't highly computer literate
I would have agreed about a year ago, but the reference implementations have been slowly and steadily improving, as have alternative Matrix clients. If I still had contacts who struggled with Element, I might look at (for example) FluffyChat.
Same in Indonesia; I sometimes joke that the entire Indonesian economy runs on WhatsApp. An exaggeration, of course, but it's pretty much ubiquitous when communicating with businesses.
In my country SMS has absurd prices, when Whatsapp showed up it was viewed as a huge blessing, no more having to pay at the time around 1 USD to send 1 message... (and if you had 141 characters? well, that is 2 USD now!)
Everyone here uses it now, and this include sevearl business and organizations, I heard even some government communication can only be done with Whatsapp, so basically we are stuck with it.
All my friends are on whatsapp. Even when some switched to Signal, others simply declined ("I don't need another chat app").
It's a pandemic. I haven't seen my friends in a year. I want to have the option to talk to them. Due to health risks of my spouse, and due to vaccine delays, I will not see them until autumn.
Blocking Whatsapp may very well amount to cutting off a lot of contacts for me - not that I have many. More social isolation is a high price to pay at this point.
Don't get my wrong though, my soul burns with seething hatred for Whatsapp and Facebook over this. If I'd meet someone working for these companies, I might very well spit in their face. Heck, if any of you work for these companies, shame on you. You are taking advantage of the situation, of people being isolated. And you know it.
But yeah - around these parts, Whatsapp is THE message app everyone uses. And it's sticky. Very much so.
I was a heavy WhatsApp user and deleted my account in January. I’ve had full coverage of contacts with iMessage, Signal and SMS. I notified most important contacts before deleting.
What sucks though is that when you delete your account, WhatsApp doesn’t hide or delete your threads on other people’s phones. That means that people continue to send messages, and don’t realize they aren’t delivered unless they come back to the thread and are tech-clever enough to realize there is only one light grey check-mark, and not two.
what's WhatsApp? is this a competitor for Signal? (jk).
I've got a few dozen non-US clients, they loved WhatsApp, after our first Zoom meetings they asked a few times for WhatsApp connect. I mentioned privacy and protecting our respective business interests by moving to Signal. they had near zero issues switching and hardly had any questions. as a tech professional, when we make a recommendation to others who trust us, they just follow. don't abuse the power, fight for the user.
I didn't have any issues witg Signal until they introduced this crypto BS recently. Now I'm suspicious of them. I don't know if that's unfounded or not, but I don't know much about crypto and I don't have any interest in spending my time researching this to see whether it's a problem for me or not.
Maybe I should take the time. But I guarantee I'm not the only person feeling this way, and most people will simply avoid Signal if they're doing suspicious stuff that they don't understand.
My understanding is that the coin stuff is still in beta and not available in the regular app.
Also when it lands on stable, it will be opt-in. So one need to deliberately switch it on to enable their cryptocurrency.
Their history tells us they go to great lengths to eliminate metadata. Court requests for signal data only get the account creation time and last access time. Please read about how they implemented their gif functionality in such a way as to preserve privacy. Also read about how they preserve your privacy in group chats. I think they are available in their blog. My understanding is that these things are unique to signal and apps like Element Matrix, WhatsApp, wire, telegram, threema, Conversations XMPP etc don't have it.
IMO it's a good idea to read Signal's blog. It can also be subscribed through RSS so you'll get notified about new articles.
I really don't want to read the blog of a messaging app. I don't care about messaging apps. I just want to be able to message people without worrying about my privacy.
I just recommend Telegram to people. I do like Signal for all the work they do, but their UX needs some work.
Yes, Telegram chats aren't E2E encrypted, but they Just Work. You can have the same chat history on your phone, tablet, laptop and desktop without any issues. With beautiful native clients too.
It kept showing me the prompt, and must I have dismissed it at least two hundred times over the past few months before last night I clicked "agree" by accident while half-asleep :(
That's true, but if the Apple/Facebook war escalates, it's a price Apple will be willing to pay iff they find a way to do it in a way that hurts Facebook.
It is a status signal, but no one buys an iPhone just for iMessage.
I hope this ends up with them offering a paid version for people that don’t want advertisements. These companies should be forced to at least have that as an option, it is frustrating to see when my children are playing these games with tons of ads and there’s no way to pay to have them removed.
Most privacy policies say that continued use constitutes acceptance. Does anybody know why this update requires explicit acceptance? What's in it that's so serious?
The article paints it as Facebook trying to play nice(r than usual) because of regulators:
> The decision not to fully enforce the deadline seems to be in reaction to the stern stance that the Ministry of Electronics and Information Technology (MEITY) in India took against the company. Earlier this year, the ministry filed a counter-affidavit in the high court to prevent WhatsApp from going ahead with the privacy policy update.
Before being aquired by Facebook, Whatsapp might have had a non-evil ToS that didn't automatically assume acceptance of changes. I really don't know details here.
Yeah it's frustrating. WA also requires this, in fairness. It's very annoying though. I want a messenger app that's not owned by Facebook and doesn't require that I'm constantly glued to my phone to use it.
Telegram still, AFAIK, has no way to backup or transfer E2EE conversations, and no desktop support for them either. Those are non-starters to me.
Your encrypted conversations are stuck on the device on which you set them up with no option to change phones, continue a conversation on a desktop, or re-install the app. As a result, most people that communicate with me on Telegram use the standard non-E2EE conversations which makes it about as bad as (if not worse than) WhatsApp, privacy-wise.
While I like Telegram, I'm not sure if moving from an app with end-to-end encryption to one that either doesn't use it by default (for direct messages) or doesn't support it at all (for groups) is a good idea.
I get the idea of avoiding Facebook, but Telegram can see your messages in plain text...
Do they provide E2EE for desktop by now, or still available only for phone? I would rather stick to Element, Wire, or XMPP (gajim on Linux, Conversations on Android from F-Droid). Briar seems cool, too, but it is not available for desktop.
Nearly all the major Internet services in China have been doing this for years, like Taobao (Alibaba's eBay), Weibo (Twitter equivalence). Some even ask you to login by using mobile app to scan QR code, so that you must install a mobile app.
The time family was making me to install this malware, it decided to go and delete _all_ my contacts in the phone. Thats when i immediately uninstalled the application and spend some time restoring all the contacts it deleted. Needless to say i told family, i wont use whatsapp, contact me by other means.
Also, if they use Instagram/Facebook as well, isn't the whole point moot anyway? Do they collect anything more in WhatsApp than they do in their other apps?
Had more and more friends move to Telegram lately and actually everyone is noticing how much better it is. I will still stick to that May 15 deadline and delete the app!
I say bring it on. Slowly people will be annoyed and switch to other platform, I will have no reason to use it by then. It is very sad that Apple is not providing Messenger to Android, it can definitely eat Facebook's lunch.
I think Facebook has a better bargaining chip with Instagram, it has been their front tier force competing with others.
Can someone who understands GDPR better than me explain how this works in light of the policy that you can't degrade functionality to force tracking consent?
If I remember right they also adjusted the ToS differently in different parts of the world - presumably they are not going for consent base in EU, so any such argument wouldn't apply anyways.
(EDIT: edited for clarity of the argument being made)
The GDPR is (as that R hints) a Regulation, and so yes it directly binds EU member states, however it is the successor to a Directive, which is EU legislation that works by telling member states to all write their own local legislation to achieve some general goal in their own way.
The UK transcribed the Regulations into its own law when leaving, because that allows to delay the tedious work of figuring out which rules, if any, should be modified, or eliminated for the UK itself going forward, something that in principle the elected politicians would obviously want a say in but there's always something more important.
The UK had anyway had similar rules prior to even the Directive, in the form of the Data Protection Act. More modern rules change some of the details, but the general thrust has been consistent, you should not have data about people that you don't need, and unless you have some compelling reason not to ask (e.g. detectives obviously won't be telling somebody they're collecting evidence that they sell stolen goods) you must ask permission before you store data about people in the first place, and people have a right to ensure your data about them is correct, which necessarily means they have a right to know what that data is.
The first Act cares too much about exactly how you store data, so that a filing cabinet full of information about people ends up not captured, while an Excel spreadsheet is. In current legislation (and the GDPR) you can't get away that easily. If you write all those records by hand, then shove the piles of paper unsorted, into an old shoebox and put it in a broom closet, then they're not subject to the rules, but they're also now pretty useless to you. The moment you arrange to make them easily accessible so that your business could benefit from having these records at all, they get captured by the rules.
Data protection agencies don't get to interpret the GDPR, courts do.
The GDPR does not contain any clause that someone has to provide a service for free without any kind of tracking. That would basically eliminate Facebook and Google as valid business models. There was such a stipulation in discussion for the e-privacy directive but it was legally half-baked and IIRC it is out of discussion by now.
I'm pretty sure it does - or maybe it's the e-privacy directive or something else, they all get called GDPR. But you have to make clicking no obvious, easy, and not degrade functionality.
Please provide a source for such a statement. Even the e-privacy directive has changed a lot lately. Your interpretation would render many business models illegal (e.g., Facebook, google).
Does GDPR prevent you from incentivizing/strong-arming/etc your users? I haven't heard anything about it if so (but I'm not particularly fluent in it). Obviously (hopefully?) it'll be bad to trick them into approving, but do this or GTFO seems fine, I'd be surprised if it somehow required companies to keep user accounts, or require identical features in-GDPR and out.
I took the harsh route. I sent an email to all my contacts saying that I was on matrix and/or email and would not be on whatsapp anymore. It's a bit sudden and most of my contact will never message me again, but I'm fine with that.
Threema and Signal marketing must have a field day. All they have to do is book some popups and add a "choose another messenger instead".. third button..
I was able to not use WhatsApp until my kids started school; And after a year of realizing, often 2-3 weeks after the fact, that I was unaware of something important that happened, I gave up, and bought a whatsapp burner phone for kid school use.
Don't need it for myself, but that's where the villains often get you - by putting the pressure on people you care for.
Accounts in WhatsApp have a username, but if you don't enable contact permissions on your phone, they will only display the contact phone number in the conversation list view. The username is there if you click into their profile from the chat, but WhatsApp wants to punish me instead.