this post was submitted on 23 Oct 2023
74 points (89.4% liked)

Privacy

31609 readers
312 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

And if so, why exactly? It says it's end-to-end encrypted. The metadata isn't. But what is metadata and is it bad that it's not? Are there any other problematic things?

I think I have a few answers for these questions, but I was wondering if anyone else has good answers/explanations/links to share where I can inform myself more.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago (1 children)

Care to elaborate? You can't just imply asymmetric encryption can be decrypted by 3rd parties and not explain how.

Also I don't know how exactly signal works but I know that you don't need to share secrets externally to message someone, so how are they exchanging the symmetric keys without using asymmetric encryption to boot?

[–] just_another_person 1 points 1 year ago (1 children)

This is more of a "how encryption" works question, so I'll just defer to some article response I got from Google which explains it simpler than I would:

"When someone sends a message to a contact over an app using the Signal protocol, the app combines the temporary and permanent pairs of public and private keys for both users to create a shared secret key that's used to encrypt and decrypt that message. Since generating this secret key requires access to the users' private keys, it exists only on their two devices. And the Signal protocol's system of temporary keys—which it constantly replenishes for each user—allows it to generate a new shared key after every message."

[–] [email protected] 3 points 1 year ago (1 children)

That doesn't explain why asymmetric encryption is insecure? In fact signal seems to be using two pairs of asymmetric keys to generate its symmetric secret, so it would also be prone to attack if asymmetric encryption was a flawed system.

[–] just_another_person 1 points 1 year ago* (last edited 1 year ago)

I guess I missed your initial conversations question, but this is easy to search, and not for me to defend WhatsApp. I'm not the harbinger of bad news here, I'm just telling you what everyone else has said on the internet. WhatsApp is not private. They cooperate with governments to make messages known even.

I feel like you're trying to drive a point home that has already lost in the security commutat as a hole. OP asked if WhatsApp is bad for privacy, and it is.

Edit: just to shut you up - https://propertyofthepeople.org/document-detail/?doc-id=21114562