GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Friday, 14-Feb-2025 10:15:30 JST 翠星石 翠星石
    in reply to
    • Dave Lane :flag_tino: 🇳🇿
    • EVERYTHING'S COMPUTER
    @lightweight @be It's end-to-end encrypted, except probably with a mistake in the e2e implementation and there's meta's backdoor at each end, so yes meta can see all the messages after they get decrypted.
    In conversation about 3 months ago from gnusocial.jp permalink
    • Embed this notice
      Dave Lane :flag_tino: 🇳🇿 (lightweight@mastodon.nzoss.nz)'s status on Friday, 14-Feb-2025 10:15:33 JST Dave Lane :flag_tino: 🇳🇿 Dave Lane :flag_tino: 🇳🇿
      in reply to
      • EVERYTHING'S COMPUTER

      @be bingo - I suspect that because Meta controls both ends of every communication via WhatsApp, there're ways they could 'legitimately' claim 'E2EE' while still having full knowledge of the content of each communication (e.g. having 2 streams of data going via their central server, one E2EE, the other split at the server). & yes, I believe Signal has fewer negative incentives plus there seem to be possible alternate llibre clients (but the central server code is proprietary as I understand it).

      In conversation about 3 months ago permalink
    • Embed this notice
      EVERYTHING'S COMPUTER (be@floss.social)'s status on Friday, 14-Feb-2025 10:15:34 JST EVERYTHING'S COMPUTER EVERYTHING'S COMPUTER
      in reply to
      • Dave Lane :flag_tino: 🇳🇿

      @lightweight I completely agree. I never recommend WhatsApp.

      Even if the Signal Protocol is still working the same as they implemented it in 2016, there are so many other privacy concerns with a proprietary client that make the E2EE nearly irrelevant. E2EE is only as secure as the ends.

      In conversation about 3 months ago permalink
    • Embed this notice
      Dave Lane :flag_tino: 🇳🇿 (lightweight@mastodon.nzoss.nz)'s status on Friday, 14-Feb-2025 10:15:35 JST Dave Lane :flag_tino: 🇳🇿 Dave Lane :flag_tino: 🇳🇿
      in reply to
      • EVERYTHING'S COMPUTER

      @be in any case, as I say in https://davelane.nz/proprietary, if we're dealing with proprietary clients that we can't build ourselves with a full tool change we can verify ourselves, we're forced to put our trust in 3rd parties with every interest in betraying us if that increases shareholder value. That, to me, is an oppressive liability, which is why, to the extend I can, I avoid being subjected to it.

      In conversation about 3 months ago permalink

      Attachments

      1. No result found on File_thumbnail lookup.
        Reflections on Proprietary Software
        I've been pondering proprietary software for the past couple decades.
    • Embed this notice
      Dave Lane :flag_tino: 🇳🇿 (lightweight@mastodon.nzoss.nz)'s status on Friday, 14-Feb-2025 10:15:36 JST Dave Lane :flag_tino: 🇳🇿 Dave Lane :flag_tino: 🇳🇿
      in reply to
      • EVERYTHING'S COMPUTER

      @be yes, I guess my point is that, unless we can see the code that's gone into the actual clients we're using, at both ends, it's impossible to say with confidence that the encryption is sound... The real evidence it's *not* sound is hard to determine for sure, but over time, the weight of evidence might prove it's not (or Meta might be sitting on their knowledge of what's being sent via their messenger for some very high-value situation, e.g. global power dynamics)...

      In conversation about 3 months ago permalink
    • Embed this notice
      EVERYTHING'S COMPUTER (be@floss.social)'s status on Friday, 14-Feb-2025 10:15:37 JST EVERYTHING'S COMPUTER EVERYTHING'S COMPUTER
      in reply to
      • Dave Lane :flag_tino: 🇳🇿

      @lightweight There's this, from 2016: https://signal.org/blog/whatsapp-complete/

      Has WhatsApp removed or altered the cryptographic protocol they use since then? I don't think anyone can answer that outside of WhatsApp.

      In conversation about 3 months ago permalink

      Attachments


    • Embed this notice
      Dave Lane :flag_tino: 🇳🇿 (lightweight@mastodon.nzoss.nz)'s status on Friday, 14-Feb-2025 10:15:39 JST Dave Lane :flag_tino: 🇳🇿 Dave Lane :flag_tino: 🇳🇿

      The conventional wisdom suggests that WhatsApp provides 'fully encrypted' messaging between parties. I know that the Fediverse has a disproportionately high population of folk with a credible understanding of advanced cryptography... Can any of you tell me whether we can *prove* that the code running in the actual proprietary WhatsApp client is implementing uncompromised end-to-end encryption that only the sending & receiving part(y|ies) can decrypt? Or are we just taking Meta's word for it?

      In conversation about 3 months ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.