I guess if you can't get people to go to Facebook anymore, you can always bring Facebook to the people.
I'm not sure how I feel about this. I like apps with a singular purpose, that do one thing well. This feels like it's going to intrude on my peace of mind with big, distracting groups that broadcast low quality, high volume information.
Sounds like it’s geared a lot towards businesses. I only use slack that way and slack I use in businesses contexts.
> Communities like neighborhoods, parents at a school, and workplaces can now connect multiple groups together under one umbrella to organize group conversations on WhatsApp.
Any sufficiently complicated messaging system or Social network contains an ad hoc, informally-specified, bug-ridden, slow implementation of half of Google+.
- Option to block/filter/hide people within a group. This way I can mute inconsiderate jerks from groups I can’t leave (work/family);
- alternatively, option to mute and hide groups forever, no I don’t want a red dot to signal there’s new message. I want it completely hidden until I casually remember to check it;
- hide my online status
These three action points would alleviate all my pain points with their platform.
Unfortunately, I’m not confident they will give me this kind of control as this would be anathema to Meta core values: controlling their (product|user) and increasing engagement on their app to the expense of the user mental health.
I definitely feel your pain. Bite the bullet and leave those groups. I did, it was difficult at first but I'm better for it. The momentary discomfort will soon be replaced by long lasting peace of mind.
One time I was switching between phones or restoring from Titanium Backup, and WhatsApp removed me from all my groups (maybe when I logged on from a new phone, I got a new key, and when I restored using TB, the new key didn't match my key the members knew)...
If someone from one of the groups confront you/GP about leaving, you can always say "I was restoring from backup and it looked like something went wrong!"
> - alternatively, option to mute and hide groups forever, no I don’t want a red dot to signal there’s new message. I want it completely hidden until I casually remember to check it;
You can do this by archiving the groups, they will only appear if you go in the archived chats tab and won't notify you.
> - hide my online status
You can already do this in the Privacy options.
> - Option to block/filter/hide people within a group. This way I can mute inconsiderate jerks from groups I can’t leave (work/family);
This is honestly stupid, there's no way you will be able to follow a conversation where some people's messages aren't displayed. Leave your family groups and refuse to use WhatsApp for work.
> You can do this by archiving the groups, they will only appear if you go in the archived chats tab and won't notify you.
No you can't, read again, I *don't* want a red dot signalyzing there's new messages on my archive.
> You can already do this in the Privacy options.
Unless you're in some A-B test I definetely don't have this option on my Privacy setting. Just Triple checked.
> This is honestly stupid, there's no way you will be able to follow a conversation where some people's messages aren't displayed.
The hot take is: I don't need to follow any conversation that includes those individuals. But I need to follow notices, and important information regarding my job.
How about hide behind a notice: "You mutted this person, click here if you want to read the message anyway.". There, some middle ground.
> Leave your family groups and refuse to use WhatsApp for work.
I'm not even sure how to respond to this, if you're privilleged enough to say this, good for you. I'm definetely not.
> No you can't, read again, I don't want a red dot signalyzing there's new messages on my archive.
I had never used the feature a lot so I didn't know what was the behavior.
I just tested, there's no red dot, it just shows you the number of unread messages, which is really not attention catching (I actually had 2 unread messages there for months and had never noticed before).
> Unless you're in some A-B test I definetely don't have this option on my Privacy setting. Just Triple checked.
Just took this screenshot. It's also not new, my girlfriend has been using it for years.
> I'm not even sure how to respond to this, if you're privilleged enough to say this, good for you. I'm definetely not.
I can't see any demographic that can't afford to leave a family discussion on WhatsApp, especially one with people that they don't want to talk to.
As for work conversations, unless you work a job where you're not on a computer all day, which is probably less than 1% of the commenters of HN, there is a more work-appropriate tool for communication that your company is already using.
> Just took this screenshot. It's also not new, my girlfriend has been using it for years.
Can confirm this privacy option existed since I installed WhatsApp on my brand new LG G2 back in 2014. I turned it on then right away and never turned it off in all the years and phones I've had since.
The price for people not seeing your "last seen" status, is that you don't see other's people's "last seen" status. Which is fine by me.
>Being able to completely hide your online status is brand new.
Unless new configuration options may appear without an update, it is not "brand new". I just checked and I have that option, and I updated WhatsApp in August 14, when I was forced to do so. My version is 2.22.16.75.
That option is kind of dormant in app I think and gets enabled from backend. I updated two phones at same time around a month ago and one of them did not have that option until 2-3days back.
Write-protect groups-- to avoid accidentally sending stuff to contacts or groups where you don't usually send anything (involuntary groups for work or family)
Alternatively- permanently disable mic and camera access to groups.
Even if that were truth I know pretty much nobody who has it, while I think I dunno single person who wouldn't have Whatsapp, so I assume majority of those Telegram users are concentrated in few countries lika Russia, Iran etc. or in some specific social circles, which I am not part of.
You may go by Google Play Store installations. With about ~1.5 billion installs that's about a third to a quarter of WhatsApp installations. WhatsApp claims about two billion active users, so that seems about right.
"(nobody uses Telegram for the secret chats, let's be honest)."
Thats what you would think from a technical point of view, but actually I witnessed some drama with people installing Telegram, because the partner thought it was done only for this "secret chat" option, which seems to be popular for people having affairs. As it leaves no trace on the phone. Most people don't care about the NSA. They care about their partner, or parents spying on them (which says a lot about the integrity of those relationships).
Whatsapp has disappearing messages, though it takes 24 hours to disappear, don't understand, why they can't make it instant after reading or within minutes. Personally I don't use it. I mean if you wanna cheat is it really that difficult to not forget manually delete the chat instead using feature which does it for you?
I'm always intrigued by the crossover point between small scale more intimate group chats and larger scale message boards.
Does anyone have any examples or experience with platforms that pulled off that transition space successfully? And what were the key features that made the transition successful?
I'd say discord pulled that off pretty successfully. For what made them successful with it was maybe having a very okay moderation and permissions system, and the user interface lending itself to jump to different conversations pretty effortlessly.
Whatsapp took Skype's market as a free voice over and video ip but the value of 'communities' is hopelessly questionable. We already have a crowded market for gossip groups (Nextbore, etc etc) and you could argue this directly competes with ye olde facebook. Maybe they are going to do a roll up of WA & FB as part of the brave new Meta era?
friendly reminder, whatsapp is not end-to-end encrypted. WhatsApp and iMessage are vulnerable to law-enforcement real-time searches. WhatsApp shares message metadata with law enforcement agencies such as the Department of Justice. If legally required, or at its own discretion (such as for investigating Facebook leaks), it can provide critical location or account information, or real-time data on the recipients messaged a target subject.
Message contents are end-to-end encrypted (but not all metadata is). And no, they are not sent through an unencrypted side channel to Meta. I've worked at Meta on a team that does end-to-end encryption. The company is also very clear about this publicly [1][2]
It's super frustrating that every single time WhatsApp is mentioned on Hacker News, someone boldly makes a claim that it's not encrypted based on hearsay or hunches.
It's fair to criticize the end to end encrypted claim though because for a long time, WhatsApp was storing unencrypted backups. Now that has been improved, but I doubt that most people opt into that. If 10% of users has turned off backups, and 5% has put a password on their backups, you have 85% of people being vulnerable. If some authority wants to know what has been discussed on WhatsApp, they won't ask Meta, they will ask Google or Apple. With the above (imaginary) numbers, if there is a group with 5 random Signal users and a group with 5 random WhatsApp users, the WhatsApp content is going to be available most likely to authorities that Google and Apple deliver content to, while the content of the Signal group is most likely not available. For iCloud, Apple claims end to end encryption but they keep a backup key around so it's mostly just marketing. There might be a small benefit from this through protection from employees side stepping company policies.
Sure, that's a fair point. Backups were initially not encrypted, but as you mentioned, this option is now available.
Without going into too much detail, I can tell you a huge challenge with encrypted backups is compliance - many people simply do not opt-in to using encrypted backups. It's a difficult line to walk because ultimately you don't want to pester users too much about using encrypted backups either. In case it's not clear, the reason it requires opt-in is because you (i.e., the user) control the encryption keys and therefore you must take some action to write down a key or passphrase. As you may imagine, the average messaging app user is not as tech savvy as the average Hacker News user and many simply don't want to go through this extra step. Even worse, if they opt-in to encrypted backups and lose their keys, they will end up blaming Meta for not giving them a way to restore their message history when their phone gets lost (it's not easy to explain that it's your responsibility as the user to keep your keys safely stored).
Definitely, this is a hard tradeoff to make. Users very often care more about having access to their messages than them being not accessible to authorities/advertisers/etc, and they are very often not very savvy. As you say they also probably don't choose the most secure passwords.
Signal on the other hand sides on the side of security so much that it makes the app purposefully less useable, e.g. with their pin feature. But it doesn't have this backup problem. It's not a situation that has an easy solution atm.
But I think it's important to note that the belief of many users is wrong that end-to-end encryption implies that message content is unavailable to governments unless they get unlocked access to devices of communication partners.
The thing is, I wouldn't want to use Whatsapp considering how Facebook got it: spy on people with Onavo and then basically pressure the original founders out of the company, and then do stuff like https://news.ycombinator.com/item?id=25662215... that doesn't sound like stewards I'd trust
> It's super frustrating that every single time WhatsApp is mentioned on Hacker News, someone boldly makes a claim that it's not encrypted based on hearsay or hunches.
You only address OP's first "bold" claim. You've sidestepped the rest. I wonder why.
> The frustrating part is people making claims about issues where they don't actually have datapoints to back it up. I try to avoid doing that.
When it comes to security, the default assumption is always to assume any system is not secure unless it can be proven that it is with a reasonable level of certainty. In the case of Whatsapp, that level of proof is not there. We have to assume it is insecure. If Whatsapp released their client's code, that problem would go away.
It’d make for a really great story if someone were able to prove that WhatsApp isn’t e2ee and instead sends copies of all message contents to meta. You could just go ahead and decompile the app to do that, then write it up and get #1 on HN.
The recent OpenSSL vulnerabilities were in there for over a year before they were discovered. Theoretically Signal or an open source version of WhatsApp could have a bugdoor, which would not be found for as long or longer.
Sure, it’s way nicer when stuff is open source, but I’m not sure it’d change much in this regard.
(IMO there are many good reasons to dislike WhatsApp/meta. I just think your argument is flawed.)
or out of date. read the terms of use for business accounts, which are everywhere now. it clearly says that metabook have access to any message exchanged with a business account on whatsbook.
...and I'm not sure about groups. there are data leaks for media in groups that were dismissed as features a while ago, not just metadata. well, i think they called media ids that identify content as metadata or something. not following whatsbook closely lately.
For someone who is "not following whatsbook closely lately" that is again a bold claim to make.
But anyway, business messages are also encrypted. Businesses are allowed to designate other accounts to receive messages, in which case those other accounts are sent copies of those messages using a different key. It's similar to sending messages to multiple devices. This is disclosed [1] and needed to support things like auto responders.
Group chats are also encrypted using a shared sender key and this is described in the whitepaper starting page 10 [2]
If you click through the references in your links a couple of times, you eventually find this[1]:
> The other tech giant that can be compelled by law enforcement to hand over potentially large amounts of sensitive messaging data is Apple. iMessage, Apple’s text-message service, comes loaded on the iPhone and is used by 1.3 billion people worldwide. According to the FBI’s “Lawful Access” guide, if served with a court order or a search warrant, Apple must hand over basic subscriber information as well as 25 days’ worth of data about queries made in iMessage, such as what a targeted user looked up in iMessage and also which other people searched for that targeted user in the app. That doesn’t include actual message content or whether messages were exchanged between different users.
That doesn't sound like the police have real time access to Apple Messages at all. I believe they still have access to unencrypted backups, which is not real-time.
Didn't they work with the Signal team for their e2e encryption of messages and calls? Are you saying that they've removed that despite showing the opposite at the beginning of of every new conversation?
The nuance here lies in what a "message" is. In the contemporary era of smartphones, data transmission, and all the bits-and-bobs in between, a message is much more than just the word contents. The "messages" might be e2e encrypted but the metadata is not, and that subtle difference is ridiculously important. e2e encryption is used as an indicator that your communication is private, but while the messages on whatsapp may be private (well, until your partner in the discussion decides to send a copy to meta themselves), the communication is anything but. For some reason though this nuance is set to the side and we all bicker about the message contents.
The reality is, sending information is a multi-layered thing. There's the message contents, the message metadata, and the network that the message is sent on. All of which are subjected to different levels of privacy. Each of those things can be used to spy on you, to abuse your rights, and to generally invade your life in ways that most would consider to be inappropriate. Which leads to the obvious conclusion that e2e encryption of the messages is only a portion of the issue. By using WhatsApp, you're trusting Meta corp as arbiter of all of these pieces and their implementations. Which is obviously, given everything the Zuck has ever leaked from his mouth piece, is not a great choice.
I know this, you know this, and it's abhorrent. I wanted to skip over that detail and point at the more glaring issues with trusting them in general. The real point is that trusting Meta to be a good moderator of your communication and all the ways that can be misused is really absurd. Emphasized by your point that they can automagically escape their encryption routines on a whim.
Neither of those says that anybody other than sender and recipient can access message contents. Just metadata, which is well understood (and from what I know, also true for Signal, correct me if I'm wrong).
The subpoena asks for "all correspondence with [these] users". I am not a lawyer, so I don't know if that gave enough wiggle room for Signal to not provide metadata, or if they don't store it in the first place.
Where does it say that? It says they could do that, not that they are doing it.
Although nothing indicates that Facebook currently collects user messages without manual intervention by the recipient, it's worth pointing out that there is no technical reason it could not do so. [...] An "end-to-end" encrypted messaging platform could choose to, for example, perform automated AI-based content scanning of all messages on a device, then forward automatically flagged messages to the platform's cloud for further action.
Signal is incredibly user-hostile, especially for a supposedly open source company. I don't know what alternative to recommend, but the decision is not so easy.
As someone whose threat model does not yet involve law enforcement, I'll stick to my own preferred platforms, thank you very much.
would you mind expanding on how Signal is user hostile? the only things I know of is dropping sms support on android, which didn't affect me, and the "enable notifications" message that pops up every week.
stop spreading lies, whatsapp IS end-to-end encrypted, yes they can see metadata but messages are E2EE
some other people mention flaggging when sender or recipient send message for moderation, which has absolutely nothing to do with encryption or safety, obviously if YOU have access to message then you can forward it to whoever you want
Messages are usually sent E2E-encrypted it seems, but based on some heuristics (my guess: interesting contents as determined by filters, flagged, user flagged by law enforcement) messages are sent via a side channel to Meta.
Sounds as legit as when Facebook asked people to upload nudes of themselves so they would know what to block :-$
absolute and utter nonsense. WhatsApp literally uses Signal's encryption protocol and messages leave your device encrypted. The only thing WhatsApp has access to is metadata.
if you're going to make an accusation like this I suggest you back it up.
It is discussed widely and openly including in sibling threads.
I also think it was in the news a few months back and I even think it was discussed here.
Edit: note, I am not saying messages aren’t always sent E2E-encrypted between users today, only that in some cases they are also sent in a side channel to Facebook simultaneously.
Edit 3: this is of course on top of the fact that they uploaded the backups (from everyone who enabled backups) unencrypted to Google under terms that let Google sift through it.
I read through the second link (I didn't bother with your first link, as it is just to a bunch of search results, and the result of looking at your second link undermined your credibility too hard for me to go hunting), and you seem to fundamentally misunderstand the limitations of e2e encryption.
> A WhatsApp spokeswoman told The Post: “WhatsApp provides a way for people to report spam or abuse, which includes sharing the most recent messages in a chat. This feature is important for preventing the worst abuse on the internet. We strongly disagree with the notion that accepting reports a user chooses to send us is incompatible with end-to-end encryption.”
Are you somehow expecting e2e encryption to mean "incapable of being copied"? Once the user receives a message if they think "OMG this message is horrible!" of course they can send a copy of that message to WhatsApp... it's their data to send!! Technology not only can't it shouldn't attempt to prevent what that user can do with their data once it is on their phone, and while I'd prefer more localized block mechanisms be put into place it doesn't violate security to implement some weird "if the user you spoke with is an asshole and wants to send a copy of your message to Facebook, they should get to do so" feature.
(Also, your third edit is just silly: the user enabled backups and backups don't even automatically enable. The way backups work was always disclosed, and if you didn't want to enable backups DON'T ENABLE BACKUPS. But, the thing to appreciate is that these are YOUR MESSAGES: if you think it makes sense to have a backup copy on Google's server you should 100% get to do that, just as you should get to screenshot them and upload them to Twitter. Would it have been better to build an encrypted backup feature? Sure... and they eventually did! Would you have simply preferred them to not implement a backup mechanism at all?! Just because someone hasn't gotten around to something doesn't mean they are evil. Technology should not prevent users from doing whatever they want with their data.)
None of those are sent by Whastapp, everything you quote literally talks about USERS deliberately forwarding their own messages, so clearly without use deliberately doing it, Facebook wouldn't have access to content of these messages. By this logic NONE app is E2EE since I can always take screenshot or forward the message or in the worst case take photo with other phone while reading and then write crazy articles that mesages on Signal are not E2EE because I took photo of the message and send it to Signal team.
If the Twitter acquisition and the published whatsapp chats between musk and dozens of other billionaires/politicians/ceos and public figures showed me anything. Is that random people on hackernews and reddit take their communication way more serious than them. I don't know what your communication consists of but I need to activate e2e maybe 1-2 times a year. Don't get me wrong I get that making encryption the standard should be the way to go but comments like these are irrelevant for 99% of people and if you have the need for real secure communication you would host it yourself. It's the same for email 99% don't need PGP and if you really do you shouldn't use email in the first place.
This reasoning is the reason why better alternatives struggle. "I get that it would be better, but I don't care so I won't use the better alternatives".
There are the people who don't want a specific message to leak (politicians, journalists), and then there is the whole surveillance capitalism story.
We need e2ee so that companies cannot profile entire populations using the content of their messages (they can still do a lot with metadata, admittedly).
WhatsApp says they are encrypted. Some reading tells me there is a loophole if a message is flagged - it's then sent for moderation and no longer encrypted. A hell of a loophole. But loopholes aside, WhatsApp is end-to-end encrypted and, without being flagged, messages are not vulnerable to real-time searches by law enforcement.
If I'm wrong (very possible!) please explain exactly what I have wrong here.
As for Signal, I have an account and use it with a few people. But until the day comes when my other several hundred contacts switch to Signal, I don't have much of an option.
The content of the message is E2EE except when it is not with the loophole you mentioned. The major difference between Whatsapp and Signal is the metadata collection. Meta can record each message sender, receiver, time, size of message, length, device ID in some cases, location and more. This is valuable information for the authorities. Signal encrypts metadata and knows the first time a number connected to the service and last time they connected and have consistently only been able to provide that when given a warrant.
This is correct. Message content is encrypted, and only readable from either an unencrypted backup on iCloud or if one of the message recipients reports your message (their client then sends the message to Meta unencrypted).
Message metadata is available to Meta. All I can say is.. if your threat model has to account for metadata like this than you have a whole lot more to account for than just WhatsApp or Signal.
SMS is also not end-to-end encrypted. At least in Brazil, the reason why people use whatsapp is because sms is expensive (and they use audio messages also)
>Today, we’re excited to announce we’ve started to roll out Communities on WhatsApp globally and this will be available to everyone over the next few months.
Does anyone else find these soft-launches irritating? Give us a date?
Unlike Matrix's implementation, I don't think you can nest WhatsApp communities as easily.
Instead, I think their inspiration has come from alternatives like Discord where multiple chat rooms within a group of people is part of the core app design.
I'd like them to copy the spaces feature, though, because it's quite useful to me personally.
I'm not sure how I feel about this. I like apps with a singular purpose, that do one thing well. This feels like it's going to intrude on my peace of mind with big, distracting groups that broadcast low quality, high volume information.