Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
dathinab 2 days ago

Technically speaking WhatsApp is roughly second place on secure messaging behind Signal.

So while there are massive issues wrt. compliance and giving a US company control over all of this from a purely security choice they could have done way worse and still f*up compliance.

amiga386 2 days ago | parent | next [-]

In the US, it's Signal. In the UK, it was WhatsApp.

When researchers dumped 100% of Signal's users in the USA, because its contact discovery API has no rate limiting, they found a huge portion of Signal's US userbase has Washington D.C. area codes.

"Signal; Washington D.C. numbers are more than twice as likely to be registered with Signal than for any other area in the US" https://encrypto.de/papers/HWSDS21.pdf

Meanwhile, in Scotland since the pandemic, Nicola Sturgeon ran her government with an entirely parallel communication network on WhatsApp, explicitly to prevent her government's discussions and decisions from being discoverable by FoI requests.

There was daily deletion of messages. It was drummed into people by Sturgeon's head civil servant, Ken "Plausible Deniability" Thompson: https://archive.is/jK6Bd

> Thomson was head of the Covid co-ordination directorate of the Scottish government and wrote: “Just to remind you (seriously), this is discoverable under FOI [freedom of information]. Know where the “clear chat” button is…”. He later added: “Plausible deniability are my middle names. Now clear it again!”

Sturgeon, just like Boris Johnson, retained zero WhatsApp messages: https://www.bbc.co.uk/news/live/uk-scotland-67949454

Scotland only banned use of WhatsApp in government 4 months ago: https://www.bbc.co.uk/news/articles/c4g8pe585z1o

kevin_thibedeau a day ago | parent [-]

The beltway people working as public servants are (supposed to be) using the TeleMessage fork of Signal. Specifically designed to archive messages for the public record. That is the reason for the increased representation of federal workers.

dabeeeenster 2 days ago | parent | prev | next [-]

I don't really mind someone foreign having access to what is being said, as much as I mind public servants not being able to be held accountable because all of the discussions are encrypted.

2 days ago | parent | next [-]
[deleted]
lazide 2 days ago | parent | prev [-]

If you’re thinking about foreigners in this context being some random person on WhatsApp in the US, that’s one thing.

You really might want to consider however that ‘foreign’ in this case could be anybody from a Russian FSB agent in Moscow, to a pro Project 2025 CIA agent.

It’s not a good idea for a minister in a gov’t to have their ideas spammed to people accidentally or (by hostile action) intentionally that are not within that same gov’t.

Regardless of ‘good’ or ‘bad’, if anything else it’s an operational risk due to misaligned incentives that the voters are really dumb to not make a bigger deal about.

alistairSH 2 days ago | parent | prev | next [-]

The compliance (audibility, recovery, etc) is the big problem, IMO, not the security.

2 days ago | parent | prev [-]
[deleted]