| ▲ | akerl_ 14 hours ago |
| There's no future-proof suggestion that's immune to the government declaring it a crime. If you want a suggestion for secure messaging, it's Signal/WhatsApp. If you want to LARP at security with a handful of other folks, GPG is a fine way to do that. |
|
| ▲ | jhgb 14 hours ago | parent | next [-] |
| Nobody decided that it's a crime, and it's unlikely to happen. Question is, what do you do with mandatory snooping of centralized proprietary services that renders them functionally useless aside from "just live with it". I was hoping for actual advice rather than a snarky non-response, yet here we are. |
| |
| ▲ | Fnoord 13 hours ago | parent | next [-] | | > Nobody decided that it's a crime, and it's unlikely to happen. Which jurisdiction are you on about? [1] Pick your poison. For example, UK has a law forcing suspects to cooperate. This law has been used to convict suspects who weren't cooperating. NL does not, but police can use force to have a suspect unlock a device using finger or face. [1] https://en.wikipedia.org/wiki/Key_disclosure_law | |
| ▲ | akerl_ 14 hours ago | parent | prev | next [-] | | I gave you the answer that exists: I'm not aware of any existing or likely-to-exist secure messaging solution that would be a viable recommendation. The available open-source options come nowhere close to the messaging security that Signal/Whatsapp provide. So you're left with either "find a way to access Signal after they pull out of whatever region has criminalized them operating with a backdoor on comms" or "pick any option that doesn't actually have strong messaging security". | | |
| ▲ | johnisgood 12 hours ago | parent [-] | | > messaging security > WhatsApp Eh? There are alternatives, try Ricochet (Refresh) or Cwtch. | | |
| ▲ | akerl_ 11 hours ago | parent [-] | | I stand by what I said. | | |
| ▲ | johnisgood 6 hours ago | parent [-] | | I mean... why? | | |
| ▲ | closewith 4 hours ago | parent [-] | | Not the GP, but most of us want to communicate with other people, which means SMS or WhatsApp. No point have perfect one-time-pad encryption and no one to share pads with. |
|
|
|
| |
| ▲ | closewith 4 hours ago | parent | prev [-] | | You're asking for a technical solution to a political problem. The answer is not to live with it, but become politically active to try to support your principles. No software can save you from an authoritarian government - you can let that fantasy die. |
|
|
| ▲ | anonym29 12 hours ago | parent | prev [-] |
| Could you please link the source code for the WhatsApp client, so that we can see the cryptographic keys aren't being stored and later uploaded to Meta's servers, completely defeating the entire point of Signal's E2EE implementation and ratchet protocol? |
| |
| ▲ | akerl_ 11 hours ago | parent [-] | | This may shock you, but plenty of cutting-edge application security analysis doesn't start with source code. There are many reasons, but one of them is that for the overwhelming majority of humans on the planet, their apps aren't being compiled from source on their device. So since you have to account for the fact that the app in the App Store may not be what's in some git repo, you may as well just start with the compiled/distributed app. | | |
| ▲ | anonym29 11 hours ago | parent [-] | | Whether or not other people build from source code has zero relevance to a discussion about the trustworthiness of security promises coming from former PRISM data providers about the closed-source software they distribute. Source availability isn't theater, even when most people never read it, let alone build from it. The existence of surreptitious backdoors and dynamic analysis isn't a knock against source availability. Signal and WhatsApp do not belong in the same sentence together. One's open source software developed and distributed by a nonprofit foundation with a lengthy history of preserving and advancing accessible, trustworthy, verifiable encrypted calling and messaging going back to TextSecure and RedPhone, the other's a piece of proprietary software developed and distributed by a for-profit corporation whose entire business model is bulk harvesting of user data, with a lengthy history of misleading and manipulating their own users and distributing user data (including message contents) to shady data brokers and intelligence agencies. To imply these two offer even a semblance of equivalent privacy expectations is misguided, to put it generously. |
|
|
