Instagram just ended privacy in your DMs because apparently you didn't want privacy anyway.
Timeline
Post
Remote status
Context
2@Bernard Anyone who was under the illusion of having privacy on any Meta platform needs to wise up.
There have been stories that Meta tech support people can call up WhatsApp messages too.
@mike805
Meta provides an illusion of privacy. They tout products as E2EE but downplay how much metadata they collect on all messaging (Who contacts whom, how often, length of conversations, device, location, other apps on device..). Of course you have to trust that their software does what they say it does and that they won't change it whenever they want to.
Replies
8@Bernard If they control the key management they can decrypt anything they want to.
The incentive for a Large Evil Corporation (and that's basically all of them) is to promise their users privacy and then quietly make a deal. From CryptoAG to RSADSI everyone has done that.
The only exception is a foundation like Signal where there is no profit incentive and you can inspect the code.
Closed source code is backdoored 100% of the time.
Didn't MZ once say "for some reason those idiots trust me!"
@mike805
FYI Signal is centralized and closed source.
@Bernard Signal is non-federated but the client code is open and there are forks of it.
Some of the forks are backdoored, like the one the Trumpy warmongers were using.
With Signal I am more worried about the phone OS than the Signal app.
Want privacy? Don't use a phone. Use a PC with open source.
@mike805
The Signal server code is closed source.
Android forks like Graphene are generally more secure and private than a Linux machine depending on what you do.
@Bernard If the Signal client code is doing what it's supposed to be doing, and doesn't have any hidden backdoors, then I shouldn't have to care what the server is doing.
Someday I may try Graphene OS. I do have some Pixel phones. For the most part I don't do much on a phone though.
@mike805
The closed source server code is capable of collecting metadata. The secret sender mechanism is not impenetrable. You are always trusting the operators to be running the code they say they are. Communists are on the foundation board. Many much better solutions exist.
@Bernard > Many much better solutions exist.
Are you a Matrix fan?
Signal is the best thing you can get a non-privacy fanatic to use. People don't like the phone number based nature of it but that does make it easy.
And it has a history of surviving legal action. It supports disappearing messages that really disappear. You are not going to have the last ten years of your life served up in evidence against you because you wore the wrong shirt to a protest.
In the real world, that matters.
@mike805
Matrix is okay, but it exposes a lot of metadata. The guys who founded and developed matrix worked for the same Israeli telco software company that I did. They funded its development. I don't trust them, but I can't tell you much else.
Simplex.chat, delta.chat, session, and other decentralized messengers are as easy as Signal, but getting people to install an app is the biggest friction. I share all my comms channels on my web page and let people pick.