Most active commenters
  • gruez(3)

←back to thread

WhatsApp introduces ads in its app

(www.nytimes.com)
713 points greenburger | 19 comments | 16 Jun 25 13:38 UTC | HN request time: 0.283s | source | bottom
Show context
christina97 ◴[16 Jun 25 14:18 UTC] No.44289755[source]
There’s something particularly paternalistic about this statement from the PM: “Your personal messages, calls and statuses, they will remain end-to-end encrypted”.
replies(4): >>44290025 #>>44290140 #>>44294064 #>>44296250 #
1. blitzar ◴[16 Jun 25 14:41 UTC] No.44290025[source]
Any man who must say, "I am the King", is no true king.

Any tech company who must say, "we don't harvest your information", is a tech company that harvests your information.

replies(1): >>44293422 #
2. gruez ◴[16 Jun 25 21:11 UTC] No.44293422[source]
Signal also claims the same:

> We can't read your messages or listen to your calls, and no one else can either.

Should we be suspicious of Signal as well?

replies(5): >>44293465 #>>44293484 #>>44293857 #>>44296208 #>>44352265 #
3. 7373737373 ◴[16 Jun 25 21:15 UTC] No.44293465[source]
Yes
4. selfhoster11 ◴[16 Jun 25 21:17 UTC] No.44293484[source]
Signal isn't backed by a global data gathering conglomerate, so no.
replies(1): >>44293617 #
5. gruez ◴[16 Jun 25 21:34 UTC] No.44293617{3}[source]
You're right, they're funded by something far more sinister - the US government.

More to the point, I thought the principle was "Any man who must say, "I am the King", is no true king."? That seems to leave no room for hedging, like only distrusting "global data gathering conglomerate" or whatever. If you're have to do a holistic assessment of an organization's governance structure and incentives, you're basically admitting that witty one-liners like the above are pointless, which was my point.

replies(1): >>44295839 #
6. Krasnol ◴[16 Jun 25 22:09 UTC] No.44293857[source]
Sure you should be suspicious. You should always be suspicious. Especially if it's free. And you can do something to calm your suspicions. Like checking out Signlas Open Source code.
replies(2): >>44293904 #>>44295399 #
7. gruez ◴[16 Jun 25 22:18 UTC] No.44293904{3}[source]
>Like checking out Signlas Open Source code.

What's preventing them from serving a backdoored version? xz was open source as well, that didn't stop the backdoor. There might be reproducible builds on android, but you can't even inspect the executable on iOS without jailbreaking.

replies(2): >>44294170 #>>44295706 #
8. cherryteastain ◴[16 Jun 25 23:02 UTC] No.44294170{4}[source]
You can instead install a FOSS fork of Signal like Molly [1] built by F-Droid directly from the source code

[1] https://molly.im/

replies(2): >>44295327 #>>44295386 #
9. Tijdreiziger ◴[17 Jun 25 02:52 UTC] No.44295327{5}[source]
Isn’t that against Signal’s terms of service? Won’t they ban you?
replies(1): >>44295455 #
10. ◴[17 Jun 25 03:04 UTC] No.44295386{5}[source]
11. eviks ◴[17 Jun 25 03:08 UTC] No.44295399{3}[source]
How would that calm suspicion if you're not arr/ign-orant and understand that continuous security audit is practically impossible at an individual level?
12. sneak ◴[17 Jun 25 03:21 UTC] No.44295455{6}[source]
It is neither against the signal software’s license, nor it is against the signal service’s terms of service.

This is a false meme spread because the Signal founder (who is no longer with the company) didn’t like people making forks without changing the API server URL and running their own servers.

Open source software doesn’t work like that, however.

replies(2): >>44295897 #>>44295914 #
13. mos_6502 ◴[17 Jun 25 04:15 UTC] No.44295706{4}[source]
Signal designs their systems from the ground up to deliver verifiable trust mechanisms (via remote attestation) along with data minimization/zero-access encryption techniques.

Here’s one such example, which is also an interesting technical deep dive: https://signal.org/blog/building-faster-oram/

14. worik ◴[17 Jun 25 04:45 UTC] No.44295839{4}[source]
> they're funded by something far more sinister - the US government.

What does that mean?

15. ◴[17 Jun 25 05:02 UTC] No.44295897{7}[source]
16. Tijdreiziger ◴[17 Jun 25 05:06 UTC] No.44295914{7}[source]
Whether they’re open source doesn’t matter (for this question). They control (their instance of) the server.

As you say, I do remember them issuing some threats about it, so it would be interesting to know if they’ve changed their stance on this.

(Discord, as an example, has banned users for using alternative clients.)

replies(1): >>44299654 #
17. blitzar ◴[17 Jun 25 06:26 UTC] No.44296208[source]
Yes, in proportion to the number of times they bring it up in a conversation.
18. sneak ◴[17 Jun 25 14:26 UTC] No.44299654{8}[source]
Alternative clients are banned in the Discord TOS. The Signal TOS is on their website and doesn’t prohibit any clients.

Also, separately, the idea that you can only use a service with a certain client is dumb.

Imagine if a website said you can only use a certain browser, or they ban you. It’s ridiculous.

19. andreyf ◴[23 Jun 25 03:36 UTC] No.44352265[source]
That's not the same thing at all. Especially as LLM's get smaller, WhatsApp can make a lot of money reading your messages and listening to your calls on the endpoint in order to market segment your ads while remaining e2e encrypted.