this post was submitted on 22 Oct 2024
68 points (94.7% liked)

Technology

59267 readers
3788 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

I don't think so. Metadata is unencrypted (i.e. your contacts, who sends messages to whom and how often and when).
Messages itself are encrypted.

Am I wrong?

[–] [email protected] 10 points 3 weeks ago (1 children)

That is what the article is explaining. The contact names and details are encrypted.

https://engineering.fb.com/2024/10/22/security/ipls-privacy-preserving-storage-for-your-whatsapp-contacts/

Perhaps the call times are exposed but it seems it would be difficult or impossible for them to connect this with a human identity.

Use Signal if you have concerns about WhatsApp.

[–] [email protected] 1 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

Thanks.

That is what the article is explaining.

The planned improvements are a good thing. I thought we talked about the status right/ until now.

Also: What does it mean then Meta (the company) isn't eager to collect this data (anymore)? This doesn't fit my world view of this company.

[–] [email protected] 2 points 2 weeks ago (1 children)

Meta acquired WhatsApp and somehow hasn’t messed it up yet. WhatsApp has always been fairly good with privacy and doesn’t share much with other Meta apps as far as I’m aware.

[–] [email protected] 1 points 3 weeks ago (1 children)

They don' want to moderate contents of your convos, it got expensive.

They are still mining the meta data to create cohort groups.

[–] [email protected] 2 points 2 weeks ago (1 children)

Where is the evidence of Meta mining WhatsApp metadata?

[–] [email protected] 1 points 2 weeks ago (1 children)

If it is happening, meta has it

[–] [email protected] 2 points 2 weeks ago (1 children)
[–] [email protected] 1 points 2 weeks ago (1 children)
[–] [email protected] 2 points 2 weeks ago (1 children)

WhatsApp is a Meta business unit, yes.

And it has its own rules and policies for what is shared with other Meta business units.

Google has spell out the same. Just because you provide data like location to one Google service doesn’t automatically mean every other Google service can access it.

And they can’t just change their internal data policies however they like as some of this is governed by legal regulations.

Here’s a a story about how Google is not allowed to share data across business units without user consent, at least in the EU.

https://www.theverge.com/2024/1/12/24036312/google-digital-markets-act-services-user-data-opt-out

[–] [email protected] -1 points 2 weeks ago

And tiktok promised to not send data back to china... It did.

And meta got caught sharing whatsapp data too

So did google

And then you come here with this clown 🤡 analysis?

How naive is u? Wtf

Do you reallt trust what a company says?

[–] [email protected] -3 points 3 weeks ago (2 children)

It uses signal Protocol so it has the same design defect for leaking meta data.

Both know who and when you are talking too. And thats really all the data the security apparatus cares about.

[–] [email protected] 2 points 3 weeks ago (1 children)

Is that really how it works? I thought signal protocol was about just how the encryption worked, not what is encrypted?

[–] [email protected] 2 points 3 weeks ago (2 children)

I am not following this.

Content of msg is encrypted and everything within but signal server knows when you talk to your girl becuase the server has to route it.

So anytime you initiate a chat, they know that yall doing something.

This meta data is what the game is all about tho.

[–] [email protected] 2 points 3 weeks ago (1 children)

and yet the only thing they provide upon a court request is the last time you were online and the date you created your account https://signal.org/bigbrother/

[–] [email protected] 1 points 3 weeks ago

That's for a generic court. FISA court order would never see a light of day and they would not waste that being exposed to the public.

They have technical capability to collect this meta data, that's a fact.

We know that that for purpose of this court case they either did not or are under order to not disclose.

If security apparatus want this information, they can get it. Do you really think singal will say know and violate US law?

[–] [email protected] 1 points 2 weeks ago (1 children)

The server doesn't need to know or keep track of who's sending a message to deliver it. If you don't trust signal to not lie to the court about not collecting such metadata, I can't convince you otherwise. But there's a merit in designing your system so that such collection is as hard as possible.

[–] [email protected] 1 points 2 weeks ago (1 children)

Bad analysis

Server knows each time you engage a person and who you are enaging. This is the meta data thats need for creatijg cohort groups

Also, you dont seemt to under how FISA order would work vis-a-vis regular court proceedings.

[–] [email protected] 1 points 2 weeks ago

Are you're familiar with how singal's servers work? Even I can think of a system where all messages are collected in a common pool before being distributed, the actual security researchers that made signal surely thought of something better.

How does FISA make it legal for singal to lie to a court about what information they have? Please enlighten me

[–] [email protected] 1 points 3 weeks ago

I guess that's right. Although I'm (most likely) not a person of interest for any secret service. But the data could be interesting for marketing and insurance companies.