Not on by default afaik

WhatsApp has encryption that you can't even be sure it exists. If we assume the worst case, surely non-default, proven encryption is better than no encryption at all.

Do you know what it is OTR? GPG? Even if it is leaked the data is encrypted.

I do know. That's why I use Gmail.

Ugh, stop being so delusional.

Yes, I will throw more wood to the fire. Now my question is... How do you know that WhatsApp really encrypt messages? And who has the key to that encryption?

Yes, I will throw more wood to the fire. Now my question is... How do you know that WhatsApp really encrypt messages? And who has the key to that encryption?

Facebook :D

GPG is PITA to use for a casual user, sadly.

Install Mozilla Thunderbird and Enigmail extension.

Facebook :D

Lmao

Yes, I will throw more wood to the fire. Now my question is... How do you know that WhatsApp really encrypt messages? And who has the key to that encryption?

Is it a rhetorical question? Nobody can prove that WhatsApp's encryption is safe, because the code isn't available. The keys to the messages are, supposedly, on your phone only.

Install Mozilla Thunderbird and Enigmail extension.

Even with Enigmail it's too complicated for the average Joe.

Install Mozilla Thunderbird and Enigmail extension.

I know about it, but try to explain to a random teenager how to use it, IMHO most of them will blindly accept any private keys, making MITM attacks trivial, therefore GPG would be essentially a waste of time for them

Is it a rhetorical question? Nobody can prove that WhatsApp's encryption is safe, because the code isn't available. The keys to the messages are, supposedly, on your phone only.

Don't they use signal's encryption algorithm?

Is it a rhetorical question? Nobody can prove that WhatsApp's encryption is safe, because the code isn't available. The keys to the messages are, supposedly, on your phone only.

Never saw those keys myself.

Lmao

Just wiped phone, reinstall whatsapp, no backup on cloud neither on phone, conversations are still there

Tldr

https://twitter.com/snowden/status/778592275144314884

Just wiped phone, reinstall whatsapp, no backup on cloud neither on phone, conversations are still there

Well double check.

So, I think, I've got some reason to be a bit paranoid lol

https://twitter.com/snowden/status/778592275144314884

Blindly following a celebrity's suggestions is never good. Think for yourself.

Yeah, I double checked and double wiped

Same with Stallman.

Even if they stole your keys, they wouldn't be that stupid

GPG is PITA to use for a casual user, sadly.

Now I'm almost sure you have never used encryption.

IMHO if you actually need private conversation, you can use GPG over anything you want, but the other party needs to get some training about it as well

Blindly following a celebrity's suggestions is never good. Think for yourself.

I was joking a little bit

OK

Now I'm almost sure you have never used encryption.

I did, but try to explain how to use it to a random person on the street.

IMHO if you actually need private conversation, you can use GPG over anything you want, but the other party needs to get some training about it as well

Yes

They could upload your decrypted messages to Google Drive haha

I think Whatsapp is almost all good, except for the backup shit

They could upload your decrypted messages to Google Drive haha

Well you obviously have to trust your chat partner, this trust is always implied when we talk about security and encryption.

Here, you got one point

I did, but try to explain how to use it to a random person on the street.

It is so easy! just some clicks here, some clicks there, that is.

Nothing is really 100% secure, there is always smth that can be done

Nothing is really 100% secure, there is always smth that can be done

Or something that can't be done and is just a human mistake

It is so easy! just some clicks here, some clicks there, that is.

Yeah, but - as I've written earlier - explain to them why it's important to check that they need to ensure that public keys are authentic, or that they can't upload their private keys to Dropbox :D

Here, you got one point

Umm, as if the missing encryption isn't a point.

Yeah, but - as I've written earlier - explain to them why it's important to check that they need to ensure that public keys are authentic, or that they can't upload their private keys to Dropbox :D

People do that? Upload their keys on Dropbox? ?

Yeah, but - as I've written earlier - explain to them why it's important to check that they need to ensure that public keys are authentic, or that they can't upload their private keys to Dropbox :D

Ok, here you got a point.

People do that? Upload their keys on Dropbox? ?

Yes so they can restore them ?

People do that? Upload their keys on Dropbox? ?

you've got a phone and a PC, and want to send emails from both of them, and there's this cool tool to synchronize your settings...

Yes so they can restore them ?

Oh god why ?

People do that? Upload their keys on Dropbox? ?

Worst: to Onedrive

so you see, there are a lot of pitfalls that we won't even think about

Worst: to Onedrive

Directly to nsa servers

you've got a phone and a PC, and want to send emails from both of them, and there's this cool tool to synchronize your settings...

I use Dropbox only to sync items I get from creative market lol

Only on pc

I use Dropbox only to sync items I get from creative market lol

So they can target ads ?

I use Dropbox only to sync items I get from creative market lol

That's you, now take a look at all those people who have no idea what encryption even is and are blindly clicking "Accept certificate" in case of https errors when they log to their bank account in Starbucks wifi

Don't they use signal's encryption algorithm?

You're kidding, right?

Directly to nsa servers

with love, ofc

That's you, now take a look at all those people who have no idea what encryption even is and are blindly clicking "Accept certificate" in case of https errors when they log to their bank account in Starbucks wifi

HSTS ❤️

You're kidding, right?

So I have heard, don't know the real source

Don't they use signal's encryption algorithm?

Well, supposedly. There's no way you could check.

You're kidding, right?

No, it's true (supposedly).

Just wiped phone, reinstall whatsapp, no backup on cloud neither on phone, conversations are still there

Really? Well, who knows where do they store stuff...

One of our clients indeed have this panorama (please, don't laugh, nda stuff, what (?) ) Onedrive Folder: encrypted invoices with gpg gpg.priv gpg.pub password-of-gpg.txt

Really? Well, who knows where do they store stuff...

Maybe sd card, 100% that is

Nexus doesn't have sd lol

Nexus doesn't have sd lol

Lol

Nexus doesn't have sd lol

No need

Double check data partition

empty

i broked it my self xD

that was the reason of the wipe

Then do that again and then perform network analysis

cuz i fucked up the partition table

Because I assure you they don't do that

ERROR: S client not available

Unless you can prove they do

If you manage to prove it man you're rich

Well, supposedly. There's no way you could check.

The only "proof" of that encryption is a little notification saying "now messages are encrypted end to end". Nothing else. And given I never seen the keys, to me it's just marketing.

The only "proof" of that encryption is a little notification saying "now messages are encrypted end to end". Nothing else. And given I never seen the keys, to me it's just marketing.

And a white paper

So they can target ads ?

Not on me, ublock origin + noscript

And signal team

If you manage to prove it man you're rich

are they offering money for this stuff or what?

The only "proof" of that encryption is a little notification saying "now messages are encrypted end to end". Nothing else. And given I never seen the keys, to me it's just marketing.

You can see them

I'll do this weekend if I've got enough time

android7 is giving me some... headache

are they offering money for this stuff or what?

Just send "encryption in Whatsapp is bullshit and I can prove it" to vice motherboard

xDD

And there they have their best article of the year

android7 is giving me some... headache

Meanwhile, I'm here on kitkat 4.4.2 ?

Meanwhile, I'm here on kitkat 4.4.2 ?

I was going to say... "you don't lose nothing" but indeed, you lose a lot of stuff xDD

Both sides claim they worked together to implement Signal's encryption algorithm into WhatsApp. And while I personally kinda trust OpenWhisperSystems (the developers of Signal) not to lie about this, good security isn't based on trust but on proof. Besides, after the successful collaboration, Facebook could've just removed the secure encryption by OpenWhisperSystems or added some code to it so that a master Facebook key can decrypt all messages also. Don't forget that they (Facebook) can program too and it's easy for them to change everything OpenWhisperSystems implemented.

Sorry my phone died so I'm a little en retard on the topic.

And a white paper

White paper? What white paper? Where?

I was going to say... "you don't lose nothing" but indeed, you lose a lot of stuff xDD

I have tried to build 5 ROM-s for my phone, a Lenovo A916, starting from 5.1.1 to 6.0.1, everything worked apart from sim cards :( lenovo hasnt made the code public for me to fix anything

Sorry my phone died so I'm a little en retard on the topic.

Don't say that, sounds really odd.

Just reinstalled Whatsapp

Lost all my history

Don't say that, sounds really odd.

"Phone died"? It's a common phrase.

And 1 message from a friend

I have tried to build 5 ROM-s for my phone, a Lenovo A916, starting from 5.1.1 to 6.0.1, everything worked apart from sim cards :( lenovo hasnt made the code public for me to fix anything

fucked then

"can't retrieve message at the moment. More infos"

With a link to this

"Phone died"? It's a common phrase.

No. The retard part

fucked then

Yeah, can live with that :p

No. The retard part

I'm pretty sure "en retard" is a common saying too, do you guys not know it?

I say it often in "real life".