Encrypt all the things!

I’d like to get a VPN. I’m a Mac user and only use the internet to browse the web and download some torrents. Any advice on a straightforward solution for me?

ExpressVPN has been brilliant for myself and colleagues who regularly have to travel to the middle east.

Not the cheapest but it has been extremely reliable from our experience. Can be used across 5 devices too.

If you choose to go with expressVPN I can send you a referral code where we both get 1 month free.

Anyone else leaving WhatsApp?

Is Signal the best alternate?

Anyone else leaving WhatsApp?

Have been considering it.

Apparently EU and UK will still be ok.

But wondering if it's time to start floating the idea of moving. Fucking ball ache tho.

Yeah. Installed Signal but it's a bit clunky to be honest

I've never noticed it being clunkier than WhatsApp, but I don't really use it for calling.

It's definitely less friendly-looking, though. What are you doing that's worse in Signal?

It's a lot more SMS and a lot less Instant Messaging to me

Unlikely to leave Whatsapp completely, it's just too useful.

Privacy stuff of what goes on Whatsapp doesn't really concern me, partly because the UK/EU position but also because I don't put really important stuff on Whatsapp in the first place.

I've got Signal and Telegram installed but no-one else I know really uses either so I have no reason to use them.

As in, actual latency, or how conversations are presented?

Yeah the UI

I'm just seeing whether the news is enough motivation to shift some contacts away from Zuckerberg's clammy grasp. A messaging app is fairly easy to switch compared to FB or Insta.

Bossman,

What's your thoughts on WhatsApp? Plz can we have your insight? @Velocio

Anyone else leaving WhatsApp?

Yes.

Is Signal the best alternate?

Yes.

Should've done it as soon as Facebook bought them, but recent events finally pushed me far enough.

Anyone else leaving WhatsApp?

Yes.

Is Signal the best alternate?

Yes.

Should've done it as soon as Facebook bought them, but recent events finally pushed me far enough.

I'm exactly the same and in agreement

Not sure I can as so many ppl are objecting and also work group

WhatsApp remains encrypted end-to-end... but that was never the threat.

The threat is what happens at the ends... on the servers, and on the client. i.e. could WhatsApp access the messages on the server, would they use the client to read them?

We know they could access the messages on the server, as some of their search and sharing functionality reveals the capability, plus encryption requires keys and the fact that you could lose a phone and activate on a new phone shows that if things are encrypted then WhatsApp possessed the keys at their end... which should be freaking obvious to all, of course they hold the keys.

When it comes to encryption, who holds the keys is a question of security vs convenience, and WhatsApp (when owned by Facebook) showed that they now prioritised convenience over security.

What of the client, the other end? Well... the client has the messages decrypted, it must simply by virtue of being able to show them to you in a way that you could read. And did it use this in a way that profited them? Well yes! The most common form was the link preview... if we chatted and I shared a link to a product in that chat, the link typically showed a summary of the web page in question... the client made a web request using the WebView component, thus placing a cookie and leaking some details. If you ever then opened Instagram and got a highly relevant advert and wondered how that could be because you'd only mentioned it once in a private chat in the "encrypted" WhatsApp... well, now you know.

So WhatsApp under Facebook ownership kept end-to-end encryption (govts and 3rd parties couldn't intercept on the wire) but used their ownership of both ends for their profit.

Now Facebook have come clean... they're going to fully linked WhatsApp and Facebook accounts, meaning the full advertising force is coming your way. And they've already shown you how... by using the fact that they have access to the unencrypted messages at both ends.

This was always obvious despite their many denials that they would. And those who sought refuge in the "but it's end-to-end encrypted" failed to understand what that implied... it's encrypted end-to-end, meaning everywhere but the end - all the stuff inbetween. But the ends... the server and the client... can both access messages unencrypted.

My view is simple: For all your private communications with anyone that you care about, you should use Signal https://signal.org .

Signal has drawbacks, but that's because when the question comes up of security vs convenience they choose security every time. What does this mean? Well if you lose your phone and buy a new phone, you can activate the same Signal account because you own the phone number, but you cannot access old messages because Signal didn't have ownership of the encryption key, this was on your old phone and if you didn't make a backup of the chat then nothing could restore it.

Signal is basically perfect from a security perspective, but not so great on the convenience and usability perspective (because security was prioritised)... so what it comes down to:

• Do you want to have every private chat made available as source data for profile enrichment that can then be sold on to advertisers?
  
• Or do you want full privacy and security at the cost of a few rough edges?
  
  

I'll keep my WhatsApp account, but I pressed "Not Now" and am currently in the process of manually deleting every chat, all media, and exiting all groups on WhatsApp and instigating the chats anew on Signal. WhatsApp will exist only so that those who try and reach me can do so... but I'll only actually chat on Signal.

I'll keep my WhatsApp account, but I pressed "Not Now"

You probably know this, but you have untill February 8th to accept, after which your account will be deleted if you don't.

Oh totally... but by the time I accept the terms I'll have no chats or media left on WhatsApp.

I'm thinking that absolutely anything you have left at the time you hit accept is going to be open to be processed by Facebook.

I'll also add...

Even if you have hit Accept... you can and should still move to Signal.

Just because Facebook have things to date, doesn't mean you have to give them more in the future.

"Google already know more about me than I do" is the response I'm getting sending Signal invites

Yeah, but Facebook are 1,000 times more evil than Google and all the protections we had under EU GDPR are gone as of 10 days ago.

Funny the only contacts I have already on Signal are IT people and a journalist

Funny but completely not a surprise

What if you're used an EU phone number?

Or, what if you used a UK phone number but you were using VPN through EU for chats?

ie. how do they work out you're UK and as such a second class citizen in privacy/GDPR terms?

If you're deleting chats on Whatsapp, does it delete the other participant's as well? I presume not?

Even if you have hit Accept

Frustratingly I did this when I was half asleep last night.