Encrypt all the things!

Maybe. I haven't tried it yet.

I installed Authy on another phone as a backup if I killed mine. Do I need to be concerned?

I've never noticed account differences but I don't use PC Authy, only phone.

No, the phones are OK.

What freaked me out was installing the desktop client and seeing 8 accounts. Uninstalling and installing on a different desktop and seeing 6 accounts. Did this a few times, different number of accounts each time but a few similarities in that it was some of the oldest accounts I could see.

It's weird... if they encrypted my whole account and delivered it to me as a single file that is decrypted locally I'd expect to always see every account.

But that's not what happened, it looks like an API call to Authy that the desktop client makes which is then returning a non-complete set of accounts.

I don't think the mobile clients use this... so they're OK. But as I have so many accounts I now want peace of mind and to know I've got the master secrets in more than just Authy.

I didn't actually know there was a desk client. That would've saved me some phone hunting time! Flipside is, no Authy PC drama.

Yes.

Not sure if it could happen again, but I've now set up a back up, for which I was given a super long numerical pass code. So I've saved this somewhere secure.

I assume if it randomly happens again hopefully this will solve it.

WhatsApp are delaying their new terms deadline (without evaluating them, let alone changing them) in the hope this all blows over and users will still accept:

https://blog.whatsapp.com/?lang=en

Yeah.

On one hand... a lot of misunderstanding about what they're doing amongst some people.
On the other hand... no misunderstanding at all amongst some other people.

It really doesn't change anything... they're just hoping they can buy time to spin it.

Signal struggled yesterday to continue growing... still adding millions of people per day, and they had a hell of an outage yesterday. They'll get it sorted though.

Signal was sort-of offline here (in Germany) yesterday, same for you in the UK?
Hear reports it's been down in the US as well..

Haha, literally posting the same minute @Velocio

Didn't they quadruple their user base? It's to be expected.

More than quadruple... 600k signups per week jumped to almost 9M signups per week, and that was a week or two ago and it's been accelerating as more people bring others with them.

Oof, no wonder they've been a bit flakey yesterday.
I had 5 random mates suddenly appear overnight so it must've hit the normal news or something. Reached some kind of nerd critical mass?

... and the grrl's brother in Poland just popped up on her Signal with no prompting from her so she's got him to add her mum to it and will now be able to delete Whatsapp. So, Signal use is now spreading to regional Poland with no input from this little geek.

link preview... if we chatted and I shared a link to a product in that chat, the link typically showed a summary of the web page in question... the client made a web request using the WebView component, thus placing a cookie and leaking some details. If you ever then opened Instagram and got a highly relevant advert and wondered how that could be because you'd only mentioned it once in a private chat in the "encrypted" WhatsApp... well, now you know.

So even if I don't click on the link in a WA chat, the link preview is placing a cookie on my device? Is that correct?

Yes. Your client will use the web view within the app to visit the site and read the metadata to render the preview. This is super in Facebook's interest as when that happens any tracking on the remote website (and e commerce will have a lot) can now identify you. Once you open another app, i.e. Instagram, Facebook can then check in their servers to correlate the tracking identifiers and show you an advert, etc relevant to the link previews in the private conversations.

Link previews area a bad idea.

What I do on here for embeds is just rewrite the URL rather than visit it, and then embed only an SSL version of a remote page choosing a nocookie version if one is available (YouTube)... Precisely to prevent too much leaking of who you are. I also break some policies,i.e. eBay affiliates are supposed to have a tracking cookie set but nope... I won't do that stuff.

I like signal for giving you a choice on link previews but defaulting to off.

Amazing thanks

People seem to be pushing back on my OH about WhatsApp for some reason and I'm in that annoying place of trying to explain something I only understand in general terms to someone else for it to be relayed again.

Would someone be able to proof my response, and add in layman's terms anything I've missed? A lot is editing of velocio's posts. But this is my understanding. Cheers.

In a nutshell what's the issue?

WhatsApp are linking WhatsApp accounts with Facebook profiles. This means that information contained in your private messages, and via the permissions your phone gives to the app will used to provide additional data to Facebook to build your profile. It is unlikely that over time Facebook will pause or reverse the trend of trying to capture more data.

So what?

You're banking on a sketchy private company with a solid dubious track record not misusing your data now and in the future. And also that none of this information is externally compromised.

But end-to-end encryption means they can't do this.

End-to-end protects the journey of a message.

Messages are stored on WhatsApp/Facebook's servers. It is encrypted, however they hold the keys and could use the messages(?) for advertising / profile building even though they've said they won't. Messages are also stored on your phone and the app can use that information. If for eg you have a product link or picture link in your messages, cookies contained in those can identify you and add to your profile. From the app on your phone a number of things can be identified to build your profile:

• Mobile app ping your identity and/or IP address (correlate on IP address and device fingerprint - maybe associated to an actual email)

• Email addresses being used the same across multiple apps (correlate on email)

• Phone numbers

• Your contact list (i.e. in WhatsApp... the map of connections is a form of identity)

From their statement: They're connecting the WhatsApp and Facebook profiles to allow businesses to communicate with you.

From their ToCs: They're connecting the WhatsApp and Facebook profiles and can use that how they like.

From their legal docs when they bought WhatsApp: We will never connect WhatsApp and Facebook profiles... you can trust us.

In simple terms, they're going back on their promise and granting themselves a huge pool of data from WhatsApp, and they don't have to keep that use to just what they've said.

That's the very paraphrased high level... the question is: Do you trust Facebook? And really, at this point you shouldn't.

@hugo7 whadayaknow, people resisting the switch. It's as if I said people would do that last week! 😉

My contact book is 4,700 people... just a by-product of running websites and events, etc.

What I'm seeing is waves of people in small groups all arriving at once. Today's fun one: West End hair stylists... 4 in an hour.

I have 92. And I regularly contact about 20 of them. Ha.

I have 92. And I regularly contact about 20 of them. Ha

West end hair stylists?! 92 of them?!?

Yet I've had more people pop up as new Signal users this week than ever before. It's as if I said people would do that last week! ;)

Ha! My phonebook still seems to be ramping up at an insane rate, so overall I'm actually more positive than I was. I think there were 20 yesterday.

One friend actually said that they'd prefer better ad targeting tho, so whachagonado.