Encrypt all the things!

You are reading a single comment by @hamrack and its replies. Click here to read the full conversation.

•

Greenbank
Depends who "them" is?

It's generally thought of to be secure (but hard to verify this).

One thing for sure, if you use the Web interface then it's pretty safe to assume that the UK Government has access to the private key of their HTTPS Cert, and so all traffic to/from that site would be readable.

I'd trust [EDIT] ~~Telegram~~ Signal a lot more than Whatsapp.

[EDIT] Just for starters, Whatsapp is end-to-end encrypted, but:
- It doesn't tell you how many endpoints you are sending each message to, so it could be sending every message to a collection endpoint that is gathering info
- It doesn't tell you when a new endpoint is added for any existing messages (such as when you use Whatsapp on the web)
- Even if it did it may lie and not tell you about the "other" endpoints
- It doesn't easily allow you to confirm each endpoint is who they say they are, there's a "verify" feature if you see that contact in person, but the UX on it is terrible
- You can't see the source for the phone app, even if you could there would be no way to verify that that is the source that your phone app was built from

•

hamrack in reply to @Greenbank

I'd trust Telegram a lot more than Whatsapp.

Why not Signal? Less Russian, less Meta, more open source. Or, are you using Telegram as a known-suboptimal system that is still better than WhatsApp?

•

Greenbank in reply to @hamrack

Sorry, had meant Signal, but Telegram is not Meta and so less likely to be automatically given over to UK/US agencies.

About

@hamrack started