In my country WhatsApp is used for everything from talking to friends through setting up a date with your hairdresser to group activities like school parents groups.
There is an expectation that the information you share by someone having your number is very limited - the person that has your number can text you, yes, but they can't know about you, and you can limit the small amount of info you let through like your profile picture or your online state using privacy controls.
This expectation is completely removed when adding somebody's number to your contact list is enough for Facebook to do its magic and reveal the owner in your Facebook friends suggestions.
I've had it happen dozens of times, I start texting a tinder match and suddenly her profile is there in my suggestions. It's common for it to misfire and I end up being suggested the personal account of the owner of a business I bought something for. They don't even need to text you, you add the number to your phone's contact list and it's there.
Facebook needs to be broken apart, and we need a law that the data you share with an app can't be used for others period, even more so if they were separate businesses when you started using the service, and a change of policies is not enough - you might already be locked in.
Stop giving your Facebook apps access to your contacts. Newly added contacts were also showing up as suggestions in Facebook and Instagram until I turned this off. iOS and Android give you all the control you need to stop this from happening you just have to use it.
For most people it’s not reasonable to use WhatsApp without sharing your contact list.
How do you know who you can message with it if the app can’t check who has it?
Do you, every time you want to message someone, manually copy in their number? For every person you communicate with?
What if they previously didn’t have WhatsApp installed, but have since installed, so you also need to check again every time you want to message someone who formerly didn’t have WhatsApp.
I've been using WhatsApp without giving it contact access for a few years and it's possible but annoying. Since WhatsApp still shows you recent chats you don't have to type phone numbers each time, you just select from the list of recent chats. You also get to see people's WhatsApp profile photo so it's generally possible to know who you're talking to even though their username is their phone number. This works ok for me with around a dozen frequent WhatsApp contacts but I could see it breaking down if you have more than 20 frequent contacts.
> What if they previously didn’t have WhatsApp installed, but have since installed, so you also need to check again every time you want to message someone who formerly didn’t have WhatsApp.
Why is this important? I use WhatsApp instead of SMS for contacts who don't have (free) SMS or who want the extra security. It's pretty intentional. Why would I want to use WhatsApp with everyone? That concept seems aligned with Facebook's goals, not mine.
> Why is this important? I use WhatsApp instead of SMS for contacts who don't have (free) SMS or who want the extra security.
Because WhatsApp (and other messengers) offer a far superior messaging experience to SMS: higher fidelity media, on time delivery, delivery status, e2e, and many more. Better experience means that people actually use it.
As you say, for “extra security”. But not everyone arrived at the decision of “how much security” they need at the same moment in time. People come to and leave the WA platform, and it’s desirable for me to know where people are at now so I can use e2e in new places as opposed to only with the subset of my social graph that I manually copied and pasted in which had installed WA before me.
I don’t deny that you like your setup, but it sounds pretty painful and pretty unlikely to appeal to a broad swathe of people, which is essential when trying to combat mass surveillance.
(is mass surveillance why you jump through these hoops?)
What's sorely needed is a way to stop the exfiltration of private data when it's not provided for a specific reason. I bet very few people who share their contacts with WhatsApp know they're getting uploaded to Facebook.
How do you know who you can message with it if the app can’t check who has it?
You ask them via other means? It might be slightly inconvenient, yes, but you almost make it sound like even SMS is an impossible task; SMS is not even that old and none of the millions who used it before there were even apps to do so had much of the problems you mention. Also because not everyone has a usecase requiring to know who has what app.
I run WhatsApp on an Android instance with an account solely for that, so no contacts etc, and literally all my contacts/groups in WhatsApp are people who at one point told 'let's do this via whatsapp'. Then again, I don't need to message people I don't know with it so I don't have any problems.
Do you, every time you want to message someone, manually copy in their number? For every person you communicate with?
No, just once, or else they send me a message and we're talking.
tldr; ok I'm not 'most people' in this regard, but still I think you're making things look way harder then they actually are
SMS is 25+ years old -- I only know I had it on my first phone -- and the absolute ubiquity of replacements (of which WhatsApp is just one) suggests those problems are real ones for a lot of people. If you're not "most people" in this conversation, that's a pretty big caveat when talking about how the problems are not actually so, really.
Yes, even if you are careful about Privacy, your friends will betray you by adding your data (phone, photos, etc.) to big tech services
Even if you never touched Google/Facebook in your life, they have your number and many other data about you via other persons
Even if you never touched an Apple device in your life, they already have done Facial Recognition on you because your friends took a photo of you and tagged you (see the creepy HomeKit doorbells that recognise you despite you have never agreed to facial recognition)
Laws totally fail to address that aspect of Privacy
It's annoying, but not "nearly unusable". I've been using it that way for a long time. I've gotten pretty good at figuring people out from their display pics.
Well I installed whatsapp early on when it was just and only a messaging app. I couldn't possibly have predicted that it would be bought by facebook and used to cross-reference with some dating app.
This. I recently installed Telegram without giving access to my contact list.
Within seconds of installing, I received a telegram from a co-worker who jokingly said: "For privacy reasons, when you install Telegram, it sends a message to all of your contacts."
It simply creates your virtual contact list from the contact lists of your contacts.
Same in mine, but instead of WhatsApp it is Rakuten Viber, which is massively popular in Eastern Europe. Beats me why, I don't like it that much and don't have a slightest idea about what are they doing with our data. But it became an issue trying to communicate without it. I'm a WhatsApp user from the early days, and I'm still dreaming about a day WhatsApp will be "independent" again.
I am trying to get rid of WhatsApp. My strategy for this is: Use iMessage with friends in the Apple world. Convince the Android folks to start using Signal. Has been quite successful so far.
I'm excited for the public launch of e2e encryption in the Android default Messages app. This would provide encrypted messages to a huge audience, everyone already on Android.
Signal has stated that they will not support RCS (possibly that they can't due to technical limitations).
iMessage's end to end cryptography has been backdoored via iCloud Backup, on by default since 2011. It uploads complete message history to Apple (even SMS, which they would not normally see) with Apple keys. Even if you have it turned off, your conversation partners won't.
> To access your data on a new device, you might have to enter the passcode for an existing or former device.
> Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple.
I didn't realize messages was an exception to storing the key on local devices.
When I disable all Google services, I still recieve Wire, whatsapp, Messenger Lite (for marketplace), and email messages. All messages are on-time, with Whatsapp coming through faster than on my coworkers iphones.
Ironically, Fluffychat, a Matrix client, is the outlier - it relies on Google Services Framework to deliver messages
It works fine for me. Maybe notifications don't appear as fast as they did when I used Google Play Services (I'm not sure about this), but everything else works fine.
It's worse in the most important aspect for messaging: it is not end-to-end encrypted by default. It wouldn't be crazy to assume some could get access to your messages.
Besides the obvious downside of not being meaningfully encrypted (even pointing out transport encryption as just "encryption" is borderline deceptive marketing these days, IMO), until recently it also had a very dubious business model.
It now seems to be pivoting towards ad support, but isn't this exactly what people have been trying to get away from Facebook for?
This has never happened to me, probably because I don't install the Facebook app and don't give Messenger Lite access to my contacts. If Facebook and Whatsapp were sharing phone numbers or metadata behind the scenes I would expect to see a lot of suggestions when I log in to the Facebook website, but I don't.
Still agree with your opinion, though. Also, I find it annoying that you can't message someone on WhatsApp without adding them to contacts.
On Chrome Desktop Linux, it doesn't work despite me being logged into whatsapp web. Tries to do some xdg-open thing, but clearly that will never work considering whatsapp web has no registered protocol handlers...
Looks like it is some half completed demo integration rather than production ready...
Yeah it used to be quite hopeless unless you opened the link in a tab that had already loaded WhatsApp web. Now however, if you click the green button that says "CONTINUE TO CHAT" on the initial screen, it'll load a page with an option to download WhatsApp and another that's titled "use WhatsApp Web", just click on that one. Unfortunately, it will load a new instance of WhatsApp web in the current window even if you already have another open in another tab.
They don't as much share info as live off the same ecosystem in your phone. Regular users, who don't actively block their FB apps from accessing their phones in depth, will store Whatsapp contacts on their phones, which in turn are read by the FB and/or Messenger app. Since neither knows the context, it just assumes its a new contact and show you info accordingly.
>I don't install the Facebook app and don't give Messenger Lite access to my contacts
Literally doesn't matter what you do, it's what other people do with your data. I can tell from this guy I interned for 15 years ago that at one point he uploaded his entire address book to Facebook including my name, email and phone number because he still shows up in facebook recommendations to me today on Facebook and IG.
Never gave them access to my contacts either or even had him in my contacts but FB's shadow profile knows he knows who I am.
They are almost certainly sharing data behind the scenes, they openly say this in op's link about how WhatsApp uses your data:
> improving their services and your experiences using them, such as making suggestions for you (for example, of friends or group connections, or of interesting content), (...) across the Facebook Company Products;
There is a small chance that they've gotten all my data from the people at the other side of the conversation if they have the fb app installed I guess, which really isn't much better.
> Also, I find it annoying that you can't message someone on WhatsApp without adding them to contacts.
You can, if you're both part of a group chat together. Tap on their number and a pop up comes up allowing you to message said person.
Also agree with the opinions expressed even with similar experience to yourself (no Facebook or messenger apps installed, WhatsApp contacts don't appear as suggestions on FB website).
There are also third party apps like "Click to Chat" that let you start conversations with phone numbers. Once you sent 1 message you can just use whatsapp normally.
> Also, I find it annoying that you can't message someone on WhatsApp without adding them to contacts.
Is this a new limitation? On iOS I'm still able to message someone new using only their phone number. Though I'm blocking contact access so perhaps that's why.
My suggestion would be to not connect any Facebook services. I have an old school FB.com account, an Instagram and a WhatsApp. All three of these accounts are not aware of one another. I'm sure FB probably still has ways of figuring this out but it gets you pretty far in mitigating the infomation flow between various FB products.
Also, free WhatsApp data is a perk of telcos in many countries (most of the Americas). A service that uses up expensive data just cannot compete with one that does not.
Why are you still using their products? From your comment you seem pretty passionate about this issue.
From economics there is the concept of "revealed preference", your individual subjective preferences are revealed by the choices you make. In this case, we can observe that Facebook's subjectively bad qualities are enough to demand politicians Do Something, but not enough to suffer the inconveniences of using a different chat app, etc.
The sad irony is that these points of concern are also potential advantages for competing platforms (e.g., Signal), and by regulating them away, Facebook/Whatsapp become further entrenched.
> In my country WhatsApp is used for everything from talking to friends through setting up a date with your hairdresser to group activities like school parents groups.
Presumably because they would like to be able to set up a date with their hairdresser and participate in parents groups. Maybe they could convince their friends to switch, but also maybe not. This is why there is a call for government intervention: a single person faces an enormous social cost for boycotting FB properties, but the government can coordinate either a change on Facebook’s end or a simultaneous changeover to other services.
It is sometimes even worse than that, my doctor appointments have to go through WhatsApp too. I don't like WhatsApp but I have no choice when my health depends on it.
> a single person faces an enormous social cost for boycotting FB properties
I'm not clear on how to quantify "enormous". Many people don't use facebook and still manage to make appointments and lead fulfilling social lives.
That said, it is clear that for many people the "social cost" is larger than the "facebook evil cost", even for people demanding government intervention. I guess for those people, the cost for demanding politicians Do Something is even less.
> When Facebook notified the acquisition of WhatsApp in 2014, it informed the Commission that it would be unable to establish reliable automated matching between Facebook users' accounts and WhatsApp users' accounts. It stated this both in the notification form and in a reply to a request of information from the Commission. However, in August 2016, WhatsApp announced updates to its terms of service and privacy policy, including the possibility of linking WhatsApp users' phone numbers with Facebook users' identities.
I may be misunderstanding this legalese vocabulary but doesn't "unable" mean "technically incapable"? As in, there's no technical way of matching users?
Because if so, man, whoever wrote this must have laughed a lot when they wrote it. You may not be able to match 100% of users of course, but with the amount of personal data FB has access to it should be able to match a good chunk of the userbase with a high degree of confidence if it wanted to.
In the 2014 merger procedure [1] Facebook described it as 'very hard', and 'against its own interest'.
> "The Notifying Party submitted that integration between WhatsApp and Facebook would pose significant technical difficulties. Notably, integration of WhatsApp's and Facebook's networks would require matching WhatsApp users' profiles with their profiles on Facebook (or vice versa). This would be complicated without the users' involvement since Facebook and WhatsApp use different unique user identifiers: Facebook ID and mobile phone number, respectively. Consequently, Facebook would be unable to automatically and reliably associate a Facebook ID with a valid phone number used by a user on WhatsApp. Matching of WhatsApp profiles with Facebook profiles would most likely have to be done manually by users, which in the Notifying Party's view is likely to result in a significant backlash from both users of Facebook and WhatsApp who do not want to match their accounts. Finally, the Notifying Party stated that, beyond the difficulties in matching user IDs, significant engineering hurdles would have to be overcome to enable cross-platform communications, reflecting the fundamentally different architecture of Facebook and WhatsApp (including the former being cloud-based, the latter not)."
It seems the EU commission interpreted the statement as 'not possible'. Facebook played them.
I don't know exactly what to say when reading this. I'm astounded that somebody could consider this a reliable explanation. Still, I can assume incompetence from whoever did that, but the person who drafted it is clearly in bad faith. How can that have no repercussions?
"Unable" is an interesting word. Does that mean they would never allow the possibility by policy, or that they could not at that time do it, but they have the option to enable it technically in the future?
The interesting word I think is "reliable": some extremely rare corner case where the match isn't correct would be enough to make that claim true, but they make it sound as if it was worse than randomly guessing.
I think this is what Facebook got fined for earlier, right? (With the caveat that it did not lead to a reversal of the regulatory approval of the merger, because it was not contingent on this.)
I've deleted my WhatsApp account 2 months ago even though I also live in a country where WhatsApp is mandatory.
How am I doing so far:
* I miss a lot of work stuff even though some update me on the important stuff through Signal.
* I lost contact with friends I can't communicate with anymore.
* I feel that I have more free time to focus on my family and close friends. Probably because my neighbors can't sneak into my head with things that don't really effect me.
* The frequency I check my phone dropped by 80%.
* Since I closed my instagram account and Facebook acount 8 years ago, I am now "Zuckerberg free".
I signed up for facebook again a few days ago because I need an account to manage some events / pages whose target demo is still reachable on the platform.
My account was dead for about two years or so before that. Within a minute or two of signing up with my (real) email and phone number, basically my whole friend list from back when I had an account, people I've texted on whatsapp once years ago, etc. were in friend suggestions. Downright creepy.
I didn't even have a Facebook account until about 7 years ago.
I finally made one and I had neatly sorted real life friends as part of my friends suggestion.
That's when I realized they already had a shadow profile of me from everyone else, all I did was activate it and increase their confidence level from 95% or something to 100%...
In a way, I see utility in companies like Facebook openly exploiting whats possible with current technologies, web APIs, and mobile platforms so that privacy laws have a target of what to address and so that the general public can get a grasp of what's going on. It's better than it happening in the dark, behind the scences.
Before Facebook, if you tried to explain to a layman that your social data can be used to manipulate entire elections, people probably would have looked at you with strange and furrowed brows. Now, it's a question of the best way to address the issue.
Isn't the existence of large enough centrally controlled networks for this exploitation to become possible pretty much inseparable from it becoming a public topic that gets addressed by governements and discussed by the wider public? I don't think facebook served as a catalyst for the public to start caring about something that was going on in the same / an equally problematic form pre-facebook.
Not sure where you're getting this from my post, but that is false. I actually deleted it, did not log in again during the "grace period" where they will just reactivate it, and my new account I created was initially empty (no profile data, friends, message history, you name it).
What annoys me to no end is that I was Whatsapping with a local restaurant for food delivery during the lockdown and two days later, the owner pops up in my Facebook "suggested friends" list.
Or is it your confirmation bias where you expect people to distrust Facebook for the wrong reasons so that you can post that link?
Because funnily enough, I didn't place blame in my comment. I just pointed out my 'annoyance'. You, on the other hand, concluded something from that. Ironically.
What other reason for ‘annoyance’ could you have, other than assuming that the WhatsApp messages lead to the suggested friend, and thus you were annoyed that the data was (supposedly) shared? If you just also just thought it was a coincidence, what would you be annoyed about?
Why can't comments on Hacker news follow etiquette of staying on topic?
People here respond to the top comment directly with a point that's not even closely related to the top comment. And then everyone else follows.
If you're making a new point that's not gaining from the chained comments feature or directly conversing/adding on to the person above you, just create a new comment.
Once again - Signal[0] as an alternative. It's fully Open-Source (including the backend) and their crypto is public and independently verified[1][2][3]...
Signal is not good enough either in the long run, because of its centralization.
End-to-end encryption is sold as a bulletproof privacy solution, it might solve the most important element of privacy (having your messages not readable by others), in the end they have metadata stored in their end, your social graph, when you are online/offline etc. (there are others things i am sure)
So giving your trust to another party just because they look “promising” does not work. Centralization is the source of all Evil.
Look into how Signal operates, they really are different than the competition and continue to innovate engineering new ways to ensure they don't store any metadata on their servers. They've been subpoenaed before and the only information they could provide was the date a phone number registered and the last day it contacted their servers. That's it!
I do agree that moving to another centralized service is not the optimal option, but seeing the amount of effort they put into ensuring all new features ensure your privacy instills a lot of confidence in their service.
Long-term I'm personally rooting for either Element, Briar, or Session, but also realize they are not quite ready for mainstream and even when they are, they may be out of reach for grandma.
in the short term I've migrated most of my family friends, including my grandma, to Signal and have had zero complaints. It works more or less like WhatsApp but pretty much guarantees your privacy, which I appreciate.
The problem in your view is you are not seeing what's coming.
> I do agree that moving to another centralized service is not the optimal option, but seeing the amount of effort they put into ensuring all new features ensure your privacy instills a lot of confidence in their service.
Two sentences are contradicting with each other. You can not trust someone just because they "promise", I am not undervaluing their work, all I am saying is moving from party to party doesn't solve the problem in whole.
Signal's ridiculous marketing tricks like using quotes from Snowden, Schneier et al makes me laugh.
If I am given two options to choose between moving to another centralized service like Signal and staying with WhatsApp, I am okay with the latter option. Not because WhatsApp is better, but honestly as an end user I don't see any value.
WhatsApp requires my phone number, so does Signal. WhatsApp is centralized, so is Signal. WhatsApp doesn't allow another client to operate, so does Signal.
So what's the difference, Signal is open-source and non-profit? Nah, I don't buy this nonsense.
Didn't Facebook legally state they will NOT do this when acquiring WhatsApp- to me it sounds as this can be prohibited and daily fines with subsequent breakup should be in order.
I only remember the founders publicly promising that WhatsApp won’t be absorbed into Facebook or something like that. I don’t know if they also put it in the legal documents.
This is a tricky problem and there are a few solutions, none of which are perfect. By far the best one if you can manage it is to delete your facebook account and apps and never look back. Encourage whatsapp contacts to move to signal is probably just annoying for you and them but it seems to be steadily happening, so make sure you have a signal account.
As someone that does not have a smartphone, WhatsApp and Signal are really annoying because they are the two apps that can not be used without one (even though they have desktop apps). Telegram and FB Messenger and Hangouts at least can, but here in Europe WhatsApp is the default for everything and there are things for which it is becoming almost completely necessary.
But I simply find the whole chat ecosystem so depressing. A few years ago at least I could chat with Google Talk people via Jabber. It is really absurd that instant messaging is not federated like email. Of course there is one explanation: while Email was invented in the 70s at research institutions with goals beyond profit, IM already started in the 90s with companies trying to capitalize their user-base with vendor lock-in... (ICQ, MSN, etc.). Sad, sad, sad.
Matrix[1] is trying to solve that issue, I'd highly recommend looking into it. I actually pipe most of my various "chat" networks (including WhatsApp) into it via bridges[2].
As you said, we in Europe are kind of forced to have WA installed, but at least you don't have to use it as your primary client if you don't want to. You can even deploy it to an Android VM and go completely headless, if you feel the need.
> As you said, we in Europe are kind of forced to have WA installed, but at least you don't have to use it as your primary client if you don't want to.
Haven't used WhatsApp for months and then only for a few days to talk to someone from US.
My friends were heavy WhatsApp users but we changed one group after another to Telegram after WhatsApp were brought.
Telegram is far from perfect though so I hope to move to Matrix within a few months.
I'm stepping out of my domain knowledge on this one to start a discussion, I hope to have my points corrected where I'm wrong. Another note, I'm not advocating for FB's methods I'm strictly interested in some cryptography aspects.
As I understand it, in order to have real end-to-end encryption (the real stuff, not some marketing term) each device has to generate a long set of keys and with each message sent, they cycle through to the next key. If WhatsApp is doing what it reports it's doing and it actually is end-to-end encrypted then the web application needs to use your phone because it needs that set of keys. I'm not sure if it specifically sends through your phone or if it sends via the webapp, but you have to use the keys in the correct order or the device you're contacting won't be able to decrypt the next message.
Yes, WhatsApp is doing encryption that is E2E between two devices. That's a good security model.
There's no particular reason that that has to be two phones though - could be desktop, wifi tablet etc.. That limitation is a result of a 'product' decision where your identity on WhatsApp is a mobile phone number. That decision was a big part of what allowed WhatsApp to scale quickly (people didn't need to create an account, just install the app and start messaging people whose numbers they had).
Exactly to the point: They can implement E2E encryption in-browser, on dedicated desktop apps, with supported routers, and basically anywhere. Even $5 microcontrollers can generate and use the same encryption protocol.
But they don't because modern phones have (semi-)secure enclaves that can hold encryption keys and protect them from most hacking attempts. Desktops and browsers lack this, so any conversation you have via these other platforms in the computing environments of 99.999% of the population (please spare me the 'I use qubes, so ha!' speech) has a much lower level of security/privacy. Since most people want conversation sync among the desktop and mobile versions this means your security drops to become the lowest common denominator among all platforms.
It can be done, but it shouldn't be done if you actually care about security or privacy.
- That mobile can also be false security as "0 days" are currently in the wild and mobile phones are typically always online
- Etc.
If you truly want security, there's a really compelling argument for live-booting a distro like https://tails.boum.org/ and then rebooting when you're done. On the other side there are compelling phones such as the Libre 5 (assuming there are no current 0 days).
Tails and purism phones are the same 'I run qubes' fantasy that I expressly ignored. No one uses these, and they are not going to ever use those systems. There are fewer 0-days and CVEs in the mobile environment and for at least the next five years or so the mobile environment will always be more secure than desktops. Right now the single biggest step any 'normal' person can take to secure their digital life is to throw out their desktop and live completely on mobile devices and consoles for gaming.
Unless you're buying a new flagship every 2 years you're probably not meaningfully more secure than you would be on a desktop. And buying a new flagship every two years is probably less realistic for most people than running purism or Tails. Those at least only will cost you time.
An additional product decision would be that I will assume headaches are caused if a user starts on desktop and then decides to move to mobile (Your PC must be on in order to use this mobile app!).
The real solution here is to generate a second key for (or securely transmit the original key to) the mobile device. Now the PC needs to be on to set up the second device. Once online they are completely independent.
However whatsapp currently assumes that each user has one (primary) device and only handles encryption and delivery to one device. It isn't impossible to fix (example Matrix) but it does require effort and slightly more server resources (you need to store messages for longer on average)
They could allow you to login without a smartphone using a SMS confirmation code, as many other services do. But I guess they consider dumbphone users with computers too much of a niche.
Everyone who uses WhatsApp has to have a phone. And so they can still receive and send SMS. That’s what I (in Germany) use for people who insist on using mobile-text communication.
Yes, same (also in Germany). I survive, can't complain too much, I prefer the advantages of not having a smartphone. But for example my neighbours have organized a WhatsApp group, which is nice, for stuff that goes on in the building and helping eachother out. There are lots of examples like that (parents groups at school, etc.) Another thing I'm noticing is that SMS is becoming less and less reliable, sometimes the messages not reaching the other part, particularly when changing country codes...
Can’t talk about unreliability, never had a problem with that. But for neighbors, a lot of people here (on average older and left-leaning) are on nebenan.de which is a nextdoor.com copycat. Unlike whatsapp it actually works on computers :)
> It is really absurd that instant messaging is not federated like email.
The joke is that it used to be. FB Messanger and Google Chat had XMPP hooks so you could talk to whatever other platform, Slack used to have an IRC integration, MSN/AIM/ICQ never tried too hard to get stop reverse-engineers from putting their protocols into all-in-one messengers... Then businesses realized the value of locking in users and becoming walled gardens.
As far as I know, Facebook Messenger's XMPP support was only exposed to clients (c2s), not to other XMPP servers (s2s). Microsoft's Lync (now known as Skype for Business) supported XMPP federation until 2019. WhatsApp's client protocol was originally based on XMPP. I'm reasonably sure that both AIM and Yahoo had XMPP server-to-server support ready around 2008, but can offer no proof.
In the UK I don't know a person without WhatsApp, pretty much everyone uses it. I don't know a single person who has signal.
If I say to a friend "I'll message you on WhatsApp" they will be like "ok great".
If I say to a friend "I'll message you on Signal" they will be like "What is that? Oh I have to download something? Don't you have WhatsApp? Screw it just send me a text."
So you can't really say "Apart from larger user base why do people use it?". It's like saying "Apart from an inability to breathe, why don't people live underwater?"
I just informed all my important contacts about the deletion of my whats app account per this message and told them my substitution.
All people who are important to me migrated. Some refused for a long time for no reason, but in the end installed a separate app alongside WA.
But I get your position: Judging by the amount of unfair usability and amount of third parties involved in any co.uk-domain, it appears to me that the common folk gives a shit about it over there. However, I wont get any site a visit who does the above. There are alternatives to gain information.
Well, that is surely by far the main reason anyone uses any messaging app. The majority of people don't care about features or even privacy, and use the app that everyone else is on. In Europe/the UK at least, that seems to be WhatsApp. Outside of techie people, if you ask someone to use something like Signal you'll be met with "why? I already have WhatsApp".
"larger user base" is an understatement; the difference is several orders of magnitude.
(on a personal level, I don't enjoy using WA, but it's necessary here unless you only communicate within a bubble of tech workers)
Signal UI is mediocre. I want it to succeed, but both WhatsApp and Telegram are simply a lot more convenient to use.
WA and Telegram have a pure web client when you want to quickly have access to your chats without installing anything.
If you decide to install the standalone clients you'll find that Telegram is vastly ahead of Signal. You can change the spellchecking language and add dictionaries, you have a lot more options for formatting messages (code blocks etc...), it deals better with multimedia content like inline audio, it's a lot faster and less resource-hungry.
The only reason I still bother with Signal is because I know that, in theory, from a security perspective it's the better of the three. In practice it's by far the worst though.
This post sums up my feelings exactly. Signal is objectively ugly and has quite a lot of display bugs that there's really no excuse for in a messaging app. Telegram is (subjectively) beautiful - they really nailed the UI - and is by far the nicest to use of the three. WhatsApp is both hideous and horrible to use. I wish I could drag people away from it, but even having had my WhatsApp status set to "WhatsApp is spyware, message me on Telegram" for the past 3 years, not a single person has switched.
You're right, I've come back 5 days later to correct myself. I've been using Signal a lot more in the last week and actually nearly all the things that I would say justified the use of the word "objectively" are now fixed. They were all bugs, rather than design choices - things like inconsistent padding, and a tiny unpadded input window when typing long messages. It's actually pretty nice now.
Well, in Zimbabwe because of the large user base WhatsApp got when it initially arrived (due to reduced charges, SMSs where about 15cents a pop then) around 2011-2012, the ISPs have effectively made it the only way to communicate economically by providing a "bundle".
Basically they offer you a drastically reduced price to only access WhatsApp, mostly text message without media at that. Compared to the data plan that can access the whole internet it is very very cheap to use just WhatsApp.
The cheapest WhatsApp bundle on the most popular network (Econet) is currently at around 51cents to text the whole week (65MB of data) vs the $13 for 8gigs. Granted the 8gigs is for a month but $13 is a big amount in this part of the world, and with regular data there's the aspect of discipline to not use all that data on youtube and other data hungry apps/websites.
The biggest reason is larger user base. But here are two things I do in WhatsApp that I can't do in Signal:
- Share live location. If I need to meet up with somebody, or let someone know how far away I am and when I'm arriving, I use share live location. "Share for 1 hour." In Signal you can share your location at a moment in time but it doesn't update.
- Broadcast messages ("mass text" basically). In WhatsApp I can send a message to a list of people without the people on the list seeing each other (to them it looks like I messaged them 1:1). In Signal I would have to use a group and all the members would see each other.
This can be an extremely useful feature at times, and is also E2E encrypted with a similar model to group chats (but modified to allow for lossy delivery).
> Broadcast messages
This is one of those interesting features that many people are completely oblivious to, don't use, and don't understand why anyone needs. Meanwhile, many other people use it constantly and simply can't live without it.
1. I'm on a few "mailing lists" that are delivered via WhatsApp, like "weekly one-minute sermon" type stuff.
2. I have a friends that are all into the same kind of music but don't know each other. I use broadcast to send them links to bandcamp, spotify, etc.
3. I have a broadcast list for my local friends. If I want to get rid of something or looking for something ("hey I'm getting rid of this, do you want it" [photo]) I use that list.
Yes, or sharing a joke, a recipe, a holiday photo etc. with friends and family that might not know each other. I don't use it often, but it's very convenient.
There was the same debate over Whatsapp vs Telegram clash.
The fact here is that network effects play a big role in these kind of business models.
Moreover think about the fact that whatsapp was one of the first entrants, and was bought by Mark Zuckerberg. Brand is another big player when we consider and analyse that competitive landscape...
Security is one of the most important factors nowadays, especially if we consider the data breaches number, that is increasing dramatically (600% since covid-19 outbreak). But are like p2p models, if there aren't many people to create traffic, it isn't worth it (for the moment at least). And in case of messaging apps these people must be your friends! (Word-of-mouth)
Do not misunderstand me, I am 100% for security and privacy, but here users are driven by other factors unfortunately.
I was able to get most of my family and friends I regularly message onto Signal. It has worked great for us. But then -- my circles are small and few, so it wasn't too hard. I saw no advantage of WhatsApp after getting them to install Signal.
I had Threema installed but not set up so your comment prompted me to set it up and I don't think they could have come up with a more confusing setup if they'd tried.
First screen asked me to wiggle my finger on the screen without offering any explanation. Second screen gave me a random string and told me that's my ID. Third screen asked me to add a password for Threema Safe, whatever that is. I then couldn't leave that screen at all because the on-screen keyboard covered over the next button, and the one big green button that was visible did nothing. Eventually I accidentally swiped and got to another screen that asked me what Threema Safe I wanted to use, like I have any idea what a Threema Safe is. After that it asked me to put in a username, even though I already have a Threema ID from several screens ago. Then it asked for my phone number. So now it has a Threema ID, a phone number and a username and I have to guess which of those is useful. Then it asked me to sync my contacts, I didn't do that. Finally, I got to a screen with a QR code, my nickname, my Threema ID, something asking me to Enter Code for Linked Number, and a Key Fingerprint. This thing bears only a passing resemblance to a messaging app.
Most of that setup I kind of understand, but then I'm the sort of person who reads HN. There is not a hope in hell of getting even 1% of the people I know to even make it through the setup process though.
Once inside, I apparently have one contact called ECHOECHO who, when I message them, repeat the message back to me. The messaging UI is slightly nicer than Signal and WhatsApp's though, but not as nice as Telegram's.
You're right, the UI maybe could have been a bit more intuitive.
However, the setup is far from rocket science and could easily be improved by the developers.
And yeah, it may only have 1% of users but thats's only because 95% have WA...
It's a choice about freedom and you have to start somewhere.
I converted more than 50% of my contacts to Threema - the rest has expensive phones but obviously no money to protect their privacy.
I bought Threema a few years ago, but have since replaced all the Google services on my phone with microG, which unfortunately means that Threema's licence verification doesn't work any more. Having such a hard dependency on proprietary Google software is a big minus in my book.
>(Threema) has the most secure encryption mechanism
Can you elaborate on that? How is it better than what Signal and Whatsapp use?
An awesome feature for me is this (from their FAQ):
The dots are an indicator for a contact's verification level. They don't affect the encryption strength, but are a measure for the probability, that the saved public key of a contact belongs indeed to that contact.
Level 1 (red): The ID and public key have been obtained from the server because you received a message from this contact for the first time or added the ID manually. No matching contact was found in your address book (by phone number or email), and therefore you cannot be sure that the person is who they claim to be in their messages.
Level 2 (orange): The ID has been matched with a contact in your address book (by phone number or email). Since the server verifies phone numbers and email addresses, you can be reasonably sure that the person is who they claim to be.
Level 2 (blue): This verification level is only available in Threema Work; it indicates that the Threema ID belongs to an internal company contact.
Level 3 (green): You have personally verified the ID and public key of the person by scanning their QR code. Assuming their device has not been hijacked, you can be very sure that messages from this contact were really written by the person that they indicate.
Level 3 (blue): This verification level is only available in Threema Work; it indicates that the Threema ID belongs to an internal contact whose ID and public key you have verified by scanning their QR code.
Why would you replace one centralized system for another? Every such system gets in trouble once it's too big (in terms of money and politically). Choose Matrix instead.
The thing with WhatsApp is that besides the largest user base (most important reason IMHO) it just works very well. I don’t know about Signal as I’ve briefly used it but why would anyone switch apart from us?
You can’t just convince the majority of the users with privacy arguments or even hypothetical extra features from Signal. Only if WhatsApp would introduce something really annoying (huge ads, fees, constant technical issues) people would start to move. But even Telegram which is so much better IMHO (albeit privacy by default isn’t better) will hardly be #1 ever if nothing of the above happens.
They charged $1/year “on paper” but never actually collected it. That would have been plenty of revenue for any normal people but they got greedy and realised their user’s private data was worth much much more.
"They" = Zuckerberg & his minions after acquiring Whatsapp and falsely promising that no, they wouldn't dare mining Whatsapp user data or -god forbid!- integrate WA's backend into FB's.
At scale, that dollar will go very far. Unmetered bandwidth is cheap if you look beyond the cloud providers and the majority of calls can be established directly (in fact WhatsApp does use UPnP to map ports presumably for direct connections) so you'd only ever use that bandwidth for texts/transient media uploads and the small percentage of calls that can't be established directly and need to be proxied through. WhatsApp doesn't store media long-term so storage requirements are also small.
How does P2P work if I send a video to a large group? It must be hosted centrally, unless my phone is constantly keeping track of who hasn't had the video yet, and uploading it.
The participant with the most bandwidth (and I guess since it's mobile devices, other factors can be taken into account like battery level, etc) becomes the host and receives video from everyone else, multiplexes it and then streams to all other participants. Unless you have 10+ people on the call, a typical home connection is sufficient. That's how Skype worked fine for a decade before Microsoft screwed it up.
But even if we assume WhatsApp should be multiplexing the streams on their end, unmetered bandwidth is cheap and again we aren't talking about 4k streams and hundreds of participants per call.
In this article, we are providing additional information to our users in the European Region.
What are the Facebook Companies?
WhatsApp is one of the Facebook Companies. The Facebook Companies include, among others, Facebook, Facebook Technologies, and WhatsApp, and together offer the Facebook Company Products.
Why does WhatsApp share information with the Facebook Companies?
WhatsApp works and shares information with the other Facebook Companies to receive services like infrastructure, technology, and systems that help us provide and improve WhatsApp and to keep WhatsApp and the other Facebook Companies safe and secure. When we receive services from the Facebook Companies, the information we share with them is used to help WhatsApp in accordance with our instructions. Working together allows us for example to:
Provide you fast and reliable messaging and calls around the world and understand how our Services and features are performing.
Ensure safety, security, and integrity across WhatsApp and the Facebook Company Products by removing spam accounts and combating abusive activity.
Connect your WhatsApp experience with Facebook Company Products.
Today, Facebook does not use your WhatsApp account information to improve your Facebook product experiences or provide you more relevant Facebook ad experiences on Facebook. We're always working on new ways to improve how you experience WhatsApp and the other Facebook Company Products you use. We'll keep you updated on new experiences we offer and our data practices.
What information does WhatsApp share with the Facebook Companies?
In order to receive services from the Facebook Companies, WhatsApp shares the information we have about you as described in the “Information We Collect” section of the Privacy Policy. For example, to provide WhatsApp with analytics services, Facebook processes the phone number you verified when you signed up for WhatsApp, some of your device information (your device identifiers associated with the same device or account, operating system version, app version, platform information, your mobile country code and network code, and flags to enable tracking of the update acceptance and control choices), and some of your usage information (when you last used WhatsApp and the date you first registered your account, and the types and frequency of your features usage) on WhatsApp’s behalf and in accordance with our instructions.
WhatsApp also shares information with other Facebook Companies when this is necessary for the purpose of promoting safety, security, and integrity across the Facebook Companies. This includes the sharing of information that enables Facebook and the other Facebook Companies to determine whether a certain WhatsApp user is also using other Facebook Company Products, and to assess whether the other Facebook Companies need to take action, either against such user or to protect them. For example, WhatsApp could share the information that is necessary to enable Facebook to also take action against an identified spammer on Facebook, such as information on the incident(s) as well as the phone number they verified when they signed up for WhatsApp or device identifiers associated with the same device or account. Any such transfer is carried out in accordance with the “Our Legal Basis For Processing Data” section of the Privacy Policy.
How is my WhatsApp information used by the Facebook Companies?
To receive services that will help WhatsApp operate, improve, and develop our business. When WhatsApp shares information with the Facebook Companies in these ways, the Facebook Companies act as service providers and the information we share with them is used to help WhatsApp in accordance with our instructions.
We share information with the other Facebook Companies as service providers. Service providers help companies like WhatsApp by providing infrastructure, technologies, systems, tools, information, and expertise to help us provide and improve the WhatsApp service for our users.
This enables us, for example, to understand how our Services are being used, and how it compares to usage across the Facebook Companies. By sharing information with the other Facebook Companies, such as the phone number you verified when you signed up for WhatsApp and the last time your account was used, we may be able to work out whether or not a particular WhatsApp account belongs to someone who also uses another service in the Facebook Companies. This allows us to more accurately report information about our Services and to improve our Services. So, for example, we can then understand how people use WhatsApp services compared to their use of other apps or services in the other Facebook Companies, which in turn helps WhatsApp to explore potential features or product improvements. We can also count how many unique users WhatsApp has, for example, by establishing which of our users do not use any other Facebook apps and how many unique users there are across the Facebook Companies. This will help WhatsApp more completely report the activity on our service, including to investors and regulators.
It also helps WhatsApp as we explore ways to build a sustainable business. For example, as we previously announced, we're exploring ways for people and businesses to communicate using WhatsApp, and this could include working with the other Facebook Companies to help people find businesses they're interested in and communicate with via WhatsApp. In this way, Facebook could enable users to communicate via WhatsApp with businesses they find on Facebook.
To keep WhatsApp and other Facebook family services safe and secure.
We share information with the other Facebook Companies in accordance with the “Our Legal Basis For Processing Data” section of the Privacy Policy, and vice versa, to help fight spam and abuse on our Services, help keep them secure, and promote safety, security, and integrity on and off our Services. So if, for example, any member of the Facebook Companies discovers that someone is using its services for illegal purposes, it can disable their account and notify the other Facebook Companies so that they can also consider doing the same. In this way, we only share information for this purpose in relation to users that have first been identified as having violated our Terms of Service or threatened the safety or security of our users or others, about which other members of our family of companies should be warned.
To keep WhatsApp and other Facebook Companies' services safe and secure, we need to understand which accounts across the Facebook Companies relate to the same user, so we can take appropriate action when we identify a user who violates our Terms of Services or presents a safety or security threat to others.
We do not share data for improving Facebook products on Facebook and providing more relevant Facebook ad experiences.
Today, Facebook does not use your WhatsApp account information to improve your Facebook product experiences or provide you more relevant Facebook ad experiences on Facebook. This is a result of discussions with the Irish Data Protection Commission and other Data Protection Authorities in Europe. We're always working on new ways to improve how you experience WhatsApp and the other Facebook Company Products you use. Should we choose to share such data with the Facebook Companies for this purpose in the future, we will only do so when we reach an understanding with the Irish Data Protection Commission on a future mechanism to enable such use. We'll keep you updated on new experiences we offer and our information practices.
Whose WhatsApp information is shared with the Facebook Companies for these purposes?
We share information for all WhatsApp users if they choose to use our Services. This may include those WhatsApp users who are not Facebook users because we need to have the ability to share information for all of our users, if necessary, in order to be able to receive valuable services from the Facebook Companies and fulfill the important purposes described in our Privacy Policy and this article.
In all cases, we share the minimum amount of information that is needed to fulfill these purposes. We also ensure that the information we share is up to date, so if you choose to update your WhatsApp phone number, for example, that number will also be updated by the members of the Facebook family who have received it from us.
Importantly, WhatsApp does not share your WhatsApp contacts with Facebook or any other members of the Facebook Companies for use for their own purposes, and there are no plans to do so.
What choices do I have about the Facebook Companies' use of my WhatsApp information?
You can always stop using our Services and delete your account through the in-app Delete My Account feature. Deleting your WhatsApp account will not affect your ability to continue using other apps and services offered by the other Facebook Companies, just as deleting your Facebook account, for example, will not affect your ability to continue using WhatsApp. Please see WhatsApp’s Privacy Policy for further information on what happens when you delete your WhatsApp account.
I've been resisting the Facebook (including WhatsApp) monopoly but at personal cost so I'm starting to capitulate. The network effect has been discussed at length already, but imagine if the phone system was controlled by a single company and you could only call customers of the same company!
For those living in the EU and UK (where GDPR still applies), has anyone had success with an Article 21 "right to object" request? For example, objecting to the sharing of data with Facebook when using WhatsApp. It is not an absolute right, it's supposed to be depending on individual circumstances so I expect there's lots of wiggle room for their DPO/legal team to refuse, or just stonewall. I'd love to be wrong, so please share...
> has anyone had success with an Article 21 "right to object" request
Facebook breaches the GDPR when it comes to data subject access requests and appears to get away with it: https://ruben.verborgh.org/facebook/ so Article 21 is likely to have the same outcome. Facebook (and other companies) also breach the GDPR with their non-compliant consent prompts (where you can't actually decline) when visiting their websites and also get away with it.
I have an empty Facebook profile and use Whatsapp all the time.
The friend suggestions on Facebook that I get are complete strangers.
I don't know how this works but none of my Whatsapp contacts ever appear as suggestions and none of the suggestions are people I ever knew.
In my case the only annoying thing is when male friends ask me in person if I have an Instagram account, it may have pooped as a recommendation because of this, and I categorically deny it... they obviously know that it's just for the thirst, but I deny it nonetheless.
I think Instagram has an option to not show your number and not to appear in recommendations, but I'm sure it doesn't work.
"promoting safety, security and integrity across the Facebook Company Products, e.g., security systems and fighting spam, threads, abuse, or infringement activities;"
This particular one is very open ended. Facebook's internal security team and it's external contractors have internal tools that use Facebooks App on people's phones to locate, block and alert if marked individuals are near company premises or high ranking executives.
Let's say you protest against Facebook outside their offices, they could look you up on Facebook, find your account and if you enter a zone near their office it will send them an alert. Similarly someone with access to the system can ping your phone anywhere in the world to find a location with only the very basic controls present to prevent it from happening. No doubt the internal teams expand that to include key executives, suppliers etc.
In theory they should be logged in to their own account to do this and not able to ping people in their immediate circles, in reality no doubt they could probably have a false account to bypass this. If you think about the power of this. Hundreds of people with limited oversight free to ping whomever they want as long as they can create a loose reason to do it. Remember when the Saudis were paying people with insider access at Twitter, you could imagine how much the ability of people to ping a FB user anywhere in the world is worth. Two billion users...The NSA can only dream of such access. From intelligence targets to lovers to competitors, hundreds of people have access to this data because of FB policies and tech.
At least with FB you don't have to have the app on the phone. WhatsApp is however essentially the new SMS, it's impossible not to avoid it...and now slowly slowly FB is retaking control.
No wonder Brian Acton has gone to Signal. The original vision of WhatsApp is rapidly being eroded by FB. Yes WhatsApp has e2e but slowly FB is being FB and looking for return on its investment.
How does it affect someone if they don't have Facebook account or even have the FB app installed? (i.e. someone using just WhatsApp.) Does FB still get my data via WhatsApp?
I suspected that might be/is the case - but I also read their privacy policy and they claim to provide end to end encryption, not store your messages after your device downloads it and I haven't seen any ads. So I was trying to figure if they're lying about the encryption or FB doesn't get any data apart from my contact list which presumably isn't encrypted end to end.
Honestly, all this is fine. So long as they don't scan the content - not because I care about that but because I act as if they have E2EE (which AFAIK from people I know at FB, they do) - I'm fine. After all, who I talk to isn't a big deal. I just don't want to be dragnetted into a drug bust because while I don't buy my drugs on WhatsApp I definitely discuss using them.
In my country WhatsApp is used for everything from talking to friends through setting up a date with your hairdresser to group activities like school parents groups.
There is an expectation that the information you share by someone having your number is very limited - the person that has your number can text you, yes, but they can't know about you, and you can limit the small amount of info you let through like your profile picture or your online state using privacy controls.
This expectation is completely removed when adding somebody's number to your contact list is enough for Facebook to do its magic and reveal the owner in your Facebook friends suggestions.
I've had it happen dozens of times, I start texting a tinder match and suddenly her profile is there in my suggestions. It's common for it to misfire and I end up being suggested the personal account of the owner of a business I bought something for. They don't even need to text you, you add the number to your phone's contact list and it's there.
Facebook needs to be broken apart, and we need a law that the data you share with an app can't be used for others period, even more so if they were separate businesses when you started using the service, and a change of policies is not enough - you might already be locked in.