You might have heard of the amazing “end to end encryption” support being touted from WhatsApp after yet another GDPR privacy breach
But Telegram, Signal and Whatsapp are NOT Secure, stop lying to yourself!
Understandinge ncrption
- Transit Encryption - Using things like SSL, TLS meaning that between you and the server, and from the server and your friends, there is a cryptographic tunnel to make sure that no one
- Data at rest - Messages in the database All encrypted?
This doesn’t stop big agencies nor the company itself from accessing your data, you’re no better than using a IRC server with TLS! Which by design you can host your self and have increased security. Such a project is DataBag
End to end Encryption LIES
THe biggest lie is all these apps claim E2EE (end to End encryption) but in reality all they do is provide you with TLS encryption.
Even if they DID use E2EE and such claims as “we do not see messages” how can this be acheived? It’s just a marketing scam/ploy as the majority of the population has no basic idea how computers work let alone the complexities of encryption.
For true E2ee you need to setup a key yourself, save the key somewhere and do a negotiation of private keys such as using a variety of standards OLM, OTR Let’s take Matrix as an example of how this actually works, when you first setup an account on element, you’re asked to save a key or file. This key/file contains the encryption keys for e2ee. If you (or someone else) logins on your mobile phone/web app in another browser/computer they will not be able to see the private messages, and will only see gibberish untill they enter the key,. If you forget the key, then all your previous conversations are gone.
In reality, whatsapp, telegram, don’t have true e2ee, just a fake version of it. Which is besides the point. Don’t fool yourself, signal is also not safe
Using another device
How can they automatically remake everything when you’re on another device? Where are the keys stored> This means that the keys are stored on their servers, meaningthat they can get access to them at anytime.
This is no longer encryption if you hand your keys to someone else!
If you don’t pay for it you are the product
Think about it, the days of IRC servers where they where administered PRO BONO by people/universities are gone. Nowadays it’s everything about money, these companies need huge investments in servers and people to code their often closed source code, keep the servers running, storage, etc. This costs money. If they provide the services for free, how is this possible? We’ll rarely hear the truth, sometimes we might hear about “donations” or “alternative ways using crypto”. But in reality, the product is you, your text, pictures, etc Signal says it’s a non-profit, OK, that might be so, but who donates, and are they abiding by the donators? IT costs $50.000.000 a year , I doubt all users
With whatsapp, it’s easy, it’s owned By Meta, Facebook. You’re under complete control. Telegram.. russia
Using open sorce does not mean safe and secure
Oftentimes, using open source, or releasing bits/pieces of apps as “open source” is not always true freedom
in [] The only way to have true encryption is to self host your own chat apps The easiest is to host yor own IRC Server Want to host your own website but without the hassle of hosting your VPS? Want secure system? Join ZenDenPen and own a slice of the internet!