this post was submitted on 30 Apr 2024
177 points (90.0% liked)
Technology
59534 readers
3195 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Does it have end to end encryption like iMessage or WhatsApp? No. The winners and the losers are clear to me.
more like Signal, which is superior to Whatsapp snd iMessage
Isn’t WhatsApp using Signal protocol? Isn’t also iMessage using post quantum computing cryptography like Signal?
I know Signal is superior privacy wise, but is not that used
Public-private key signing, using up to date cryptography. That's it. It's also "quantum safe", because all cryptography used by the public goes through peer review processes.
Microsoft as well as Meta have contracted Whisper Systems, but there's no way of guaranteeing that the signing process is functionally working or if it's been broken. If it's run server side, you have no clue. If it's run client side, there's still a question if the process hasn't been tampered with in some way.
Remember: there is no such thing as cryptography with a backdoor. At that point, it's just a secrets system.
WhatsApp does use the Signal protocol, but unlike Signal only applies it to Messages, Calls and Status.
Your profile info, who you're talking to, when you're using the service, groups you're in, channels you're following and much more is left unprotected intentionally.
For instance, Signal sends your profile end-to-end-encrypted instead of leaving it freely accessible on servers.