On Du, 14 mar 21, 09:44:27, tomas@tuxteam.de wrote: > On Sat, Mar 13, 2021 at 06:42:01PM -0500, Stefan Monnier wrote: > > >> > I'll stick with Signal for now, at least it's something that I can > > >> > confidently recommend to people as "WhatsApp, but really > > >> > secure/private". > > >> I guess it's a bit more secure/private than whatsapp because you can see > > >> the code of the client, but AFAICT it's still just as centralized :-( > > > Since it's end-to-end encrypted I fail to see what major benefit > > > federation would bring for one-to-one communication and small private > > > groups. > > > > WhatsApp is also (presumably!) end-to-end encrypted, so that's not the > > only problem with it. > > > > The problem is also the metadata: it still leaves a centralized record > > of who sent what size of message to whom at what time and from which > > IP address. Federated services have metadata as well. If a particular communication involves two different servers now *both* servers will have all the metadata for that communication. The only *potential* benefit for privacy is to restrict your communication to only specific servers with privacy policies and/or in jurisdictions of your choosing, assuming there is one. Which significantly reduces the benefits of federation. As far as I can tell federation *for messaging services* is mostly good for resilience at the cost of all the interoperability issues it brings. https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217339450 For me it make more sense for a social network, where I can decide where to store my stuff or even host it myself (assuming an architecture similar to diaspora). > It's definitely more than just "dry" IP addresses: > > "In January 2021, WhatsApp announced update to Privacy Policy > which states that WhatsApp will share user data with Facebook and > its "family of companies" starting February 2021. Previously, > users could opt-out of such data sharing, but the new policy > removes this option. The new Privacy Policy does not apply > within EU, since it is illegal under GDPR." [1] > > Come on. Facebook shelled out short of 20 *billion* for Whatsapp in > 2014. Don't tell me it was just philantropy. For Mark Zuckerberg's > private hobby it's a tad too expensive -- the investors want to see > return. Some more juicy "user data" than just boring IP addresses > (esp. in times where the IPv6 is kind-of randomised anyway) must > be in for that deal. Certainly, which is exactly why I'm wary of WhatsApp. > > Hopefully they throw this information away ASAP, but I have no reason to > > presume that they do (e.g. even if they do intend to, someone hacking their > > server could collect that information without their knowledge). > > Throw away? At most they let it lying around on some cloud, but I > think FB can afford the pros to not botch it up so blatantly. Smaller > start-ups, though... With federation one would have to trust all server operators involved to do the right thing. So far Signal claims to have a pretty good track record. https://signal.org/bigbrother/ To be clear, far from me to claim Signal is perfect, it's just (in my not so humble opinion) the only *feasible* option to compete with WhatsApp, Telegram, Facebook Messenger, etc. And the only way it can reasonably compete is for us to bring in as many users as possible, even if it might not be *our* first choice. https://en.wikipedia.org/wiki/Network_effect As technically inclined users we already had Jabber with OTR. Matrix makes a lot of sense for organisations that want to run their own server. It might become an alternative to Signal for "regular" users at some point. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser
Attachment:
signature.asc
Description: PGP signature