What is traceability and why does WhatsApp oppose it?(faq.whatsapp.com) |
What is traceability and why does WhatsApp oppose it?(faq.whatsapp.com) |
If keeping end-to-end-encryption also happens to be in the interest of some faceless multinational corporation, we can use their resources in this fight.
We can go back to fighting Facebook once this is over.
People are so black and white. Don't think it's a new thing, but the internet has made it very popular to be black and white in our thinking.
I don't want to get into who's your enemy and your enemy's enemy and why, but in general the enemy of you enemy is only the enemy of your enemy. It can be your enemy too.
Lighthearted example: any competitive game between 3 or more players. There might be occasional alliances but everybody is the enemy of everybody else.
After player #1 is defeated, you have a good chance to defeat player #3 (because you’re #2, meaning you’re better player).
Player #3 joins this campaign in hope to defeat you, but also because they can get whatever second place gives.
That's not even an attempt at a dark pattern nudging you towards one option...it's just do you agree or do you agree.
Hard to trust companies that think that's how consent works...
And I'd be discussing said substance...if I could get to it without a gun-to-your-head consent
*************************
"Can WhatsApp work with law enforcement without traceability?
WhatsApp respects the important work law enforcement does to keep people safe. Our dedicated team reviews and responds to valid law enforcement requests. We respond to valid requests by providing the limited categories of information available to us, consistent with applicable law and policy. We also have a team devoted to assisting law enforcement 24/7 with emergencies involving imminent harm or risk of death or serious physical injury. We consistently receive feedback from law enforcement that our responses to requests help solve crimes and bring people to justice.
It’s also important to understand that depending upon the nature of their investigations, law enforcement officials have multiple investigative tools, and may obtain information from many sources, including different companies, other governments, or from users’ devices. More information about how we work with law enforcement can be found here."
*************************
Can Facebook clarify what these limited categories of information are? While reading this article I had the following reaction - Facebook would like to prevent traceability to preserve user privacy. That makes complete sense. Oh wait - they say they do have means of helping law enforcement and governments, wait a minute, in a fully encrypted system end to end how are they able to help governments in emergencies at all?
So my question here is that in a hypothetical scenario where terrorists are using whatsapp to coordinate an evil plot, which to most people would fit a scenario where Facebook can and should help the government - what is it that Facebook can do to help a government?
The only way I can see them being able to help the government is if they have the ability to selectively turn off end to end encryption for specific numbers (probably based on a warrant from a court). Will Facebook confirm if this is the case?
These types of laws exist to prevent monopolies being created after a M&A.
Whatsapp's acquisition was in fact investigated and approved both by relevant commissions in US and EU: https://en.wikipedia.org/wiki/United_States_antitrust_law
Sure, things like adding group video calling massively increased their costs, and they probably couldn't have done it without facebooks help, but without that they probably could have survived on 1 ad message per year, or on $0.50 per year (which they actually charged for a while).
Is how Facebook is trying to off-load cookie control onto the user's browser configuration anything close to compliant with law?
This is the only instance of a company I have seen not bothering with 'Accept' vs some other complicated choice dialog (and I only saw this because I was annoyed by WhatsApp forcing the TOS change and, lo, they seem to be forcing 'Allow all' for cookies too?)
If you have a keylogger on the device, you have lost. In other words, whether or not WhatsApp opposes traceability or not does not matter an iota.
Though to be fair: Most of us have that gap. I know I do. But they have the clout to override policy.
Don't expect someone to be sensible just because they're at the top somewhere.
That is the only way to guarantee that it really supports privacy.
The point however is that the government of India is forcing private corporations to break privacy related measures to suppress civil liberties.
I think if your information needs security, don't put that information on the internet.
All popular end-to-end encrypted messengers manage user's public keys for them. And usually provide the client code too. And may have unencrypted backups. And may have account recovery mechanisms that can be abused.
Each of those makes it easy for the user, but degrades security.
IANAL so I'm not sure whether expectations of privacy for letters are legally as strong as they are your own home, but it certainly seems possible...
This logic has been used to justify mass-surveillance and degrade encryption for national security and "protecting the children" narrative. The problem is that governments also use this as a way to suppress civil liberties.
What if the government declares a journalist uncovering a multi-billion arms deal scam or some human-rights violations as a terrorist ? In the eyes of the law this qualifies the government to acquire private messages. Why should the government have this power ? The hardcore terrorists and journalists know about encryption and will setup their public keys for encrypted communication. It's the common man who is affected by such stupid legislation.
If law enforcement comes with a warrant against a specific person of interest, then WhatsApp presumably has ways and means to pull all metadata associated with that person's account (which presumably includes all contacts, metadata about all messages sent/received - timestamp & other-party contact details, along with app metrics – IP addresses, mobile device/network information etc).
It would be same as a telephone network except for the actual content itself.
If they also have a way to eavesdrop on content by breaking end to end encryption (and users don't care when WhatsApp on their device says the other parties signature changed), there's that possibility that they could be under gag order to not acknowledge that.
For example:
who talks to whom
when a user comes online, is most active, and general traffic analysis patterns
what groups a user might be present in and how active they are
what are the type of contents of a specific message (image, text, video)
As other users have noted as well, it's unclear as to the data sharing agreements these large companies have with various government agencies. For example if an agency has data access to messages DB, what does end to end matter? End to end encryption usually means un-snoopable data in transit, not data at rest.
Could be extremely useful if you discover someone unreachable abroad is coordinating with people within your jurisdiction.
Of course, the metadata has always been more valuable than the exact content of your message, but it's always presented as a negligible detail.
If you're doing something sensitive, like smuggling drugs or talking to NSA whistleblowers, the difference between metadata vs data is the difference between "the government is looking for an excuse to put you in jail" vs "the government gets a conviction".
WhatsApp/signal style apps cannot be secure to this sort of attack. You would think now that a public mass attack has been successfully carried out (encrochat) people would get it. I don't know if it's submarine marketing or what but people think the current situation is just fine.
For instance the move away from screen passwords to biometric things like fingerprints had me thinking about the fact that from a police pov - if they have a suspect in custody, forcing the suspect to put their thumb on the phone is probably a lot easier than getting them to reveal their password.
Phrased another way, I find it hard to imagine that big companies are able to tell the state to take a hike and get away with it.
It is safe to say that if you are doing anything remotely of interest to the govt, you should not be using this tool.
How Github got rid of the cookie banner: https://github.blog/2020-12-17-no-cookie-for-you/
the entities affected were powerful in their own right, just happened to be in the opposition to the central govt in one case, and in another, a top media personality in opposition to Mumbai's state govt/police machinery.
Pass-codes and pass-phrases are protected under the 5th amendment, while biometrics are not.
The investigator will get a warrant for the biometric in question, refusing to comply is an offense.
isnt this not true?
e2e keys are not known to signal server like they are on whatsapp. also there are no serverside signal backups.
E2E keys are not known to WhatsApp's servers, and there are no server-side WhatsApp backups, either.
> The creators just sold it, private company, private service they could have sold it to anyone they wanted.
I understand and agree with your take now, but this sentence from your last comment seemed like a different line of thinking.
If a creator can just sell it to anyone because it's a private company, that's false and that's a different argument than the specifics of this case not triggering antitrust law.
WhatsApp being bought by Apple could have easily been construed as anticompetitive, so it wasn't just that a creator can sell a private company to anyone they want. (Also, Facebook Messenger could be a reason that Facebook's purchase of WhatsApp is anticompetitive, but neither service was as prevalent at the time).
- agreements between competitors, also referred to as horizontal conduct
- monopolization, also referred to as single firm conduct
I think this sale would still go through today as for FB still has messenger and Whatsapp as separate products and (arguably) still free. I havent thought about it Apple purchased it. I think that still may have gone through too unless they stopped the app working on Android.> WhatsApp’s six-month revenue for the first half of 2014 totaled $15.9 million and the company incurred a staggering net loss of $232.5 million, though the majority of that loss was for share-based compensation.
WhatsApp was always running on VC cash.
WhatsApp can actually be monetised successfully by a company like Facebook.
In my country (Argentina) it became a de-facto platform for selling for small businesses, grocery stores and restaurants. There are a couple of 3rd party e-commerce platforms that generate the order and then simply drop it through WhatsApp so you can continue through there and handle the payment manually.
... There are many ways in which WhatsApp could have explored making profits. Facebook simply made it stagnate.
Again, I ask why. It wasn't anti-competitve because the service still exists as a standalone service just with a different owner. I see what you are saying it just does not make any sense in terms of antitrust or anti-competitiveness
The social benefits of this type of thinking are too big to ignore for many people. You get to be a part of a group. (I'm going to skip any hand-wavey allusions to evolutionary psych because they don't really add much.)
I get the appeal. I'm just not always one of them. I'm sure I'm black and white on some things, but I always joke that my teamwork/togetherness gene is busted for the most part.
People see that and decide the rational choice is to vote for the candidate that they hate the least with the highest chance of driving, and third parties merge to form coalitions that actually have a chance of winning. Rinse and repeat until you only have two parties. (CPG Grey did a great video on this https://youtu.be/s7tWHJfhiyo)
Check out Ireland for how to set up a voting system that doesn't converge to two parties
I would suggest that this probably isn't the case. Since there is no requirement for a majority vote share in first past the post, the same results can be achieved by splitting parties. The parties have more targeted appeal, just enough to squeak past the other parties. This is the case in India, for example.
Is that true? It's certainly not the case in Germany, where we have ~6 relevant parties at the moment. I'm pretty sure other European nations, like Italy, often form their governments from multi party coalitions as well.
In the US I'd primarily blame the way votes are counted (majority of majorities). I'd expect other parties to rise to relevance if a different voting system was used, e.g. parties getting seats in the house of representatives proportional to their votes, instead of composing it from the winners of the individual districts (or a hybrid, like in Germany).
France is not a two party theater and suffers from the same thing.
Germany is not a two party theater and suffers from the same thing.
France was for a long time until recently though, the current situation is the exception.
I think the internet has made people more vocal but access to opposing and nuanced viewpoints has made a lot of people grey. I know that's the case for me, not sure if it encapsulates the majority.
Wish I had a good citation for you, but I do have an try-it-yourself guide on voting systems to link to: https://ncase.me/ballot/
It is; both the theoretical and empirical support for this being the effect of FPTP is overwhelming.
> They can be acheived by splitting other parties, but while Party A can choose to form a superparty eith Party B, it can’t choose to durably split Party C instead. Parties in FPTP will, to the extent that they can get away with it, funnel support to minor party candidates that will split the vote of their major opponent, but that’s a short-term tactical rather than long-term strategic maneuver.
> The parties have more targeted appeal, just enough to squeak past the other parties. This is the case in India, for example.
It’s really not, though India is complicated by being a federal system (which means a bunch of different electoral area with different and interacting party systems) and being in the middle of a long realignment from, at the national level, a dominant-party system under Congress (and looks a lot like at least temporarily to a dominant party system under BJP, again at the national level.)
In 2012, when the top two candidates have ~50% of the votes & four candidates total are above 10%?
In 2007, when the top two candidates have ~50% of the votes & four candidates total are above 10% (note: note the same parties)?
In 2002, when the top two candidates have ~35% of the votes and the loss of the leading left wing candidate was blamed on too many different left wing parties fielding candidates and getting votes?
In 2002, when the top two candidates have ~45% of the votes & four candidates total are above 10%?
Same thing for 1995, 1988, 1981.
In the last US presidential election, the top two candidates got a combined 98.17% of votes. The next candidate got 1.18%. This is a completely different situation.