Jump to content

Is WhatsApp a solid secure messaging platform?

IR760
By IR760
in Programs, Apps and Websites
 Share
Go to solution Solved by SansVarnic,

Ater some searching here is what I found ... using Toms hardware recommendations for most secure messaging.

 

1. Signal

2. telegram

3. session

4. whatsapp

5. briar

6. viber

 

2 minutes ago, IR760 said:

yeah i don't understand snap chat as while the messages "disappear" for the users, they are not encrypted in the slightest basically and can be stored on their servers.

Both parties being online is a good shout but I can't imagine it will be widely adopted so I will look into Signal. 

As for being actually monitored or searched for me its not about that its just having privacy on the internet regardless of what it is for the parts i can control

no I would not recommend but was more of a remanence than suggestion. never use the app myself.

Posted

Hello, to begin the reason I am leaning towards WhatsApp right now is that its the most convenient as all of my friends and family use it.

In terms of features I have no issues and I love it. 


As for security here is what I think WhatsApp does and would like to confirm.
WhatsApp will collect Metadata such as Who, When and Where you are messaging.

 

But the actual messages and media you send is just between you and the devices you are writing to as long as they are not infected on their end.

 

Is Whats App a fine messaging platform?

 

My big issue with switching to something like Telegram or Signal (Which i currently do not know the difference) is that I would need to get all of my friends and family to switch too so I believe WhatsApp is fine for now but if you can confirm or deny or add what I know please do so as I like to make progress with my digital privacy each day. 

Link to post
Share on other sites
Posted

Being whatsapp is owned by facebook (meta) I wouldn't trust it. . .

COMMUNITY STANDARDS   |   TECH NEWS POSTING GUIDELINES   |   FORUM STAFF

LTT Folding Users Tips, Tricks and FAQ   |   F@H & BOINC Badge Request   |   F@H Contribution    My Rig   |   Project Steamroller

I am a Moderator, but I am fallible. Discuss or debate with me as you will but please do not argue with me as that will get us nowhere.

 

Spoiler

Character is like a Tree and Reputation like its Shadow. The Shadow is what we think of it; The Tree is the Real thing.  ~ Abraham Lincoln

You have enemies? Good. That means you've stood up for something, sometime in your life.  ~ Winston Churchill

Reputation is a Lifetime to create but takes only seconds to destroy.

Docendo discimus - "to teach is to learn"

 

  

 CHRISTIAN MEMBER 

 
 
 
 
 
 

 

Link to post
Share on other sites
Posted
  • Author
2 minutes ago, SansVarnic said:

Being whatsapp is owned by facebook (meta) I wouldn't trust it. . .

I understand that but what I am going for is there any way that we can confirm that the media and messages are end to end encrypted? If so then I currently do not mind the Meta data i listed but if you would suggest an alternative and why please do so as I am currently locked to WhatsApp with my friends and family so I can not transition yet until I have researched thoroughly into a good alternative I can push? 

Link to post
Share on other sites
Posted

@IR760 I use SMS, Teams and Slack. with all the other 3rd party so called e2e encryption and later showing to have back doors I just don't use them, beside what are family & friends doing you need e2e for anyhow? 🤔

COMMUNITY STANDARDS   |   TECH NEWS POSTING GUIDELINES   |   FORUM STAFF

LTT Folding Users Tips, Tricks and FAQ   |   F@H & BOINC Badge Request   |   F@H Contribution    My Rig   |   Project Steamroller

I am a Moderator, but I am fallible. Discuss or debate with me as you will but please do not argue with me as that will get us nowhere.

 

Spoiler

Character is like a Tree and Reputation like its Shadow. The Shadow is what we think of it; The Tree is the Real thing.  ~ Abraham Lincoln

You have enemies? Good. That means you've stood up for something, sometime in your life.  ~ Winston Churchill

Reputation is a Lifetime to create but takes only seconds to destroy.

Docendo discimus - "to teach is to learn"

 

  

 CHRISTIAN MEMBER 

 
 
 
 
 
 

 

Link to post
Share on other sites
Posted

Even if WhatsApp messages are truly end-to-end encrypted, we don't know the specifics of said encryption - it might be implemented with backdoors or attack scenarios in mind. And it definitely hosts messages (albeit encrypted) on Meta servers, because you don't need your contact to be online to receive your message - cool private encrypted apps don't do that, they require both communicants to be online.

Yes, I had an account here before. Do not ask me about something related to current political events in the part of the planet I live in - I wouldn't answer that for my own sake and safety. Feel free to address me with any other kind of questions.

Link to post
Share on other sites
Posted
  • Author
1 minute ago, SansVarnic said:

@IR760 I use SMS, Teams and Slack. with all the other 3rd party so called e2e encryption and later showing to have back doors I just don't use them, beside what are family & friends doing you need e2e for anyhow? 🤔

I have no issue with you using what you want but I am curious on why you openly have your communications visible such as regular SMS. As for why I need End to End its just natural to want to have some privacy especially for any sensitive topics or media.

You shut the door when using the bathroom even though you are doing nothing bad. (Unless you stink XD)

Link to post
Share on other sites
Posted
  • Author
2 minutes ago, Eviljuche said:

Even if WhatsApp messages are truly end-to-end encrypted, we don't know the specifics of said encryption - it might be implemented with backdoors or attack scenarios in mind. And it definitely hosts messages (albeit encrypted) on Meta servers, because you don't need your contact to be online to receive your message - cool private encrypted apps don't do that, they require both communicants to be online.

Ah okay I see so do you have any particular alternatives you recommend with a better chance of genuine End to end encryption? 

Link to post
Share on other sites
Posted
1 minute ago, IR760 said:

I have no issue with you using what you want but I am curious on why you openly have your communications visible such as regular SMS. As for why I need End to End its just natural to want to have some privacy especially for any sensitive topics or media.

You shut the door when using the bathroom even though you are doing nothing bad. (Unless you stink XD)

if I have a need for sensitive conversation, I'm not using typed communication.

COMMUNITY STANDARDS   |   TECH NEWS POSTING GUIDELINES   |   FORUM STAFF

LTT Folding Users Tips, Tricks and FAQ   |   F@H & BOINC Badge Request   |   F@H Contribution    My Rig   |   Project Steamroller

I am a Moderator, but I am fallible. Discuss or debate with me as you will but please do not argue with me as that will get us nowhere.

 

Spoiler

Character is like a Tree and Reputation like its Shadow. The Shadow is what we think of it; The Tree is the Real thing.  ~ Abraham Lincoln

You have enemies? Good. That means you've stood up for something, sometime in your life.  ~ Winston Churchill

Reputation is a Lifetime to create but takes only seconds to destroy.

Docendo discimus - "to teach is to learn"

 

  

 CHRISTIAN MEMBER 

 
 
 
 
 
 

 

Link to post
Share on other sites
Posted
  • Author
3 minutes ago, SansVarnic said:

if I have a need for sensitive conversation, I'm not using typed communication.

Fair enough but it is difficult when the person is far away or if you are referring to phone calls then even then they may be monitored or recorded. 

 

Also even if it is not sensitive it is still nice to have privacy in general and mass surveillance should not be made the norm.

Link to post
Share on other sites
Posted
9 minutes ago, IR760 said:

Fair enough but it is difficult when the person is far away or if you are referring to phone calls then even then they may be monitored or recorded. 

Tapping phone calls is more difficult these days so phone calls have in a way become more secure than text messaging by a degree. But regardless though, we are incidentally getting away from your question, I'm sorry as that's my fault.

 

Skype used to be true end2end encrypted coms but sadly it was unended by Microsoft.

I dont have any good suggestions myself and I wish I did as each time I thought I found one it was discovered to not have it. And then the EU decided to make rules about back door access integration so honestly I have no idea anymore who does an doesn't have true e2e encryption anymore.

 

*edit

I will say this, the Samsung sms app was partly encrypted which is why I still use it and refuse to switch to googles rcs sms app, its known to not be encrypted and google has it back door.

 

COMMUNITY STANDARDS   |   TECH NEWS POSTING GUIDELINES   |   FORUM STAFF

LTT Folding Users Tips, Tricks and FAQ   |   F@H & BOINC Badge Request   |   F@H Contribution    My Rig   |   Project Steamroller

I am a Moderator, but I am fallible. Discuss or debate with me as you will but please do not argue with me as that will get us nowhere.

 

Spoiler

Character is like a Tree and Reputation like its Shadow. The Shadow is what we think of it; The Tree is the Real thing.  ~ Abraham Lincoln

You have enemies? Good. That means you've stood up for something, sometime in your life.  ~ Winston Churchill

Reputation is a Lifetime to create but takes only seconds to destroy.

Docendo discimus - "to teach is to learn"

 

  

 CHRISTIAN MEMBER 

 
 
 
 
 
 

 

Link to post
Share on other sites
Posted
  • Author
2 minutes ago, SansVarnic said:

Tapping phone calls is more difficult these days so phone calls have in a way become more secure than text messaging by a degree. But regardless though, we are incidentally, I'm sorry as that's my fault we are getting away from your question.

 

Skype used to be true end2end encrypted coms but sadly it was unended by Microsoft.

I dont have any good suggestions myself and I wish I did as each time I thought I found one it was discovered to not have it. And then the EU decided to make rules about back door access integration so honestly I have no idea anymore who does an doesn't have true e2e encryption anymore.

 

No problem I am interested by the points you raised and I agree, yes sadly it may be vague now but I won't stop looking for the best out of a bad situation but I will try to get away from WhatsApp. If you or anyone thinks of any suggestions please say so and why. 

I must say using phone calls rather than typed communication being more secure is something I didn't really think about thank you. I know it's obvious but It didn't click with me until just now as I never thought about it XD

Link to post
Share on other sites
Posted
Just now, IR760 said:

Ah okay I see so do you have any particular alternatives you recommend with a better chance of genuine End to end encryption? 

There are solutions, but most of them aren't user-friendly, and all the apps suck. The most extreme privacy oriented solutions don't do any server hosting, so, as I mentioned before, for the message to arrive, the recipient should be online. Those solutions are SimpleX or Tox-based apps (Tox is a technology that has multiple implementations. If you're fine with your messages being stored somewhere, but not at Meta, use XMPP/Jabber communication technology. For that you would need to find yourself a provider that would store your messages (pick among the smaller ones, from nations with not-so-draconian laws), those are usually free and ran by enthusiasts, register an account (similar to e-mail), get yourself an app (Conversations is the most popular one for Android and Monal is the go-to for iOS, but both are flawed and have terrible UI), log in with your account, and, after starting a chat, turn on the OMEMO encryption (lock icon), and you're good to go. Keep in mind that whatever solution you use, your ISP still has the ability to monitor your traffic and can, in theory, bypass any encryption with enough hassle, but that's a spy thriller movie scenario kind of thing

Yes, I had an account here before. Do not ask me about something related to current political events in the part of the planet I live in - I wouldn't answer that for my own sake and safety. Feel free to address me with any other kind of questions.

Link to post
Share on other sites
Posted
  • Author
1 minute ago, Eviljuche said:

There are solutions, but most of them aren't user-friendly, and all the apps suck. The most extreme privacy oriented solutions don't do any server hosting, so, as I mentioned before, for the message to arrive, the recipient should be online. Those solutions are SimpleX or Tox-based apps (Tox is a technology that has multiple implementations. If you're fine with your messages being stored somewhere, but not at Meta, use XMPP/Jabber communication technology. For that you would need to find yourself a provider that would store your messages (pick among the smaller ones, from nations with not-so-draconian laws), those are usually free and ran by enthusiasts, register an account (similar to e-mail), get yourself an app (Conversations is the most popular one for Android and Monal is the go-to for iOS, but both are flawed and have terrible UI), log in with your account, and, after starting a chat, turn on the OMEMO encryption (lock icon), and you're good to go. Keep in mind that whatever solution you use, your ISP still has the ability to monitor your traffic and can, in theory, bypass any encryption with enough hassle, but that's a spy thriller movie scenario kind of thing

Interesting solutions but unfortunately I can't imagine the average user adopting specialist messaging techniques. As for the ISP thing yeah I tend to have a VPN connected from a reasonably trusted source such as Proton and I much rather it goes there than unknown places and potentially many vendors. 

Thank you for the suggestions. 

Link to post
Share on other sites
Posted
42 minutes ago, SansVarnic said:

Being whatsapp is owned by facebook (meta) I wouldn't trust it. . .

My bachelor end project was actually to create a secure communication network. Of course, our team wanted to go overkill the nerds we are and simple end-end encryption wasn't enough. 

 

So we started to look at what was done in practice by existing providers of said secure communications networks. And WhatsApp was actually the most secure at the time of our research (2 years ago). In short, if someone were to crack the servers of Meta they would NOT be able to retrieve anything meaningful. If someone were to make a man-in-the-middle attack, there would NOT be able to retrieve anything meaningful.

 

So unless Whatsapp downgraded their algorithm in the meantime, yes it is perfectly secure.

Main machine:  Ryzen 9 9950x3D - Gigabyte GeForce RTX 5070ti OC 16GB  - Gigabyte X870E AORUS ELITE WIFI7 - 64GB DDR5 6000MHz CL30 - Seasonic FOCUS GX-1000 ATX3.1 - Lancool 207 digital - Artic liquid freezer III Pro - 2 x 27" AOC Q27G4X - WD SN850X 2TB - 2 x WD SN770 2TB

Remote client:  Razer Blade 15 (2020) base - i7 10750H - GeForce RTX 2060 - 16GB DDR4 3000MHz (only used for decoding streams from main machine)

 

 

Link to post
Share on other sites
Posted
  • Author
1 minute ago, ArnoG said:

My bachelor end project was actually to create a secure communication network. Of course, our team wanted to go overkill the nerds we are and simple end-end encryption wasn't enough. 

 

So we started to look at what was done in practice by existing providers of said secure communications networks. And WhatsApp was actually the most secure at the time of our research (2 years ago). In short, if someone were to crack the servers of Meta they would NOT be able to retrieve anything meaningful. If someone were to make a man-in-the-middle attack, there would NOT be able to retrieve anything meaningful.

 

So unless Whatsapp downgraded their algorithm in the meantime, yes it is perfectly secure.

Interesting do you know where I could look into these practices by WhatsApp and others please?

Link to post
Share on other sites
Posted
1 minute ago, IR760 said:

the ISP thing yeah I tend to have a VPN connected from a reasonably trusted source such as Proton

That's mostly VPN marketing. Your ISP still knows what data you are sending to a VPN, and what data are you getting from there, and it can, in theory, read that and guess what you were doing online - they even have the whole technology for reading users data - Deep Packet Inspection - and many countries across the world demand the ISPs to implement it, US included

Yes, I had an account here before. Do not ask me about something related to current political events in the part of the planet I live in - I wouldn't answer that for my own sake and safety. Feel free to address me with any other kind of questions.

Link to post
Share on other sites
Posted
3 minutes ago, IR760 said:

Interesting do you know where I could look into these practices by WhatsApp and others please?

We found it simply by doing a few Google searches, stumbling on articles and official posts on the whatsapp website. Back then it used the Signal protocol with a mix of other things.

But I have to say, while the algorithm might be very secure. Nothing assures you WhatsApp implemented it correctly, and didn't make a mistake leaving a backdoor for potential hackers. So this is an important disclaimer, if you would for example discuss war plans on Whatsapp as some presidents like to do.

Main machine:  Ryzen 9 9950x3D - Gigabyte GeForce RTX 5070ti OC 16GB  - Gigabyte X870E AORUS ELITE WIFI7 - 64GB DDR5 6000MHz CL30 - Seasonic FOCUS GX-1000 ATX3.1 - Lancool 207 digital - Artic liquid freezer III Pro - 2 x 27" AOC Q27G4X - WD SN850X 2TB - 2 x WD SN770 2TB

Remote client:  Razer Blade 15 (2020) base - i7 10750H - GeForce RTX 2060 - 16GB DDR4 3000MHz (only used for decoding streams from main machine)

 

 

Link to post
Share on other sites
Posted
  • Author
2 minutes ago, Eviljuche said:

That's mostly VPN marketing. Your ISP still knows what data you are sending to a VPN, and what data are you getting from there, and it can, in theory, read that and guess what you were doing online - they even have the whole technology for reading users data - Deep Packet Inspection - and many countries across the world demand the ISPs to implement it, US included

Interesting but how would they see the data when the should only be able to see me connecting to the VPN Server and meta data of that specific connection? not much else such as the websites I visit after?

 

Link to post
Share on other sites
Posted
  • Author
1 minute ago, GNULINUXPRO said:

It is Proprietary software. By default it cannot be trusted unless you can see the source code. Use simplex or session instead if you care about privacy, anonymity, and free software.

Interesting I'll look into it thank you

 

Link to post
Share on other sites
Posted
  • Author
1 minute ago, ArnoG said:

We found it simply by doing a few Google searches, stumbling on articles and official posts on the whatsapp website. Back then it used the Signal protocol with a mix of other things.

But I have to say, while the algorithm might be very secure. Nothing assures you WhatsApp implemented it correctly, and didn't make a mistake leaving a backdoor for potential hackers. So this is an important disclaimer, if you would for example discuss war plans on Whatsapp as some presidents like to do.

Good points ill look into Signal perhaps thank you and Ill find out on some of those articles you found. 

Link to post
Share on other sites
Posted

In the grand scheme, unless your specifically being targeted, the chances of your messaging being monitored are slim to start. P2P is your best option too but to set that up is rather annoying and it's hard to find in most settings nowadays.

 

I recall there used be (was it snap chat?) messages were sent and auto deleted after a short time but the app evolved to allow messages to be retrieved instead of auto-deleted. It is sad it happened as that is true p2p coms as messages aren't kept on servers and both parties have to be online at the same time.

COMMUNITY STANDARDS   |   TECH NEWS POSTING GUIDELINES   |   FORUM STAFF

LTT Folding Users Tips, Tricks and FAQ   |   F@H & BOINC Badge Request   |   F@H Contribution    My Rig   |   Project Steamroller

I am a Moderator, but I am fallible. Discuss or debate with me as you will but please do not argue with me as that will get us nowhere.

 

Spoiler

Character is like a Tree and Reputation like its Shadow. The Shadow is what we think of it; The Tree is the Real thing.  ~ Abraham Lincoln

You have enemies? Good. That means you've stood up for something, sometime in your life.  ~ Winston Churchill

Reputation is a Lifetime to create but takes only seconds to destroy.

Docendo discimus - "to teach is to learn"

 

  

 CHRISTIAN MEMBER 

 
 
 
 
 
 

 

Link to post
Share on other sites
Posted
  • Author
Just now, SansVarnic said:

In the grand scheme, unless your specifically being targeted, the chances of your messaging being monitored are slim to start. P2P is your best option too but to set that up is rather annoying and it's hard to find in most settings nowadays.

 

I recall there used be (was it snap chat?) messages were sent and auto deleted after a short time but the app evolved to allow messages to be retrieved instead of auto-deleted. It is sad it happened as that is true p2p coms as messages aren't kept on servers and both parties have to be online at the same time.

yeah i don't understand snap chat as while the messages "disappear" for the users, they are not encrypted in the slightest basically and can be stored on their servers.

Both parties being online is a good shout but I can't imagine it will be widely adopted so I will look into Signal. 

As for being actually monitored or searched for me its not about that its just having privacy on the internet regardless of what it is for the parts i can control

Link to post
Share on other sites
Posted
  • Solution

Ater some searching here is what I found ... using Toms hardware recommendations for most secure messaging.

 

1. Signal

2. telegram

3. session

4. whatsapp

5. briar

6. viber

 

2 minutes ago, IR760 said:

yeah i don't understand snap chat as while the messages "disappear" for the users, they are not encrypted in the slightest basically and can be stored on their servers.

Both parties being online is a good shout but I can't imagine it will be widely adopted so I will look into Signal. 

As for being actually monitored or searched for me its not about that its just having privacy on the internet regardless of what it is for the parts i can control

no I would not recommend but was more of a remanence than suggestion. never use the app myself.

COMMUNITY STANDARDS   |   TECH NEWS POSTING GUIDELINES   |   FORUM STAFF

LTT Folding Users Tips, Tricks and FAQ   |   F@H & BOINC Badge Request   |   F@H Contribution    My Rig   |   Project Steamroller

I am a Moderator, but I am fallible. Discuss or debate with me as you will but please do not argue with me as that will get us nowhere.

 

Spoiler

Character is like a Tree and Reputation like its Shadow. The Shadow is what we think of it; The Tree is the Real thing.  ~ Abraham Lincoln

You have enemies? Good. That means you've stood up for something, sometime in your life.  ~ Winston Churchill

Reputation is a Lifetime to create but takes only seconds to destroy.

Docendo discimus - "to teach is to learn"

 

  

 CHRISTIAN MEMBER 

 
 
 
 
 
 

 

Link to post
Share on other sites
Posted
1 minute ago, IR760 said:

Interesting but how would they see the data when the should only be able to see me connecting to the VPN Server and meta data of that specific connection? not much else such as the websites I visit after?

 

Well, when you visit a website, you send the data to it (queries to load something, text that you type in there, files you send), and you get data from it (the webpage that loads into your browser itself, the media, streams, etc), and the only thing VPN does about that is being a middleman with a different IP address through which all of the data bounces. The ISP can just look at this data and deduce its actual origin, destination, and purpose. Not that they usually care, but it is doable. 

Yes, I had an account here before. Do not ask me about something related to current political events in the part of the planet I live in - I wouldn't answer that for my own sake and safety. Feel free to address me with any other kind of questions.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programs, Apps and Websites

×