Anybody feels for discussing the actual meat of the post (consumer watchdogs actually threatening to sue Facebook) instead of discussing the alternatives or the lack of proper encryption in Telegram yet again?
I for one am very happy to see this, both because it might teach Facebook and others a valuable lesson about messing with European consumers and because I used to love the old Whatsapp.
In all fairness, the old WhatsApp did not have end to end encryption. And the partnership with Open Whisper Systems for implementing that has been announced after the acquisition announcement. It was probably planned in advanced, but it was developed and deployed during Facebook's ownership.
And I know that the old WhatsApp was promising privacy and a no ads business model, but you can't really promise privacy while unencrypted chat messages are flowing through your servers.
That said, Facebook can still violate people's privacy just by having access to the metadata and I hope such lawsuit will revert this decision, at least in the EU.
* Encryption is one possible response to the broader concern around what companies are doing with user data
* The broader concern, what are companies doing with our data, is often only spoken of from the consumer perspective. Consumers don't want liberties taken with their personal information, the nightmare scenario is that no one has privacy.
* From a business perspective: what should FB and WhatsApp do? People are accustomed to getting free services on the internet, it's been that way since the beginning, but these services have always cost someone something. It's not feasible to charge for most messaging services due to competitive reasons.
* On the one side we have a nightmare scenario that no one wants, on the other we have the realistic economics of providing a service. Is there a compromise where the consumers can trust the providers to not harm them while still allowing the providers to make money?
As an aside: Telegram is not, and never will-be, a secure platform as has been detailed on HN by cryptographic experts when the service first launched.
> From a business perspective: what should FB and WhatsApp do?
V e r y simple: stuck to the existing business model.
Or: if they really needed to make it free for consumers: their second idea, free for consumers, charge for business access (api etc). I was actually looking forward to that.
> As an aside: Telegram is not, and never will-be, a secure platform as has been detailed on HN by cryptographic experts when the service first launched.
Neither is twitter. I don't see any of you complain about how tweets are public for the world to see.
Telegram isn't a tool to defeat NSA, it is a tool to send stuff faster than email, with 100% less Facebook.
I can admit though that Telgrams marketing of their encryption has been at least borderline dishones.
> I can admit though that Telgrams marketing of their encryption has been at least borderline dishones.
So, 100% Facebook free with a company that is borderline dishonest in how it communicates about the things we can confirm... Why is that the better devil?
Look, the details of FBs operation are certainly not a concern for the consumers: the consumers have the right to get their privacy respected and there is no right FB can invoke to counter it.
The truth is that people do pay for messaging on the internet (email), just not the huge user base a popular free service can get.
As things stands, it does look like the only way to make lots of money out of huge user bases is by selling targeted ads, which in practice seems to be a rather unsavory business that shouldn't be trusted.
WhatsApp is free, popular and end to end encrypted. There is only one app that meets all those criteria, which is the one we're talking about.
WhatsApp is probably not that expensive to run but it's also not free, and acquiring the company certainly wasn't. So Facebook have found a way to combine end to end encryption with an ad-supported business model: use the social graph data and business integration to improve FB ads.
To me this seems like pure win: Facebook already had ads, so it's just a matter of them getting better. WhatsApp can be free for everyone in a sustainable way, instead of the western-iOS-users-get-to-pay-for-everyone model WhatsApp used before.
The habit EU governmental bodies have developed of constantly threatening internet companies whenever they change their products is meanwhile turning into noise: any impact it could have had has been lost because these cases are so often frivolous and/or can't actually demonstrate actual harm to anyone. More and more it looks like EU governments simply like bashing American companies, which probably looks free to them: free money and free voter love from the socialist side of the spectrum.
Going back to the question of what lesson to draw from this: there IS a downside, which is that in future tech companies will prefer not to set up offices in Europe at all, but they can't see that. "Set up shop and avoid punishment by being good" is no option because these judgements are so often extremely vague, unpredictable or simply contradict the need of a business to generate revenue to sustain itself. BTW good luck charging Germans for WhatsApp given how few of them have credit cards.
>To me this seems like pure win: Facebook already had ads, so it's just a matter of them getting better. WhatsApp can be free for everyone in a sustainable way, instead of the western-iOS-users-get-to-pay-for-everyone model WhatsApp used before.
In what way is that a win? Giving up my privacy to save $1/year? Please, I'll take privacy all day long.
As for EU governments "hating" American companies: BS. They're actually sticking up for user rights and privacy rights. Something I wish the US would do.
simple, facebook gives backdoor access to all their user's data to all governments. It's a win-win situation for facebook and every country FB operates in.
How reliable is Signal these days? I basically moved all my friends to Text Secure shortly after WhatsApp had been acquired by FB , but after some time we got constant problems of messages not being delivered, so we switched to Threema.
Seems to vary a lot, some people are totally happy, I regularly have issues (delayed messages, crashes, including one that prevents from using the desktop version). Just try it out.
This is not really related to WhatsApp but I feel like it was also a mistake of Oculus VR to be bought by facebook. When I first read it, I thought that VR in general took a big hit, and I still think that, simply because the motives and incentives of facebook are not aligned with that kind of stuff.
There is a lot of hype over encrypted chat programs.
Telegram's encryption is not end-to-end unless you opt into "Secret Chats"[1] and many claim their crypto is not secure[2,3] as they rolled their own[4].
The latest Google chat app Allo also backed away from defaulting to end-to-end encryption for all messages as it lessens the quality of their auto-assistant[5].
The Axolotl protocol (developed by Moxie and Trevor[6]) is available in Signal and was later adopted by WhatsApp. Signal has far fewer features than other chat applications, and people aren't clamoring much about it; I would guess because many people place features > crypto.
Wire (wire.com) uses this protocol as well[7].
WhatsApp being part of Facebook has already called into question their handling of privacy[8], the feature they were originally advertising as their main strength.
And in case @m0xie complains that we should call it the "Signal Protocol":
No one will call it that as long as you claim that Signal is trademarked, and threaten legal action against projects using that name.
The LibreSignal issue, where you behaved worse than a kindergarten child (and I know, I volunteered to work some weeks in a kindergarten a few years ago) is still in memory for most people.
Given that it's not multiplatform it's kind of irrelevant. It's not a replacement for any of the others. I mean, yay for better encryption, but it's not going to help anyone on Whatsapp today.
It isn't about securely sharing highly sensitive material, but enabling verifiable privacy of typical communications. For example (hypothetically) me discussing cancer with a family member, or financial information, or (in countries where there is government oversight) organizing protests.
If not using a secure end-to-end encryption method such as chat, what do you recommend?
Email providers such as ProtonMail provide the same but in the form of email. Telephone calls are not secure, and neither are text messages.
For the things I post on Telegram I don't care about crypto but rather about a good desktop client, features months ahead of Whatsapp, nice niche communities, bots (including the hn bot which is really nice to see all things that have been voted above a configurable threshold during the day.)
Now that I think of it a lot of what I use it for is as a RSS and twitter replacement: subscribing to channels and groups, occasionally posting harmless stuff.
Wire[1] is also an excellent option. Unlike Open Whisper Systems they wont hang you from a tree for building a third party app. Signal wont work without Gapps or Google Play Services on your Android phone and Google Chrome for desktop.
Signal is pseudo-open-source but will not allow you to use it except via the closed-source google play services, so I still wouldn't have confidence in it.
And wherefrom can you get Signal except for the Google Play store? I was looking for it a while ago to install on my phone but only found two other projects which were threatened by moxie and then shut down.
If you've used Telegram for a while you will notice that in practice no one uses secret chats because these chats don't sync between devices. Your "non-secret" chats are readable by Pavel and anyone he wishes to share them with. I guess it's fine if you trust Pavel's good intentions. I don't[1].
WhatsApp is Facebook. They're basically just two applications from the same company now. Are we going to have a ruling that data can't be passed from Lync to Skype in Microsoft, or from GMail to Googles Ad network?
Just because corporate policy in 2014 was they would be completely separate doesn't mean that in 2016 that is now seen as a good idea (for them). Facebook makes money off your data, it was pretty obvious this was going to happen eventually.
I do not understand the rage about this from people who know they're the same company.
Because they are not the same company. They were specifically kept as separate companies and the deal at the time would have probably been stopped by law enforcement, if it wouldn't have been this way.
The data facebook gets from whatsapp is mostly the directed connectivity graph (and the intensity of each edge). That's data that, in the vast majority of e2e setups, any 3rd party with visibility to the network traffic will be able to see.
I for one am very happy to see this, both because it might teach Facebook and others a valuable lesson about messing with European consumers and because I used to love the old Whatsapp.