WhatsApp isn’t the only messenger lacking cryptographic assurances for new group members. In 2022, a team that included some of the same researchers that analyzed WhatsApp found that Matrix—an open source and proprietary platform for chat and collaboration clients and servers—also provided no cryptographic means for ensuring only authorized members join a group. The Telegram messenger, meanwhile, offers no end-to-end encryption for group messages, making the app among the weakest for ensuring the confidentiality of group messages.
ParetoOptimalDev@lemmy.today
on 08 May 15:01
nextcollapse
Or simplex.chat where there are no identifiers like phone numbers or any other identifier.
Security review was done by trail of bits.
coconut@programming.dev
on 08 May 15:11
nextcollapse
Just use signal is not a valid statement in a world where vast majority of people aren’t using (and won’t use) it. I have been trying to get people to install it and have a total of 6 over several years. They only use it to communicate with me.
unexposedhazard@discuss.tchncs.de
on 08 May 15:15
collapse
Or P2P stuff like Briar :)
Sandbar_Trekker@lemmy.today
on 08 May 13:48
collapse
Highlighting the main issue here (from the article):
“This means that it is possible for the WhatsApp server to add new members to a group,” Martin R. Albrecht, a researcher at King’s College in London, wrote in an email. “A correct client—like the official clients—will display this change but will not prevent it. Thus, any group chat that does not verify who has been added to the chat can potentially have their messages read.”
threaded - newest
Duh, how else is Zuckerberg going to spy on you and sell your data back to you?
It’s not called Meta data by accident 🤣
If you want your group memberships to be known only by the group members, use Signal.
Or Matrix (warning some assembly required)
That study was 3 years ago, features to create private (invite only) group chats are supported now.
Are parts of matrix closed source?
How can matrix be insecure when it keeps locking me out of my own messages?
I actually found xmpp to be a breeze compared to most Matrix solutions.
Synapse is bloated, dendrite sucks and conduit is in perpetual beta and the uwu forks die too fast.
XMPP:
Just be sure to add only the people you want to be there. I’ve heard some people add others and it’s a bit messy
How bad can it be, it’s not like we’re sharing state secrets
We’re clean on OpSec
Or simplex.chat where there are no identifiers like phone numbers or any other identifier.
Security review was done by trail of bits.
Just use signal is not a valid statement in a world where vast majority of people aren’t using (and won’t use) it. I have been trying to get people to install it and have a total of 6 over several years. They only use it to communicate with me.
Or P2P stuff like Briar :)
Highlighting the main issue here (from the article):