[MrsPeaches]

Simple explanation would be that activists use Signal. [1]

They don't trust WhatsApp and rely on Signal for secure messaging. Blocking Signal means they are able to target activists without impacting much of the rest of the population.

[1] Many of the people I know who are activists in countries where they need to protect their identities use Signal

[admax88q]

I wouldn't trust whatsapp even before this revelation.

I would never trust a closed source messaging app if I was an activist, regardless of what encryption they claim to implement.

[hiram112]

I wouldn't trust anything owned by Facebook. Period.

[javajosh]

The security of a system is only as strong as it's weakest link, which in this case is the system software (OS and drivers) and hardware. Imagine that baseband-hardware has been fitted with a backdoor that simply says "encrypt all textual input and send to this address". Even better to piggy back to a well-known endpoint, like Facebook, then compromise that (which is easy if you're a state actor). The only thing that really saves us is that it's just too much data! (Well, that and the fact that most of us are happily playing the games of commerce, and not particularly interesting to state security services.)

[afshinmeh]

Good point. At least as a technical person, I would like to use an open-source messaging application.

Of course I'm not going to read the source code but at least I'm sure developers behind the app do not open a backdoor for someone else.

[xorcist]

The mobile space is tricky. A source code dump doesn't really do much beyond "trust us, this is what you get from App Store too". You also need the possibility to build the software yourself, which include things like API keys, before we're close to what assurances open source software used to give us.

[derefr]

The nice thing about a FOSS mobile app is that you can (in theory, at least) sideload it. A covert operation could just gather up everyone's devices, build a fresh copy of the app, and then sideload that copy for everybody.

Of course, for that to be feasible, the network architecture of the app must not require API keys—and so must either be purely peer-to-peer, or involve a FOSS server component that the developer can run an instance of themselves (as in the Matrix protocol.)

[seangrogg]

While I'm totally the same in this regard, this does feel a bit like an open-source version of the bystander effect.

[OJFord]

I don't know what the bystander effect is, but I assume we're taking about the same thing: I often feel that everyone is, along with myself, thinking "great - open source! I'm sure someone's checking it."

Of course, the counter is that if you publish it you don't risk that someone actually is checking.

Open beats closed, but we must be careful not to think it immediately makes the code sound.

I've been thinking about this particularly recently in relation to Monzo, the will-be bank. There's no web app and slow progress on the android front. Lots of open source effort though, since they publish an API, but... That's my bank account I'm (not) giving open source developers access to.

[rhizome]

but we must be careful not to think it immediately makes the code sound

nobody is saying it's automatically sound, but open is the only option that makes any security analysis possible.

[OJFord]

> open is the only option that makes any security analysis possible

I'm not disputing that. Let me repeat myself:

> Open beats closed

All I'm saying is that it doesn't stop there. Too often there's this complacent 'great, it's open source!' - I'm as guilty of it as anyone.

[FabHK]

> open is the only option that makes any security analysis possible.

Many people are disputing that, and I'm getting around to that view. Closed doesn't mean you have nothing, it means you have the binaries, which you can disassemble and analyse. With open, you have a bit higher level language, which you have to analyse, plus then you have to show that the binaries correspond to it.

[BuuQu9hu]

> open is the only option that makes any security analysis possible.

Generations of crackers and security researchers have proven that incorrect. There are plenty of tools for dealing with compiled programs.

[CamelCaseName]

I suppose the difference is that the bystander effect has a connotation with the person stepping in not getting any real benefit personally (e.g. breaking up a fight) vs. here where you would get some name recognition for calling out Signal (for example)

[kordless]

There is no logical way to verify that all activists (or even a majority of them) use Signal over WhatsApp. The perception that activists use Signal may have been enough to block them, but having a huge backdoor in WhatsApp is reason enough to not take action.

[WillPostForFood]

That's assuming it was a macro decision, and not a micro decision. The govt could have had specific intel on a particular activist, or cell that they knew were using Signal, and shut it down to deal with that situation at that time.

[ycmbntrthrwaway]

Signal actively promotes as activist messenger by using names of revolutionaries and anarchists (Makhno, Proudhon, Masha Kolenkina) all over their website. Just for example: https://whispersystems.org/blog/images/signal-faces.png

[kamjam]

> Simple explanation would be that activists use Signal.

But why do activists simply not use WhatsApp, instead of Signal? If both were suppose to be fully encrypted and secure, why not use the tool that is available. I assume the needing encryption is to prevent the government snooping and eavesdropping on your plans rather than "liking the UI/UX of one system over the other"?

Maybe the activists know something we did not, and are right to be paranoid...

[hbosch]

I think the rule of thumb around here is that any system that is closed-source must be treated as inherently untrustworthy from a security standpoint. WhatsApp has therefore always been untrustworthy for the scrupulous, regardless of the relatively flattering PR.

[subliminalpanda]

Based on news like this, rightfully so.

[__derek__]

Facebook owns WhatsApp and has been increasingly hospitable to government intrusion on users' privacy. That seems like a good enough reason given that Facebook violated its pledge not to combine user data.

[edge17]

Also that the folks in the government doing the banning probably use WhatsApp themselves to conduct business and do their jobs.

[mtgx]

WhatsApp is used by over a billion people. I'm sure some activists in Egypt use WhatsApp, too. That said, I think WhatsApp was blocked in Egypt, too, at least for a while. I don't know if they later "fixed" that or not, and how they did it.

[hiram112]

A lot of Americans don't understand why messengers like WhatsApp are so popular around the world. The reason is that most carriers still extort users by charging text message fees.

In the US, everyone texts (or think they are using texts when running iMessage) because most plans give unlimited voice and texts, and charge by the GB of data.