Hacker News new | ask | show | jobs
by Dan_JiuJitsu 3435 days ago
The vulnerability in WhatsApp was correctly described by the Guardian. Signal is more secure and does not have this vulnerability. How, exactly is suggesting users migrate to a more secure messaging platform misleading in any way?
1 comments
tptacek 3435 days ago
Because, once again, the billion-plus WhatsApp users don't use WhatsApp because they care about cryptography; they use it because it's the most dependable method they have to communicate with their peer group. If The Guardian tells them to switch to Signal because WhatsApp is bad, they'll use Signal for 4 minutes before switching to SMS --- which is what's actually happening.
link
Dan_JiuJitsu 3435 days ago
So, we agree that calling this a 'fake' article is itself misleading. We also agree that Signal is a more secure alternative. Your position is essentially 'people cant be trusted with accurate information, you have to dumb it down so they can make the "right" choice based on the limited information they can absorb, so the Guardian should apologize and retract their accurate story.'
link
idlewords 3435 days ago
Non-experts can't be expected to make an accurate evaluation of the UX trade-offs in handling buffered message delivery after a key change.

They trust that the Guardian, a highly reputable newspaper, has spoken to experts in the field, done the research, and made this evaluation, which it accurately reflected in the headline.

That trust is misplaced. That's why this is a fake story.

link
Dan_JiuJitsu 3435 days ago
It's not a fake story. Every piece of information they presented is accurate. The Guardian did speak to experts in the field. I won't bore you with my credentials, but I agree with their assessment as well. Taking issue with the advice they give on UX grounds is one thing, but attacking the factual basis of the article is misguided.
link
idlewords 3435 days ago
I have to come back to the vaccine analogy. Running a story headlined "Common Vaccine Can Kill Your Children" would be factually accurate, too. Experts in the field would confirm that that can happen.

This is not a "well, actually" nerdfight. This is about putting real people in danger through egregiously irresponsible reporting.

link
Dan_JiuJitsu 3435 days ago
So, basically, your argument is that 'People can not be trusted with information that may be nuanced, so instead news outlets should limit themselves to headlines that minimize risk.' Comparing the use of an app to a lifesaving medicine is, in my view, a gross mis-characterization. The article suggested a more secure alternative that we all agree is more secure. What's the issue?
link
tptacek 3435 days ago
I won't bore you with my credentials

No, please, do. None of us will be bored by this.

link
ekiru 3435 days ago
> We also agree that Signal is a more secure alternative.

Signal is only a more secure alternative in _some_ threat models. The most obvious counterexample is that, in some contexts, using WhatsApp marks you as a person who owns a smartphone, while using Signal marks you as a dissident. There are other contexts where losing messages while not being actively attacked (not even just due to this design decision; Signal ultimately just does not have as reliable infrastructure as WhatsApp) is more dangerous than WhatsApp's resend behavior.

link
tptacek 3435 days ago
Does this kind of rhetoric work for you in other venues?
link