US based isn't a concern in this case, as the data they store is pretty much unusable.
They publish the subpoenas they receive and the dump of relevant data to the authorities, and it's usually a timestamp associated with some ID and that's it.
Actually very nice to integrate with. I'm not using Google or Apple in my life. On the phone I'm using sailfish OS, so the main stream apps are not usually ported natively. Fortunately someone used libsignal and added frontend so signal is my main means of communication with friends. And I still don't have to drown into Google or FB services.
Much better in that it is open source (so you can audit the e2ee), and it does a lot about metadata. It is actually better at protecting metadata than many decentralized alternatives.
How do you know the source code you’re looking at is for the same program you downloaded from the App Store? Does apple publish a checksum of software you’re installing?
This is a failure of Apple and their walled garden, not of Signal. If this is a concern to you, you either need to jailbreak or switch to a more free as in freedom platform.
Honestly, if it really mattered a lot to me (i.e. to my own security), I would compile Signal from source and install it on my device. Which I could not do with WhatsApp.
That article doesn't support what you're saying. It says that WhatsApp has access to metadata, which it hands over to law enforcement. This does not necessarily mean that they can read your messages.
It does say that 'WhatsApp can read some of your messages if the recipient reports them'. That 'if' is doing a lot of work in this sentence. It means that the recipient has to decrypt your message.
Although there are forms etc. within the app for doing this, it's essentially no different to taking screenshots.
There is no way to ensure 100% privacy if the other party you are communicating with does not keep data they have access to private.
I'm not a big Meta fan, but as far as I am aware, they can't normally read your messages. The fact that it's closed source just means that we can't verify that for ourselves.
> The fact that it's closed source just means that we can't verify that for ourselves.
That's really the whole point. As far as we know, it could be that it is not e2ee at all.
Also from the moderation article, it's not clear to me what that means: if I report you, does that mean that the moderators will get access to all your recent conversations? Could be, right? But then the FBI could report you for no reason, and then ask WhatsApp to provide your recent conversations. Which would effectively act as some kind of backdoor, right?
I agree, closed source means we can't do anything apart from decide whether we believe Meta or not.
But my understanding is that the 'report' is from a user's WhatsApp client—if someone sends you a message that you think is reportable, you can report them to Meta. As part of the report, your WhatsApp client will forward some information to Meta.
Assuming Meta are not actively lying, this would not mean that it's not E2EE.
I'd say it's a lot better since it doesn't do unknown things with your address book. It actually doesn't do any unknown things and the fact that they're US based is irrelevant since they have nothing to give away thanks to E2EE.
WhatsApp uploads the address book from the user's phone to Meta's servers and after that it's unclear to outsiders what they do with it. Hence "unknown".
They publish the subpoenas they receive and the dump of relevant data to the authorities, and it's usually a timestamp associated with some ID and that's it.
https://signal.org/blog/looking-back-as-the-world-moves-forw...