1
0
9x0rg.com/content/posts/infosec/ditching-whatsapp.md

76 lines
3.6 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: "Ditching WhatsApp [updated]"
date: 2018-06-14T12:54:49+01:00
draft: false
tags: ["infosec","encryption","whatsapp","signal app","tech","xmpp","data privacy"]
author: "9x0rg"
hidemeta: false
ShowReadingTime: true
ShowPostNavLinks: true
showtoc: true
---
![WhatsApp is broken](/images/whatsapp-is-broken.jpg#center)
*[First published on September 05, 2016]*
I am ditching WhatsApp, following [Facebooks decision to begin harvesting data](https://blog.whatsapp.com/looking-ahead-for-whats-app) from its messaging service.
Even though *Motherboard* claims "it may be possible to [prevent WhatsApp to give your phone number to Facebook"](https://motherboard.vice.com/read/whatsapp-facebook-phone-number-how-to) (LOL) WhatsApp will still harvest your metadata.
> “Sharing metadata with Facebook still exposes users to significant risks,” says Claire Gartland, consumer protection counsel for the Electronic Privacy Information Center. “Facebook will have data indicating who WhatsApp users communicate with and how frequently, and connecting WhatsApp users with their social media accounts and broader online activity, associations, political affiliations, and more.” -- [Wired](https://www.wired.com/2016/08/whatsapp-privacy-facebook/)
# Whats In The Metadata?
According to The Grugq in [Signals, Intelligence](https://medium.com/@thegrugq/signal-intelligence-free-for-all-5993c2f72f90) which takes the example of metadata carried by Signal, one of the *least privacy offender*, metadata does carry a freaking lot of actionable intelligence data; see for yourself:
1. **Location data**
- Specific location (home, place of work, etc.)
- Mobility pattern (from home, via commuter route, to work)very unique, just [4 locations is enough to identify 90%](http://www.nature.com/articles/srep01376?ial=1) of people
- Paired mobility pattern with a known device (known as “mirroring”, when two or more devices travel together; including car telemetry!)
2. **Network data**
- Numbers dialed (who you call)
- Calls received (who calls you)
- Calling pattern (numbers dialed, for how long, how frequently)
3. **Physical data**
- IMEI (mobile phone device ID)
- IMSI (mobile phone telco subscriber ID)
4. **Content**
- Identifiers, e.g. names, locations
- Voice fingerprinting
- Keywords
See also [how your phone tracks your every move](https://www.abc.net.au/news/2015-08-16/metadata-retention-privacy-phone-will-ockenden/6694152) and [metadata - 6 Articles That Show How Your Metadata Knows Everything About You](https://medium.com/@blackVPN/metadata-25c3ab6d1e1d).
# Alternatives to WhatsApp
Now that I am done with WhatsApp, what alternative are available? A lot actually.
## Instant Messaging
- [Conversations.im](https://conversations.im/), a Android app developed by Daniel Gultsch based on the XMPP protocol with OMEMO[^1] and PGP encryption
- [Signal App](https://signal.org/)
- [Delta Chat](https://delta.chat/en/) an IM client that does not require your phone number and works on top of your own email service provider, with an option to encrypt messages with Autocrypt with your own PGP/GnuPG key
- ~~Telegram~~ [Edit 10.06.2016] Nah, it's broken.
## Voice calls
- [Signal App](https://signal.org/)
- [Linphone](https://f-droid.org/packages/org.linphone/) (SIP)
- [Jitsee Meet](https://meet.jit.si/)
## Social Media
- [Twidere](https://f-droid.org/en/packages/org.mariotaku.twidere/) an Android client for Twitter and [Mastodon](https://joinmastodon.org/)
- ~~Facebook~~ [Edit 2017: anything Facebook has been removed from my mobile device]
[1]: https://omemo.top/