Arguments for Signal over Whatsapp, Messenger, and SnapChat
-
Send them both a bunch of videos from Naomi Brockwell (NBTV). Or buy them each a copy of her book
-
They definitely can, see the recent xz backdoor. But the question is whether it would be found out or not.
-
I haven't check in a while but I think I remember that proprietary app either do not have security audits or they failed them. You should check though I am not 100% sure.
-
Signal is not the answer.
Signal's backend is essentially closed-source, and to my knowledge none of their binaries are reproducible with the code available.
If you really want privacy and security in E2EE, you want somethjng that's completely open-source (front and backend), and can be self-hosted entirely.
Matrix is this. -
Signal is the best alternative to Meta messaging apps and to Snapchat for normies.
-
show them a picture of zuckersuckers face and ask if they would trust him with your secrets
-
Show them this: https://techcrunch.com/2025/01/22/whatsapp-wins-reprieve-in-india-over-user-data-sharing/
The dispute began when WhatsApp required users to accept expanded data sharing with Meta’s platforms or risk losing access to the messaging service. While European users can opt out of such sharing, Indian users cannot — a distinction that regulators found problematic.
Meta doesn’t know what you’re talking about, because WhatsApp is e2ee. But they know:
- who are you talking to
- when
- how often
- what else were you doing before/during/after the talk
- links that are shared (the preview fetch is not e2ee afaik)
These are all valuable metadata and given enough of it, they can even infer what you were talking about. Target you with ads on their other platforms (but rumors are that WhatsApp will have ads inside eventually)
-
xz almost worked because it was in something nobody was looking at. Signal code is audited regularly.
-
For the purposes of the average person the tech guy in your op is absolutely 100% correct.
All the platforms listed use transport encryption and that’s enough to avoid mitm surveillance which is enough for most people.
Most people’s “threat model” is the police or a pi. All the apps listed including signal have to comply with orders from American police and have “sidechain attacks” that involve stuff like getting some member of the groupchat’s device and scrolling up or tricking someone into giving up sensitive information.
-
(the preview fetch is not e2ee afaik)
Technically, it is, but end to end encryption only covers the data between the ends, and not what one of the ends chooses to do with it. If one end of the conversation chooses to log the conversation in an insecure way, the conversation itself might technically be encrypted, but the contents of the conversation can be learned by another. Or if one end simply chooses to forward a message to a new party not part of the original conversation.
The link previews are happening outside of the conversation, and that action can be seen by people like the owner of the website, your ISP, and maybe WhatsApp itself (if configured in that way, not sure if it does).
So end to end isn't a panacea. You have to understand how it fits into the broader context of security and threat models.
-
With that in mind, security and privacy are two completely different things.
For instance, I would say that WhatsApp is fairly secure. It just isn't private at all. Meta can (and does) see and track your meta data.
Why is that important? I liked these 2 examples I read somewhere because they are simple but explain how powerful it is.
Your phone calls are private. Your carrier isn't allowed to listen in on your call to know what you talk about. But they can see that you called a suicide hotline while standing on a bridge.
They can see that your doctor's office called you and then you called an abortion clinic next. The following week your GPS location went to that clinic.
Are these things Person A would willingly tell their phone provider? It's none of their business so I assume not. But they essentially are when they don't care about their privacy.Another stance I take is that even if they don't care about their privacy, can they at least respect mine? I don't give their phone number out to anybody that asks. But non private apps look at all their contacts so they are doing exactly that to me.
Think of the last spam call they got. If they knew it was because of you wouldn't they be upset? -
xz backdoor rely on two testfile with malware, some script that do specific thing to malware to unmask and inject. If commit later change any part to break backdoor, signal probably forced to reject to keep backdoor.
But why reject good change? Might raise red flag.
-
Maybe I’m the outlier but I have always failed to see chat history being very important. Realistically when is the last time you’ve combed through chat histories and why? If it’s to look for important information you can just write down the important parts and the rest is useless. I’m not trying to be elitist or anything I’m just genuinely curious hoping someone can explain this to me.
-
WhatsApp shares who talks with who with governments. And uses that to put people on target lists and kill them.
-
Just check news, Paragon case in Italy or other past security scandal.
-
Technology and servers can get messed up. You are relying on software and hardware to keep stuff safe when the reality is it could fall over tomorrow and all your chat will be gone. Important info should be recorded elsewhere and backed up if need be. Just like in the old days before online chat existed. We survived just fine then and we can survive again without having 14 years of chat history or whatever.
Personally I always turn disappearing messages on in Signal. If my phone or computer was ever broken into, in would rather the perpetrators not have years of personal info and photos shared between my friends and family to do the gods know what with.
-
Here's my main argument for more private services (I try to make all my arguments short).
According to a study done by proton, a single company makes a minimum of $200 dollars off of each person, each year. Of course, they probably gain more money via clandestine deals or the government buying data directly to get around the 4th amendment.
But that money, doesn't go solely to the companies dedicated to collecting data, or those parts of other companies. It goes to lobbying the government to strip away privacy further.
And then I have two endings, depending on the situation:
-
Of course, I recognize that in today's connected world, I can't get privacy unless I go live in the woods. But I can decrease the amount of money companies make off my data, which I do like.
-
Organizations like the EFF, lobby on the other side, for more privacy for us. But they are opposed by when massive companies like google also lobby. So when I deny google $100, that's money they can't use to lobby anymore. Rather than thinking of it as denying google money, think of it as making a donation to the EFF, that they use to ensure our rights are in place.
-
-
that's a lot of arguments
-
@[email protected] Do you still require help?
-
No thanks.
