Privacy

41109 readers

472 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

161

Russia orders state-backed Max messenger app to be pre-installed on new phones (www.theguardian.com)

submitted 2 days ago* (last edited 2 days ago) by merde@sh.itjust.works to c/privacy@lemmy.ml

52 comments fedilink hide all child comments

A Russian state-backed messenger application called Max, a rival to WhatsApp that critics say could be used to track users, must be pre-installed on all mobile phones and tablets bought in the country starting next month, the Russian government said on Thursday.

The decision to promote Max comes as Moscow, locked in a standoff with the west over Ukraine, is seeking greater control over the internet. The Kremlin said in a statement that Max, which will be integrated with government services, would be on a list of mandatory pre-installed apps on all “gadgets”, including mobile phones and tablets, sold in Russia from 1 September.

you are viewing a single comment's thread
view the rest of the comments

[–] Sauvandu60@lemmy.ml 12 points 2 days ago (18 children)

I wonder how bad it is compared to whatsapp.

[–] TwilightKiddy@programming.dev 19 points 2 days ago* (last edited 2 days ago) (16 children)

Depends on how you rate Putin reading your messages against Zuckerberg reading your messages.

[–] Rose@lemmy.zip 0 points 2 days ago (11 children)

WhatsApp uses the Signal protocol for end-to-end encryption, so Meta only collects the metadata. Still enough to convict, but better than anything from Putin.

[–] quick_snail@feddit.nl 5 points 1 day ago (1 children)

Not when Meta works with NSO group to backdoor the app. Then they can read all your messages.

[–] Rose@lemmy.zip 2 points 1 day ago (1 children)

Has there been any evidence of that? Intercepting the traffic or disassembling the app would show some signs if true.

[–] quick_snail@feddit.nl 2 points 1 day ago (1 children)

Yeah dude, tons. Look at Citizen Lab's work. They did an very detailed exposé with Amnesty International too

[–] Rose@lemmy.zip 3 points 1 day ago (1 children)

A vulnerability allowing to exploit an app is not the same thing as a backdoor. Moreover, being able to gain full access to someone's device does not prove that an app's end-to-end encryption is faulty. The same kind of exploit most likely could be used to read messages from Signal and definitely other apps.

[–] quick_snail@feddit.nl 2 points 1 day ago* (last edited 1 day ago) (1 children)

That's my point. The e2ee is worthless marketing because they work with cybermercinary groups to ensure they have exploits to gain access to the device.

NSLs require backdoors. Meta is a US corporation. But, sure, you can pretend that these exploits aren't intentional. That's their plausible deniability.

[–] Rose@lemmy.zip 1 points 1 day ago* (last edited 1 day ago) (1 children)

Likewise, you can pretend to be sure it's a backdoor without any proof and then also believe there's more that's not been exposed. Signal is also US-based, by the way. What software do you trust not to have vulnerabilities that could be abused by the likes of NSO Group and why?

[–] quick_snail@feddit.nl 2 points 1 day ago* (last edited 1 day ago) (2 children)

SimpleX is probably best. Wire is much more practical for day to day, but the metadata in Wire might literally get you killed.

[–] Rose@lemmy.zip 1 points 18 hours ago

Going by your logic though, what would stop a Five Eyes country like the UK from pressuring the developer of SimpleX into creating a backdoor? Besides, as discussed, even if it were bulletproof, it's improbable that the victim would have no other apps on their device, one of which could be exploited by the likes of NSO Group. The creators of Android and iOS are also obviously US-based, so your point would have to apply to them as well. From there, if someone remotely gains full access to the device, it won't matter if you use Signal, Telegram, WhatsApp, SimpleX, or that new Russian thing. However, having e2ee is still better than nothing in that it protects from other attack vectors, like the ISP analyzing the traffic and reporting to the government.

[–] Vendetta9076@sh.itjust.works 1 points 1 day ago (1 children)

Gonna have to explain that last part there chief. What's wire?

[–] quick_snail@feddit.nl 1 points 20 hours ago

Wire.com

load more comments (9 replies)

load more comments (13 replies)

load more comments (14 replies)