What is a common misconception around privacy? - eviltoast

For me its probably the debate regarding using a VPN with tor - Like the tor devs themselves recommend against using a VPN with tor.

Another is also probably the argument of “nothing to hide, nothing to fear”.

  • cRazi_man@lemm.ee
    link
    fedilink
    arrow-up
    13
    ·
    edit-2
    1 year ago

    My brother does this. And it’s easy to see how people fall for this when the disinformation from those companies keeps telling you how private your messages are and that not even WhatsApp can read them. Yet when you lose your old phone and reinstall on a new phone, your old messages magically show up without you having to provide an encryption key.

    • miss_brainfart@lemmy.ml
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      your old messages magically show up without you having to provide an encryption key

      Do they? I thought you had to explicitely back them up to get them on a new device. At least that’s how it was when I still used it.

      • cRazi_man@lemm.ee
        link
        fedilink
        arrow-up
        5
        ·
        edit-2
        1 year ago

        They do with Telegram. In WhatsApp (if I recall correctly) it auto-retrieves from your google drive.

        (Come to think of it…if that means the encryption key is just with you in your google drive and not with WhatsApp, then is that more secure than I have previously believed??)

        With Signal they prompt you to pull the data and generate and encryption key. If you lose either of those things then there’s no way to get your messages back since no one else has them.

        • miss_brainfart@lemmy.ml
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          Telegram doesn’t surprise me, chats aren’t even encrypted per default in some instances (group chats, I believe?)

          But then again, how solid is any encryption if Matrix bridges can exist?

          • nitneroc@lemmy.one
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            Matrix bridges have nothing to do with encryption, they read the messages exactly the same way a client would, and send them to the other side of the bridge exactly the same way a client would.

            • miss_brainfart@lemmy.ml
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              They have a lot to do with encryption. As an example, Signal and Matrix use different encryption standards. So to get a message across, it needs to be decrypted mid-transit, to then be re-encrypted with the protocol of the recipient.

              Any one of your contacts can set this up without your knowledge or consent, and then there’s a gap in the encryption. They can just freely give away the keys to their chats they have with you, and now a third-party has the means to decrypt your messages.

              That’s pretty fucked if you think about it, but there’s not much you can do.

              Sure, it’s not a huge problem if the service doing it is verifiable to have good security and doesn’t snoop, but it’s still adding another link in the chain to trust and to keep intact.

              • nitneroc@lemmy.one
                link
                fedilink
                arrow-up
                2
                ·
                1 year ago

                That’s exactly what I said, each side of the bridge has its own encryption standard (or no encryption at all).

                The encryption could be as solid as possible, the problem would remain unchanged: to bridge messages between two services that are not interoperable, you need to decrypt them at some point.

          • Amju Wolf@pawb.social
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            1 year ago

            No Telegram chats are end-to-end encrypted by default. And I don’t know anyone who’d use the feature regularly (it’s a hassle).

            And, to be fair, it’s not really necessary for most day to day messaging.

            • miss_brainfart@lemmy.ml
              link
              fedilink
              arrow-up
              3
              ·
              1 year ago

              I think it’s very much necessary to insist on our right to privacy. Personal chats not being encrypted should be a clear and absolute NO for anyone.

            • library_napper@monyet.cc
              link
              fedilink
              arrow-up
              1
              arrow-down
              1
              ·
              1 year ago

              That’s not true. Please don’t spread misinformation. That’s literally the point of this thread.

              TLS encryption to telegram servers is not e2ee. That’s the point

                • jet@hackertalks.com
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  edit-2
                  1 year ago

                  Your sentence, and punctuation, are ambiguous. When I read it I thought you were saying they were end to end encrypted. But seeing your second comment and rereading it, I can see how you meant it to be they are not end to end encrypted

                  • Amju Wolf@pawb.social
                    link
                    fedilink
                    arrow-up
                    2
                    ·
                    1 year ago

                    It’s ambiguous only if you expect people to not use punctuation 😅.

                    But yeah I can see how it could be confusing. Unfortunately I don’t think there’s a mark for showing that a comma was omitted deliberately, lol.

        • knfrmity@lemmygrad.ml
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          The Google Drive backups are not encrypted by default. It looks like they’ve recently added the option to encrypt backups with your own key or password, which is a decent feature.

    • ZapBeebz_@lemmy.world
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      FWIW, I swap between phones weekly (separate work phone w/o cameras, but same phone number), and transfer my WhatsApp account at the same time. Both the phones have their own unique message history, and it does not sync between devices. I do not have backups enabled on either phone.