this post was submitted on 09 Aug 2024

41 points (95.6% liked)

Privacy

31609 readers

440 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]

Privacy-friendly whatsapp (lemm.ee)

submitted 2 months ago by [email protected] to c/[email protected]

27 comments fedilink hide all child comments

I know the title sounds like a paradox, but let me explain:

In Feb '21 I deleted all my Meta related accounts in a first step towards moving away from big tech. Removing whatsapp was kind of a big deal over here but I managed to get close family and friends over to Telegram and Signal and resorted to text messages with other contacts. I've been enjoying the peace and quiet but it's been a hassle for everyone around me. Invites to parties, big news or announcements always had to be relayed through somebody else. Last week a dear friend passed away and because that news had to be rleayed to me too i think its time to go back again.

And now for my question: is there a way to run whatsapp on your phone while respecting privacy? I know it sounds crazy but I was thinking there might be a way to run it in a sandbox or closed environment of some sort. Im running LineageOS on my phone and I dont mind tweakin around a bit.

Because I live in the EU i was putting my money on the DMA, it was my understanding that the DMA would make it possible to send telegram messages to whatsapp, whatsapp messages to signal and in this way get in contact with anyone on any platform you'd like. When the DMA went into action in the beginning of this year it became clear pretty soon it would only be a one way street; all messenger services would be able to contact whatsapp, because that is the biggest player. Half a year down the line and I havent been seeing any news about it anymore. Does anyone have an update? Will it ever be possible to chat crossplatform?

top 27 comments

sorted by: hot top controversial new old

[–] [email protected] 19 points 2 months ago (2 children)

I would put WhatsApp in a Work Profile via e.g. Shelter. It's isolates it from the rest of device. I would also avoid putting PII on your profile like your full name, a photo as pfp, your bio, etc.

[–] [email protected] 4 points 2 months ago

I do the same as well. Shelter is an amazing project.

[–] [email protected] 2 points 2 months ago (1 children)

This is the correct answer. If you don't need notifications:

Make sure you enable the auto frost service in Shelter's settings, enable auto frost for WhatsApp in Shelter and replace the icon on your home screen with a Shelter shortcut.

You can also use a trustworthy VPN to route traffic from the entire work profile or only from WhatsApp.

[–] [email protected] 2 points 2 months ago (1 children)

Still needs a phone number. If you use anything other than a burner number, this is the crucial data point which allows Meta to plug you into their monster social graph of the whole world and find out who you know and therefore who you are.

[–] [email protected] 1 points 2 months ago

Yeah wouldn't suggest using your real phone number

[–] [email protected] 13 points 2 months ago* (last edited 2 months ago) (1 children)

@atek

If you really can't go without Whatsapp, then the best thing is probably installing #slidge-whatsapp by @nicoco on a server (can be an RPi at home or a VM in a DC) and e.g. #Conversations by @daniel or #Cheogram by @sopranica from #FDroid. This still requires an WA account, unfortunately.

https://git.sr.ht/~nicoco/slidge

#Jabber #XMPP

[–] [email protected] 4 points 2 months ago (2 children)

@atek @nicoco @daniel @sopranica

Why do I assume, that this is good for #privacy?

You don't run the proprietary WA app on your phone.
Contacts are not (accidently or otherwise) uploaded to Meta.
Your location and online presence times remain private.

PCMIIW.

#slidge #Jabber #XMPP

[–] [email protected] 12 points 2 months ago (1 children)

Watching Mastadon messages mix with lemmy threads is like seeing someone having a schizophrenic episode.

[–] [email protected] 4 points 2 months ago

Thanks I thought I had an aneurysm. Very cool to see federation worling though

[–] [email protected] 2 points 2 months ago (2 children)

@debacle @atek @daniel @sopranica
For the sake of yak-shaving ;-)
- you can share your XMPP presence (online/away) if you wish
- not uploading your contact list requires being careful and limits the official app's functionality, you cannot start a new conversation be it 1:1 or group. You can do so through slidge-whatapp though, once it's "paired" to the official app, which can then be uninstalled (but you'll have to reinstall/re-pair every 2 weeks or so)

[–] [email protected] 2 points 2 months ago

You can send a phone number on WhatsApp and when clicking on it it gives you the option to chat with that number

[–] [email protected] 1 points 2 months ago

With GrapheneOS you can set contact scopes for apps like whatsapp so it only sees specific contacts that you select and not the entire contact list from the phone.

[–] [email protected] 8 points 2 months ago

Well first of all I'd ask:

What does privacy mean to you and have you done an accurate threat analysis?

People will have different ideas about privacy and have different needs from it. It's not a universal thing nor is it static.

[–] [email protected] 7 points 2 months ago (1 children)

Whatsapp uses the Signal protocol but they have also been known to read as much metadata as possible.

The creator of Signal helped FB implement the code, but ive been afraid that the mega Corp rolled their own crypto and superceded the protections put in place from Moxie.

That said, I dont know if its possible to have a 3rd partty front end anymore for WhatsApp.

[–] [email protected] 1 points 2 months ago

They way, they use an old Version of the protocol. No one can review and no audit was done. So we must expect no encryption.

Additionaly, encryption != privacy

[–] [email protected] 4 points 2 months ago* (last edited 2 months ago)

Forgive my ignorance but isn't WhatsApp no longer considered a privacy app?

Also, a recommended YT channel: https://www.youtube.com/@robbraxmantech

[–] [email protected] 4 points 2 months ago* (last edited 2 months ago) (1 children)

Beeper bridge : keeps the client off your phone and you can use a privacy respecting client.

Run Whatsapp in a work profile and deny all permissions, they will still see your IP address. It would only see contacts you put into the work profile.

If you use graphene OS, you can do contact scope limitations, so you can choose which contacts are available to whatsapp

Use the pwa version of Whatsapp to further limit what you leak.

[–] [email protected] 4 points 2 months ago (1 children)

Beeper Bridge is a bad idea. They are able to see your messages in transmit and you know trust 2 entities instead of one.

[–] [email protected] 4 points 2 months ago

True, but you could self host, it's a option.

[–] [email protected] 4 points 2 months ago* (last edited 2 months ago)

Not possible

However as you are in the EU, Facebook have to add 3rd party support to whatsapp. So that people on whatsapp can still message users who are not on whatsapp. Later in the future, group support will be added.

No time frame of when it goes live.

https://www.theverge.com/2024/2/6/24063705/whatsapp-interoperability-plans-eu-dma/

[–] [email protected] 3 points 2 months ago (1 children)

This post got me to search in FDroid and i found Chatlaunch forma Whatsapp. Anyone used it?

[–] [email protected] 2 points 2 months ago

I am using Launch Chat. As it got more other messenger apps(Telegram, Signal). So far so good, chat with people without allowing contacts permission to messengers like whatsapp.

[–] [email protected] 2 points 2 months ago (1 children)

Why would something choose Telegram as a private alternative over Whatsapp? Can you message someone on Telegram who is not a contact? How do you you get around Felegram saving info and messages on their servers? XMPP would be a better choice with OMEMO.

[–] [email protected] 1 points 2 months ago

Interface

[–] [email protected] 2 points 2 months ago (1 children)

I didn't give it access to my contacts and navigate it by familiarity with profile pictures and using "Open in WhatsApp", an app that let's you... open WhatsApp conversation from your contacts manually (I need it only for a new contact)

[–] [email protected] 2 points 2 months ago

Hardly matters what you tell Meta if all your contacts are telling Meta the opposite. The phone number ID is the weakest link.

[–] [email protected] 1 points 2 months ago

Seperate phone, solely used for WA. When no relative is dying and you dont need to be available buy a proper faraday bag and only take it out when you need to.

thats my threat model whats yours?