• actaastron@reddthat.com
    link
    fedilink
    English
    arrow-up
    8
    ·
    11 hours ago

    Despite SMS not being secure I’m determined to stop using WhatsApp and haven’t installed it on my new phone. My old phone has WhatsApp business with an auto reply saying to contact me on signal or send a text. Granted I don’t have a huge contacts list but 4 people have started using Signal and the rest send a text, so this is good news in my book.

  • toastal@lemmy.ml
    link
    fedilink
    arrow-up
    12
    ·
    12 hours ago

    We had this in XMPP a decade ago & they could have readopted the open standard instead of creating a new one. There is no track record of them not bending the rules to benefit just them anyhow—but this time it was developed exclusively by the tech giants which is absolutely for their benefit with nestled enclaves to meet the bare minimum requirements while still building the garden’s walls higher. Cabal-ass behavior.

    • EngineerGaming@feddit.nl
      link
      fedilink
      arrow-up
      2
      ·
      1 hour ago

      XMPP is very much a valid option nowadays too! Much easier and lighter to host than Matrix, too. I use it with my mom - Conversations is just as easy to use as Whatsapp, and maybe more pleasant.

  • drascus@sh.itjust.works
    link
    fedilink
    arrow-up
    9
    ·
    12 hours ago

    Of course you can’t use it without being part of a huge tech duopoly so yay and it doesn’t work without googles proprietary messaging app.

  • easily3667
    link
    fedilink
    English
    arrow-up
    16
    ·
    16 hours ago

    Nobody wins, this is marketing trying to be news

  • umbrella@lemmy.ml
    link
    fedilink
    arrow-up
    13
    ·
    edit-2
    15 hours ago

    when google and apple are involved, i doubt we can count on it being “a win for privacy”, at best a sidegrade because secure messengers already exist.

  • ERROR: Earth.exe has crashed@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    5
    ·
    13 hours ago

    They probably have a separare copy encrypted by keys under their control, but if verification codes text messages also use RCS Encryption, at least its harder for people to hack bank accounts.

  • jjdelc@lemmy.ml
    link
    fedilink
    arrow-up
    10
    ·
    15 hours ago

    They treat this as if e2ee was the privacy grail but it’s only marketing to fool people believing they’re protected.

    The actual contents of the messages aren’t as important for privacy. It’s the Metadata and a ton of other measures rhay signal implements in their family of protocols.

    Talking about e2ee and call it private shows ignorance in what privacy entails.

    • drascus@sh.itjust.works
      link
      fedilink
      arrow-up
      5
      ·
      12 hours ago

      Exactly and if you have to use stock android or iOS to get this feature you are agreeing to so much intrusions into privacy that it’s sort of moot.

      • EngineerGaming@feddit.nl
        link
        fedilink
        arrow-up
        1
        ·
        1 hour ago

        I assumed that when it comes to SMS 2FA, simswapping is a threat much bigger than interception of the contents…

      • plz1@lemmy.world
        link
        fedilink
        English
        arrow-up
        13
        ·
        16 hours ago

        Google’s default implementation IS proprietary, so while the spec isn’t, the mass-adopted deployment is. Google is in the middle, unless you use a different app (if that’s even possible, I don’t know as I don’t Android).

        • Lyra_Lycan@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          3
          ·
          16 hours ago

          Plenty of apps on Android are great replacements for centralised services we’ve gotten used to, and can be installed from another source like fdroid, like clients for Telegram, Matrix, Lemmy, Mastodon, Mattermost etc. As they weren’t installed via Google Play, they can’t use Google’s notification service and instead use local alternatives.

        • 2xsaiko@discuss.tchncs.de
          link
          fedilink
          arrow-up
          2
          arrow-down
          2
          ·
          15 hours ago

          They do not allow that, but yeah, it’s just their OS which only allows access to the relevant system interface for their own app. Apple doesn’t let you send SMS with third-party apps either for example.

          Though admittedly, Google is putting proprietary extensions on top of it in their client, and they are apparently running a lot of carriers’ RCS endpoints, and using their servers when the carrier doesn’t support it at all. Which is fair, but imo does not make RCS itself inherently proprietary.

          (However this is also to some extent warranted, since carriers were and still are dragging their feet a lot implementing it despite RCS being a required part of 5G carrier services IIRC1. This seems to me like another IPv6 situation.)

          This claims to work on a rooted Android phone (or one where you have control over the system image), and the underlying library is platform-independent so you could use it to implement RCS for a Linux or other phone: https://github.com/Hirohumi/RustyRcs. I haven’t tested it though since I also don’t Android (anymore).

          1 Though maybe that was just for 5G standalone, which no carrier is doing yet anyway.

  • asudox@lemmy.asudox.dev
    link
    fedilink
    arrow-up
    34
    arrow-down
    1
    ·
    edit-2
    1 day ago

    Privacy win? RCS itself does not support E2EE. Google developed a proprietary extension for RCS to include their “E2EE”.

  • twinnie@feddit.uk
    link
    fedilink
    arrow-up
    14
    ·
    24 hours ago

    I can sort of see why it’s not been a priority for them. Outside of the US nobody uses SMS or the built in text apps. I just went through my phone and I haven’t had a text message that wasn’t business related since July.

    • EngineerGaming@feddit.nl
      link
      fedilink
      arrow-up
      1
      ·
      13 hours ago

      I had some! It’s the rescue services warning you that the ice is starting to break and you shouldn’t walk on it.

    • MurrayL@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      edit-2
      23 hours ago

      It was honestly surprising to learn that SMS/RCS/iMessage is the most common way to send messages in the US, as it hasn’t been that way in the UK for over a decade now.

      For better or worse, folks in the UK & EU all switched to apps like WhatsApp, Messenger, Viber, etc. due to better features and free international calls.

      It seems like RCS is finally mature enough to compete, but good luck getting folks to move back.

      • EngineerGaming@feddit.nl
        link
        fedilink
        arrow-up
        1
        ·
        13 hours ago

        It seems like where I live, RCS is not supported on all carriers (not on mine) - but most importantly, not on all phones. The one carrier that has it says it only works on certain Samsungs (I guess also Google Pixel, but they are not officially sold, even if not unpopular). So even though they’re not paid separately like SMS, I don’t think anyone would be switching to it from Whatsapp or Telegram.

        • MurrayL@lemmy.world
          link
          fedilink
          English
          arrow-up
          10
          ·
          21 hours ago

          WhatsApp wasn’t a Meta product when it originally took off; Meta didn’t even exist at the time. WhatsApp was bought by Facebook in 2014, and already had hundreds of millions of users at the time.

        • catloaf@lemm.ee
          link
          fedilink
          English
          arrow-up
          7
          ·
          20 hours ago

          Outside the US, most carriers charged per text message, but basic data wasn’t usage-billed. You could send as many Whatsapp messages as you wanted.

      • N0x0n@lemmy.ml
        link
        fedilink
        arrow-up
        3
        ·
        19 hours ago

        A better example to show that SMS’ are insecure are the Signalling system 7 protocols.

        While it is possible to incerpte SMS, phone calls and 2FA (kinda scary…) it comes with a high cost (14k) and some technical skills.

        However, if you are a vulnerable target, just don’t use SMS or any smartphone. Geotracking is also possible !

    • rumba@lemmy.zip
      link
      fedilink
      English
      arrow-up
      1
      ·
      23 hours ago

      Yeah but unfortunately there’s a metric f*** ton of them using WhatsApp.