I almost feel like you are asking the wrong question - and - looking about this the wrong way. How do you meet folks with privacy in mind? The TL:DR answer is that you can’t. The more thorough answer is:
I use different numbers for different tasks. The same goes for social media and apps. I have dirty cell phones, dirty numbers, and clean numbers, and they are each labeled so I know which one is used for what purposes. I reply within a few hours to days. Those who want to graduate to more personal responses know the correct medium to speak to me on, though, it might surprise you to know that apps are not my go to for security.
I have found most people themselves not only aren’t friends, but are an insecure channel. Not only do most not care about privacy themselves, but most cannot be trusted with my private thoughts and information. As a result, I have learned to partition thoughts I want to keep private, from the carefully crafted personas I project into the world - we all “wear a mask” just some of us wear our hearts on our sleeves more than others. We all long for someone we could talk freely and uninhibited with, who we could let see our real self, as we sort out our thoughts and our ideas. But the truth is, most of the things I have shared with people I thought were my friends in confidence, has been shared with someone else. People themselves are a privacy leak. From the pictures they take, to the stories they share, nothing you say to them is private, even if you ask it to be. As a result. I view people the same way I view WhatsApp and Gmail, an Insecure App. Vulnerable to social engineering and gossip.
I now judge how close we are as friends, based on how much do I trust them to receive my unfiltered thoughts, or are we still at the level of - if I would not stand up in say it in a public square or at a local restaurant, I am not going to say it here. 99% of my friends as much as I value and care for them, are different layers of public square level friends, and the 1% that aren’t, know exactly where to meet me to talk. Hint, hint, the 1% is my dog.
As Moxie Marlinspike once said, the fine line between facism and social democracy is choice. In order to exist in certain social groups, you have to expand your scope of choice to be able participate. In my experience using TextSecure/Signal for a decade and having convinced all of my friends/immediate family/significant others to use it, the majority of new people that I have encountered even with Signal installed on their phones, do not use it. It’s unfortunate, but most people only care about privacy to a certain degree, if at all. What I usually do is bite the bullet with SMS for a bit. If things are going somewhere, I eventually convince them onto Signal. If things don’t pan out, then not too much damage done.
You’re going to have to use what people around you use. Weather it’s Whatsapp, Instagram groups, whatever. That is part of life. I’m forced to use WhatsApp because it’s what everyone in my country uses. The alternative is having no contact with anybody.
Is this the most privacy friendly approach? No, of course not. But we all have to make compromises to live in the modern world, and this is one of them.
I’m going to quote another comment but not ping them; I don’t want to argue with them; but instead provide counterpoints for the OP to consider.
Most people aren’t going to install Signal just to talk to you because it does not fit their use case.
This is false. While it does take more effort; it can be achieved. I can compose an SMS with an install link for the appropriate app-store and in-person assist you and tell you my ID on my privacy respecting apps of choice. Bluetooth transfers and QR codes also work too; so we can exchange other contact details as well.
I’m also gen z and from the US, I go to university, and most people who I know use Whatsapp or Discord to communicate.
Telegram is far superior to Whatsapp and close to Discord in features. Your generation is capable of using it; I see Gen Z on there all the time. Signal closely mimics iMessage in features; and it’s available on both Android and iOS.
Bonus for the privacy-conscious; It has better privacy and cryptography. MProto isn’t the most respected but it’s sufficient for most day-to-day conversations.
Telegram is absolutely not vastly better than WhatsApp. Open Whisper Systems literally built the E2EE in WhatsApp. Its implementation of OTR predates signal.
Meanwhile, Telegram insists on rolling their own crypto and it’s closed source.
I think OP can and should try to get friends into Signal. But WhatsApp I’is almost certainly the answer to the OP. It offers well implemented proven off the record, E2EE communications, it’s widely adopted, cross platform. It’s miles better than SMS and Facebook or Instagram messenger or Snapchat. OP is looking for the best compromise, WhatsApp is it.
Bonus for the privacy-conscious; It has better privacy and cryptography.
This is highly questionable, but it should be mentioned that it is radically worse if you don’t use “secret chats” (less convenient), the normal ones don’t even have end-to-end encryption.
PS: It’s quite bizarre to answer directly to someone to discredit, but without giving the opportunity to refute…
Not wanting to use apps that are profiling you and your devices isn’t a high level of privacy or being extreme though. It’s just being a normal person.
That’s not a common idea of what’s “normal”, no. And I don’t mean anything bad by that - people give so few shits about privacy/security it’s ridiculous, and I empathize with that, but it is what it is. The point of the thread is that OP’s reluctance to use all the data stealer apps is isolating them to some degree, or at least requiring significant workarounds.
Yes, still the question “What are you doing with these people…” is not really relevant. OP’s responsible approach to privacy is not something that needs questioning.
Why not? This person is cramming security apps down the throats of new people they meet.
Just wondering what kinds of conversations they are having with these people they hardly know that justifies needing this much privacy?
I feel like there is a time where worrying about privacy is valid. That time isn’t with people you just met. Especially when you’re just having light hearted conversations, because you know, you just met them?
I don’t think they’re concerned that some deep secret is going to get out. They’re concerned that their communication is used for commercial purposes in a totally uncontrollable way.
Except it is more private than alternatives like Instagram DMs and FB Messenger (ironically all by the same company), which are not e2ee.
@glacier’s response pretty much covers it all, and it’s confirmed in the Whatsapp Faq.
Sure, they could find out who you are based on someone who added you as contact. But if you don’t have a FB account, or don’t use your real name there, all they’ll know is that you have a WhatsApp account, but won’t see your messages, unless someone reports your messages. Sure, that’s not as great as Signal, but much better than Discord/Slack/Snapchat/etc.
There’s also the issue of trust. Can we trust Whatsapp when they claim it’s e2ee? There’s no way to verify, but the same can be said for other OSS alternatives; for instance, telegram servers are not open source and the client you download might not be the one you see on GitHub., So there’s no guarantee your private key is not sent to the server at any point.
if you don’t have a FB account, or don’t use your real name there, all they’ll know is that you have a WhatsApp account, but won’t see your messages, unless someone reports your messages
but the same can be said for other OSS alternatives;
Well, your example is not open source, so yes, you cannot trust Telegram. Signal open sourced their server code some time ago. Even with FOSS you have to stay vigilant though and complete trustlessness is hardly achievable (do you trust your device? Your carrier? Your communication partner’s? Etc.)
It’s good enough for NSA to catch a terrorist, not necessarily useful enough for FB to produce targeted ads. If one plans to commit terrorism, Whatsapp is definitely not the best platform.
According to the article you linked: “In most cases, if metadata must be generated and/or used, it should be either 1) minimal or 2) encrypted so that it’s unreadable by the server handling the request(s)”. So most of the important metadata from your files will be encrypted, which make them inaccessible by Whatsapp unless they decrypt it (thus breaking the e2ee promises). Maybe they’ll know the file size or the file name, which you can easily change; what will they do with that?
So they are pretty much left with IP (if you don’t use VPN) and phone numbers you have contacted (which is already know by Apple/Google, NSA, etc. if you have a phone number and use it for calls).
It’s good enough for NSA to catch a terrorist, not necessarily useful enough for FB to produce targeted ads.
I disagree. Identifying a terrorist and their whereabouts for targeted assassination is not that different to serving personalized ads. It’s all about gathering information about the person.
True, file metadata is unaccessible like message content but I was referring to message metadata which covers ip address and phone number (as you mentioned) but also geo location (possibly live - WhatsApp is an application after all), when you communicate with whom how often. You can derive lots of info from that especially if your communication partners are more careless about their data and may maintain an active social media profile with Meta.
It’s definitely easier than finding out info about someone whose life depends on not being found - like a terrorist.
OP’s asking about the kind of communication that is needed from time to time to, for example, arrange a real-life meeting. They’re not talking about social networks.
And that might very well be exactly what OP is planning to do. They’re not asking us how to spend their time properly, they’re asking how to communicate with people on longer distance. Sometimes you need to let your friends know that the cooking class was cancelled or there’s a new club you all could join. Your friends are not aroud you all the time. Using apps like Whatsapp or Telegram is more efficient than calling each one separately and offers the possibility of group communication. It’s perfectly fine to use it for your friends group and it doesn’t mean you have no real life.
I’d just sms until you get to know someone better and can lightly convince them to use something like signal or they convince you to use whatever. You still need to live your life
Ultimately you will have to make some concessions in regards to privacy. Most people aren’t going to install Signal just to talk to you because it does not fit their use case.
I’m also gen z and from the US, I go to university, and most people who I know use Whatsapp or Discord to communicate. While Whatsapp is not perfect, their messages are end-to-end encrypted, which is much better than most other mainstream platforms (I would honestly say that it is better than Telegram). Discord can at least be accessed through a browser with an email alias.
My preference for communication would be:
Best realistic case: Whatsapp or iMessage (if you have an Apple device)
Reluctantly use: Discord, Instagram, Telegram, SMS, any messenger that can be
accessed through the browser without installing an app
I think this is the most real answer. It kinda is all about tradeoffs.
If creating connections is more valuable to you than using some unsavory social media, then you have your answer.
I also think it is pretty hard to actually reduce identifying informatiom from these apps. Just based on your social network, the piece can be fitted. In addition, your college gives up a ton of your identifying info (gmail, contracted apps…). I’m not sure there are perfect answers.
Lineagos run on an old Android phone with Aurora store to install and update play store apps. I just turn on the work profile when I check in and messages then turn it off. And it’s not my main phone either so consequence is that I won’t be instantly available, so ends up being more like email in terms of time it takes me to respond back. But, I am at least available on the preferred ways people want to communicate.
I made a separate user profile just for my social pwas since I use grapheneos. They’ll probably use discord or whatsapp so treat it like a public forum, stick with alias emails, fake info when creating, an always on vpn, and within a browser thats has privacy hardened features. If they want to talk more privately like through direct messaging and you trust them then try to convert them to signal otherwise simplex works too if you dont trust them with your personal phone number
Edit: Im not sure how instagram is these days but I guess you can make a burner using the same steps I described just dont actually post anything and dont add any identifying info haha. Have fun and good luck on the friend search
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !privacyguides@lemmy.one
In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.
This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.
You can subscribe to this community from any Kbin or Lemmy instance:
Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!
Want to get involved? The website is open-source on GitHub, and your help would be appreciated!
This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.
Moderation Rules:
We prefer posting about open-source software whenever possible.
No soliciting engagement: Don’t ask for upvotes, follows, etc.
Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
Be civil, no violence, hate speech. Assume people here are posting in good faith.
Don’t repost topics which have already been covered here.
News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
No misinformation: Extraordinary claims must be matched with evidence.
Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.
I almost feel like you are asking the wrong question - and - looking about this the wrong way. How do you meet folks with privacy in mind? The TL:DR answer is that you can’t. The more thorough answer is:
I use different numbers for different tasks. The same goes for social media and apps. I have dirty cell phones, dirty numbers, and clean numbers, and they are each labeled so I know which one is used for what purposes. I reply within a few hours to days. Those who want to graduate to more personal responses know the correct medium to speak to me on, though, it might surprise you to know that apps are not my go to for security.
I have found most people themselves not only aren’t friends, but are an insecure channel. Not only do most not care about privacy themselves, but most cannot be trusted with my private thoughts and information. As a result, I have learned to partition thoughts I want to keep private, from the carefully crafted personas I project into the world - we all “wear a mask” just some of us wear our hearts on our sleeves more than others. We all long for someone we could talk freely and uninhibited with, who we could let see our real self, as we sort out our thoughts and our ideas. But the truth is, most of the things I have shared with people I thought were my friends in confidence, has been shared with someone else. People themselves are a privacy leak. From the pictures they take, to the stories they share, nothing you say to them is private, even if you ask it to be. As a result. I view people the same way I view WhatsApp and Gmail, an Insecure App. Vulnerable to social engineering and gossip.
I now judge how close we are as friends, based on how much do I trust them to receive my unfiltered thoughts, or are we still at the level of - if I would not stand up in say it in a public square or at a local restaurant, I am not going to say it here. 99% of my friends as much as I value and care for them, are different layers of public square level friends, and the 1% that aren’t, know exactly where to meet me to talk. Hint, hint, the 1% is my dog.
Privacy is layered based on your threat model.
Sms isn’t going to track you like some apps and while the content isnt encrypted by default it’s not an issue if the information isn’t secure.
More interesting conversations can be over signal and you can convince people overtime to switch.
Each method of communication can be viable depending on the situation.
As Moxie Marlinspike once said, the fine line between facism and social democracy is choice. In order to exist in certain social groups, you have to expand your scope of choice to be able participate. In my experience using TextSecure/Signal for a decade and having convinced all of my friends/immediate family/significant others to use it, the majority of new people that I have encountered even with Signal installed on their phones, do not use it. It’s unfortunate, but most people only care about privacy to a certain degree, if at all. What I usually do is bite the bullet with SMS for a bit. If things are going somewhere, I eventually convince them onto Signal. If things don’t pan out, then not too much damage done.
Don’t use Telegram for Privacy.
This video explains very well why:
https://www.youtube.com/watch?v=rtRQKQkvUfE
Here is an alternative Piped link(s):
https://www.youtube.com/watch?v=rtRQKQkvUfE
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source, check me out at GitHub.
You’re going to have to use what people around you use. Weather it’s Whatsapp, Instagram groups, whatever. That is part of life. I’m forced to use WhatsApp because it’s what everyone in my country uses. The alternative is having no contact with anybody.
Is this the most privacy friendly approach? No, of course not. But we all have to make compromises to live in the modern world, and this is one of them.
I’m going to quote another comment but not ping them; I don’t want to argue with them; but instead provide counterpoints for the OP to consider.
This is false. While it does take more effort; it can be achieved. I can compose an SMS with an install link for the appropriate app-store and in-person assist you and tell you my ID on my privacy respecting apps of choice. Bluetooth transfers and QR codes also work too; so we can exchange other contact details as well.
Telegram is far superior to Whatsapp and close to Discord in features. Your generation is capable of using it; I see Gen Z on there all the time. Signal closely mimics iMessage in features; and it’s available on both Android and iOS.
Bonus for the privacy-conscious; It has better privacy and cryptography. MProto isn’t the most respected but it’s sufficient for most day-to-day conversations.
Telegram is absolutely not vastly better than WhatsApp. Open Whisper Systems literally built the E2EE in WhatsApp. Its implementation of OTR predates signal.
Meanwhile, Telegram insists on rolling their own crypto and it’s closed source.
I think OP can and should try to get friends into Signal. But WhatsApp I’is almost certainly the answer to the OP. It offers well implemented proven off the record, E2EE communications, it’s widely adopted, cross platform. It’s miles better than SMS and Facebook or Instagram messenger or Snapchat. OP is looking for the best compromise, WhatsApp is it.
This is highly questionable, but it should be mentioned that it is radically worse if you don’t use “secret chats” (less convenient), the normal ones don’t even have end-to-end encryption.
PS: It’s quite bizarre to answer directly to someone to discredit, but without giving the opportunity to refute…
It’s called not being a toxic reply guy. You should try it.
Sweet irony~
What are you doing with these people where such high level of privacy is required? Like I totally get wanting privacy but you’re being overly extreme.
Not wanting to use apps that are profiling you and your devices isn’t a high level of privacy or being extreme though. It’s just being a normal person.
That’s not a common idea of what’s “normal”, no. And I don’t mean anything bad by that - people give so few shits about privacy/security it’s ridiculous, and I empathize with that, but it is what it is. The point of the thread is that OP’s reluctance to use all the data stealer apps is isolating them to some degree, or at least requiring significant workarounds.
Yes, still the question “What are you doing with these people…” is not really relevant. OP’s responsible approach to privacy is not something that needs questioning.
That’s fine, but it doesn’t change the fact that it is objectively not normal.
You can believe that it should be normal, but that’s a very different claim.
Yes, I don’t think we’re in disagreement here. I was just trying to tie it all to the beginning of the discussion.
Why not? This person is cramming security apps down the throats of new people they meet.
Just wondering what kinds of conversations they are having with these people they hardly know that justifies needing this much privacy?
I feel like there is a time where worrying about privacy is valid. That time isn’t with people you just met. Especially when you’re just having light hearted conversations, because you know, you just met them?
I don’t think they’re concerned that some deep secret is going to get out. They’re concerned that their communication is used for commercial purposes in a totally uncontrollable way.
Whatsapp is end-to-end encrypted
They asked about privacy, not security. WhatsApp is profiling you.
Except it is more private than alternatives like Instagram DMs and FB Messenger (ironically all by the same company), which are not e2ee.
@glacier’s response pretty much covers it all, and it’s confirmed in the Whatsapp Faq.
Sure, they could find out who you are based on someone who added you as contact. But if you don’t have a FB account, or don’t use your real name there, all they’ll know is that you have a WhatsApp account, but won’t see your messages, unless someone reports your messages. Sure, that’s not as great as Signal, but much better than Discord/Slack/Snapchat/etc.
There’s also the issue of trust. Can we trust Whatsapp when they claim it’s e2ee? There’s no way to verify, but the same can be said for other OSS alternatives; for instance, telegram servers are not open source and the client you download might not be the one you see on GitHub., So there’s no guarantee your private key is not sent to the server at any point.
They don’t need your chit-chat to profile you. Metadata profiling is where it’s at and that’s why that whole e2ee introduction was just a marketing ruse. It’s good enough for the NSA, so it’s good enough for Meta. And Meta does collect that data even without an account.
Well, your example is not open source, so yes, you cannot trust Telegram. Signal open sourced their server code some time ago. Even with FOSS you have to stay vigilant though and complete trustlessness is hardly achievable (do you trust your device? Your carrier? Your communication partner’s? Etc.)
It’s good enough for NSA to catch a terrorist, not necessarily useful enough for FB to produce targeted ads. If one plans to commit terrorism, Whatsapp is definitely not the best platform.
According to the article you linked: “In most cases, if metadata must be generated and/or used, it should be either 1) minimal or 2) encrypted so that it’s unreadable by the server handling the request(s)”. So most of the important metadata from your files will be encrypted, which make them inaccessible by Whatsapp unless they decrypt it (thus breaking the e2ee promises). Maybe they’ll know the file size or the file name, which you can easily change; what will they do with that?
So they are pretty much left with IP (if you don’t use VPN) and phone numbers you have contacted (which is already know by Apple/Google, NSA, etc. if you have a phone number and use it for calls).
I disagree. Identifying a terrorist and their whereabouts for targeted assassination is not that different to serving personalized ads. It’s all about gathering information about the person.
True, file metadata is unaccessible like message content but I was referring to message metadata which covers ip address and phone number (as you mentioned) but also geo location (possibly live - WhatsApp is an application after all), when you communicate with whom how often. You can derive lots of info from that especially if your communication partners are more careless about their data and may maintain an active social media profile with Meta.
It’s definitely easier than finding out info about someone whose life depends on not being found - like a terrorist.
Meet people in real life doing real life things.
That’s not just better for privacy, it’s better for your life.
It’s harder, but no amount of followers on twitter will help you move a couch.
OP’s asking about the kind of communication that is needed from time to time to, for example, arrange a real-life meeting. They’re not talking about social networks.
Do hobbies! Cooking classes! Join clubs!
And that might very well be exactly what OP is planning to do. They’re not asking us how to spend their time properly, they’re asking how to communicate with people on longer distance. Sometimes you need to let your friends know that the cooking class was cancelled or there’s a new club you all could join. Your friends are not aroud you all the time. Using apps like Whatsapp or Telegram is more efficient than calling each one separately and offers the possibility of group communication. It’s perfectly fine to use it for your friends group and it doesn’t mean you have no real life.
And enjoy it while it lasts because no amount of 30 year olds will either
I guess this makes sense, even as a kid I was told I was such an adult. So I guess as a 30yo I’m actually more like a 45yo.
Carrier pigeons. I haven’t gotten a response back in ages though.
Sorry. They are delicious, though.
I’d just sms until you get to know someone better and can lightly convince them to use something like signal or they convince you to use whatever. You still need to live your life
Ultimately you will have to make some concessions in regards to privacy. Most people aren’t going to install Signal just to talk to you because it does not fit their use case.
I’m also gen z and from the US, I go to university, and most people who I know use Whatsapp or Discord to communicate. While Whatsapp is not perfect, their messages are end-to-end encrypted, which is much better than most other mainstream platforms (I would honestly say that it is better than Telegram). Discord can at least be accessed through a browser with an email alias.
My preference for communication would be:
Best realistic case: Whatsapp or iMessage (if you have an Apple device)
Reluctantly use: Discord, Instagram, Telegram, SMS, any messenger that can be accessed through the browser without installing an app
I think this is the most real answer. It kinda is all about tradeoffs.
If creating connections is more valuable to you than using some unsavory social media, then you have your answer.
I also think it is pretty hard to actually reduce identifying informatiom from these apps. Just based on your social network, the piece can be fitted. In addition, your college gives up a ton of your identifying info (gmail, contracted apps…). I’m not sure there are perfect answers.
Lineagos run on an old Android phone with Aurora store to install and update play store apps. I just turn on the work profile when I check in and messages then turn it off. And it’s not my main phone either so consequence is that I won’t be instantly available, so ends up being more like email in terms of time it takes me to respond back. But, I am at least available on the preferred ways people want to communicate.
I made a separate user profile just for my social pwas since I use grapheneos. They’ll probably use discord or whatsapp so treat it like a public forum, stick with alias emails, fake info when creating, an always on vpn, and within a browser thats has privacy hardened features. If they want to talk more privately like through direct messaging and you trust them then try to convert them to signal otherwise simplex works too if you dont trust them with your personal phone number
Edit: Im not sure how instagram is these days but I guess you can make a burner using the same steps I described just dont actually post anything and dont add any identifying info haha. Have fun and good luck on the friend search
I use Shelter to sandbox whatsapp and facebook messenger. They can probably still track me, but hopefully less.
https://f-droid.org/en/packages/net.typeblog.shelter/
Man I regret buying an iPhone out of curiosity. I’m in Mexico and everyone uses whatsapp here