WhatsApp is a Meta business unit, yes.

And it has its own rules and policies for what is shared with other Meta business units.

Google has spell out the same. Just because you provide data like location to one Google service doesn’t automatically mean every other Google service can access it.

And they can’t just change their internal data policies however they like as some of this is governed by legal regulations.

Here’s a a story about how Google is not allowed to share data across business units without user consent, at least in the EU.

https://www.theverge.com/2024/1/12/24036312/google-digital-markets-act-services-user-data-opt-out

Here WhatsApp spells out what it shares with Meta:

https://faq.whatsapp.com/1303762270462331

I love that a Twitter founder founded Bluesky and the logo went from the outline of a white bird on a blue background to the outline of a white butterfly on a similar shade of blue background.

It’s reasonable not to trust them, but they could get in serious legal trouble if they are claiming the data is encrypted and they can’t access when in fact they can.

WhatsApp has a different business model. There are a lot of businesses on the platform and businesses are charged to do business messaging with users.

In some parts of the world WhatsApp has become a somewhat essential part of life so plenty of businesses what to participate and access the users there.

How Meta got into that position involved zero-rating— a practice where they work with ISPs to make sure there are no data fees to access WhatsApp.

While free seems good, the practice allowed WhatsApp to quickly dominate, crowd out competitors and make itself essential.

https://www.humanrightspulse.com/mastercontentblog/is-zero-rating-a-threat-to-human-rights

“What makes a zero-rating practice, like that of WhatsApp in Brazil, particularly threatening to human rights is when it is the only economically viable option for internet access in a society. In Brazil, as an internet connection can swallow up to 15% of the household income, users rely on these practises. As Professor Belli points out that economically, no other opportunity exists to assess the information being presented.”

No. The Signal app offers similar functionality to WhatsApp core features and is open.

Where is the evidence of Meta mining WhatsApp metadata?

Meta acquired WhatsApp and somehow hasn’t messed it up yet. WhatsApp has always been fairly good with privacy and doesn’t share much with other Meta apps as far as I’m aware.

That is what the article is explaining. The contact names and details are encrypted.

https://engineering.fb.com/2024/10/22/security/ipls-privacy-preserving-storage-for-your-whatsapp-contacts/

Perhaps the call times are exposed but it seems it would be difficult or impossible for them to connect this with a human identity.

Use Signal if you have concerns about WhatsApp.

They cannot see phone numbers of contacts, no.

Is this deshittification?

They already are.

As soon the message arrives, reply STOP.

This sends a signal to the sender and the carrier that you didn’t want it.

Next, look for the messaging app feature to “Block and Report”. This sends a signal to Apple/Google and possibly others that the message was spam.

Now, I do these things and I continue to get political fundraising pleas over text from groups I don’t recognize.

BUT, I also work with bulk emailing and know it takes a very small number of reports, less than 1%, of messages reported as spam before the bulk-mailer/carrier blocks and penalizes the group originating the message.

I think some collective action here by a small group can make a difference.

Indoor cat or indoor/outdoor cat?

I imagine BitWarden is sufficiently good. The big leap in security comes from having no password manager to a decent password manager.

LastPass does not seem as serious about security so it doesn’t meet my personal bar for decency.

LastPass doesn’t have your password, so it can’t be stolen during a breach.

But 1Password goes a step further, also requiring a “secret key”, which also can’t be stolen.

https://support.1password.com/secret-key-security/

Even if an attacker manages to steal your encrypted data from 1Password and also guess your master password, they still can’t access your data without a secret key.

For that reason, your 1Password account is more likely to compromised through your own device, not their server. And if your own devices are thoroughly compromised, no password manager can save you— the attacker can potentially grab all you type and see all you see.

I evaluated both BitWarden and 1Password for work and 1Password generally won across the board.

If you host yourself make sure backups are rock solid and regularly monitored and tested. Have a plan for your infrastructure being down or compromised.

1Password’s security model guards against this. Even if they are breached, your passwords cannot be decrypted.

You are more likely to screw up your own backups and hosting security than they are.

He influenced me to not buy a McLaren.

Qutebrowser, Dillo, LadyBird, Zen. Good luck.

I like to manage services maximally with systemd so it was a natural fit for me.

It did not seem difficult to set up web and database quadlets so they are properly networked.