# I am the Watcher. I am your guide through this vast new twtiverse.
# 
# Usage:
#     https://watcher.sour.is/api/plain/users              View list of users and latest twt date.
#     https://watcher.sour.is/api/plain/twt                View all twts.
#     https://watcher.sour.is/api/plain/mentions?uri=:uri  View all mentions for uri.
#     https://watcher.sour.is/api/plain/conv/:hash         View all twts for a conversation subject.
# 
# Options:
#     uri     Filter to show a specific users twts.
#     offset  Start index for quey.
#     limit   Count of items to return (going back in time).
# 
# twt range = 1 10
# self = https://watcher.sour.is/conv/wwxk3qa
caesar
twtxt.net
View Thread
@prologic Not true, they use the Signal protocol (well, admittedly you have to take their word for that, since the app is closed source…). But FB does indeed have access to the metadata – who you're talking to and when – which is why I do my best to avoid it. (Signal have access to the same metadata if you use Signal, but I trust them better with it… I'd still rather nobody had it, which is why I prefer Matrix.)

More info here and here.
prologic
twtxt.net
View Thread
@caesar You are right about WhatsApp using the same Signal protocol. However it is questionable at best as to whether it is implemented strictly as per the stated specification.

On the subject of Metadata however, this is not quite right. Signal itself (https://signal.org) does not store or collect any Metadata about you or who you interact with whatsoever. They go out of their way _quite a lot_ to also e2e encrypt this data too. You can read about it on their blog posts.

Bottomline is; try really hard not to trust WhatsAppa (from Facebook) 😂
prologic
twtxt.net
View Thread
@caesar You are right about WhatsApp using the same Signal protocol. However it is questionable at best as to whether it is implemented strictly as per the stated specification.

On the subject of Metadata however, this is not quite right. Signal itself (https://signal.org) does not store or collect any Metadata about you or who you interact with whatsoever. They go out of their way _quite a lot_ to also e2e encrypt this data too. You can read about it on their blog posts.

Bottomline is; try really hard not to trust WhatsAppa (from Facebook) 😂
prologic
twtxt.net
View Thread
When I used to work there (Facebook Inc.) they had only recently purchased WhatsApp. At the time it was basically a "pick it all up" and "place over here". WhatsApp had their own locked offices on campus, and their own DataCenter space.

They spent the next few years integrating with the rest of the Facebook ecosystem, now they are just a part of the Facebook infrastructure, data, graph database and family of apps.

You read into what what you will 😅
prologic
twtxt.net
View Thread
When I used to work there (Facebook Inc.) they had only recently purchased WhatsApp. At the time it was basically a "pick it all up" and "place over here". WhatsApp had their own locked offices on campus, and their own DataCenter space.

They spent the next few years integrating with the rest of the Facebook ecosystem, now they are just a part of the Facebook infrastructure, data, graph database and family of apps.

You read into what what you will 😅
caesar
twtxt.net
View Thread
@prologic True, Signal LLC claim not to store metadata (and I believe them), but the protocol _requires_ that metadata to pass through their servers, and as a US-based company they could _theoretically_ be forced to store that metadata without being allowed to inform their users.

As for WhatsApp, much as I loathe Facebook and everything they touch, I do believe the Signal Protocol is correctly implemented (it's been audited by security professionals).

(This feels weird, normally I'm trying to persuade people not to use WhatsApp 😅 but accuracy is important here.)
caesar
twtxt.net
View Thread
@prologic Basically, my position is that of the security professionals cited in the articles I linked: yes, there are much, _much_ better choices than WhatsApp, but it's _actively harmful_ to overstate its flaws / tell people it's insecure without giving full context, because for the vast majority of cases (even for journalists in repressive regimes) it's _secure enough_, whereas often the alternatives people switch to are far _less_ secure.

Not to say that's the case here, obviously this community understands the context and alternatives in much more detail than most.
caesar
twtxt.net
View Thread
@prologic That's very interesting that you were able to see the acquisition from the inside! And yes, I know WhatsApp now runs on the same infrastructure as the rest of Meta's properties. But then that's the whole thing about e2ee – so long as you can trust the encryption, you don't need to trust the servers / network. (Metadata being the obvious exception).

But again, despite what I'm saying here, I am no WhatsApp fan. I avoid it as much as I can, and try to encourage my friends and family to switch to better alternatives.
prologic
twtxt.net
View Thread
@caesar I've never used WhatsApps, so I can't really comment on any specifics, only what I knew (_at one point_) and observe (_from Meta's behaviour_). I try to encourage all my friends, colleagues and acquaintances to never use WhatsApps and get off it and use Signal instead.

One of the difficulties is quite simple this; If a piece of software that millions, hell even billions rely on is closed source, how can you really trust it? Unlike Signal that has been audited (both the spec and the app's source code), trusting a messaging app/service of any kind from a company whose business it is to know everything about you and sell that information to advertisers, is, a "fools errand".

Contrast this to Apple's iMessages, a company that is NOT in the business
of collecting information about you or selling it to advertisers. You _can_
largely trust iMessages the app and service to a greater degree, I say greater
because it's not open source so you have to trust Apple's word here that the
contents of the messages are in fact e2e encrypted and not sent or stored in
the clear.

Anyway... </rant> -- Trust is hard™

> Don't trust "FREE" services from a company whose business model is Advertising.
prologic
twtxt.net
View Thread
@caesar I've never used WhatsApps, so I can't really comment on any specifics, only what I knew (_at one point_) and observe (_from Meta's behaviour_). I try to encourage all my friends, colleagues and acquaintances to never use WhatsApps and get off it and use Signal instead.

One of the difficulties is quite simple this; If a piece of software that millions, hell even billions rely on is closed source, how can you really trust it? Unlike Signal that has been audited (both the spec and the app's source code), trusting a messaging app/service of any kind from a company whose business it is to know everything about you and sell that information to advertisers, is, a "fools errand".

Contrast this to Apple's iMessages, a company that is NOT in the business
of collecting information about you or selling it to advertisers. You _can_
largely trust iMessages the app and service to a greater degree, I say greater
because it's not open source so you have to trust Apple's word here that the
contents of the messages are in fact e2e encrypted and not sent or stored in
the clear.

Anyway... </rant> -- Trust is hard™

> Don't trust "FREE" services from a company whose business model is Advertising.