this post was submitted on 23 Oct 2023
75 points (89.5% liked)

Privacy

32003 readers
1137 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

And if so, why exactly? It says it's end-to-end encrypted. The metadata isn't. But what is metadata and is it bad that it's not? Are there any other problematic things?

I think I have a few answers for these questions, but I was wondering if anyone else has good answers/explanations/links to share where I can inform myself more.

you are viewing a single comment's thread
view the rest of the comments
[–] ReversalHatchery@beehaw.org 11 points 1 year ago* (last edited 1 year ago) (4 children)

It says it's end-to-end encrypted. The metadata isn't. But what is metadata and is it bad that it's not?

It's not just that. Their app can easily have tracking components that look for the list of installed apps, how often you charge your phone, how often are you on a WiFi network, etc.

Also, the app and any tracking component it has can also freely communicate on the wifi network. That doesn't only mean the internet, but the local, home network too, where they can find out (by MAC address, opened ports and response of the corresponding programs) what kind of devices you have, when do you have them powered on, what software you use on it (like do you use any bittorrent client? syncthing? kde connect? lots of other examples?), and if let's say your smart tv publishes your private info on the network, it does not matter that you have blocked LG (just an example) domains in your local dns server, because facebook's apps can just relay it through your phone and then their own servers.

If the app's code has been obfuscated, exodus privacy and others won't be able to detect the tracking components in it.

[–] Azzu@lemm.ee 3 points 1 year ago (3 children)

Are others different, like Signal and how do I know?

As a normal user I install both in exactly the same way, I have no way to verify that the code of the apk on the play store is exactly the same as the code published by Signal as open-source. How could I trust Signal more?

[–] Devjavu@lemmy.dbzer0.com 3 points 1 year ago

You can only know if you choose to read the code and compile from source. You can trust, in that your read the code and just install the app, or let others read the code for you. If reputable sources tell you it's good, most of the time it's good. How can you trust Signal more? Well you... shouldn't. You could try to use a decompilation tool, don't know if that works on Android's apps though.

load more comments (2 replies)
load more comments (2 replies)