I understand that it may be problematic sometimes but this was very smooth. I didn’t even say anything.
A: what’s your number for the whatsapp group Me: I don’t have whatsapp because of facebook. B: ok, we have to use signal then A: ok
And that was it. Life can be very easy sometimes
I have a feeling B wanted to use Signal, but expected it to be difficult to make others shift. When OP gave the opportunity, B came in and swyped it right away,
Exactly my thought as well
People dont install Signal for me, especially feo groups. They use arguments like “yeah, and I also might have reasons not to use Signal like I do with Whatsapp”
Kinda disrespectful to put a line against a data selling app and comparing it to “nah, I just dont wanna”
To be fair that does take effort
Wow, congrats.
At first from the title it seemed like they changed app to avoid you
yeah, that was funny. Creating a group without OP wasn’t enough, they had to change apps lol
That’s exactly what I thought as well from reading the headline. It definitely could have been worded better.
I wouldn’t be surprised if that’s how it plans out.
A regular group chat and another signal one for when you specifically need to talk to OP.
yeah, some title gore going on here.
Why don’t you use WhatsApp?
Because it’s proprietary garbage. If there are FOSS alternatives, I’m most definitely going to use them instead of proprietary software, let alone proprietary software by companies like Meta. And since there are plenty of those alternatives: No WhatsApp for me.
I work in cyber security and this is dogshit.
Most of it debunked thanks to the EU also.
Well, WhatsApp is owned by Facebook. They are a large player, so they are under a bunch of scrutiny.
But at the end of the day, WhatsApp clearly states it takes all this information. They only claim to keep your messages end-to-end encrypted.
I wonder if this applies to text messages only, or to things like voice memos, images/videos, gifs, etc. as well.
WhatsApp doesn’t let you send documents if you don’t give it full access to your files. Sure, maybe they pinky-promise don’t do anything but this is Facebook we’re talking about.
The same caveat goes for photos and videos - you can’t even send a photo if you don’t give it the camera permission and gallery access, something it clearly doesn’t need just to send a single picture.
Additionally, WhatsApp loads previews of websites. Sure, on the privacy violations list that’s pretty low-priority but I’d still like to not have a link contacted before I can take my 3 seconds to look at it and decide wether it’s worth clicking. Especially since a lot of my contacts send obvious scams (“send this message to 10 contacts for a chance to win a free iPhone” type bullshit mostly).
Revoking WhatsApp’s contacts permission will not show peoples’ nicknames - it will only ahow numbers. Yet you have to give yourself a nickname on WhatsApp, so they clearly have some interest in your contacts. Otherwise they wouldn’t block it outright when it’s an already implemented feature to show nicknames for numbers not in the contact list.
All quite suspicious if you ask me. Although I don’t work in cyber security so it’s clearly just incoherent rambing from me.
Meta owns it, and meta is one of the large, evil tech corps.
They are probably the easiest one for most people from English-speaking countries to cut from their lives.
You must be lost
Nope just well informed and educated, not a shrieking pearl clutcher “cUz fAsEbuK”
Lol
Why would a workplace need a group chat? Aren’t there any enterprise tools in place to achieve that?
I used to work for a small PPI claims management company. Our accounts team had a WhatsApp group for social discussion outside of work.
All of our internal work comms were handled through Slack.
Emergency team chat when there is a outage of corporate systems
Chat for social work stuff like team building or off-site gatherings.
Being about to shit talk about corporate stuff off the reservation is nice.
It can be a big sms group chat, signal, discord, whatever your team likes.
…to which for privacy reasons your team shouldn’t like SMS, Discord, Telegram, Slack, and probably even Signal (somewhat for privacy, & more for accessibility)
What do you recommend?
XMPP. A business can self-host, there are public servers, or there are many businesses which offer customised xmpp hosting as a service.
I can be federated with other xmpp servers or be a locked-down work-only service, or federate with chosen other servers (such as a client company’s xmpp servers).
The main problem is, you need to have someone good enough to setup a proper firewall when selfhosting.
Sure, it might not take $$$$, but it will take $, which is definitely more than\ \ \ \ .
If that’s the main problem then that’s easy to solve! Simply use a free public xmpp server.
I mention the self- and paid-hosting options because businesses tend to like having a sevice agreement backed by a contract, and may have additional specialised requirements not provided by free services (xmpp or otherwise).
Snikket exists for this type of user. If money is an issue, since XMPP is actually lightweight unlike Matrix, you can host multiple things even on the cheapest VPSs so it isn’t dedicated to one taskl or self-host out of your home (which is what I do, but also with some small sites, a feed aggregator, Mumble, terminal sharing, Darcs/Pijul version control systems, & Nix remote builder).
Skill issue, not money issue.
But when you are a business, everything can be converted into a money issue.
Cannot access work intranet (Teams etc.) from personal phones. Don’t have work phones. They all use WhatsApp so reluctantly, so do I.
In these companies, does anyone check the licenses in details to make sure using them is ok for the company?
Meta will get at least the metadata: meaning they will record who was in which call connecting from where.
For example, if one member is visiting a client, Meta may be able to infer the relation between the 2 companies.
If any of the people in the room click “report”, then the discussion is sent for review without the encryption protection
I’m pretty sure their user agreement translates to “you agree to let us do whatever the f*ck we want with the data you’re purposely disclosing to us”.
And last but not least: if Meta decides to wipe the archives, any info get lost?
There a reasons large companies ban unauthorized apps to talk about work.
Like I said, it’s for us to talk about shifts and what have you.
I would never join a group chat like that. If they need to get ahold if me after hours, they can call me.
BTW Teams doesn’t live on Intranet. There’s no reason they wouldn’t be able to open up Teams to BYOD beyond incompetence.
I know Teams doesn’t live on the intranet, but I’m not going to put work software on my own phone. Policy needs it to set up a work profile and I then can’t use fingerprint, face or a 4 digit pin. And all the shite that flows through Teams would be be piling up, just like it does on the PC at work, brilliant when you’re only in a couple of days a week. They want me to use a phone? Provide one.
The WhatsApp group is for us to send updates about traffic, if someone can cover a shift etc. it’s not an official work thing. I could of course not use it and just text people. That’s really just making my life difficult whilst sat up here on my high horse with a self righteous look on my face, whilst I miss the chance of an extra shift.
Denying putting work stuff on your phone is absolutely valid. The company should provide a company device in that case. And if you do agree to put company data on your phone, they should give a monthly stipend towards your phone bill. That’s how every org I’ve worked at has approached it.
That requires a business login on your personal device, which is typically against company policy.
Although, so should be sharing work info outside of corporate channels, so what do I know.
Really depends a lot on the groupchat. I was apprehensive but it’s quiet there and overall the things that get sent there are either in office hours (e.g. “internet might be out intermittently we are working on a fix”) to links to pay for something someone paid for outside of work like food or drinks.
I don’t mind it that way, maybe once a week a couple messages
Small companies and startups like to save money
Misread the post title, thought everybody jumped and left you all alone.
For a second I thought you meant you don’t use Signal, so they all went there on purpose to avoid you.
Heck yeah! I got a small work group to use Element instead of slack or discord once. I was so proud of them. Kudos for you.
For people wondering how to do this in your own lives, have two phones. Have a phone that you install work stuff on, including proprietary apps like WhatsApp. Just tell the people around you hey you can contact me on WhatsApp, but I only see it when I’m at my desk during business hours. I do use more privacy focused platforms on my personal device that you can reach me anytime, such a signal or simple x or matrix. And you’ll find a lot of people are very flexible as long as you give them some reason, and you’re not being unreasonable yourself.
There is an app on f-droid called “shelter” that gives you access to Android Work Profiles. This is a sandboxed area of your phone that makes it function like a second phone. You can install apps that are only accessible from within that sandbox. You can install a second, sandboxed copy of an app. You can shut down all your sandboxed apps simultaneously.
I have a bunch of bullshit, garbage apps I very rarely use installed in my sandboxed “work” profile (Facebook, restaurant apps, and some other assorted trash apps) so they won’t harass me at random.
Shelter is great, and work profiles are an amazing tool to have.
My intention with having two phones, one always at your desk for work items, is to set coworkers expectations that your not available on corporate systems 24/7. If they want to reach you outside of business hours, they will need to use better platforms. This demonstrates your being reasonable and using Whatsapp (or whatever) to be on the main platforms, but you have a real motivation to use the better platforms (like signal, etc)
Good recommendation!
Having two phones absolutely sucks. Didn’t work for me at all.
It’s only a minor hassle, lots of people manage it easily
I disagree. I absolutely love the fact that I can just turn it off after office hours and throw it in a corner during holidays and weekends. Sure, it’s a bit cumbersome to take two phones with you, but it’s also cumbersome to take the laptop and everything with you all the time. Just put it in the same bag and you’re good. Good to note, my employer provides me with a phone, so I didn’t need to buy a second one. It also means that if I switch jobs, I just return the phone and still have my personal device.
But if it doesn’t work for you, by all means, don’t do it. For me the good outweighs the bad.
Probably they were on the edge already, but it’s good that they have made the switch
In all my years of not using WhatsApp this has never happened to me lol. At best I’ve gotten some people to message me individually on Signal but not entire groups
@GravitySpoiled I love this, I had a very similar situation with my sports group, litte questions asked as well! Best thing was the reaction from the leader “I you are kind of right anyways, we should get rid of WhatsApp.”
Problems only appeared later down the line with people complaining that they don’t get notifications and it’s not a habit for them to check it, so they don’t see new messages.Surprised that happened. Very rare to see that these days.
Maybe OP works on infosec and the team was like yeah, makes sense?
Let’s say I work in an IT area (but not infosec)
Should have used Matrix
I’m going to join OP’s company next and say I can’t use signal because phone companies. Then they’ll upgrade to Wire or Matrix
Not great
No, Matrix isn’t the best in terms of privacy. It is a metadata disaster and most other platform are a lot more performant.
Matrix’s E2EE does not, however, encrypt everything. The following information is not encrypted: Message senders, Session/device IDs, Message timestamps, Room members (join/leave/invite events), Message edit events, Message reactions, Read receipts, Nicknames, Profile pictures
Matrix is developed by a for profit entity, a group of venture capitalists and having a spec doesn’t mean everything. The way Matrix is designed is to force into jumping through hoops and kind of draw all attention to Matrix itself instead of the end result.
XMPP is the true and the OG federated and truly open solution that is very extensible. XMPP is tested, reliable, secure and above all a truly open standard and decentralized it just lacks some investment in better mobile clients.
What most fail to see is that XMPP is the only solution that treats messaging and video like email: just provide an address and the servers and clients will cooperate with each other in order to maintain a conversation. Everything else is just an attempt at yet another vendor lock-in.
People need to get this through their heads, XMPP is the only solution for their problems.
XMPP isn’t any better in terms of metadata. OMEMO is an afterthought that slaps on to XMPP. Many metadata are still attached to the message. The threat model only protects the content and doesn’t guard aginst metadata and traffic analysis. Even OMEMO extension is still in experimental status. Not to mention, users still need to signup an account using their email.
Honestly, I think SimpleX is better in everyway. No account required, minimal metadata (at least from the technical whitepaper and other sources I read), fully open source (AGPLv3), an ok mobile and desktop client, and audited. The register friction is almost non existance. You just need to install, set a name, and off you go. The only worry I have with them is they took VC funds.
I think SimpleX is better in everyway.
A few SimpleX shortcomings beyond what you noted, in no particular order:
- No multi-device support.
- Adding contacts requires sharing somewhat large links (as either text or QR code) which can be inconvenient.
- Messages are lost if not retrieved soon after they’re sent. (I think it’s 21 days by default. I’ve had vacations longer than that.)
- No group calls.
- Group messaging is full-mesh, meaning that as a group grows, the network traffic will balloon faster than it would with any other topology. This is generally bad for high-traffic groups, but it might be okay if they stay small or everyone always has great unmetered connectivity.
- The claim to not have user IDs is misleading at best, and outright false in group chats.
- The desktop app uses Java, which will be unappealing to more than a few people. (To be fair, several other messengers use Electron, which is also unappealing to more than a few.)
It does have some neat design ideas. I don’t consider it ready for general use, but I look forward to seeing how it develops.
agree with your general sentiment. I’ve actually been using it and its very rough around the edges, in addition to being “slow” feeling overall, and I’m just testing it out between one other person and myself on other devices. it’s not something I can recommend to anyone yet, but definitely keeping my eye on it.
XMPP is way more open and interoperable than all the solutions available, it works like email any user can can talk to any other and doesn’t depend on a some proprietary / closed service centrally owned by anyone. That’s a good selling point.
XMPP doesn’t really force users to sign up with email address, it just happens that XMPP addresses use the same format, many public servers will give you an address like username@server.example.org that is never mapped to a real email address and only works for XMPP. The decision to actually ask people for their real addresses is up to who owns the server and won’t be directly exposed on the XMPP network.
People need to get this through their heads, XMPP is the only solution for their problems.
On the contrary, you need to understand that your own needs and priorities do not match everyone else’s, and that XMPP is not a good fit for every use case.
(Your rant was amusing, though. I hadn’t seen one like that in a couple weeks.)
While I agree with your point just tell me what Matrix does better? It’s better at being overly complicated? Or at being more propriety?
Convinces clueless FOSS communities to move off IRC. Onto a unusable protocol designed around netsplits they never cared about, yes, but it’s n o v e l!
Nobody owes you their time or their patience. If you want help understanding something, I suggest you tone down the fearmongering, manipulative, adversarial comments. If you’re just looking for a fight, kindly go elsewhere.
Omemo sucks
XMPP is great but it’s dead.
It is as dead as we want. There’s no reason to reinvent the wheel, probably the only thing that XMPP lacks is a bunch of money into a very good, cross-platform (but native) client like Telegram has that actually works 100% of the time and a bunch of large scale public servers to handle regular users who don’t want to host their own. Also… easy registrations and setup on said client.
For a regular user and most privacy aware people, they just don’t care if the protocol is Matrix, Signal or XMPP - they just want a good end user experience and a solid thing, that’s what XMPP lacks today and it’s all client side.
Bottom line is: XMPP as a protocol is great, lacks someone with vision and money to drive it into mass adoption.
I’m pretty sure an encrypted chat platform is possible with ActivityPub.
Does XMPP support voice/video calls?
For a team of 20 people matrix is way overkill imo
There would be room for expansion. What about an IRC then?
XMPP on the other hand…
I once setup a entire matrix server for my school club that comprised of 4 people because one of our members couldn’t use discord lol
They only realized that when he said that? What a weird infosec team. I guess they also could use SimpleX if they wanted the most secure, private and anonymous option, but I think Signal is pretty well balanced as a messenger. Good privacy and usability.
I think you’re over estimating people who works in infosec. All the people I know that work in infosec in corporations are just regular windows support people assigned to keep the security updates on day.
There may have been discussions around it beforehand. I didn’t ask why it went so smooth.
What you didn’t realize is that your value to the company is way more than you realized.
Often times people have resolved all the rational arguments to act on a decision but lack on an emotional excuse to figuratively pull the trigger. I’d bet on someone high up had already made up their mind and you not using WhatsApp was the perfect excuse to just have the whole team finally migrate.
these 20 people are awesome :D