There’s been a lot of noise around the privacy flaws of @Whatsapp and the exodus to @signalapp

An 8-part thread on how they differ security-wise

Full post: https://medium.com/worldr/whatsapps-unsafe-but-signal-isn-t-the-silver-bullet-e5799806b92a

WhatsApp & Signal both have E2EE. But the way WhatsApp stores your data can essentially circumvent the idea of E2EE, and therefore render it useless.

With WhatsApp, so that you don't lose your history, your backups are normally all stored in the cloud. However, here they’re no longer E2EE, but encrypted by WhatsApp. So all your data is stored by a 3rd party cloud, and the encryption keys are owned by WhatsApp.

E2EE is only part of the solution. Where and how data is stored is the biggest driver of security. Signal is much more secure b/c they store data locally, on your device. So no middle party intercepts the unencrypted messages.

But what I'm personally interested in is that because Signal is SO safe, regulated industries can't use it. Bankers, traders or others could use tools like Signal to commit fraud without leaving a trace.

Corporations need a collaboration tool where messages are completely inaccessible by outside parties yet the communication can also be accessible by the company as a whole.

That's what I'm working on at Worldr with a brilliant team. Our beta is open, we already have top teams using our app and I'm super excited to share more learnings along our journey.

So that's it. WhatsApp messages are encrypted yet often unsafe. And Signal’s security is so good that it’s actually a flaw in the corporate setting.

The only way forward is complete data self-sovereignty — localising data, and retaining private keys. Thanks for reading!!

Link to post: https://medium.com/worldr/whatsapps-unsafe-but-signal-isn-t-the-silver-bullet-e5799806b92a