The story of Whatsapp that merges with Facebook and starts profiling you even using that data (as if it had never done it before: how does Whatsapp make money? What is its business model?) Is taking a strange turn, which has some implications that I consider comic.

First, what's the fact? The EU is about to ban, together with the American antitrust, to split Facebook from Instagram and Whatsapp. The only way Zuckerberg can avoid this is to merge things into one product. In that case there will be many features of the same product, and the regulator will arrive too late.

Since he did it in a clumsy and arrogant way, with an ambiguous and worrying message, the result is that now there is a small leak of users. “Little escape” means that the numbers are relatively low. But significant.

The problem is that Elon Musk gets involved and suggests switching to Telegram or Signal. Aha. Interesting.

But.

Signal is based on a series of opensource software, so in theory you can install your own server and do it yourself in selfhosting. This is wonderful. But…

… but in the end you will wonder what it takes to do it. They are the so-called "requirements", or "pre-requisites". I mean, how many computers do you need, what software do you need, and so on. And this list gives you a great understanding of what the "signal" server you use does. Very well.

So what does the server signal you use do, and that Elon Musk also uses? Well, the installation requirements are public, and anyway just ask the "developer community".

Done:

But if you want the updated official requirements, you can go here . And you will see that they have updated, but it is not so much better.

What does this mean? It means that whatever server signal you are using, the server passes some metadata (but not data, of course, it's E2E encrypted) initially to the following actors:

• Google
• amazon
• apple
• twilio

and today's list is:

• Twilio (For SMS OTP)
• Amazon S3 (For Avatar and Attachments., Can be subtituted with MinIO)
• Amazon SQS (For CDS Queue. Can be subtituted with LocalStack)
• Google Firebase (For push notifications)

the difference is that Firebase “aggregates” the notification functions for Apple and Google, which therefore remain actors. First of all because it is from Google. Second, because he also works for Apple. third because… it provides analytic services. That is, it analyzes the metadata of those who use it. Nice, huh?

For those unfamiliar with twilio, it is a company active in the telco world, precisely in the digitization of the legacy telco world. Find the profile here . As you can see it is not very different from the others, it is just a lot less known.

Giving metadata to those companies is the REQUIREMENT to install the server.

To understand: "the REQUIREMENT" means that your server signal could NOT work if it did not give metadata to Google, Amazon, Apple and Twilio.

So, my question is:

but do you really think you are freeing yourself from data collection, do I use a platform that has THE REQUIREMENT to give metadata to google, amazon, Google Firebase and then apple and twilio to run? Seriously?

The "secure" server you are using works by giving away meta data to the same companies you would like to REMOVE. Of course, there is no facebook in between, except through Twilio:

As you can see, in Twilio's “technology stack” there is EVERYONE. There is Amazon, there is Microsoft, there is Facebook, there are all our friends. Switching to signal they left the door and re-entered the window .

You may argue that this is meta-data but not data, which is E2E encrypted. Never was a word more overrated. They are "just" metadata.

If you don't believe metadata is important, try telling your wife that on Thursday night, 6:00 pm soccer night, at 5:50 pm you sent a short message to your ex. And that you do it every week.

As you can see, metadata matters. And if you don't believe it, let your wife explain it to you. They matter.

Let's go to Telegram. I have little to tell you about telegram. I don't know what the infrastructure installation requirements are, because … that's why . Because nothing is known about the backend, or almost.

Can we see the code of the telegram servers? Is it in the public domain? No. Why not? Because bla bla bla jadda jadda jadda .

Those who advise you to go to Telegram lie knowing they are lying. The only thing that telegram guarantees you is to send encrypted messages to something . Since you don't have the code, the "something" could do anything to it.

The sneaky Russian says that "you have no guarantee that that code will run on servers, so there is no point in giving it to you." Sure. But if I run it on MY servers then I have that guarantee. Unfortunately, "Russian crafty" says it's not possible

Honestly, to recommend "Russian sly" you need some hair on your stomach. And Elon Musk has some. But I wouldn't.

Now I guess I've bored you. Because the next question will be: yes, but what do YOU ​​recommend? What do YOU ​​use?

Eh, I use Gnu Jami : https://jami.net/

You will say: and have you seen the server code of that?

Answer: What server are you talking about? Jami works on DHT. It has no "server".

No server, no stomach ache on the server.

It only has clients, which are found among themselves using a DHT. Like Torrent or Emule do. When you talk to someone using Jami, THEN you REALLY have E2E encryption, end to end, because the two "ends", you and someone, ARE THE ONLY SYSTEM INVOLVED.

Obviously, you will do what Elon Musk says. The one who wanted to send people to work during the pandemic, and which changed state because according to him, being prejudiced about killing people is the stuff of communist states. Aha.

And you will do it because you read it on twitter and then in the newspapers.

And that is why we are at this point: because you do what you read on twitter and in the newspapers.