Yeah, right. I bought myself a new phone. Logged into my Google account. BAM! All my apps from the old phone get installed, WhatsApp gets installed, I open it, I see all my (supposedly encrypted and safe) messages dating two phones back. Which means anyone at Google with access to my phone backup (i.e. any sysadmin at Google) can read my messages, too, if only they have any interest in doing so. So much for WhatsApp being secure. Want to use Signal securely? Want to make sure there’s no MITM attack? Go meet your correspondent in person and check the fingerprints, there’s simply no way around it. At least with PGP’s signing parties you can get a chain of trust to someone you’ve never met in person. And so on, and so forth. The artice is full of pretentious BS. Well, what would you expect from a person who claims to work in in software security and never uses PGP? ;-)

Comments are webmentions.