This is part of a broader problem.

Many "apps" from WhatsApp to Zoom are treated as public spaces by citizens. But, legally the app-space is closer to a private space. This creates a mismatch between reality and expectations. (Zuckerberg can delete his chat history and you could not until Europe passed legislation forcing Facebook to do so.)

I suffered the "Windows only" of gubernamental applications that excluded Linux users from using them. I see a new wave of iPhone/Android apps, WhatsApp/Twitter official accounts, etc. creating the same monopolistic synergy where the government decides what apps the citizens have to install and what Operating Systems to use. The abuse of monopolies is not fight against but government officials take sides and choose which monopolies to grow.

Finally, a point missed in the comments: WhatsApp is an American company. The misalignment between Europe and the USA has grown the recent years meanwhile the technological dependence of Europe towards the USA has increased. That will not end well. The USA is in a position to shutdown all the technological infrastructure of Europe (AWS, Google, Facebook, Azure, ...) and to openly spy its citizens. When the two blocks were in more friendly terms that was seen as acceptable, today that is creating an uneasy feeling.

As an European citizen I do not feel safe with such an American oversight of my private and job-related activities. And, this is the most important point, when citizens feel threatened they will react or over-react to the situation. The USA has not been a trustworthy partner for some time. And ,the rise of TikTok and other Chinese apps are bringing that fear to public attention.

The solution is trivially easy and has existed for long: open standards. Mail has been around as long as the Internet and proven its value, the same applies to the World Wide Web. The only reason for the rise of apps is that companies see them as a good way of lock-in customers, gather data and increase influence. All that reasons are bad for the economy, for the freedom of countries and individuals. Open standards should be pushed as a leveling field for competing companies, as a form to increase freedom of expressions and communication and to avoid single-points-of-faiulre that risk big parts of the economy.

I hope for a return to sanity and open standards. The alternative is heavy regulated monopolies, no government is going to allow this situation to go for long, like the telecommunications industry. And, that does not work so well.

For further reading (in German), there's been a nice and well-researched article on Golem a while ago: https://www.golem.de/news/datenschutz-duerfen-aerzte-lehrer-...

Also, Microsoft sending Cease and Desist letter to the German city-state of Berlin as it wrote a policy advising against Skype (German too): https://www.t-online.de/digital/internet/id_87890600/skype-u...

From my experience a lot of people will not hesitate to contact you via WhatsApp even in a professional setting if they can get hold of your phone number. After this happened several times to me I made sure to have a separate phone for business where no messengers or any "social" apps are installed.

The funny side of this behavior is your client messaging you via WhatsApp but forgetting their profile picture shows them drunk emptying a giant beer shoe :D

I'm an Android lifer (all my smartphones) and now live in Australia. I use Whatsapp for 99% of my personal messaging and frankly, I love it.

Same messaging experience for everyone (including emojis), great desktop app, easy backup & restore as you switch phones, was early on the reply-swipe functionality, easy forwarding, voice messages, . No, none of these are "killer" features, but it's honestly one of the purest examples of 'Just Works'(TM) I can think of in my digital ecosystem.

SMS on Android is pretty crap, and it's a particularly shitty experience communicating with an iPhone user or in groups.

Every time an article about Whatsapp on HN or Reddit pops up I fearfully look to see if there are legitimate privacy concerns. Afaict, all my messages are still E2E encrypted, and all my stuff is saved to my Google Drive.

Unless you're in a sheltered circle of only iPhones (probably in America), Whatsapp is the best choice by miles IMO. (Edit: sure if Apple would democratize iMessage for x-platform I'd consider it, but given that will never ever happy, Whatsapp is the great equaliser)

No other messaging app has the reach and consistency. And yea, this is a hill I'm willing to die on.

Just a few years ago, paramedics in Germany were routinely (and probably not entirely legally) using WhatsApp for communicating with the hospital while en route because there wasn't (and still isn't) a reliable, secure and interoperable system allowing healthcare providers to communicate with each other.

It's not like people in Germany are using tools such as WhatsApp in a professional context because they're negligent or careless (at least not entirely). Often, the digital infrastructure available to them is so woefully inadequate they have to resort to non-official tools.

Let's hope that Germany and other EU countries, including EU institutions adopt or at least consider Matrix, like French did.

https://matrix.org/blog/2018/04/26/matrix-and-riot-confirmed...

I was appalled when I went to install it and there was no way I could see to avoid handing 100% of my contacts to it.

Do people keep a private offline contacts list, or a clean phone just for this?

Or do folks just not care about giving away the mobile phone numbers (and addresses? email addresses? birthdays? other notes on the contact about kids names, etc.?) to an app?

Am I behind the times and everyone just knows none of this stuff is private anyways due to leaks etc.? Even if that is your attitude, it seems you are feeding more links to the graph someone else is maintaining. Did you get consent from every one of your contacts to do so?

I feel like I must be missing something here. Am I over-reacting or paranoid?

From personal experience, I can tell you that the consequence of this will be that ministries will be using unencrypted and unauthenticated email and SMS.

In german companies, I see an increasing use of Threema as the "official" messenger. Is that only a german trend?

I wasn't aware that the German government had a "Data Chief" position. This article refers to the Federal Commissioner for Data Protection and Freedom of Information. Because of the federal structure, his authority is complicated with many important decisions based on the regional level (Bundesland). While some people do use Signal, most people, don't care. Many doctors communicate via WhatsApp, as it's just faster / easier.

Google, Facebook, Whatsapp (part of Facebook now), Amazon are all basically spy companies

They are 'America's Edge'

Let's consider the narrative ->

That one corner of the world (Silicon Valley) is so good at technology that it produces nearly ALL of the world dominating technology companies

*

Let's consider another narrative ->

While most countries were asleep at the wheel, the US (or some group of people in the US) figured out that the next wave of imperialism would be

- technology - data - surveillance

And they devoted all their resources to making sure these 'big data collection and surveillance companies' would be American companies

*

If you remember the example of the spy hardware company in Switzerland that turned out to be owned by the CIA

If you remember how US tried to fund a social network app in Cuba but failed to get traction

Then does it not make sense that all the things we think are 'accidents' are perfectly reasonable when considered as a collection of dots that link together

Cisco hardware = backdoors

Intel chips - backdoors

Amazon/Google/Facebook - data collection and surveillance

*

All the smart countries are gradually ditching Facebook and Google

If you look at actual innovation, there is now lots of great stuff coming out of Europe. China, etc

US seems completely focused on

A) data surveillance companies

B) advertising tech

C) 'Outspend everyone else to become market leader' type companies

Then provide useful, technically complete, secure alternatives that are vetted by the government. The expectations of your employees are changing, so the technology you provide should change along.

> "WhatsApp cannot read messages because they are encrypted throughout by default," said its spokesman.

Feels like a bit of a non-denial denial, given that that's not what the official claimed.

If you like WhatsApp but don’t like Facebook having your meta-data, and don’t like the fact that your Google Drive back-ups are not E2E encrypted, then use Signal. WhatsApp’s encryption algorithm is based on the protocol that Signal invented, so you get the same and E2E security — but without the potential for Facebook snooping on you.

Why would FB have paid top dollar for Whatsapp if not to use its data? Come on ppl

Germany already experimented with a couple of hosted open services: https://www.golem.de/news/whatsapp-matrix-oder-xmpp-bmi-such...

The Conversations.im team also leaves in Germany so I wonder why won't they just utilize their own solutions? Or maybe that's being considered...

And does the German government care what the data chief says or is this just a HN-feel-good article of no consequence or substance?

I also had the same experience in some client projects where we were explicitly told not to use it for anything work related.

There are very good messengers, they are just not pushed by big money and group pressure. The problem is always, that people don't care about what they do (to others) and apply group pressure for the benefit of the company.

matrix.org For professional usage and IRC like chatrooms. Free and open source software, with several native desktop and phone clients. Doesn't require any phone number and offers E2E encryption. You can use the central server or host your own ones and connect everyone through federation. The official app for iOS/Android is getting currently a rewrite because it is chubby. I'm using Fractal happily on Linux as IRC replacement, because it lacks E2E at the moment. Developed by a company which offers support and libraries for development. Therefore you could criticize that there are no RFCs floating around, but looking at XMPP which created a lot of RFCs this is probably quicker and better.

The germany army will use Matrix and also the french government. No joke! The germany army is here an example to follow.

signal.org Also free and open source software, but you won't get your own server and federation. Very easy to use for everyone, hard linked to phone numbers with default E2E encryption always on. Childs can use it. No native desktop clients, only the fat Electron "Flash for the desktop" thing.

The european parliament is using it in future. Probably a wise decision in their case ;)

PS: Facebook claims that WhatsApp uses the E2E of Signal. Nobody can proof that without source code. Nobody is allowed to write own clients for other platforms than iOS and Android. Nobody ever has seen the server code. Haven't we seen enough greedy monopolies since the 80s?

What are the chances that this could be solved by having the German government (or EU) overpay to poach a team of instant messaging engineers from around the globe (give them 2x their current salary, have milestones to unlock more money) to have them develop a Whatsapp alternative that can be used in EU?

i think the federal government also doesn't quite like the fact that it can't wiretap WhatsApp calls upon court order or decree; i don't know which possibility is worse - possible privacy violation or possible wiretapping.

WhatsApp is a no-go. Unencrypted e-mail is a no-go.

Please send a fax instead.

I wish I was joking.

The bigger issue here is that while currently there are quite many communication tools with various degrees of central control, effective encryption, cross platform availability, user adoption, etc., none of them nail a optimum on all these dimensions. You are always compromising on something.

Uneducated users just use what everybody else uses that is "free". This tends to be stuff that is provided by big US based companies like Google, Facebook, Apple, etc. Free here is primarily about pricing and convenience. Recently, people value encryption a bit more but most users lack the expertise to make good decisions for this. So, they'll use something that supports encryption without realizing that might need configuration or turning on.

Companies have to deal with employees using non-sanctioned devices and solutions (i.e. uneducated users), which means the above tools are used. Additionally, they tend to have internal tools that are required to used for internal communication. Typically these too are provided by big US based companies (Slack, Microsoft, Facebook, Google) but are optimized for corporate requirements (better security, team features). A problem with these tools is that they are useless for communicating with people outside the company. Most companies are part of a complex supply chain involving companies that typically don't align on this. So, things like Skype, Google Meets, Zoom, etc. are popular in this space. Or email. A surprising amount of communication still happens via unencrypted email.

Finally, educated users tend to pick solutions that are a bit more on the paranoid side of the spectrum when it comes to privacy, encryption, data ownership, etc. Additionally, open source clients and servers are important in this space. Signal, Matrix, etc. are some better known solutions in this space. Unfortunately, these solutions tend to be not widely adopted and make it harder to communicate with "normal" people in the above two groups. I have signal on my phone but less than 99% of my phone book actually is reachable via it (not counting sms messages here for obvious reasons).

Companies are increasingly valuing this type of solutions from a security point of view. Industrial espionage is a thing and it's a thing companies with representatives in countries like China, Russia, or even the US have to worry about. These countries have very active intelligence agencies and a long track record of actively serving local businesses with basically any information they can get their hands on. Therefore companies that care about keeping secrets ought to be highly paranoid about popular solutions controlled by US incs that must be assumed to be actively under the attention of intelligence agencies.

IMHO OSS, federated solutions, with multiple implementations, clients, and no central control is what is needed. Unfortunately the dominant business models in this space favour closed source, non federated solutions with maybe some OSS clients but typically no independent server side implementations. Signal and matrix are exceptions in this space and neither has meaningful (> 1%) traction in the any market. I guess matrix is growing nicely regardless. Also signal has one big flaw: it uses phone numbers for authorizing users. This gives a large amount of control to operators.

Generally I'm for stronger data protection, but German officials relationship to WhatsApp is a bit silly, I always wonder what their conrete worry or attack scenario is. That a rouge employee at WhatsApp can see your metadata or access your telefone book? That the US government can see your metadata? Criminal and state actors have access to most of that information anyway.

Here on HN people want to believe that WhatsApp is more secure than Telegram, when all the evidence points to the contrary. Also: don't trust closed source protocols.

If they discourage people from using something, they should tell people what is the alternative.

I've been user of Signal for years, but with recent changes especially with screen nagging me and everyone else to enter PIN I'm going back to Whatsapp, which was my secondary messenger, but which has most contacts anyway.

What are the other options - Messenger, Telegram, Skype or whatever Google kills this year, which are all not even E2E encrypted by default (let alone colecting metadata)? Anything else has zero users and it's not user friendly.

It's not like there is user friendly completely safe service, after all even Signal now collects and stores your contacts in cloud after forcing you to create PIN nobody asked for, while they still keep asking for phone number and nag you with other prompts instead of adding basic features like pin conversation to top.