The news is misrepresenting what is actually happening.
A judge ruled for a 48 hour ban of WhatsApp from telcos to try to coerce WhatsApp into releasing private chat information for an ongoing criminal investigation (wild guess: they want information from politically exposed actors due to the recent corruption investigations). There are precedents, and that's a tactic local judges are using to try to get cooperation from international private companies.
This is the actual fact, but the article is conflating that with Marco Civil and other regulatory attempts that have nothing to do with this particular court ruling.
My wife is a judge and she is not alarmed. She is terrified. We are green card holders and came back to the country 16 years ago. Tonight was the first time we had a conversation about leaving this place for good.
Dictator-like behavior has a polarizing effect, which is generally the precursor to large realignments (and possibly violence). On that note: please be careful!
"The more you tighten your grip, the more star systems will slip through your fingers." - Stars Wars Episode 4
Large realignments are the fallout: those who benefit from the dictatorship will be in favor of it. Dictators also have difficulty maintaining their grip on power.
It's very interesting that we perceive this (public) shutdown as "dictator-like" behaviour while the US uses gag orders, laws and secret courts to force (tech) companies into complying. If you don't want to, you have to shut down your company (see Lavabit). Yet Brasilia is "anti-technology" (sic) because they're not abusing their power in secret.
Be cautious, I had a close friend have their Green Card seized while crossing the border back from Canada into the United States, even though he had documented evidence that he had spent 95% of the previous three years in the United States. He was a consultant, and traveled a lot, but thought he would hang out in Vancouver, BC for a while. Even though he only returned to Vancouver for a few days at a time, before going on the next engagement, and all engagements were in the United States, with a US employer, (And he was a Stanford Graduate) - they seized his GreenCard because his household goods (Mattress/clothing), had left the country more than a couple years ago, and used that as evidence of being away from the United States.
Lesson learned - Sometimes the border staff gets caught up on stupid technicalities. Be aware of them, and don't use common sense.
You really only have to set foot in the US once every six months. My wife (now a US citizen) and I would have to make trips to the US every six months to keep her green card alive.
There is no such thing as a Brazilian green card. Green card is a figure of speech that is mostly used to refer to US permanent residency. Other countries often just call it PR.
To further aid confusion, "Green Card" in Europe means a certification from your motor insurance provider that extends motoring insurance to the rest of the "green card countries" (which is basically Europe)
Very urgently needed PR, if one considers the pace at which the country is turning into an Orwellian total surveillance state (most recent data point: CISA bill hidden in the federal budget bill).
It's a confidencial investigation, you have no reason to believe it is a politically exposed actor. It can be any sort of investigation, this is highly manipulative. The people who actually created this block wants to make you think it's related to the Lava-Jato, but they are probably doing it due to lobbists from telecom industries.
They could fine facebook, the owner of whatsapp and that have offices in Brazil. It is unrelated to close the service. Has the Brazilian government ever closed Vivo or Tim because it had legal problems? No. They charge fines.
There are precedents, and they were absurd.
All the information on the article regarding Cunha is correct.
Not at all. When companies decline to obey local law, it's reasonable for them to be cut off from operating in that country. Which is what the judge is proposing, temporarily. Probably with longer cutoffs to follow if this doesn't inspire obedience of judicial orders.
Obeying duly authorized warrants or subpoenas is very reasonable. It's really not WhatsApp's job or right to pass judgement on the political system of a country. If WhatsApp doesn't like that, they should withdraw their business from Brazil.
And let's be serious; while Brazil may have problems, it's definitely not a dictatorship.
> Obeying duly authorized warrants or subpoenas is very reasonable.
Depends on the warrant or subpoena and the technology in question. If they have plaintext messages sitting around on a server somewhere, then perhaps they can supply the messages they've irresponsibly given themselves access to. However, WhatsApp claims to provide end-to-end encryption in some (though not all) cases, so they may not have the data in question; if so, a subpoena expecting them to supply it anyway wouldn't be reasonable. A subpoena expecting them to backdoor their client (in general or for a specific user) would not be reasonable.
And that's before getting into the "why" of the individual case, such as whether this has any more merit than the "take down this YouTube video because it embarrasses us" cases that caused Brazil to attempt to block YouTube previously.
Apart from that, a subpoena from a country only has legal meaning to a business with a legal nexus in that country. Providing a service via the Internet does not create a legal nexus in every country in the world.
> If WhatsApp doesn't like that, they should withdraw their business from Brazil.
What business in Brazil? I haven't seen anything in the stories or comments thus far to suggest that they have any legal nexus in Brazil. They have customers all over the world.
"[...] Folha learned that justice in São Bernardo do Campo wants WhatsApp stay out of air in the country due to a criminal investigation.
The authorities investigating the case obtained legal authorization for the WhatsApp broke the confidentiality of data exchanged via investigated by the application, but the company did not release the requested information. The blockade would be a reprisal.
In February, a similar case occurred in Piauí, when a judge also ruled WhatsApp lock in Brazil. The aim was to force the company that owns the application to cooperate with state police investigations related to cases of pedophilia.
The decision was suspended by a judge of Piaui Court after analyzing writ of mandamus filed by the telcos. [...]"
This is insane, this judge must be on a power trip. WhatsApp is now part of Brazilian social life and economy. Everyone here is part of many groups of friends, family or workmates, that is where most instant communication happens.
In my company, our deployment engineers, who usually are on very remote places with bad and unreliable internet, rely on WhatsApp. I'm not saying this is the best practice, but this is simply the way Brazil works right now. Even the mobile phone companies offer plans with free WhatsApp connection, because that is what most people here care about. Another example: In Brazil, 9 in 10 doctors use WhatsApp to talk to patients (http://www.cityam.com/230372/digital-health-wearables-and-ap...).
To disregard all the people and businesses that rely on WhatsApp for whatever reason is unbelievable. But this is not without precedent, once another Brazilian judge blocked YouTube for a whole day because it refused to take down a celebrity video.
This says a lot about the over-sized, inefficient, and stupid state we have, always meddling and intervening.
I'm a client of Bradesco, a popular bank in Brazil. I've chosen to migrate my account to a digital account called "Bradesco Prime Digital". The main communication channel with my account manager is WhatsApp, so he can take the day off.
I'm also selling my house and I'm pretty sure that every Real Estate agents in São Paulo use WhatsApp as the main communication channel. So no visits today.
I was having a conversation with the pediatrician of my children, so no answers today on what to do with my baby vomiting. It's not so serious to make a call, but it was fine to send a message.
My mother is 63 and sends WhatsApp messages every day to me, so no mommy messages today.
Well, it's not all that bad... I think today may be a very productive day for me.
After reading this and other messages like this, I feel like I'm living on a bubble. I hardly ever use whatsapp and didn't know it was so widely used by everyone around me.
Contempt of court in the U.S. escalates considerably beyond fines if the company doesn't start complying quickly. The court can jail the company's officers, issue an injunction forcing them to stop doing business, instruct customs to blockade them at the U.S. border (in the case of companies selling physical goods), and a range of other things.
That's when it's a US company if it's foreign it will end up on the US trade department sanction list which will blacklist them world wide not only in the US and will prevent any entity which operates in the US from doing any sort of business with them.
There is nothing that a Brazilian judge can do to whatsapp other than to harm them financially cutting off 100m users even in a developing market sends a clear sign.
Facebook has an office in Brazil. I don't really understand why they couldn't just levy financial penalties, since Facebook does actually have a business presence in the country.
WhatsApp and Facebook are still separate legal entities as far as i know, the subpoena was issued to WhatsApp it didn't comply they've issued a court order to block it in order to compel it to comply.
If a US company would not comply to a court order, a US judge can prevent the company from operating at all by freezing all of their assets and halting all of their operations.
You're presuming that that Facebook office in Brazil actually has a lot of assets in Brazil to seize. It's likely that it's a shell organisation and has nothing to seize.
This isn't might makes right this is a corporation pissing over laws, if this was some oil company killing seals would you respond in the same manner?
WhatsApp provides a service in a country, they gain direct financial benefit from almost 100M users, they received a subpoena and ignored it because it's Brazil, if this would've been a European nation they would most likely have complied, if it were a US court order they would for sure have complied.
The only "might makes right" here is WhatsApp ignoring the subpoena because they are an almighty multi billion dollar US company which thinks it's above the law. And on the other side we know that there's pretty much no company on the planet that would dare to defy a US subpoena or court order.
Should only US and "western" nation's legal systems be respected? Is this some how morally compelling to you?
Things should be taken into consideration, a "confidential" investigation that closes an service used by millions of citizens is highly controversial. They don't do the same to any Telecom company, so that's very suspicious.
A spilling of oil is not controversial. It's damage made by a company accidentally and that is causing great environmental damage.
The Brazilian government has the power to ask try to enforce their legislation, but asking other companies to close the service should be the last thing they do. And if necessary, they should close the service completely, 48h is pure nonsense. They should arrest representatives before closing the service. this is nonsense. Also, the reasons are all confidential, so we can't even know it they are justifiable. This is manipulative, not transparent, and very keen to a dictatorship.
Subpoena is a subpoena, most wire taps and telecom subpoenas are confidential you can't really have your target knowing that you are tapping them can you?
No where did i mentioned spilling of oil it's just an example if an energy company doesn't want to cooperate with the government it's perfectly legitimate to order your energy sector to stop importing oil from them this happens quite often. Same goes for websites that violate laws like copyright which are blocked by ISP's.
The Brazilian government has no power over WhatsApp and WhatsApp knows this very well this is why they've utterly ignored them, this isn't some civil rights issue WhatsApp cooperates with US and EU countries all the time this is they CBA because it's Brazil.
And lastly Brazil was part of the 3rd world during the Cold War and is a member of the Non-Aligned Movement so it's really not a western country.
a wiretap does not close the entire communication channel, does it?
You used an analogy to the oil spillage, that would not result in the same impact for rhetoric purposes, but they are not similar.
Again you are confusing what the subpoena was with what had to be done.
When a company doesn't comply you force it, there is almost nothing that Brazil can do to WhatsApp other than to harm them financially and their only way to do so is to block them.
The warrant was extreme yes but it also wasn't indefinite it was a warning shot, this would not have happened if WhatsApp would give the same amount of respect to Brazil as it does to N. American and European countries.
But since Brazil isn't "white and rich" as you've so colorfully described they just pissed all over them. I really don't understand how can you argue for a corporation to piss all over the law.
This isn't about privacy this is about respecting the legal framework of a nation which is one of the most important foundations of modern society, WhatsApp could as easily pissed over a law that protects your data as they pissed over a legal subpoena would you still go out of your way to defend them then?
What's app is a America n company, so it should only respond to American supoenas. Just as a American judge should not be able to order a Brazilian company to do anything before having it go though the Brazilian courts.
A Brazilian company with a presence in the US could absolutely be subject to a US court order without any court in Brazil needing to be involved. You don't get to dodge the laws of a country you're operating in just because your HQ is in some other country.
They are following legal procedures. Brazilian ones, which are the only ones they have to care about. Why would they possibly care in the slightest what American courts have to say?
I don't know, but for the sake of argument, I think it's OK to say no.
If I have a website that is reachable on the internet that hosts a wiki and logs access, does that mean I am doing business in all countries that have internet access? Can any of their courts compel me to disclose visitors from their country? What if I refuse to provide visitor logs, is it OK for them to block my site at the border? What about to order a private teleco to block my site?
I have opinions, but I don't see any obvious answers one way or the other.
It looks like you want to have your cake and eat it:
> If I have a website that is reachable on the internet that hosts a wiki and logs access, does that mean I am doing business in all countries that have internet access?
I'm guessing your answer to this question is "No". However, since you feel you are not doing business in Brazil (for example),then why complain when Brazil blocks your site? If your answer is "Yes" and you agree that you are in business in all countries, then you should be compelled to follow the laws of the countries whose populace are earning you wealth.
Morally and pragmatically, I feel that if you gain financial benefit from a country, you should follow their laws. If you find the laws unconscionable - refuse to do business there.
> What if I refuse to provide visitor logs, is it OK for them to block my site at the border? What about to order a private teleco to block my site?
That depends exclusively on the laws of the country in question, not on the laws of the country the offender is based on. That's what a sovereign state does, it determines its own rules.
All the points you raised are legitimate but if WhatsApp or any other company has a physical presence in a certain country, that country authorities have the SOVEREIGN right to uphold the laws of the land and bring transgressors to justice and offering & guaranteeing them a fair trial.
It also says that, in a contained but nontrivial aspect of life, Brazil has given up its sovereignty to WhatsApp (and by transitive ownership, Facebook, and by transitive law enforcement, USA/NSA). And for various reasons, it is applying for a similar serf status at Telegram as we speak.
Think about it: Mark Zuckerberg can task his employees with an elaborate "find and replace" on all brazillian texts, replacing e.g. "sugar" with "salt", and it will just happen. Think that's improbable? Facebook has been toying with your emotions before [0]
People voluntarily use WhatsApp because they consider it the best service. If it starts replacing "sugar" with "salt" I'm sure people will voluntarily start using something else. What should not happen is government force you to use something else.
Before, I was worried about facebook spying on me, but then I just asked all my friends to switch to spiderwizard (or whatever it's called) and now everything's fine.
. . . my friends didn't want to switch, so instead I simply stopped using Facebook and started using Telegram/email/SMS/IRC/any of a dozen other communication methods to talk with my friends?
Can confirm whatsapp is down for some friends in Brazil.
However, the real reason is not for what Techcrunch is saying.
The issue is that WhatsApp didn't want to cooperate with the federal police and release chat information from some criminals. According to some sources there, they followed all due process and WhatsApp ignored.
As a retaliation, to show that WhatsApp has to comply with Brazilian local laws when storing data from Brazilians using the service in Brazil, they banned WhatsApp for 48 hrs.
> It still seems pretty reactionary. The solution isn't to block an entire service.
Why not? If they're not complying with court mandated orders, then the court is empowered to enact any legal (in Brasil) measures to coerce cooperation out of the offender. If whatsapp wants to operate there they have to follow the law; they stopped following the law, they're no longer welcome.
Perhaps I am overstepping my bounds, but to me it seems that using coercion to get information from a witness (Whatsapp appears to be in the position of a witness) is a recipe for getting unreliable information when the witness.
Whatsapp seems to be in a position that it could retaliate against this Brazilian judge by giving false testimony. Afterall, Whatsapp and the parties to the messages are probably the only people who know what was said in those messages; Whatsapp could modify the messages such that they exonerate the accused. If the judge has played his only trump card by blocking usage of Whatsapp in Brazil, then Whatsapp knows the absolute worst that can happen by lying about what was said in the messages. Worse, the Judge may not even be able to prove what the messages actually contained.
What a ridiculous thing to say. Firstly, the amount of cash the company has is irrelevant. Secondly, it was mentioned elsewhere in this thread, if WhatsApp has no presence in Brazil (i.e. no physical offices, the service is just 'offered' there because it is on Google Play/App Store) then why should they have to comply with local laws in a foreign country?
If my website gets ruled to turn over logs by some local jurisdiction in Brazil. Why should I feel compelled to comply? I am not Brazilian and I have no Brazilian business presence. It's the Internet... to be policed by every local jurisdiction in the world is ridiculous.
>As a retaliation, to show that WhatsApp has to comply with Brazilian local laws when storing data from Brazilians using the service in Brazil, they banned WhatsApp for 48 hrs.
Why must WhatsApp comply with Brazilian laws? They have no offices there.
If I run, say, a porn site, hosted in the US, as a US company, is it my responsibility to prevent users in a country where pornography is illegal from using my site? Do I have any duty to comply with said country requesting the identity and viewing history of citizens living in it?
Of course not. That country can certainly block my site if their laws allow them to, but the idea that whatsapp /has/ to comply is ridiculous.
"Why must WhatsApp comply with Brazilian laws? They have no offices there.
"
They don't.
They only have to comply if they don't want to be blocked.
"If I run, say, a porn site, hosted in the US, as a US company, is it my responsibility to prevent users in a country where pornography is illegal from using my site? Do I have any duty to comply with said country requesting the identity and viewing history of citizens living in it?
"
Generally not, as long as you are not going to travel to that country and subject yourself to personal jurisdiction ;-)
"Of course not. That country can certainly block my site if their laws allow them to, but the idea that whatsapp /has/ to comply is ridiculous.
"
Errr, they have to comply or be blocked from brazil's perspective, and that's what the poster said.
It doesn't sound like you disagree with that, so i'm not clear on what you are arguing for ...
There's some subtle and fundamental differences here that I think are important.
People are saying WhatsApp are lawbreakers, etc. That heavily implies that they've done something wrong - which would mean that they are indeed subject to these laws in some shape or fashion.
I would argue that this is a dangerous thought process to have. It's a scary precedent - blocking WhatsApp is relatively mild, but what about if they wanted extradition?
It's also encouraging a world where anyone with an internet accessible site or business is now having to somehow keep track of every applicable law in every internet accessible location.
WhatsApp is a US based business that has not broken any US laws. They've done nothing wrong from that perspective. They can't be breaking laws they're not subject to.
Brazil can control what is and isn't allowed in their country, and you can say that the service did not comply with their laws, and thus the ban - but WhatsApp still isn't a lawbreaking company.
My foundational statements, I think most people would agree to the follwing:
1. Sovereign countries have a right to formulate laws and uphold them to protect their citizens.
2. Companies can choose where they do business. In most cases, the relationship with host countries is symbiotic (benefits include skilled employees/employment, taxes).
No one is suggesting that WhatsApp is breaking the law, however, Brazil requires WhatApps cooperation in a criminal investigation (criminal, by Brazilian law). WhatApp chose not to cooperate. Brazil's judiciary have come up with leverage to gain that cooperation, in the absence of more effective means (arresting WhatApp officers if they had an office in Brazil, as a US would in a Contempt of Court charge)
IMO, legally this is similar to the UK using ISPs to block the Pirate Bay - it's perfectly legal in Sweden.
Extreme example: the US would be entirely within their rights to block an Italian porn sites that has videos of 15 year-olds. The company won't be "lawbreakers", but they are not welcome on US's cyperspace
>If I run, say, a porn site, hosted in the US, as a US company, is it my responsibility to prevent users in a country where pornography is illegal from using my sit
Actually you have in most cases as trade agreements and various treaties usually provide the framework to extend laws and regulations between countries.
Gambling sites for example wether they are run from the UK, Malta or CAR explicitly block US users due to US laws which prevent online gambling.
If you are running a gambling site even in some 3rd world non extradition country if you do not respect the UIGEA you'll be sanctioned and an arrest warrant will be issued faster than you can say poker stars.
Gambling sites are an interesting choice for making this point, because even for prominent cases like like FTP it is hardly a matter of international agreement. In fact, Antigua and Barbuda have previously successfully beaten the US in WTO courts over this very matter - prosecuting gambling site operators in other countries.
"Two years later, the WTO ruled that the U.S. had violated international agreements on trade in services by prosecuting the operators of offshore internet gambling sites. The WTO rejected the U.S. stance that the restrictions were necessary to protect public morality and Antigua was subsequently awarded a settlement of $21 million from the U.S. as compensation."
Extradition is also by no means assured - Calvin Ayre is still quite comfortable up in Canada, despite the indictment and extradition requests.
UIGEA is also more of a problem for banking institutions. Online poker, for example, is not illegal in the US. The UIGEA is largely banking regulations, and these sites are explicitly blocking US users because they cannot interact with US banks.
We also have poker sites returning in several states, such as NJ, NV, etc.
But in general, these big international gambling sites don't deal with US players because financially it makes no sense, and many of them want to visit the US without getting arrested. It's not because they think they're going to get extradited on the next plane flight.
To bring it back around to the Brazil discussion, I doubt there's as much concern in the WhatsApp offices about not being able to visit Brazil.
>It’s the only way to deal with lawbreaking companies in a globalized world.
Fundamentally, I think it's ludicrous to think you should international companies to the laws of your own country. Fundamentally, WhatsApp is not a lawbreaking company - they are not subject to Brazilian law. You can't break a rule that isn't actually imposed on you.
From a practical perspective, it doesn't matter for Brazilians. The end result is the same. Brazilian law allows for them to block the site, and that's the end of that.
But the reasoning behind it is important, and that people believe they have the right to subject people in different countries with different laws to their own local laws, despite those people not being in Brazil, is fundamentally scary to me.
Even if I believed in following all of these laws, I am now expected to know all of them?
WhatsApp has the backing of Facebook, so it's conceivable they have the resources to figure out the laws for every place their app is accessible from. But what about a small startup, or solo developer? How can you reasonably expect them to know every law in every internet accessible location?
> Even if I believed in following all of these laws, I am now expected to know all of them?
Yes. Yes you are. You are expected to follow all laws of where you have a presence or face the consequences they'll impose on you for it, which is exactly what is happening here.
This quote from a German politician sounds silly at first, but makes sense.
If a company wishes to get access to a market, they have to follow their laws.
I can’t start a company and sell pirated DVDs to the US – even if that might be legal in China.
And the US can then stop importing my products, and demand I follow their laws, or be blocked.
For you, as a solo developer, it is very simple.
Either you only focus on your own market, the market you know, or you accept to abide the rules of every market where you operate. Most US startups limit their services to the US only anyway, as you need a US address, or a US credit card, or a .edu email, etc.
But an internet without rules, without laws, would be the worst possible result for the consumer.
If someone scams you in a transaction? No way to get money back. If snapchat sells your nudes, or even blackmails you? No way to prevent.
It's worse than that - only American laws are applicable on the internet world-wide, and most of HN is fine with that without any second thought.
The US has never been shy applying its laws abroad, with numerous examples: domain name seizures with the tenuous nexus being "Domain Registrar is a US entity", prosecution of the Pirate Bay and Kim Dotcom, the TPP.
Brazil intends to take action that only applies within its borders and suddenly the sky is falling, all because it's against an American company.
>Companies should beholden to the laws of the places they reside.
My belief is slightly different: companies should be beholden to the laws of the places they trade (or do business, or earn income). I think it's both moral and pragmatic in a real politik way (he who pays the piper and all that). If a company thinks it can get away with ignoring the laws and at the same time benefiting from the same country, they shouldn't be surprised to find themselves cut off.
This is why US companies are bending over backwards to onerous demands by the Chinese gvt (and following Chinese laws) in order to gain access to the humongous Chinese market. Money talks, and the Brazilian judge 'hacked' the legal limitations: I consider this to be an extra-territorial contempt of court sanction. It is well within Whatsapp's legal rights to keep ignoring this, but it wouldn't be advisable with the 1m subscriber bonus to its competitor.
No one is suggesting an internet without laws. Just that you be beholden to the laws where your company resides. Office in the US? US laws. Office in Brazil? Brazilian laws. No office in Turkey? No Turkish laws.
Blocking imports or sites is fine, if your countries laws allow you to do it. But calling them lawbreakers? Not so much.
We already have precedent with the US going crazy over persecuting people who reside outside of it, and that's something the US needs to stop doing, not something more countries need to start.
John Gilmore's oft quoted in these cases: "The Net interprets censorship as damage and routes around it." When, if ever, will politicians learn this? Will it take a generation that has grown up on the Internet and watched this to make them realize these actions are pretty futile?
This is exactly what the judge wants. He is trying to get Whatsapp to comply with his request. What could be a better way to do this then to drive millions of users to a competitor? The longer Whatsapp holds out, the more users leave the service, possibly for good.
Thing is, this better be a really important case. Because if users migrate and stay on Telegram, it could be much harder for Brazilian courts to get records in the future.
> Because if users migrate and stay on Telegram, it could be much harder for Brazilian courts to get records in the future.
Yeah, that's the way that I see it. I don't believe this is the right kind of gambit to be playing. Not only would I expect Telegram to be even more likely than Facebook to tell the judge to shove the subpoena up his arse, he has escalated a war with a company that often is very good at fighting all of its battles on its own terms.
I am now very curious who the subpoena was going after.
> Thing is, this better be a really important case. Because if users migrate and stay on Telegram, it could be much harder for Brazilian courts to get records in the future.
Why would it be harder? Telegram has the entire plaintext message history for every message all of their users have ever sent, WhatsApp doesn't. It's much easier for Telegram to comply, not harder.
I'm not completely familiar with data storage and access policies between the two, but I was under the impression that Telegram's main selling point was security/privacy and that you could schedule messages to be permanently deleted from Telegram's servers. Now that I've read more on the subject from you and others, it seems to be UX/UI and marketing.
I'll defer to you on this one as you're an expert in the field.
I think in this context it might be interesting that WhatsApp is actually using the same end-to-end encryption employed by Signal/Textsecure for some users. This encryption is in general considered superior to the strange protocol Telegram employs.
The problem WhatsApp has right now in Brazil MIGHT be caused by them simply not posessing the information the judge wants them to hand out. But I am heavily speculating here, since I neither know what information they were asked for, nor whether the data in question was end-to-end encrypted.
The problem with WhatsApps encryption is of course that you have no way to check the encryption status of a conversation. It seems to only work for one-to-one messages between Android users as of the end of last year. Maybe this has changed in the meantime. Maybe the encryption has been enabled for more or less users in the meantime. Who knows.
I'm really curious. I've been using Signal for years, and it's been much much better than the default app on my phone (not to mention more secure). What's so good about Telegram? I've avoided it because of its suspicious encryption.
To be clear, I'm not advocating for the use of Telegram. I keep posting this in hopes that moxie will understand just how important UX is and hire accordingly.
WhatsApp, Telegram etc. are going to eat Signal's lunch because of the UX and I would like that not to happen.
I think he understands UX is important; the majority of recent changes are to the UX since the crypto is more or less stable. OWS probably has much fewer developers contributing to Signal than either Telegram and WhatsApp, so that could be one of the reasons they have to play catch-up.
There are also features some consider good UX but Signal shuns because they create confusion regarding the security properties (i.e. self-destructing messages). Signal's number one priority is security while that is not nearly as important for Telegram in practice. A lot of the UX advantages the latter has can be traced back to this essential difference.
I agree though that something like messaging multiple people without creating a group first is more or less UX-only and would probably make sense (groups are anyway a client-side abstraction only in Signal, servers have no concept of them, so making anonymous or automatically named groups on the fly should be doable)
Also probably getting in touch with OWS on their mailing list is more effective than hoping they notice random posts on HN. It is not the most contributor-friendly project on the planet but clearly articulated and focused posts are usually answered and so are issues/pull-requests that conform to their stated guidelines (do not add extra options, do not put security second, etc.)
I'll use an example that has been confusing for me. The contact list alternately shows some people in gray text and others in black while having a separate phone icon.
1) It was not immediately obvious to me that I have to select the name to msg. iMessage deals with this by having a specific messaging icon that makes it clear.
2) I was able to guess that the grayed out names meant no messaging but then again I tried to call multiple of these contacts and it does not seem to work properly in that that I can't seem to reach those people. Not sure if this is broken... Part of this is the legacy of Redphone/Textsecure so as Signal spreads as a single app across platforms, I'm hoping this issue somewhat goes away. [1]
3) It would certainly be nice to have the whole contact list be visible instead of just the known contacts with Signal/Textsecure/Redphone along with the ability to easily share an invite to others to use Signal via iMessage, email etc. (use the standard iOS share dialog) I'm willing to bet this gets a lot more people to see/use/invite others.
4) I would argue that groups/multi-device is the same abstraction in this case (each device would be a hidden subcontact) hence it should be possible to get multi-device support in short order if group support is already there.
I don't believe any of the things I've listed above have security implications but I could always be wrong. Maybe I'll file some tickets this weekend if I have some time.
I did some digging and found the link below. Requiring people to understand and handle an issue around a bloom filter is a bit much. That part should just work.
lol, yeah the problem is that it just never occurred to us that UX is important!
Here's the situation: people hem and haw about Telegram's cryptography, but what we should really be talking about is that Telegram is not using end to end encryption by default. Telegram stores your entire plaintext message history server-side. There is nothing worse when it comes to privacy, but it's very easy to write slick clients when they're just views onto the server and all the logic happens there.
moxie, I hope you aren't taking this the wrong way.
I'm pretty sure that you are aware that UX is a problem. I'm saying this because I do think UX is a priority for users and hence for widespread adoption.
There are legitimate reasons why Telegram is more popular and as evidenced, security first is not a sufficiently valid sell for Joe User. Obviously, there are also fundamental reasons why Telegram should not be used as you have pointed out above.
I want to see Signal succeed which is why I've made the comments about.
While I have your attention, maybe you could clarify the protocols used between Signal and WhatsApp. Is there a scenario which there will be interoperability? I believe that you previously alluded to the implementation of e2e being separate in WhatsApp but it would be nice to get some clarity around this. Thanks.
This. When my wife first got an Android phone I installed Signal on there as the default SMS app (she values her privacy and was worried about Google Hangouts). This lasted for almost a day until she tried to send a group text to a few of her friends. When she found out she had to create a named group first, she asked me to install a different messaging app immediately.
Unlike Telegram, Signal is end-to-end encrypted, which means that Signal themselves cannot read your messages, and therefore could not be compelled to divulge them. Because of forward secrecy, even if recordings of an encrypted exchange are made (and as far as I can tell Signal does not record them), they cannot be later decrypted with a compromised key.
Yes. Signal has perfect forward secrecy. There's no way any government could compel them to release private chat information: they are literally unable to do so.
Even so, a government could still block them until they realized it's futile (or something). The end effect is in their favor: users to move to other platforms that are not as secure.
WhatsApp does/might (who knows, they are not transparent about it and it is closed source) employ the same end-to-end encrypted protocol as Signal does (for some users):
Never realized that the political scene in Brazil was as crazy as the article portrays. Makes the US election campaigns look downright tame. As bizarre as some candidates' ideas seem to be, hard to imagine how judges or US congress would get away with attempting the same things.
If provisions like those in the article persist, predictably the predominantly young users of social media will protest loudly, I would think the resulting unrest would be too big a liability for the judges and politicians.
A while back I knew a guy who worked for a US company involved with setting up inventory and telecommunications software for businesses. Having traveled to Brazil to assist with installing the systems, he described the extremely convoluted regulatory environment down there, and how difficult that made it to get anything done.
While the whole affair is hard to understand, the basis for picking on particular targets (e.g., WhatsApp) doesn't make sense. Unless all such services are banned it only punishes the particular providers for no good cause. Speculating out loud about their target selection is unproductive, but possibly someone has more actual info about it.
So I guess like politics anywhere, what they do know well is how to shoot themselves in the foot. Until it's realized what they've done it will cause a lot of trouble for legitimate enterprises, let alone the massive population so negatively affected.
Edit: In the time it took me to write this comment, a bunch of people have add comments about the situation. Wow, that was fast...
I'm confused. As far as I know WhatsApp does not archive any messages on its servers. Messages are only kept there temporarily until they are delivered to the recipient and then they are deleted.
This is also what WhatsApp states in its legal documentation: https://www.whatsapp.com/legal/ :
"The contents of messages that have been delivered by the WhatsApp Service are not copied, kept or archived by WhatsApp in the normal course of business."
Furthermore, messages are end-to-end encrypted. So how could WhatsApp comply to the judge's demand?
I'm in the US and my family is in Brazil. I relly on WhatsApp over 3G/4G to comunicante with them as they are usually without access to faster internet (DSL/cable). I read about the blockage a few hours ago and made me concerned because if anything happens that's the most reliable channel I have.
Then I receive a message from my brother saying he was going to the hospital (on WhatsApp, just before they cutted it off). Fortunately he had time to tell me he is fine.
My other brother is in a ship, almost same connectivity problems.
I know that there are workarounds, other applications, vpns, IP masking etc. But WhatsApp is something that my parents and brothers can use.
I bet there are tons of hospital staff who use WhatsApp in Brazil every day to coordinate mission-critical stuff, in which case this absurd move is putting people's lives at risk.
The real reason is that WhatsApp refused to provide information about a PCC member.
PCC is the largest criminal organization in Brazil. It's involved in several criminal activities like drug dealing and gun trafficking. It was also responsible for "closing" Sao Paulo city some years ago forcing people to stay at their homes as well as killing hundreds of cops ( https://en.wikipedia.org/wiki/Primeiro_Comando_da_Capital ).
The judge tried to obtain the information from WhatsApp for several months but it was simply ignored. Blocking WhatsApp was one of the last options that she had to try to obtain the information.
It scares to think that a single decision from a judge can suspend the most widely used communication service in Brazil like that. The whole nation was affected by a decision that concerns to a few people only.
I am from Brazil, and although bizarre decisions happened before, I can say that this time they actually went through with it, and I can't talk to my psychologist (I only communicate with her with WhatsApp, I never considered that the government would ever actually shut it down).
As for the article it is one of the most bizarrely biased articles I ever read, spouting some information that are outright lies.
Example: it says that Marco Civil law was an example of the congress favouring internet openness, that is an outright lie, the judge that banned WhatsApp for 48 hours, used Marco Civil to do it, if Marco Civil had never passed, WhatsApp would not be banned today.
Another innacuracy is saying that it is a "conservative" congress dominated by "evangelical extremists" and "military apologists"
The biggest bloc in the congress was allied with the leftist president in the elections, and still is mostly allied with said president. (the exception is "PSC", that is a socialist christian party, they tend to ignore the president wishes a lot, still it is 13 deputies out of 79 in that bloc)
Second biggest, is indeed right-leaning, but their policies resemble US democratic party of the 90s, instead of true conservatism.
Third bloc is dominated by a party with no political leanings to left, or right (they only do whatever it takes to stay in power, and have left and right politicians in their ranks). The vice-president is of that party, and they are in "opposition" only because they want the vice-president to take over.
Fourth is PT, with 59 seats, it is the president party, and is named "workers party" and has many outright communist people in it.
Next 3 groups are socialist, then there is the democrats party, that has policies like US democrats, then the rest of the parties are mostly socialist too.
In total there are from 512 lawmakers, 108 are "conservative".
Also, I've been following the votes on the Uber ban on Brazil, almost in all cases left wing parties that voted to ban Uber (and some even proposed to not only ban Uber, but make a law that make apps that call regular taxis to send lots of personal information to the governmens, including full GPS-tracked route of the person while inside the cab).
Meanwhile the big bloc that is "conservative" (the one that on my list is on the second biggest bloc in the congress) is the one that regularly vote against laws that restrict freedoms.
Still, our congress is awful, and is indeed proposing (and sometimes passing) lots and lots of bullshit laws.
>only communicate with her with WhatsApp, I never considered that the government would ever actually shut it down
So you got her number on your cellphone which means you can call and text. You can talk to her, not for free but a few messages should be enough to arrange for another free service.
From someone living in Brazil, this article is a clickbait full of misinformation.
First off, we are nowhere near "shutting down social web". WhatsApp was shutdown by a court order because they did not comply with a subpoena to hand over information from a user in July and August. I recently submitted a link with a local (Brazilian) newspaper explaining the issue.
>If Brazil’s conservative Congress gets its way, they’re going to take down the entire social web as we know it, with bills circulating through the legislature to criminalize posting social media content and to allow the government to spy on its citizens.
Conservatives are not the only ones trying to censor the internet in here, absolutely every politician wants it.
>It’s an about-face from last year, when President Dilma Rousseff approved Marco Civil, a groundbreaking Internet “Bill of Rights”, as a response to the Snowden revelations that the NSA was spying on Brazil. The landmark bill, Brazil’s first internet legislation, protects net neutrality, user privacy and freedom of speech.
On the contrary! Marco Civil threatens user privacy (more below), and the "net neutrality" part has lead to just the same that happened today: Mobile companies were forced to shutdown their "free WhatsApp and Facebook" plans, making millions get blocked from WhatsApp[4]. Anyway, back to the privacy issues, article 11 of the text[1] is the more worrying one. Some highlights:
§ 2º A autoridade policial ou administrativa poderá requerer cautelarmente que
os registros de conexão sejam guardados por prazo superior ao previsto no
caput.
§ 4º O provedor responsável pela guarda dos registros deverá manter sigilo em
relação ao requerimento previsto no § 2º
It says basically that police can require records of visited CONTENT without a court order and the ISP is required to supply that without informing the user. Somewhere else in the text it forces ISPs to store user history for a year. If the text really wanted to protect user privacy it would say something about cryptography, which isn't mentioned anywhere in the text.
Article 2 says there must be a "social purpose" for websites and that gov. may take websites down if it feels it doesn't serve the public interest. Brazilian govt. already has a history of censoring YouTube and Facebook videos involving politicians, judges or celebrities[5][2][3].
>First off, we are nowhere near "shutting down social web". WhatsApp was shutdown by a court order because they did not comply with a subpoena to hand over information from a user in July and August. I recently submitted a link with a local (Brazilian) newspaper explaining the issue.
It doesn't say contents, it says registros de conexão "connections log".
The intent was to log IP adresses and dates, not content, but it is known that the interpretation of the text would be up to our judicial system. It also does not say without a court order. It says they can require them to log those ips, but access to these information requires a court order (as said on chapter 2 item I)
There are other ambiguities regarding who should keep those logs, ISP or service providers.
Free Whatsapp and facebook does hurt net neutrality. It undermines competition and leads to a division between services that are "free" and the ones which are not, on a ISP level.
That's not what article 2 says, article 2 is a preamble with the intentions of the marco civil and contains no definition of rules nor obligations. The removal of those videos are not based on marco civil, but on other laws and our own constitution.
The problem is not the Marco Civil, but how it is being interpreted.
Our judges do not understand what is cryptography.
Our population don't understand and doesn't care. People are just upset that whatsapp is offline.
To put this in perspective, it would be as if a single judge in the US managed to shutdown all SMS for 48 hours, in the whole country. ()
Because, you see, SMS is too expensive in Brazil. So people resort to WhatsApp instead.
() It doesn't matter if SMS is not controlled by a single company, the block has to be enforced by all internet and cellphone operators in the entire country.
WhatsApp didn't break any US laws. If whatsapp doesn't follow Brazils laws it can't break them. However Brazil is in its full rights to ban it if it considers it isn't coherent with the local laws.
If you go ahead and read the article, you'll realize that it's more about Facebook complaining their business will be more heavily regulated in Brazil than outright censorship.
"Overseas" in that context would be the US, right? :-)
We have exactly that problem with Facebook and other big US companies in Europe (Uber comes to mind): they act in Europe (and do damage here), but hide in the US. Oftentimes not even replying to court orders, because hey, what can a lowly regional court judge from Germany do, right?
If you want to play here, comply with our laws. If you don't, then don't be surprised if your business is shut down.
I can totally understand the attitude of the Brazilian judge, even if the result is terrible. But suddenly he is paid attention! Chapeau!
Why should a lowly regional judge in Germany (or the US for that matter) be allowed to meddle with a national or global communications network? There must be millions of judges in the world, many of whom are corrupt, power-hungry, or just plain stupid. It would be silly for Facebook, Google, etc. to blindly obey each one of their ramblings.
I'm sure you believe your country's laws are fair, just, constitutional, and parliamentary-approved. However, so do Thai people believe about their laws against insulting their King. Do you think Facebook should be in the business of censoring posts insulting the Thai King just because some judge there gives them a court order?
I maintain that Facebook should, in general, ignore foreign court orders and just do what's right. At the risk, of course, of being blocked entirely in that country.
So if the US wants info on users of a German app who have no servers or offices in the US it should just give it to them? Even if the offense they are suspected of is not illegal in Germany?
My point is that Brazil should follow legal procedures and have a American judge issue a supena. That's what a MLAT is for.
I'm sure the Brazilian judge followed Brazilian legal procedures. That's the entire point of being a Brazilian judge. There might be other means to achieve a goal but that doesn't mean what happened isn't legal.
In your example, if that German app was targeted to US users (e.g. by localization and marketing) then yes, they should follow US laws. That's a test German courts use to determine whether they have jurisdiction in the digital world and I think that's fair and should be applied in the other direction as well. If they don't want to or can't (e.g. by contractual obligations or German law) they shouldn't act surprised if the US doesn't allow US business to trade with them.
The same way that, when I open an office in the US I must live with a series of arbitrary laws I may not agree with (or that horrify me), when you open an office in a corrupt third-world country, you are supposed to obey the law or suffer the consequences.
This is the place the Olympics are going to be this summer. I can't help but hope the people use it as a stage to protest, but would imagine the media would largely ignore it.
Switched to hacker news a year back, Never visit techcrunch.. Best decision. On an unrelated note, just hate their 'apple is the center of the universe' line of thought..
A judge ruled for a 48 hour ban of WhatsApp from telcos to try to coerce WhatsApp into releasing private chat information for an ongoing criminal investigation (wild guess: they want information from politically exposed actors due to the recent corruption investigations). There are precedents, and that's a tactic local judges are using to try to get cooperation from international private companies.
This is the actual fact, but the article is conflating that with Marco Civil and other regulatory attempts that have nothing to do with this particular court ruling.
TL;DR TechCrunch publishes unchecked, alarmist news.