No, in order to have privacy you can choose applications which appeal to different user base and have different tradeoffs. Like Signal, or even WhatsApp.

Zoom appeals to a different user base and offers different features as selling points. Please read the twitter thread mentioned below to understand their perspective.

> or even WhatsApp

Ummm, no.

(I mean, sure, it sometimes uses Signal protocol, but seriously a _Facebook_ product recommendation in a privacy discussion???)

What do you mean by "sometimes", does WhatsApp generate a random number to decide what protocol to use?

Do you have better recommendations which use E2E and are also already used by the masses?

Originally only two person chats were e2e encrypted, then the added e2e to group chats, but last time I checked (admittedly a year or more back) if one participant in a group chat had an old version of the app, the entire group chat was unencrypted, without an obvious user interface indication of that.

I use (and trust) Signal. I believe Wickr is trusted by people who have resources behind them to know whether it's trustworthy (though it's closed source, so :shrug:).

If you need "used by the masses", then you're gonna be stuck with, I dunno - Facebook public posts? Gmail? Slack? Smoke signals? Nothing that's fit for purpose" if you value privacy...

Set up a webserver with teamspeak, which a ton of the millennial and zoomers already use for games, and nuke the server afterwards?

> No, in order to have privacy you can choose applications which appeal to different user base and have different tradeoffs.

In other words, don't use Zoom.

> Please read the twitter thread mentioned below to understand their perspective.

Their perspective is they don't want to use end to end encryption so they can turn their users in.

Even for ordinary users, this yields no advantage to the user. For users who have reason to fear oppression by the authorities it's quite problematic, and in general everyone else should try to avoid using such things out of solidarity.

Security does not equal privacy.

They are two distinct concepts. Security with encryption is about trust guarantees. I send message X to Alice and I know Bob can't read the plaint text of message X because I encrypted it with Alice's key.

Privacy can benefit from additional security. But it's generally a whole other ball game. For example, Bob will still know I sent a message to Alice and can hit me with a wrench until I reveal the plaintext of message X.

Isn’t that part of security? I mean you lack physical security to prevent bob from using a 5$ wrench on you.

if security proctols make it difficult to trace that you sent a message at all,I.e. also takes care of metadata along with the content you also get privacy.

With physical security, it would be more like "I trust Bob isn't going to hit me with a wrench because he told me he wouldn't".

Bob isn't very trustworthy.

Sure, we could encrypt everything ever created by any device at all times. But some sort of communication is sent from one IP address to another IP address. Even if it's encrypted, some form of something was sent.

This is where privacy then becomes a thing. You could start sending random noise out constantly. then when your encrypted data is sent out it looks like the rest of the random noise.

That would be like "I sent out 4999 random messages to 4999 random people and 1 encrypted message to Alice. Now Bob can't work out I sent my encrypted message to Alice".

That's the difference. Privacy is about hiding the existence of something from Bob. Security is about keeping something safe from Bob.

> That would be like "I sent out 4999 random messages to 4999 random people and 1 encrypted message to Alice. Now Bob can't work out I sent my encrypted message to Alice".

Sounds exactly like I2P darknet.

I'm full of great ideas that other people have already done.

> Security does not equal privacy.

It's all privacy here. End to end encryption provides privacy; the company can't view your conversations. Not paying with a credit card provides privacy; you don't have to give them your personal information. So if you can't have one without the other then you can't have privacy with Zoom. (Unless you're a terrorist with a stolen credit card.)

So by your logic then, WhatsApp provides privacy?

What about the troves of metadata they collect and make available to law enforcement? Plus the fact you have to register with a phone number which can tie the metadata to a specific individual.

Doesn't sound very private to me.

Privacy is full of tradeoffs. Security isnt. My messages on WhatsApp are safe from anyone I don't trust that doesn't have 10 super computers and a lot of patience.

But that doesn't mean everything I do on there isn't tracked to kingdom come. It doesn't mean the fact I sent a message to Alice is private.

> So by your logic then, WhatsApp provides privacy?

By your logic by my logic then Zoom provides privacy if you pay them. This is obviously the opposite of what I said. The most private solution is end to end encrypted and doesn't require a credit card and doesn't collect metadata etc.

> Privacy is full of tradeoffs. Security isnt.

Everything is full of trade offs. How can privacy be full of trade offs and security not when privacy is a subset of security?

> The most private solution is end to end encrypted and doesn't require a credit card and doesn't collect metadata etc.

The most private solution actually doesn't involve a computer at all. It's not very useful though.

> How can privacy be full of trade offs and security not when privacy is a subset of security?

See my initial comment: > Security with encryption is about trust guarantees.

I'm not meaning "cybersecurity" when I say security here. I'm talking specifically about the security of encryption. Privacy and crypto security are two distinct concepts within cybersecurity.

Privacy hides the existence of a thing. Encryption (security) keeps the thing safe.