Is conversations safe?
from gog@lemmy.world to degoogle@lemmy.ml on 28 Jan 16:59
https://lemmy.world/post/42302571
from gog@lemmy.world to degoogle@lemmy.ml on 28 Jan 16:59
https://lemmy.world/post/42302571
I’m using the same gmail (as recovery email) that i’m using in youtube and instagram. I was talking to someone using conversations about removing ads from smart tv, and when i logged to youtube after, found a vid about it. This was the second time, the first time was instagram, similair thing.
Update: I replaced my recovery email with proton and Big AND, deleted knox matrxi. No more suggestions. I think it was knox matrix.
threaded - newest
All data you upload to Google is subject to be searched and processed by them, whether you uploaded it intentionally or not.
Fuck, i’m a fucking idiot. Do u know any messaging app that uses a server and doesn’t share shit?
Conversations.
Anything that’s fully end-to-end encrypted and trustworthy. So, Signal, iMessage, and ProtonMail (but only to other ProtonMail users) come to mind. WhatsApp and Telegram are supposedly E2EE, but I don’t trust them.
Yeah but i thought that if I put my gmail as a recovery email in conversations it will be used as a fucking recovery email, not to share messaging infos
Correct me if I’m wrong, but Conversations is just a client, right? So if your server or your friend’s server is run by or backed by Google, they have the messages.
XMPP is not end to end encrypted, so whatever server you use, unless you own it, will have access to your messages. If that’s something you’re not comfortable with, you can run your own server or use an E2EE messenger.
Yep true
Almost every current XMPP client, including conversations, supports OMEMO E2E encryption by default.
This happend with OMEMO, for the server just whatever jabber.network got me
If OMEMO was on, then Google didn’t read your message. Also now you say you weren’t using your Google account but a server from jabber.network? How about your interlocutor? If both of you were using an account for a random server on the jabber.network list, then Google wasn’t reading your messages, even with OMEMO turned off.
I said that the google account was used as a recovery email, this is in the post btw
I don’t think that was very clear since other people also assumed you were using it as your account in Conversations.
A recovery email doesn’t really have anything to do with XMPP. Using Google or whatever won’t make them be able to read your messages.
That what i tought, i’m not a bigginer, i know at least how to make a website with a backend. And a direct recommendation of a topic that was talked about in Conversations happend 2 times! That’s 2 out of a potential 3 times. First when i got the instagram recomendation i thought my friend searched about the topic on instagram then I got the recomendation, then fucking youtube too? Wtf. And right after i finished the conversation.
Did you search for anything while having that conversation?
Nope
Notifications with full message contents?
We were both in the chat window, no notifications.
Then it’s probably just a fluke.
The only vids i watch on ytb, are videogamesdunkey, nakeyjakey and gamersnexus
All I can tell you is that Conversations didn’t send your messages to Google. The servers you used didn’t send your messages to Google, and if you were using OMEMO, they couldn’t even they wanted to.
Thnks, maybe the leak is from my sys apps
Very possible. Android works in shady ways.
Hmm. Ok, then the likelihood Google was monitoring anything is pretty low. Unless they were monitoring your screen or your microphone. Do you have any AI screenshot features enabled?
No, i don’t even have gms and samsung apps (using samsung), no ai. The only google apps i have left are android system apps that if i removed my system will break. And the only samsung apps i have are settings, clock, camera and UI stuff
Ok. I’d say the likelihood it was a coincidence is pretty high then, but not 100%. We can’t really know all of what Google is monitoring when you use an Android phone, since their code on top of AOSP is closed source. It sounds unlikely that this was because of active monitoring though.
Fuck, i’m buying a pixel as soon as i get some cash. Graphene is the only solution left, or linux
PM is automayically E2EE too if the recepient’s server supports WKD or has uploaded their pubkey to keys.openpgp.org.
Ah, ok. That’s good to know. :)
WhatsApp is definitely E2EE, however they can still collect the metadata. For Telegram I think it’s not even encrypted by default.
Edit: sometimes I should just learn to shut up
lemmyverse.link/lemmy.world/post/42285905
.
There is nothing safe when it comes from Google, Apple, Facebook or Microslop. You can use them as a medium to pass data you encrypt yourself, but if you rely on their encryption (e2ee + them), where you hold no keys, it’s all only a sham. Some people will tell you signal is better. It’s probably true, until it’s not, since it’s not federated.
If you need a real secure communication channel, you will have to learn a bit about the tools you need. None of them come from any of these shitshow companies.
Thnks dude, i use briar for serious convos, but damn to find that conversations shares ur shit witg ur recovery email, fuck.
Yep. Every bit of data you share with these fucks can, and will, be used against you.
Iirc, I think it was the Terraria dev that got all Google services blocked from him for a ban in one service and that Google never explained what was the reason? Might've been some other bigger indie dev, but it served to show how, if Google wants, you lose everything for any minor misdemeanor, or if they think you committed any, and good luck with the right to defend yourself from accusations.