I’m just here to satisfy my confirmation bias, but my question all along has been this: how does Meta simultaneously satisfy their claims of both E2EE and content moderation on WhatsApp? I can’t say that I’ve done anything even close to a deep dive on the topic, but those two things seem mutually exclusive.
Any reported message ? Back when I was doing anti spam at my ISP we could read reported spam from our customers. Obviously not all mails from / to the customers. That would be way disproportionate.
If you report the message it then the full text gets sent to WhatsApp.
That means there’s a software switch that dumps a plaintext copy of a supposedly encrypted message when flipped.
Therefore, all you need to read any WhatsApp message is the ability to flag the message as “reported”, and access to wherever the plaintext copies get sent.
Considering how often security is an afterthought for corporations, the access part is probably easy.
The easiest implementation of this is that the recipient of an infringing message flags it from its local client. At that point it’s not encrypted if their claim of e2ee is true.
It also means that only parties involved in the message exchange can flag / report them.
Corporations are often not so monolithic ; the guys doing abuse are likely not the one who try to milk users (looking at you marketing).
I don’t particularly know much about this specific topic but, it would be trivial for them to read what’s seen in the app. The encrypted part is only during transfer of a message, your app is still decrypting it to plain texts, and meta can just read the message at that point.
I’m just here to satisfy my confirmation bias, but my question all along has been this: how does Meta simultaneously satisfy their claims of both E2EE and content moderation on WhatsApp? I can’t say that I’ve done anything even close to a deep dive on the topic, but those two things seem mutually exclusive.
You can actually report a message to WhatsApp within the app. If you report the message it then the full text gets sent to WhatsApp.
So… anyone with access to the report API can read any message they want?
Any reported message ? Back when I was doing anti spam at my ISP we could read reported spam from our customers. Obviously not all mails from / to the customers. That would be way disproportionate.
If this is true:
That means there’s a software switch that dumps a plaintext copy of a supposedly encrypted message when flipped.
Therefore, all you need to read any WhatsApp message is the ability to flag the message as “reported”, and access to wherever the plaintext copies get sent.
Considering how often security is an afterthought for corporations, the access part is probably easy.
The easiest implementation of this is that the recipient of an infringing message flags it from its local client. At that point it’s not encrypted if their claim of e2ee is true.
It also means that only parties involved in the message exchange can flag / report them.
Corporations are often not so monolithic ; the guys doing abuse are likely not the one who try to milk users (looking at you marketing).
I don’t particularly know much about this specific topic but, it would be trivial for them to read what’s seen in the app. The encrypted part is only during transfer of a message, your app is still decrypting it to plain texts, and meta can just read the message at that point.