An international group of plaintiffs is suing Meta, alleging that WhatsApp’s end-to-end encryption isn’t actually private. Lawyers are asking the court to certify a class-action.
People don’t use WhatsApp because it’s encrypted. In fact, nobody I know uses it because of encryption. They don’t even know it’s encrypted nor what that means. Even if it were proven that WhatsApp didn’t encrypt a thing, or that Facebook reads everything you write, the majority would shrug and say “but everybody else uses it”. Most people just don’t give two shits about anything beyond themselves.
As someone who had different the heart decade converting like nobody to signal unless they’re talking to me and even then it’s like pulling teeth, I completely agree. Trust NOBODY.
Meta Is Being Sued Over Whether WhatsApp Really Encrypts Your Messages
No, they’re being sued over whether Meta can read your messages, not whether e2e is implemented. I covered this in a different comment the other day, but these are not mutually exclusive, which is why Meta can be completely truthful about e2e encryption being on and yet the lawsuit can still be correct.
not whether e2e is implemented
e2meta2e is not e2e
I think i get what you mean, but if they can read the messages then its not strictly speaking e2ee. By what means that happens is irrelevant, whether they have a copy of the keys or exfiltrate the data through the app.
… a secure communication system where only the sender and intended recipient can read the messages.
if they can read the messages then its not strictly speaking e2ee
Yes, it can absolutely still be E2EE: the message is encrypted and the central server does not have the key. The issue is that the clients (i.e. the "E"s) are controlled by the same entity as the central server, and we don’t know exactly what the client (app) is doing. So the fact that it’s E2EE is somewhat moot.
This is exhibit #1 in the case for open-source software.
PS: you obviously get this, I’m just trying to make it clearer for anyone who doesn’t.
can read the messages
Its about their ability to read the message, not the encryption. If anyone else other than the intended recipient, be it Meta or Google or the government, can read the message, then its not “end to end” anymore.
Also even if it were about the keys, it still wouldnt be e2ee, because the app is a black box controlled by Meta so the key is in Metas hands by definition. Any piece of software that they have sole control over is “their hands” and when exfiltrating the messages from your phone they are using that key to decrypt the messages and send them to their servers.
Yeah sure, I understand all that, indeed it’s pretty much exactly what I wrote. You are simply taking an expansive definition of E2EE where I am using a narrow one. As far as we know, Meta is indeed sending its messages in an encrypted state, end to end, so technically it makes the grade as E2EE. That debate is kinda boring, I was simply trying to point out that this case study illustrates the importance of FOSS. And since you are downvoting me, that’s all I have to say here.
Yep. E2EE is only worth anything if you trust the client on both ends. Meta, being in control of the WhatsApp app (aka the client) thus can access the message contents even if there’s full E2EE, simply by scanning it after decryption.
The word Trust and Meta appearing anywhere visible at the same time should be against the law.
I’ll take my fine.
Stop supporting Meta… At all.
Yeah, I deleted all my Meta accounts several months ago and have never felt better or looked back honestly. lol The most I miss is getting funny memes from my spouse on Instagram, but she can just show me in person and that’s real connection anyways.
Reminder: whatsapp chat backups (to google account) are unecrypted by default unless you opt in for encryption and write down a very long rescue passphrase.
One thing it sure as hell doesn’t encrypt is the links in your messages. They’re clearly sent to Meta to be ‘unfurled’. You can tell because sometimes a zoom like will unfurl to ‘too many requests try later’ so it’s obviously being done by some massive bot.
By unfurl, are you referring to OGP metadata? That’s pretty common and used by a lot of non-Meta software. That’s probably loaded by your Whatsapp client directly.
Btw, I’m not saying Meta doesn’t read your links. Anyone who thinks Whatsapp is actually private is an idiot.
Yeah that’s it. If it ran locally it wouldn’t regularly show ‘rate limit exceeded’ messages. Its happening because it’s running server side in meta land.
