Lawsuit Alleges That WhatsApp Has No End-to-End Encryption
To the surprise of no one...
Lawsuit Alleges That WhatsApp Has No End-to-End Encryption - Slashdot
Longtime Slashdot reader schwit1 shares a report from PCMag: A lawsuit claims that WhatsApp's end-to-end encryption is a sham, and is demanding damages, but the app's parent company, Meta, calls the claims "false and absurd.it.slashdot.org
like this
reabsorbthelight
in reply to BeatTakeshi • • •Autonomous User
in reply to BeatTakeshi • • •ChaoticNeutralCzech
in reply to Autonomous User • • •Being FOSS is not a prerequisite of E2EE but a prerequisite of knowing it's E2EE for sure. Like, I can give you a black box that prints PGP key pairs and says "includes RPGP, MIT-licensed PGP library" but you can't trust that the machine doesn't use modified, low-entropy RNG or exfiltrate the results. The communication you do with these PGP keys is technically E2EE − a third party server relaying your messages will not be able to read them, unless I provide them with the potentially not-so-secret "random" data my box generated.
But you're right: if my black boxes are also used to encrypt/decrypt the messages with "your" keys (made by them) and I run a non-transparent ssrvice that delivers the messages, there is a case for not calling it E2EE.
GitHub - rpgp/rpgp: OpenPGP implemented in pure Rust, permissively licensed
GitHubtjoa
in reply to BeatTakeshi • • •unknowing8343
in reply to tjoa • • •Elvith Ma'for
in reply to unknowing8343 • • •pHr34kY
in reply to BeatTakeshi • • •FatVegan
in reply to pHr34kY • • •sun_is_ra
in reply to BeatTakeshi • • •Is that new? I remember reading about this years ago.
yes communication is encrypted end to end which means no one could evedrop but once the information arrive to your app and get saved to your device there is nothing preventing whatsapp from sending to its parent company,
E2E encryption doesnt mean whatsapp is trustworthy
Rose
in reply to sun_is_ra • • •SapphironZA
in reply to BeatTakeshi • • •mudkip
in reply to SapphironZA • • •PierceTheBubble
in reply to BeatTakeshi • • •E2EE isn’t really relevant, when the “ends” have the functionality, to share data with Meta directly: as “reports”, “customer support”, “assistance” (Meta AI); where a UI element is the separation.
Edit: it turns out cloud backups aren’t E2E encrypted by default… meaning: any backup data, which passes through Meta’s servers, to the cloud providers (like iCloud or Google Account), is unobscured to Meta; unless E2EE is explicitly enabled. And even then, WhatsApp’s privacy policy states: “if you use a data backup service integrated with our Services (like iCloud or Google Account), they will receive information you share with them, such as your WhatsApp messages.” So the encryption happens on the server side, meaning: Apple and Google still have full access to the content. It doesn’t matter if you, personally, refuse to use the “feature”: if the other end does, your interactions will be included in their backups.
Cross-posting my comment from the cross-posted post
... Show more...E2EE isn’t really relevant, when the “ends” have the functionality, to share data with Meta directly: as “reports”, “customer support”, “assistance” (Meta AI); where a UI element is the separation.
Edit: it turns out cloud backups aren’t E2E encrypted by default… meaning: any backup data, which passes through Meta’s servers, to the cloud providers (like iCloud or Google Account), is unobscured to Meta; unless E2EE is explicitly enabled. And even then, WhatsApp’s privacy policy states: “if you use a data backup service integrated with our Services (like iCloud or Google Account), they will receive information you share with them, such as your WhatsApp messages.” So the encryption happens on the server side, meaning: Apple and Google still have full access to the content. It doesn’t matter if you, personally, refuse to use the “feature”: if the other end does, your interactions will be included in their backups.
Cross-posting my comment from the cross-posted post