106
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 09 Oct 2023
106 points (100.0% liked)
Privacy
34133 readers
721 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
I feel like this needs some sort of citation for it. I know some suspect the claims about E2EE are bogus but I haven't seen actual proof about it.
It's not enough to have it be E2E-encrypted; E2E means nothing if the decryption keys are not stored locally.
And aren't they?
They are not.
As far as I know the private keys are kept on the device and the app generates them. That's how Signal protocol works afaik. Do you have something to show that it's not the case for WhatsApp since stuff I searched for seemed to claim that's the case.
So, I looked it up and according to the official Whatsapp FAQ, the keys are indeed stored locally.
Still, considering WhatsApp is owned by Facebook, I wouldn't trust them. Their whole business model has always been about harvesting as much data as they can. I wouldn't be surprised if this turns out to be a total lie.
For sure they're not trustworthy and can't really verify either since it's proprietary app. But I mean more that unless they've specifically made some changes, the keys are stored locally. And afaik we don't really know of cases proving that they are lying about that.
Fair enough, I guess. Still, in my honest opinion, it's not worth it. They've already long since betrayed my trust, so they could say the sky is blue and I still wouldn't trust them. Lol.
I mean, they definitely use end to end encryption. The problem is that they’ve done nothing would convince people they’re not harvesting the content of the messages in the app before it’s encrypted and sent. And there is a long history of them handing over decrypted information to law enforcement upon request, without warrant.
I assumed it was a more solid case than just that it's technically possible. I was hoping for cases where we know they've done it.
Does that include message content though? That's sorta the crux of what we're talking about. Metadata for sure, but whether we know that they can read our message content, that's afaik still unclear.
Yes, what’s app messaging specifically has a long history under Facebook of giving away user data like candy to anyone who wants it, including the content of private messages. It’s been shown repeatedly and is common knowledge yet they still have yet to do anything to prevent it. this here is a declassified internal document from the FBI highlighting what they have access to and what level of legal request they need for what. Notably message content requires no legal request to access
I think that photo goes against the claim that WhatsApp can decrypt or otherwise easily get access to message content
Also was that before the full encryption of the backups? Someone else posted a study about their backup encryption where they concluded that it at least seemed secure (with the caveat of it being a proprietary app).