Well if I can't trust Meta with my information, who CAN I trust
Me
Oh okay. My location is 55.752121, 37.617664, my full name is Jeremy, and my password is hunter9. I trust you not to tell this to anybody
Your full name is "Jeremy"?
Oh god damnit chemicalprofet why did you tell this guy i thougjt i could trust you :((
All I see is '••••••'
Jeremy "Iks" Hunter IX
Edit: IX. Iks. I think we got it right now.
Can confirm, chemicalprophet is the best password manager I've ever used.
Ah! You did your own research!
The biggest news is that Slashdot is still alive.
Wait, you are telling me that the company whos entire business is collecting personal information, including people who don't sign up for their services, to leverage for advertising, is keeping their platforms unsecured they can continually grab more information rather than secure it?
I for one am shocked, absolutely shocked.
Yes, except they’re not leveraging your data for advertising, they’re leveraging it so they can manipulate your political views and keep you from finding solidarity with other working people.
It is end to end encrypted but they can just pull the decrypted message from the app. This has been assumed for years, since they said they could parse messages for advertising purposes.
15 years ago I’d have called this a conspiracy theory given how the evidence seems to be anecdotal, but given literally every single other thing we’ve learned in recent times about how cartoonishly evil and lying the tech bros truly are, it seems entirely likely.
If I am not adding my own private key to the app, like in Tox, I don't trust their encryption.
Tox also isn't that great security wise. It's hard to beat Signal when it comes to security messengers. And Signal is open source so, if it did anything weird with private keys, everyone would know
What's stopping the app from keeping your private key and still not encrypting anything?
I'm not trying to be difficult here, I just don't see how anything outside of an application whose source you can check yourself can be trusted.
All applications hosted by other people require you to react positively to "just trust me bro".
WhatsApp client is closed source. Any claims around E2EE is pointless, since it's impossible to verify.
E2EE isn't really relevant, when the "ends" have the functionality, to share data with Meta directly: as "reports", "customer support", "assistance" (Meta AI); where a UI element is the separation.
Edit: it turns out cloud backups aren't E2E encrypted by default... meaning: any backup data, which passes through Meta's servers, to the cloud providers (like iCloud or Google Account), is unobscured to Meta; unless E2EE is explicitly enabled. And even then, WhatsApp's privacy policy states: "if you use a data backup service integrated with our Services (like iCloud or Google Account), they will receive information you share with them, such as your WhatsApp messages." So the encryption happens on the server side, meaning: Apple and Google still have full access to the content. It doesn't matter if you, personally, refuse to use the "feature": if the other end does, your interactions will be included in their backups.
So, is it basically treating every message as a "group" message where it sends it to some system WhatsApp account and then also to your intended receiver? This is what I'm assuming based on them supposedly being able to see deleted messages. Also would let them say it's technically still "E2EE" since it's indeed E2EE to your receiver, but it's also E2EE to them as well.
Ah yes, good old E2E AWA3E.
"End to end, and we are also an end".
Call me old fashioned but I really think that for real E2EE the vendor of the encryption and the vendor of the infrastructure should be two different entities.
For example PGP/GPG on … great! Proton? Not great
Jabber/XMMP with e2ee encryption great! WhatsApp/Telegram/signal… less so (sure I take signal over the other two every day… but it’s enough to compromise a single entity for accessing the data)
No surprised at all tbf.
A lot of victim blaming in this thread. Why can't you just be mad for someone who was deceived?
Proposed line of defense: "With all respect, M. Judge, with all the different times we fucked our users, lied to them, tricked them, experimented on them, ignored them, we already sold private discussions on Facebook in the past, our CEO and founder most famous quote is «They trust me, dumbfucks!», the list goes on and on: no one in their sane mind would genuinely believe we were not spying on Whatsapp! They try to play dumb, they could not possibly believe we were being fair and honest THIS time?!"
You gatta be real stupid to not realize that Facebook is harvesting your data.
insert pikachushockedface
What?!! No. The owner of WhatsApp would never lie to us.
Why am I not surprised? Whether there is no end-end encryption, they have a copy of every key, get the decrypted messages from the client, or can ask the client to surrender the key - it does not matter.
The point is that they never intended to leave users a secure environment. That would make the three latter agencies angry, and would bar themselves from rather interesting data on users.
Only a tech illiterate can expect privacy from a closed source program, open source is a requirement for both privacy and security.
Shocking.
I never used WhatsApp, but what made people think they used e2e? I'm way passed blindly believing what any company says they do without proof. I'd expect some kind of key or certificate management in the app, is that present?
Heck.. my default is still to think every website does plaintext password storage. I can't prove it, but neither can they. Stop storing my passwords in plaintext lemmy! /s
People expect it what WhatsApp claims it's E2E encrypted at the start of each chat:
Around a year ago WhatsApp had large ads that just said "no one else can read your messages." I don't think most people thought that some one could, which makes me wonder why they were paying so much to say it.
This is a most excellent place for technology news and articles.
