This is a most excellent place for technology news and articles.
Call me old fashioned but I really think that for real E2EE the vendor of the encryption and the vendor of the infrastructure should be two different entities.
For example PGP/GPG on … great! Proton? Not great
Jabber/XMMP with e2ee encryption great! WhatsApp/Telegram/signal… less so (sure I take signal over the other two every day… but it’s enough to compromise a single entity for accessing the data)
Okay Old Fashioned, but doesn't open source encryption audited by a third party solve this problem? Signal protocol for example? Also proton, I'm guessing, but I'm too lazy to check
why
insert pikachushockedface
WhatsApp client is closed source. Any claims around E2EE is pointless, since it's impossible to verify.
It's E2EE alright. Just, don't ask what "ends" we're talking about.
Any claims around E2EE is pointless, since it's impossible to verify.
This is objectively false. Reverse engineering is a thing, as is packet inspection.
Reverse engineering is theoretically possible, but often very difficult in practice.
I'm not enough of an expert in cryptography to know for sure if packet inspection would allow you to tell if a ciphertext could be decrypted by a second "back door" key. My gut says it's not possible, but I'd be happy to be proven wrong.
It would not be surprising if found to be true. Difficult to see how the current business model operates at a profit. Their long term goal is the usual loss leader model until a monopoly is achieved and then slug us with ads, sell all the data, hike the price, etc. Sickening to watch them cosy up to fascists. They are probably supplying any and all the agencies with intelligence scraped from their user base. If Facebook were a person they would be a psychopath.
If Facebook were a person they would be a psychopath.
I mean, Mark Zuckerberg kind of is Facebook, and he's a psycho.
I would argue that the vast majority of users don't use WhatsApp for privacy. In the UK at least, it's just the app everyone has and it works. I've actively tried to move friends over to signal, to limited success, but honestly it can be escaped how encryption is not it's killer IP.
Yup. I use Whatsapp to text my girlfriend and my work uses it as a group chat for road conditions or just shit talking.
If you're using it for secure purposes, you're part of the problem.
A lot of victim blaming in this thread. Why can't you just be mad for someone who was deceived?
at what point is it someone's responsibility to simply know better?
this isn't some complicated deceit it's literally one of the most untrustworthy companies in the world lying to your face. A company we've known for now like two decades is untrustworthy and overtly harms people to make money
do people have responsibility at all?
People can't take increase responsibility for every single aspect of life. It seems straightforward to you because you're likely tech literate. Do you know every process around how the mechanic services your vehicle, how medicines are made that you consume, how food is curated that you consume, how energy is generated that you consume? People can't have intimate knowledge of every aspect of life, therefore if a company says "this is E2EE" you should be able to believe that at face value and rely on consumer protection agencies to follow up if it's inaccurate.
No that’s not correct at all. If a company says something you do not in fact just get to believe it at face value and do 0 research, this applies in every field you mentioned. What planet are you from where you are supposed to just believe what companies say at face value????
People often get second options from different mechanics, doctors, contractors, and all sorts of specialists when told something because you need to do your own research to know about stuff.
You literally do in fact need to try and learn and make informed decisions about everything in life.
Chief, if you needed to make an informed decision about every decision in life, there'd be no time for life. That's why other people specialize in jobs so that within reason, confidence can be placed to their decision. I'm not saying you blindly agree and follow everything, but people can't be responsible for every decision. For example, who made the seatbelt in your car? What research did you personally do to verify the safety of your seatbelt. What maintenance have you done to it to ensure that it works as intended? Pretty important life saving bit of equipment.
Edit: my presumption is that you(or the vast majority of the population) haven't done any research into your seatbelt because you trust in the car company and the safety rating requirements of your nation to ensure adequate protection.
You don’t need to worry about who made your seatbelt the same way you don’t need to worry about which specific programmers work for meta
You do need to worry about the repairability and safety rating of your car the same way you need to worry about the core descriptions of Meta’s products
Do you see?
Repairability in what way? Outside of changing the tires, a modern car is so complex with all the electronic systems in it that you can't really repair it yourself and you can't even reset the error codes because you don't have that special tablet to even hook into it.
For safety ratings, do you even know what they test and how without looking it up? I'd venture a guess that no, but I've been surprised before.
People maybe buy a Toyota because they once read that they just work or people may buy a Mercedes one day because their Dad used to always drive one, but they probably didn't sift through the damn safety and repairability ratings for it, they probably just bought it after a test drive. Its the same thing with anything really, how many times have you ever seen anyone question an app or a device that they are using when it just works and they don't even have to think about it? Its either 0 or close to it.
You can simply go look up how repairable various makes and models are considered by reputable sources it’s very simple research that a mere google will tell anyone. You’re actually making it out to be much more complicated than it is. They tell you exactly what the safety ratings are for and how they’re tested you just have to spend more than 0 minutes reading the first few google results.
People can voice ask Google simple questions they’re just not wanting to care about any of this and then are shocked when anything happens.
You admit it yourself they’re just lazy consumers lol
If companies are lying in their advertising to the general public, then that is something the companies are responsible for. You can blame the victims, but that's kind of stupid because there are so many people in the world who are not technically savvy. They don't have the resources, background, knowledge, and skills to evaluate whether what the company is telling them is true. That's why there are laws designed to protect consumers from lying companies.
Would it be great if everyone was an expert in everything? Yes. Are they? No. They never will be. That's why we have laws.
Because it's the gazillionth time the exactly totally absolutely same kind of shit happens with the very exactly same company that didn't even try to hide who they were.
And next week the very very same deceived people will be of Facebook, Instagram, etc. And maybe, just MAYBE they'll migrate away from Whatsapp… to join another proprietary network of another billonaire's controlled megacorp.
Because I'm tired of being "that pain in the ass" when barely suggesting to use something else all to see at the end people crying over things they've be warned about.
If a kid burns themself once on a kitchen's hotplate, you assume they learnt their lesson in an unfortunate way despite all the warnings.
If adults keep burning themselves over and over… and over and over and over, at which point are you entitled to say they're part of the f*cking problem??
It's like buying a hot dog from a gas station and not feeling awesome tomorrow.
If you keep buying the hot dog every week, you see other people buying it and are fine, but you're the only one getting sick week after week, at some point maybe you should just stop buying the hot dog.
No one else is getting sick. They know what they're getting. But you keep buying it expecting this time it'll be different. And when it isn't it's the gas stations fault.
I’m sick of Mark fucking zuckerberg.
If i was the mad king of the usa all of those tech bros would be in a jail in el salvador.
OH JUST USE SOMETHING ELSE!
I do but that doesn’t stop that ugly weak fuck from stealing from my business every chance he fucking gets.
What?!! No. The owner of WhatsApp would never lie to us.
Im not a big fan of meta and WhatsApp, but these claims are a bit much. Any employee gets access to messages through a well documented internal process? "No separate decryption step is required" , so the WhatsApp CLIENT is not doing any actual e2e encryption and no attempt at reverse engineering or traffic analysis has ever seen that this is the case?
Where can one see, what these whistleblowers have actually published? I would expect to see this "simple process" and how that interface actually works... And I would expect any journalist to request some proof (show me the last message i sent to Alice) before trusting an anonymous whistleblower making such an extraordinary claim.
From what I heard so far, that anonymous whistleblower could be a troll or an ex-employee who just wants to cause some trouble for meta.
We should not trust anything blindly, even if it fits with our view of the world. Meta is an evil company, but as long as there is no indication for these specific allegations to be true, we should treat them as unfounded allegations.
In principle the messages themselves could be E2E encrypted, but the closed-source WhatsApp client could transmit decryption keys to Meta HQ without anyone finding out. As long as the client or the client device is unsafe and not trusted, E2EE is not really effective. Which is why one should always demand a FOSS client for E2EE.
Of course we shouldn't trust anything blindly, but we also need to use common sense. Have we seen proof that what's claimed to be true is in fact true? No. But it might be true, and it's consistent with what Meta would do. So if your cautious minded, you should assume it's true for now while you go through the next few years of your life waiting for discovery.
Only a tech illiterate can expect privacy from a closed source program, open source is a requirement for both privacy and security.
You gatta be real stupid to not realize that Facebook is harvesting your data.
Ending encryption is Meta’s end so they can spy on everyone and help governments do so as well, so they therefore have an end to end encryption. Oh, y’all thought the app had true E2EE such that even Meta with their surveillance capitalist business model couldn’t access your data? 🤣
No surprised at all tbf.
