Comment by TZubiri
18 hours ago
I can confirm that you don't know.
I can count 3 mistakes here:
1- The client isn't the only thing that matters (There's servers)
2- The client doesn't follow a spec in WhatsApp, there is no spec as it's a private non-interoperable system.
3- Browsers and HTTPS work with an entirely different encryption model, TLS is asymmetric, certificate based and domain based. TLS may be used in Whatsapp to some extent, but it's not the main encryption tool.
Wrong, wrong and wrong. If an app does real E2EE (not "marketing E2EE"), then the servers should have no control over the encryption. Otherwise it's not end-to-end, by definition. Regarding the "private non-interoperable system", the whole point of TFA is that EU made them open it up. See https://engineering.fb.com/2024/03/06/security/whatsapp-mess... Your last "point" is irrelevant because I never claimed anything about the similarity between encryption models. Have you ever heard of a "simile"?