Comment by TZubiri
16 hours ago
I can confirm that you don't know.
I can count 3 mistakes here:
1- The client isn't the only thing that matters (There's servers)
2- The client doesn't follow a spec in WhatsApp, there is no spec as it's a private non-interoperable system.
3- Browsers and HTTPS work with an entirely different encryption model, TLS is asymmetric, certificate based and domain based. TLS may be used in Whatsapp to some extent, but it's not the main encryption tool.
I think you're intentionally being obtuse. If an app does E2EE well, then the servers should have no control over the encryption. Otherwise it's not end-to-end, by definition. Regarding the "private non-interoperable system", the whole point of TFA is that EU made them open it up. See https://engineering.fb.com/2024/03/06/security/whatsapp-mess... Your last "point" is irrelevant because I never claimed anything about the similarity between encryption models. Have you ever heard of a "simile"?