We didn't review the entire source code, only the cryptographic core. That said, the main issue we found was that the WhatsApp servers ultimately decide who is and isn't in a particular chat. Dan Goodin wrote about it here: https://arstechnica.com/security/2025/05/whatsapp-provides-n...
> We didn't review the entire source code
And, you don't see the issue with that? Facebook was bypassing security measures for mobile by sending data to itself on localhost using websockets and webrtc.
An audit of 'they can't read it cryptographically' but the app can read it, and the app sends data in all directions. Push notifications can be used to read messages.
Why did you not mention that the WhatsApp apk, even on non-google play installed devices, loads google tag manager's scripts?
It is reproducibly loaded in each chat, and an MitM firewall can also confirm that. I don't know why the focus of audits like these are always on a specific part of the app or only about the cryptography parts, and not the overall behavior of what is leaked and transferred over the wire, and not about potential side channel or bypass attacks.
Transport encryption is useless if the client copies the plaintext of the messages afterwards to another server, or say an online service for translation, you know.
That's protected cryptographically with key transparency. Anyone can check what the current published keys for a user are, and be sure they get the same value as any other user. Specifically, your wa client checks that these keys are the right key.
Unfortunately a lot of investigations start out as speculation/vibes before they turn into an actual evaluation. And getting past speculation/vibes can take a lot of effort and political/social/professional capital before even starting.
I’ve been looking for this everywhere the past few days but I couldn’t find any official information relating the use of https://signal.org/docs/specifications/pqxdh/ in the signal protocol version that WhatsApp is currently using.
Do you have any information if the protocol version they currently use provides post-quantum forward secrecy and SPQR or are the current e2ee chats vulnerable to harvest now, decrypt later attacks?
Signal protocol prevents replay attacks as every message is encrypted with new key. Either it's next hash ratchet key, or next future secret key with new entropy mixed via next DH shared key.
Private keys, probably not. WhatsApp is E2EE meaning your device generates the private key with OS's CSPRNG. (Like I also said above), exfiltration of signing keys might allow MITM but that's still possible to detect e.g. if you RE the client and spot the code that does it.
By that standard, it can never be verified because what is running and what is reviewed could be different. Reviewing relevant elements is as meaningful as reviewing all the source code.
as long as client side encryption has been audited, which to my understanding is the case, it doesn't matter. That is literally the point of encryption, communication across adversarial channels. Unless you think Facebook has broken the laws of mathematics it's impossible for them to decrypt the content of messages without the users private keys.
No closed-source E2EE client can be truly secure because the ends of e2e are opaque.
Detecting backdoors is only truly feasible with open source software and even then it can difficult.
A backdoor can be a subtle remote code execution "vulnerability" that can only be exploited by the server. If used carefully and it exfiltrates data in expected client-server communications it can be all but impossible to detect. This approach also makes it more likely that almost no insider will even be aware of it, it could be a small patch applied during the build process or to the binary itself (for example, a bound check branch). This is also another reason why reproducible builds are a good idea for open source software.
With all due respect to Stallman, you can actually study binaries.
The claim Stallman would make (after punishing you for using Open Source instead of Free Software for an hour) is that Closed Software (Proprietary Software) is unjust. but in the context of security, the claim would be limited to Free Software being capable of being secure too.
You may be able to argue that Open Source reduces risk in threat models where the manufacturer is the attacker, but in any other threat model, security is an advantage of closed source. It's automatic obfuscation.
There's a lot of advantages to Free Software, you don't need to make up some.
This. Closed source doesn't stop people from finding exploits in the same way that open source doesn't magically make people find them. The Windows kernel is proprietary and closed source, but people constantly find exploits in it anyways. What matters is that there is a large audience that cares about auditing. OTOH if Microsoft really wanted to sneak in a super hard to detect spyware exploit, they probably could - but so could the Linux kernel devs. Some exploits have been openly sitting in the Linux kernel for more than a decade despite everyone being able to audit it in theory. Who's to say they weren't planted by some three letter agency who coerced a developer. Relying on either approach is pointless anyways. IT security is not a single means to all ends. It's a constant struggle between safety and usability at every single level from raw silicon all the way to user-land.
It's weird to me that it's 2026 and this is still a controversial argument. Deep, tricky memory corruption exploit development is done on closed-source targets, routinely, and the kind of backdoor/bugdoor people conjure in threads about E2EE are much simpler than those bugs.
It was a pretty much settled argument 10 years ago, even before the era of LLVM lifters, but post-LLM the standard of care practice is often full recompilation and execution.
> in any other threat model, security is an advantage of closed source
I think there's a lot of historical evidence that doesn't support this position. For instance, Internet Explorer was generally agreed by all to be a much weaker product from a security perspective than its open source competitors (Gecko, WebKit, etc).
Nobody was defending IE from a security perspective because it was closed source.
Expalin how you detect a branched/flaged sendKey (or whatever it would be called) call in the compiled WhatsApp iOS app?
It could be interleaved in any of the many analytics tools in there too.
You have to trust the client in E2E encryption. There's literally no way around that. You need to trust the client's OS (and in some cases, other processes) too.
This comment comes across as unnecessarily aggressive and out of nowhere (Stallman?), it's really hard to parse.
Does this rewording reflect it's meaning?
"You don't actually need code to evaluate security, you can analyze a binary just as well."
Because that doesn't sound correct?
But that's just my first pass, at a high level. Don't wanna overinterpret until I'm on surer ground about what the dispute is. (i.e. don't want to mind read :) )
Steelman for my current understanding is limited to "you can check if it writes files/accesses network, and if it doesn't, then by definition the chats are private and its secure", which sounds facile. (presumably something is being written to somewhere for the whole chat thing to work, can't do P2P because someone's app might not be open when you send)
What’s the state of the art of reverse engineering source code from binaries in the age of agentic coding? Seems like something agents should be pretty good at, but haven’t read anything about it.
>Detecting backdoors is only truly feasible with open source software and even then it can difficult.
This is absurd. Detecting backdoors is only truly feasible on binaries, there's no way you can understand compiler behavior well enough to be able to spot hidden backdoors in source code.
None of the statements I’ve seen from Meta, people formerly involved in WhatsApp that chimed in here (thanks!), or the quotes from the investigation are incompatible with the whistleblowers’ allegations.
At this point, I won’t trust anything short of this on the front page of an SEC filing, signed by zuck and the relevant management chain:
“The following statement is material to earnings: Facebook has never (since E2EE was rolled out) and will never access messages sent through whatsapp via any means including the encryption protocol, application backdoor moderation access or backup mechanisms. Similarly, it does not provide third parties with access to the methods, and does not have the technical capability to do so under any circumstances.”
Ex-WhatsApp engineer here. WhatsApp team makes so much effort to make this end to end encrypted messages possible. From the time I worked I know for sure it is not possible to read the encrypted messages.
From business standpoint they don’t have to read these messages, since WhatsApp business API provide the necessary funding for the org as a whole.
Nice! Hey, question: I noticed Signal at one point had same address on Google Play Store as WA. Can you tell us if Signal devs shared office space with WA during integration of the Signal protocol? Related to that, did they hold WA devs' hand during the process, meaning at least at the time it was sort of greenlighted by Moxie or something. If this is stuff under NDA I fully understand but anything you can share I'd love to hear.
From what you know about WA, is it possible for the servers to MitM the connection between two clients? Is there a way for a client to independently verify the identity of the other client, such as by comparing keys (is it even possible to view them?), or comparing the contents of data packets sent from one client with the ones received on the other side?
Whatsapp uses key transparency. Anyone can check what the current published keys for a user are, and be sure they get the same value as any other user. Specifically, your wa client checks that these keys are the right key.
Whatsapp has a blog post with more details available.
I have no doubt that that rank and file engineers were not aware of the underlying functionality that allowed for plain text content to be read.
Nobody would ever create a SendPlainTextToZuck() function that had to be called on every message.
It would be as simple as using a built in PRNG for client side key generation and then surreptitiously leaking the initial state (dozens of bytes) once in a nonce signing or something when authenticating with the server.
I’ve often thought one of Zuck’s superpowers is in finding ways to get smart and moral people to do truly evil things. Sometimes it’s mind games. Sometimes it’s careful layers of obfuscation.
Here it might be: This analytics package is dynamically loaded at runtime because reasons. This abuse flagging and review system is bundled with analytics because reasons. This add on for reconfiguring how the analytics package behaves at runtime, and has a bunch of switches nobody remembers why they’re here but don’t touch them they’re fragile.
The backups are either unencrypted by default or have keys held by Meta / your backup provider. I think this means three-letter agencies can see your chats, just with a slight delay.
Another comment above mentions that you can recover conversation histories with just your phone number--if that's true then yup. The E2EE is all smoke and mirrors.
How would you hide that? Unless you’re assuming nobody ever has to try and fix bugs or audit code to find it, and there’s some kind of closed off area of code that nobody thinks is suspicious. Or you maintain a complete second set of the app core libs that a few clandestine folks can access, and then hope nobody notices that the binaries don’t line up and crash logs are happening in obscured places.
The legal and liability protection these messaging services get from E2EE is far too big to break it.
Besides I get the feeling we're so cooked these days from marketing that when I get freaked out that an advert is what I was thinking about. It's probably because they made me think about it.
> There’s a lawsuit against WhatsApp making the rounds today, claiming that Meta has access to plaintext. I see nothing in there that’s compelling; the whole thing sounds like a fishing expedition.
Just to throw in a couple of possibly outlandish theories:
1. as others have said, they could be collecting the encrypted messages and then tried to decrypt them using quantum computing, the Chinese have been reportedly trying to do this for many years now.
2. with metadata and all the information from other sources, they could infer what the conversation is about without the need to decrypt it: if I visit a page (Facebook cookies, they know), then I share a message to my friend John, and then John visits the same page (again, cookies), then they can be pretty certain that the contain of the message was me sharing the link.
(1) made me chuckle. I've worked at nearly every FAANG including Meta. These companies aren't nearly as advanced or competent as you think.
I no longer work at Meta, but in my mind a more likely scenario than (1) is: a senior engineer proposes a 'Decryption at Scale' framework solely to secure their E6 promo, and writes a 40-page Google Doc to farm 'direction' points for PSC. Five PMs repost this on Workplace to celebrate the "alignment" so they can also include it in their PSCs.
The TL and PMs immediately abandon the project after ratings are locked because they already farmed the credit for it. The actual implementation gets assigned to an E4 bootcamp grad who is told by a non-technical EM to pivot 3 months in because it doesn't look like 'measurable impact' in a perf packet. The E4 gets fired to fill the layoff quota and everyone else sails off into the sunset.
I think this is the most likely scenario. The US government is not necessarily trying to read the messages right now, in real-time. But it wants to read the messages at some point in the future.
Re. quantum computing: no chance, the scientific and engineering breakthroughs they would need are too outlandish, like claiming China already had a 2026-level frontier model back in 2016.
I wonder how these investigations go? Are they just asking them if it is true? Are they working with IT specialist to technically analyze the apps? Are they requesting the source code that can be demonstrated to be the same one that runs on the user devices and then analyze that code?
That will be step 1. Fear of being caught lying to the government is such that that is usually enough. Presumably at least a handful of people would have to know about it, and nobody likes their job at Facebook enough to go to jail over it.
Companies lie to governments and the public all the time. I doubt that even if something were found and the case were lost, it would lead to prison or any truly severe punishment. No money was stolen and no lives were put at risk. At worst, it would likely end in a fine, and then it would be forgotten, especially given Meta’s repeated violations of user trust.
The reality is that most users do not seem to care. For many, WhatsApp is simply “free SMS,” tied to a phone number, so it feels familiar and easy to understand, and the broader implications are ignored.
I want whatsapp to decrypt the messages in a secure enclave and render the message content to the screen with a secure rendering pipeline, as is done with DRM'ed video.
Compromise of the client side application or OS shouldn't break the security model.
This should be possible with current API's, since each message could if needed simply be a single frame DRM'ed video if no better approach exists (or until a better approach is built).
Signal uses the DRM APIs to mitigate threats like Microsoft Recall, but it doesn't stop the app itself from reading its own data.
I don't really see how it's possible to mitigate client compromise. You can decrypt stuff on a secure enclave but at some point the client has to pull it out and render it.
> I don't really see how it's possible to mitigate client compromise
Easy: pass laws requiring chat providers to implement interoperability standards so that users can bring their own trusted clients. You're still at risk if your recipient is using a compromised client, but that's a problem that you have the power to solve, and it's much easier to convince someone to switch a secure client if they don't have to worry about losing their contacts.
>I don't really see how it's possible to mitigate client compromise.
You could of course offload plaintext input and output along with cryptographic operations and key management to separate devices that interact with the networked device unidirectionally over hardware data diodes, that prevent malware from getting in or getting the keys out.
Throw in some v3 Onion Services for p2p ciphertext routing, and decent ciphersuite and you've successfully made it to at least three watch lists just by reading this. Anyway, here's one I made earlier https://github.com/maqp/tfc
> don't really see how it's possible to mitigate client compromise.
Think of the way DRM'ed video is played. If the media player application is compromised, the video data is still secure. Thats because the GPU does both the decryption and rendering, and will not let the application read it back.
“I want whatsapp to decrypt the messages in a secure enclave and render the message content to the screen with a secure rendering pipeline, as is done with DRM'ed video.“
If you are sophisticated enough to understand, and want, these things (and I believe that you are) …
… then why would you want to use WhatsApp in the first place?
This is what a layman would assume happens from Meta’s WhatsApp advertising. They show the e2e process, and have the message entirely unreadable by anyone but the phone owner.
I said this in another recent HN thread but all encryption comes down to key management. If you don’t control the keys, something else does. Sometimes that’s a hardware enclave, sometimes it’s a key derivation algorithm, sometimes it’s just a locally generated key on the filesystem.
If you never give WhatsApp a cryptographic identity then what key is it using? How are your messages seamlessly showing up on another device when you authenticate? It’s not magic, and these convenience features always weaken the crypto in some way.
WhatsApp has a feature to verify the fingerprint of another party. How many people do you think use this feature, versus how many people just assume they're safe because they read that WhatsApp has E2EE?
I witnessed something recently that points unambiguously at Whatsapp chats being not private.
Not two months ago I sent a single photo to a friend of some random MacGyver kitchen contraption I made. Never described it, just a photo with the lol. He replied lol. He never reshared nor discussed it with anyone else. We never spoke about this before or after. Two days later he starts seeing ads on Facebook for a proper version of the same. There's virtually no other explanation except for Meta vacuuming and analyzing the photo. None.
I don't think the claim was that the commercial device never existed but that it was too obscure for the friend to randomly independently get targeted ads about it..
But I don't think WhatsApp takes many steps to protect media and in many cases the user really wants to backup media or share in other apps, etc, over security for media.
It is a bit counter-intuitive because there'd be law enforcement lobby working very hard to make sure that they can read private WhatsApp chats. I don't think it is reasonable to treat the entity that literally runs a spy agency monitoring all digital communication as the arbiter and investigator of what is and isn't private. The incentives just aren't there.
It seems obvious that they can. It's my understanding for FB Messenger that the private key is stored encrypted with a key that is derived from the user's password. So it's not straightforward, but Meta is obviously in a position to grab the user's password when they authenticate and obtain their private key. This would probably leave traces, but someone working with company authorization could probably do it.
For WhatsApp they claim it is like Signal, with the caveat that if you have backups enabled it works like Messenger. Although interestingly if you have backups enabled the key may be stored with Apple/Google rather than Meta, it might be the case that with backup enabled your phone vendor can read your WhatsApp messages but Facebook cannot.
Whatsapp is considered insecure and banned from use for military in Russia. Telegram, on the other hand, is widely used. Of course that's not something definitive, but just a food for thought.
Yeah Telegram only has 1:1 opt-in E2EE, that you can't use across your devices, so either you or your buddy quickly gets tired of whipping out their phone when they're sitting at their laptop, and just replies you through Telegram's non-E2EE cloud chats, and that's the backdoor. The user activated it. It's "their fault".
I'm not going to promote Telegram, just wanted to highlight that Whatsapp is not considered trustworthy by a geopolitical enemy of US. I don't think that Telegram is bad, and when your life depends on it, you can click "Secret Chat" button, it's not a big deal.
...that telegram is backdoored by the russians? The implication you're trying to make seems to be that russians must be choosing telegram because it's secure, but are ignoring the possibility that they're choosing telegram because they have access to it. After all, you think they want the possibility of their military scheming against them?
Matrix exists and really isn't too bad to self-host if you just want a small number of people. (If you federate with other servers, then you have more things to worry about -- increased attack surface, more visibility leading to more potential attackers, and the risk of unintentionally storing illegal content (e.g. CSAM) sent by people from other servers.)
The UI of Element (the most popular Matrix client) is more or less in line with any other chat app, but I guess it depends what you mean by "on par to whatsapp". Biggest downside I've found is that you can't search your messages on the mobile clients.
I know the default assumption with Telegram is that they can read all your messages, but unlike WhatsApp they seem less cooperative and I never got the notion that they ever read private messages until the Macron incident, and even then they do if the other party reports them. How come they are able to be this exception despite not having end to end encryption by default?
>I know the default assumption with Telegram is that they can read all your messages
The client is open source. It's trivial to verify this is 100% factually happening. They have access to every group message. Every desktop message. Every message by default. If you enable secret chats for 1:1 mobile chats, you are now disclosing to Telegram you're actively trying to hide something from them, and if there ever was metadata worth it for Keith Alexander to kill someone over, it's that.
>they seem less cooperative and I never got the notion that they ever read private messages until the Macron incident
Thus, I wouldn't be as much concerned about what they're handing EUROPOL, but what they're handing FSB/SVR.
Even if Telegram never co-operated with Russian intelligence, who here thinks Telegram team, that can't pull off the basic thing of "make everything E2EE" that ~all of its competition has successfully done, can harden their servers against Russian state sponsored hackers like Fancy Bear, who obviously would never make noise about successful breach and data exfiltration.
>How come they are able to be this exception despite not having end to end encryption by default?
They've pushed out lie about storing cloud chats across different servers in different jurisdictions. Maybe that scared some prosecutors off. Or maybe FVEY is inside TG's servers too, and they don't like the idea of going after users as that would incentivize deployment of usable E2EE.
Currently, the Russian government is trying to squeeze people out of Telegram and move them over to MAX: https://caspianpost.com/regions/russia-tightens-telegram-res...
WhatsApp also operates in Russia, despite Instagram and Facebook being banned. So I wouldn't count on its E2EE either.
Signal still requires a phone number and proprietary Google blobs on mobile. Many third-party Telegram clients exist - Signal allows none.
> “We look forward to moving forward with those claims and note WhatsApp’s denials have all been carefully worded in a way that stops short of denying the central allegation in the complaint – that Meta has the ability to read WhatsApp messages, regardless of its claims about end-to-end encryption.”
My money is on the chats being end to end encrypted and separately uploaded to Facebook.
>being end to end encrypted and separately uploaded to Facebook
That's a cute loophole you thought up, but whatsapp's marketing is pretty unequivocal that they can't read your messages.
>With end-to-end encryption on WhatsApp, your personal messages and calls are secured with a lock. Only you and the person you're talking to can read or listen to them, and no one else, not even WhatsApp
That's not to say it's impossible that they are secretly uploading your messages, but the implication that they could be secretly doing so while not running afoul of their own claims because of cute word games, is outright false.
The thing is, if they were uploading your messages, then they'd want to do something with the data.
And humans aren't great at keeping secrets.
So, if the claim is that there's a bunch of data, but everyone who is using it to great gain is completely and totally mum about it, and no one else has ever thought to question where certain inferences were coming from, and no employee ever questioned any API calls or database usage or traffic graph.
Well, that's just about the best damn kept secret in town and I hope my messages are as safe!
I'm not saying they are sending the content back, but WhatsApp has to read your message or it couldn't display it, so I don't even know exactly what that particular claim means?
They most likely mean their service or their employees, but this appears to be marketing fluff and not an enforceable statement.
I wonder if keyword/sentiment extraction on the user's device counts as reading "by WhatsApp"...
There's the conspiracy theory about mentioning a product near the phone and then getting ads for it (which I don't believe), but I feel like I've mentioned products on WhatsApp chats with friends and then got an ad for them on Instagram sometime after.
Also claiming "no one else can read it" is a bit brave, what if the user's phone has spyware that takes screenshots of WhatsApp... (Technically of course it's outside of their scope to protect against this, but try explaining that to a judge who sees their claim and the reality)
My guess is that they are end-to-end encrypted. And because of Facebook's scale that they're able to probabilisticly guess at what's in the encrypted messages (e.g.a message with X hash has Y probability of containing the word "shoes")
I really doubt this. Any such upload would be visible inside the WhatsApp application, which would make it the world's most exciting (and relatively straightforward) RE project. You can even start with a Java app, so it's extra easy.
If this was happening en-masse, wouldn't this be discovered by the many people reverse engineering WhatsApp? Reverse engineering is hard sophisticated work, but given how popular WhatsApp is plenty of independent security researchers are doing it. I'm quite skeptical Meta could hide some malicious code in WhatsApp that's breaking the E2EE without it being discovered.
This was happening en masse, perhaps still does - the cloud backup was unencrypted. Originally it was encrypted. Then, one day, Google stopped counting it towards your storage quota, but it became unencrypted. But even before that, Meta had the encryption keys (and probably still does).
When you get a new phone, all you need is your phone number to retrieve the past chats from backup; nothing else. That proves, regardless of specifics, that Meta can read your chats - they can send it to any new phone.
So it doesn’t really matter that it is E2EE in transit - they just have to wait for the daily backup, and they can read it then.
Well they wouldn't be breaking e2ee, they'd be breaking the implicit promise of e2ee. The chats are still inaccessible to intermediaries, they'd just be stored elsewhere. Like Apple and Microsoft do.
I am not familiar with the state of app RE. But between code obfuscators and the difficulty of distinguishing between 'normal' phone home data and user chats when doing static analysis... I'd say it's not out of the question.
> My money is on the chats being end to end encrypted and separately uploaded to Facebook.
If governments of various countries have compelled Meta to provide a backdoor and also required non-disclosure (e.g. a TCN secretly issued to Meta under Australia's Assistance and Access Act), this is how I imagined they would do it. It technically doesn't break encryption as the receiving device receives the encrypted message.
> My money is on the chats being end to end encrypted and separately uploaded to Facebook.
This is what I've suspected for a long time. I bet that's it. They can already read both ends, no need to b0rk the encryption. It's just them doing their job to protect you from fourth parties, not from themselves.
It encrypts it to all the keys with the phone number registered for that user. Because users are switching phones, but keep their number. But each new WhatsApp app gets a new private key, the old key is not shared. This feature was added later, so the old WhatsApp devs wouldn't know.
So it would be trivial to encrypt to the NSA key also, as done on Windows.
Facebook messenger similarly claims to be end to end encrypted, and yet if it thinks you are sending a link to a pirate site, it "fails to send". I imagine there are a great many blacklisted sites which they shadow block, despite "not being able to read your messages".
My pet conspiracy theory is that the "backup code" which "restores" encrypted messages is there to annoy you into installing the app instead of chatting on the web.
Next time you use true real independently audited e2e communication channel, don’t forget to check who is the authority who says that the "other end" is "the end" you think it is
It's a proprietary, closed-source application. It can do whatever it wants, and it doesn't even need to "backdoor" encryption when all it has to do is just forward everything matching some criteria to their servers (and by extension anyone they comply to). It's always one update away from dumping your entire chat history into a remote bucket, and it would still not be in contradiction with their promise of E2EE. Furthermore, it already has the functionality to send messages when reporting [0]. Facebook's Messenger also has worked that way for years. [1] There were also rumors the on-device scanning practice would be expanded to comply with surveillance proposals such as ChatControl a couple years ago. This doesn't mean it's spying on each and every message now, but it would have potential to do so and it would be feasible today more than ever before, hence the importance of software the average person can trust and isn't as easily subject to their government's tantrums about privacy.
You are also using proprietary, closed-source hardware and operating system underneath the app that can do whatever they want. This line of reasoning ultimately leads to - unless you craft every atom and every bit yourself your data isn't secure. Which may be true, but is a pointless discussion.
This reads like a nothingburger. Couple of quotes from the article:
> the idea that WhatsApp can selectively and retroactively access the content of [end-to-end encrypted] individual chats is a mathematical impossibility
> Steven Murdoch, professor of security engineering at UCL, said the lawsuit was “a bit strange”. “It seems to be going mostly on whistleblowers, and we don’t know much about them or their credibility,” he said. “I would be very surprised if what they are claiming is actually true.”
No one apart from the firm filing the lawsuit is actually supporting this claim. A lot of people in this thread seem very confident that it's true, and I'm not sure what precisely makes them so confident.
>has always been able to read encrypted iMessage messages
...assuming you have icloud backups enabled, which is... totally expected? What's next, complaining about bitlocker being backdoored because microsoft can read your onedrive files?
If you read the link you would know that contrary to your expectation other apps advertising E2EE such as Google's Messages app don't allow the app maker to read your messages from your backups. And turning off backups doesn't help when everyone else has them enabled. Apple doesn't respect your backup settings on other people's accounts. Again, other apps address this problem in various ways, but not iMessage.
I remember reading this recently. Not saying it’s true but it got my attention
TUESDAY, NOVEMBER 25, 2025
Blind Item #7
The celebrity CEO says his new chat system is so secure that even he can't read the messages. He is lying. He reads them all the time.
On Android, if you allow it to backup to your Google cloud storage, it will say the backups are encrypted. That was my experience when I set it up a few weeks ago.
Exactly who has the ability to decrypt the backup is not totally clear.
It may be a different situation for non-Android users, Android users who are not signed in with a Google account, Android users who are not using Google Play Services, etc.
You can explore your Google Cloud's Application Storage part via Rsync, AFAIK. So you can see whether your backups are encrypted or not.
I remember that you had to extract at least two keys from the android device to be able to read "on-device" chat storage in the days of yore, so the tech is there.
If you don't have the keys' copies in the Google Drive side, we can say that they are at least "superficially" encrypted.
Lots of uninformed conspiratorial comments with zero proof in here, but I'd really like WhatsApp to get their encryption audited by a reliable, independent 3rd party.
Nowadays all of the messaging pipeline on my phone is closed source and proprietary, and thus unverifiable at all.
The iPhone operating system is closed, the runtime is closed, the whatsapp client is closed, the protocol is closed… hard to believe any claim.
And i know that somebody’s gonna bring up the alleged e2e encryption… a client in control of somebody else might just leak the encryption keys from one end of the chat.
Closed systems that do not support third party clients that connect through open protocols should ALWAYS be assumed to be insecure.
>Closed systems that do not support third party clients that connect through open protocols should ALWAYS be assumed to be insecure.
So you're posting this from an open core CPU running on an open FPGA that you fabricated yourself, right? Or is this just a game of one-upmanship where people come with increasingly high standards for what counts as "secure" to signal how devoted to security they are?
it doesn't need to be open source for us to know what it's doing. its properties are well understood by the security community because it's been RE'd.
> a client in control of somebody else might just leak the encryption keys from one end of the chat.
has nothing to do with closed/open source. preventing this requires remote attestation. i don't know of any messaging app out there that really does this, closed or open source.
also, ironically remote attestation is the antithesis of open source.
For context, the U.S. is also currently investigating whether Donald Trump actually won the 2020 presidential election (he didn’t), whether aspirin causes autism (it doesn’t), and whether transgenic research is woke (it’s not).
“The U.S. investigates” unfortunately does not mean as much as it used to. That said, I would rest easy in the knowledge that someone deep in the NSA already knows with absolute certainty whether the WhatsApp client app is doing anything weird. But they’re not likely to talk to a reporter or plaintiffs lawyer.
Who do they expect to fall for the claims that a Facebook owned messenger couldn't read your "encrypted" messages? It's truly funny.
Any large scale provider with headquarters in the USA will be subject to backdoors and information sharing with the government when they want to read or know what you are doing.
Me? I'd be very surprised if they can actually read encrypted messages (without pushing a malicious client update). The odds that no one at Meta would blow the whistle seem low, and a backdoor would likely be discovered by independent security researchers.
I'd be surprised as well. I know people who've worked on the WhatsApp apps specifically for years. It feels highly unlikely that they wouldn't have come across this backdoor and they wouldn't have mentioned it to me.
If there is such a back door, it would hardly follow it's widely known within the company. From the sparse reports on why Facebook/Meta has been caught doing this in the past, it's for favor trading and leverage at the highest levels.
> Any large scale provider with headquarters in the USA will be subject to backdoors and information sharing with the government when they want to read or know what you are doing.
I have reached the point that I think even the chat control discussion might be a distraction because essentially they can already get anything. Yeah government needs to fill in a form to request, but that’s mostly automated I believe
>I have reached the point that I think even the chat control discussion might be a distraction because essentially they can already get anything.
Then why are politicians wasting time and attracting ire attempting pushing it through? Same goes for UK demanding backdoors. If they already have it, why start a big public fight over it?
> Any large scale provider with headquarters in the USA will be subject to backdoors and information sharing with the government when they want to read or know what you are doing.
Thats just wrong. Signal for example is headquartered in the US and does not even have this capability (besides metadata)
I do not believe them either. The swift start of the investigation by U.S. authorities only suggests there was no obstacle to opening one, not that nothing could be found. By “could not,” I mean it is not currently possible to confirm, not that there is necessarily nothing there.
Personally, I would never trust anyone big enough that it(in this case Meta) need and want to be deeply entangled in politics.
I always assumed Meta has backdoor that at least allows them to compromise key individuals if men in black ask, but law firm representing NSO courageously defending the people? Come the fuck on.
> Our colleagues’ defence of NSO on appeal has nothing to do with the facts disclosed to us and which form the basis of the lawsuit we brought for worldwide WhatsApp users.
These representations are legally binding. If Meta were intentionally lying on these, it would invite billions of dollars of liability. They use similar terminology as Signal and the best private VPN companies: we can't read and don't retain message content, so law enforcement can't ask for it. They do keep some "meta" information and will provide it with a valid subpoenoa.
The latter link even clarifies Meta's interpretation of their responsibilities under "National Security Letters", which the US Government has tried to use to circumvent 4th amendment protections in the past:
> We interpret the national security letter provision as applied to WhatsApp to require the production of only two categories of information: name and length of service.
I guess we'll see if this lawsuit goes anywhere or discovery reveals anything surprising.
It set off the flamewar detector, which is the usual reason that happens.
We'll either turn off that software penalty or merge the thread into a submission of the original Bloomberg source - these things take a bit of time to sort through!
It does have an amplifying effect when issues such as this happen to where users who don't read in time won't see this due to the amount of other threads.
If your personal threat model at this point is not literally:
“everything I ever do can be used against me in court”
…then you are not up-to-date with the latest state of society
Privacy is the most relevant when you are in a position where that information is the difference between your life or your death
The average person going through their average day breaks dozens of laws because the world is a Kafkaesque surveillance capitalist society.
The amount of information that exists about there average consumer is so unbelievably godly such that any litigator could make an argument against nearly any human on the planet that they are in violation of something if there is enough pressure
If you think you’re safe in this society because you “don’t do anything wrong“ then you’re compromised and don’t even realize it
No end-to-end encryption by default. WhatsApp has.
No end-to-end encryption for groups. WhatsApp has.
No end-to-end encryption on desktop. WhatsApp has.
No break-in key-recovery. WhatsApp has.
Inferring Telegram's security from public statements of *checks notes* former KGB officer and FSB director -- agencies that wrote majority of the literature in maskirovka, isn't exactly reliable, wouldn't you agree?
Telegram has private chats. I don't pay attention to his words, indeed. Way before the Ukrainian war, Russia had a massive campaign trying to block Telegram and they failed on a technical level. This has never happened with WhatsApp.
The reality that most encryption enthusiasts need to accept is that true E2EE where keys don’t leave on-device HSMs leads to terrible UX — your messages are bound to individual devices. You’re forced to do local backups. If you lose your phone, your important messages are gone. Lay users don’t like this and don’t want this, generally.
Everything regarding encrypted messaging is downstream of the reality that it’s better for UX for the app developer to own the keys. Once developers have the keys, they’re going to be compelled by governments to provide them when warrants are issued. Force and violence, not mathematical proofs, are the ultimate authority.
It’s fun to get into the “conspiratorial” discussions, like where the P-256 curve constants came from or whether the HSMs have backdoors. Ultimately, none of that stuff matters. Users don’t want their messages to go poof when their phone breaks, and governments will compel you to change whatever bulletproof architecture you have to better serve their warrants.
I mean at the very least if their clients can read it then they can at least read it through their clients, right? And if their clients can read it’ll be because of some private key stored on the client device that they must be able to access, so they could always get that. And this is just assuming that they’ve been transparent about how it’s built, they could just have backdoors on their end.
What even are these low effort, uninformed conspiratorial comments saturating the comment section?
Sure, Meta can obviously read encrypted messages in certain scenarios:
- you report a chat (you're just uploading the plaintext)
- you turn on their AI bot (inference runs on their GPUs)
Otherwise they cannot read anything. The app uses the same encryption protocol as Signal and it's been extensively reverse engineered. Hell, they worked with Moxie's team to get this done (https://signal.org/blog/whatsapp-complete/).
The burden of proof is on anyone that claims Meta bypassing encryption is "obviously the case."
I am really tired of HN devolving into angry uninformed hot takes and quips.
Zuck didn't buy it in good faith. It wasn't "we'll grow you big by using our resources but be absolutely faithful to the privacy terms you dictate". Evidence: Brian Acton very publically telling people that they (Zuck, possibly Sandberg) reneged
Zuck thinks we're "dumb fucks". That's his internet legacy. Copying products, buying them up, wiping out competition
Point taken, but I feel like going into details at this stage is redundant. There have been probably hundreds of discussions on this site regarding this topic. Books have been written about Facebook's and Zuckerberg's absent moral compass. To wit, from three days ago:
"While Zuckerberg reportedly wanted to prevent "explicit" conversations with younger teens, a February 2024 meeting summary shows he believed Meta should be "less restrictive than proposed" and wanted to "allow adults to engage in racier conversation on topics like sex." He also rejected parental controls that would have let families disable the AI feature entirely.
Nick Clegg, Meta's former head of global policy, questioned the approach in internal emails, asking if the company really wanted these products "known for" sexual interactions with teens, warning of "inevitable societal backlash."
Anyone blindly believing every random allegation is also a fool, especially when the app in question has been thoroughly reverse engineered and you can freely check for yourself that it's using the same protocol as Signal for encryption
Allegations against a company who circumvented Android's security to track users?
I don't have any proof that Meta stores WhatsApp messages but I feel it in my bones that at the very least tried to do so. And if ever that comes to light, precisely nobody will be surprised.
That raises the question of why not just use Signal and avoid a company whose founder thinks we're all "dumbfucks" and has a long history of scandals and privacy violations?
The evidence is pretty clear that Facebook wants to do everything they legally can to track and monitor people, and they're perfectly okay crossing the line and going to court to find the boundaries.
Using a company like that for encrypted messaging seems like an unnecessary risk. Maybe they're not decrypting it, but they're undoubtedly tracking everything else about the conversation because that's what they do.
They got caught torrenting unbelievable amounts of content, an act that committed even just a few times can get my home Internet shut down with no recourse (best outcome). Literally nothing happened. Combine the fact that nothing legally significant ever happens to them with zuckerburg’s colossal ego and complete lack of ethical foundation, and you have quite the recipe.
And I’m not even getting into the obvious negative social/political repercussions that have come directly from Facebook and their total lack of accountability/care. They make the world worse. Aside from the inconvenience for hobbyist communities and other groups, all of which should leave Facebook anyway, we would lose nothing of value if Facebook was shut down today. The world would get slightly better.
The true wealthy live by an entirely different set of rules than the rest of us, especially when they are willing to prostrate themselves to the US President.
This has always been true to some degree, but is both more true than ever (there used to be some limits based on accepted decorum) plus they just dont even try to hide it anymore.
if anybody believes that Facebook would allow people to send a totally encrypted message to somebody, they're out of their mind. they're pretty much in bed with law enforcement at this point. I mean I don't know how many people have been killed in Saudi Arabia this year for writing Facebook messages to each other that were against what the government wanted but it's probably a large number.
This reads like another low effort conspiratorial comment.
WhatsApp has been reverse engineered extensively, they worked with Moxie's team to implement the same protocol as Signal, and you can freely inspect the client binaries yourself!
If you're confident this is the case, you should provide a comment with actual technical substance backing your claims.
This should surprise nobody. Do you really think that the intelligence agencies of the US etc would allow mainstream E2E encryption? Please stop being so naive
WhatsApp's end-to-end encryption has been independently investigated: https://kclpure.kcl.ac.uk/ws/files/324396471/whatsapp.pdf
Full version here: https://eprint.iacr.org/2025/794.pdf
We didn't review the entire source code, only the cryptographic core. That said, the main issue we found was that the WhatsApp servers ultimately decide who is and isn't in a particular chat. Dan Goodin wrote about it here: https://arstechnica.com/security/2025/05/whatsapp-provides-n...
> We didn't review the entire source code And, you don't see the issue with that? Facebook was bypassing security measures for mobile by sending data to itself on localhost using websockets and webrtc.
https://cybersecuritynews.com/track-android-users-covertly/
An audit of 'they can't read it cryptographically' but the app can read it, and the app sends data in all directions. Push notifications can be used to read messages.
> Push notifications can be used to read messages.
Are you trying to imply that WhatsApp is bypassing e2e messaging through Push notifications?
Unless something has changed, this table highlights that both Signal and WhatsApp are using a "Push-to-Sync" technique to notify about new messages.
https://crysp.petsymposium.org/popets/2024/popets-2024-0151....
4 replies →
Why did you not mention that the WhatsApp apk, even on non-google play installed devices, loads google tag manager's scripts?
It is reproducibly loaded in each chat, and an MitM firewall can also confirm that. I don't know why the focus of audits like these are always on a specific part of the app or only about the cryptography parts, and not the overall behavior of what is leaked and transferred over the wire, and not about potential side channel or bypass attacks.
Transport encryption is useless if the client copies the plaintext of the messages afterwards to another server, or say an online service for translation, you know.
There's a whole section, early, in the analysis Albrecht posted that surfaces these concerns.
2 replies →
They also decide what public key is associated with a phone number, right? Unless you verify in person.
That's protected cryptographically with key transparency. Anyone can check what the current published keys for a user are, and be sure they get the same value as any other user. Specifically, your wa client checks that these keys are the right key.
1 reply →
Thank you for actually evaluating the technology as implemented instead of speculating wildly about what Facebook can do based on vibes.
Unfortunately a lot of investigations start out as speculation/vibes before they turn into an actual evaluation. And getting past speculation/vibes can take a lot of effort and political/social/professional capital before even starting.
Hello Professor Albrecht,
thank you for your work.
I’ve been looking for this everywhere the past few days but I couldn’t find any official information relating the use of https://signal.org/docs/specifications/pqxdh/ in the signal protocol version that WhatsApp is currently using.
Do you have any information if the protocol version they currently use provides post-quantum forward secrecy and SPQR or are the current e2ee chats vulnerable to harvest now, decrypt later attacks?
Thanks for your time.
Can they control private keys and do replay attacks?
Signal protocol prevents replay attacks as every message is encrypted with new key. Either it's next hash ratchet key, or next future secret key with new entropy mixed via next DH shared key.
Private keys, probably not. WhatsApp is E2EE meaning your device generates the private key with OS's CSPRNG. (Like I also said above), exfiltration of signing keys might allow MITM but that's still possible to detect e.g. if you RE the client and spot the code that does it.
1 reply →
> We didn't review the entire source code
Then it's not fully investigated. That should put any assessments to rest.
By that standard, it can never be verified because what is running and what is reviewed could be different. Reviewing relevant elements is as meaningful as reviewing all the source code.
5 replies →
I have to assume you have never worked on security cataloging of third party dependencies on a large code base.
Because if you had, you would realize how ridiculous it is to state that app security can't be assessed until you have read 100% of the code
That's like saying "well, we don't know how many other houses in the city might be on fire, so we should let this one burn until we know for sure"
4 replies →
as long as client side encryption has been audited, which to my understanding is the case, it doesn't matter. That is literally the point of encryption, communication across adversarial channels. Unless you think Facebook has broken the laws of mathematics it's impossible for them to decrypt the content of messages without the users private keys.
10 replies →
No closed-source E2EE client can be truly secure because the ends of e2e are opaque.
Detecting backdoors is only truly feasible with open source software and even then it can difficult.
A backdoor can be a subtle remote code execution "vulnerability" that can only be exploited by the server. If used carefully and it exfiltrates data in expected client-server communications it can be all but impossible to detect. This approach also makes it more likely that almost no insider will even be aware of it, it could be a small patch applied during the build process or to the binary itself (for example, a bound check branch). This is also another reason why reproducible builds are a good idea for open source software.
With all due respect to Stallman, you can actually study binaries.
The claim Stallman would make (after punishing you for using Open Source instead of Free Software for an hour) is that Closed Software (Proprietary Software) is unjust. but in the context of security, the claim would be limited to Free Software being capable of being secure too.
You may be able to argue that Open Source reduces risk in threat models where the manufacturer is the attacker, but in any other threat model, security is an advantage of closed source. It's automatic obfuscation.
There's a lot of advantages to Free Software, you don't need to make up some.
This. Closed source doesn't stop people from finding exploits in the same way that open source doesn't magically make people find them. The Windows kernel is proprietary and closed source, but people constantly find exploits in it anyways. What matters is that there is a large audience that cares about auditing. OTOH if Microsoft really wanted to sneak in a super hard to detect spyware exploit, they probably could - but so could the Linux kernel devs. Some exploits have been openly sitting in the Linux kernel for more than a decade despite everyone being able to audit it in theory. Who's to say they weren't planted by some three letter agency who coerced a developer. Relying on either approach is pointless anyways. IT security is not a single means to all ends. It's a constant struggle between safety and usability at every single level from raw silicon all the way to user-land.
It's weird to me that it's 2026 and this is still a controversial argument. Deep, tricky memory corruption exploit development is done on closed-source targets, routinely, and the kind of backdoor/bugdoor people conjure in threads about E2EE are much simpler than those bugs.
It was a pretty much settled argument 10 years ago, even before the era of LLVM lifters, but post-LLM the standard of care practice is often full recompilation and execution.
> in any other threat model, security is an advantage of closed source
I think there's a lot of historical evidence that doesn't support this position. For instance, Internet Explorer was generally agreed by all to be a much weaker product from a security perspective than its open source competitors (Gecko, WebKit, etc).
Nobody was defending IE from a security perspective because it was closed source.
I was with you until you somehow claimed obfuscation can improve security, against all historical evidence even pre-computers.
3 replies →
Expalin how you detect a branched/flaged sendKey (or whatever it would be called) call in the compiled WhatsApp iOS app?
It could be interleaved in any of the many analytics tools in there too.
You have to trust the client in E2E encryption. There's literally no way around that. You need to trust the client's OS (and in some cases, other processes) too.
6 replies →
This comment comes across as unnecessarily aggressive and out of nowhere (Stallman?), it's really hard to parse.
Does this rewording reflect it's meaning?
"You don't actually need code to evaluate security, you can analyze a binary just as well."
Because that doesn't sound correct?
But that's just my first pass, at a high level. Don't wanna overinterpret until I'm on surer ground about what the dispute is. (i.e. don't want to mind read :) )
Steelman for my current understanding is limited to "you can check if it writes files/accesses network, and if it doesn't, then by definition the chats are private and its secure", which sounds facile. (presumably something is being written to somewhere for the whole chat thing to work, can't do P2P because someone's app might not be open when you send)
1 reply →
What’s the state of the art of reverse engineering source code from binaries in the age of agentic coding? Seems like something agents should be pretty good at, but haven’t read anything about it.
7 replies →
>Detecting backdoors is only truly feasible with open source software and even then it can difficult.
This is absurd. Detecting backdoors is only truly feasible on binaries, there's no way you can understand compiler behavior well enough to be able to spot hidden backdoors in source code.
None of the statements I’ve seen from Meta, people formerly involved in WhatsApp that chimed in here (thanks!), or the quotes from the investigation are incompatible with the whistleblowers’ allegations.
At this point, I won’t trust anything short of this on the front page of an SEC filing, signed by zuck and the relevant management chain:
“The following statement is material to earnings: Facebook has never (since E2EE was rolled out) and will never access messages sent through whatsapp via any means including the encryption protocol, application backdoor moderation access or backup mechanisms. Similarly, it does not provide third parties with access to the methods, and does not have the technical capability to do so under any circumstances.”
Ex-WhatsApp engineer here. WhatsApp team makes so much effort to make this end to end encrypted messages possible. From the time I worked I know for sure it is not possible to read the encrypted messages.
From business standpoint they don’t have to read these messages, since WhatsApp business API provide the necessary funding for the org as a whole.
Facebook has never been satisfied with direct funding. The value is in selling attention and influencing users’ behavior.
This is why most tech founders who go big never retire, even as billionaires. The power they gain, only the wisest would refuse.
Nice! Hey, question: I noticed Signal at one point had same address on Google Play Store as WA. Can you tell us if Signal devs shared office space with WA during integration of the Signal protocol? Related to that, did they hold WA devs' hand during the process, meaning at least at the time it was sort of greenlighted by Moxie or something. If this is stuff under NDA I fully understand but anything you can share I'd love to hear.
So how was Andreas Schjelderup caught sharing minor content?
According to Kristeligt Dagblad in Denmark, he was using Snapchat: https://www.kristeligt-dagblad.dk/tidligere-superligaspiller...
From what you know about WA, is it possible for the servers to MitM the connection between two clients? Is there a way for a client to independently verify the identity of the other client, such as by comparing keys (is it even possible to view them?), or comparing the contents of data packets sent from one client with the ones received on the other side?
Thanks.
No.
Whatsapp uses key transparency. Anyone can check what the current published keys for a user are, and be sure they get the same value as any other user. Specifically, your wa client checks that these keys are the right key.
Whatsapp has a blog post with more details available.
I have no doubt that that rank and file engineers were not aware of the underlying functionality that allowed for plain text content to be read.
Nobody would ever create a SendPlainTextToZuck() function that had to be called on every message.
It would be as simple as using a built in PRNG for client side key generation and then surreptitiously leaking the initial state (dozens of bytes) once in a nonce signing or something when authenticating with the server.
I’ve often thought one of Zuck’s superpowers is in finding ways to get smart and moral people to do truly evil things. Sometimes it’s mind games. Sometimes it’s careful layers of obfuscation.
Here it might be: This analytics package is dynamically loaded at runtime because reasons. This abuse flagging and review system is bundled with analytics because reasons. This add on for reconfiguring how the analytics package behaves at runtime, and has a bunch of switches nobody remembers why they’re here but don’t touch them they’re fragile.
The backups are either unencrypted by default or have keys held by Meta / your backup provider. I think this means three-letter agencies can see your chats, just with a slight delay.
Another comment above mentions that you can recover conversation histories with just your phone number--if that's true then yup. The E2EE is all smoke and mirrors.
It only takes one engineer in all the teams at Whatsapp that has different directives to make all your privacy work completely useless.
How would you hide that? Unless you’re assuming nobody ever has to try and fix bugs or audit code to find it, and there’s some kind of closed off area of code that nobody thinks is suspicious. Or you maintain a complete second set of the app core libs that a few clandestine folks can access, and then hope nobody notices that the binaries don’t line up and crash logs are happening in obscured places.
Assuming there's no code review or audit, I suppose.
The legal and liability protection these messaging services get from E2EE is far too big to break it.
Besides I get the feeling we're so cooked these days from marketing that when I get freaked out that an advert is what I was thinking about. It's probably because they made me think about it.
Or maybe I need to update my meds?
I would be surprised if the code was hidden from other people engineers.
1 reply →
[flagged]
Matthew Green's take from 3 days ago:
> There’s a lawsuit against WhatsApp making the rounds today, claiming that Meta has access to plaintext. I see nothing in there that’s compelling; the whole thing sounds like a fishing expedition.
https://bsky.app/profile/matthewdgreen.bsky.social/post/3mdg...
Just to throw in a couple of possibly outlandish theories:
1. as others have said, they could be collecting the encrypted messages and then tried to decrypt them using quantum computing, the Chinese have been reportedly trying to do this for many years now.
2. with metadata and all the information from other sources, they could infer what the conversation is about without the need to decrypt it: if I visit a page (Facebook cookies, they know), then I share a message to my friend John, and then John visits the same page (again, cookies), then they can be pretty certain that the contain of the message was me sharing the link.
(1) made me chuckle. I've worked at nearly every FAANG including Meta. These companies aren't nearly as advanced or competent as you think.
I no longer work at Meta, but in my mind a more likely scenario than (1) is: a senior engineer proposes a 'Decryption at Scale' framework solely to secure their E6 promo, and writes a 40-page Google Doc to farm 'direction' points for PSC. Five PMs repost this on Workplace to celebrate the "alignment" so they can also include it in their PSCs.
The TL and PMs immediately abandon the project after ratings are locked because they already farmed the credit for it. The actual implementation gets assigned to an E4 bootcamp grad who is told by a non-technical EM to pivot 3 months in because it doesn't look like 'measurable impact' in a perf packet. The E4 gets fired to fill the layoff quota and everyone else sails off into the sunset.
2) enough metadata can reveal a person's life, habits, and location which removes the need to analyze the actual bulky content of communications.
can analyze receivers data or receivers contact trees data which is easier to access.
The number of free or paid data sources is daunting.
I think this is the most likely scenario. The US government is not necessarily trying to read the messages right now, in real-time. But it wants to read the messages at some point in the future.
https://en.wikipedia.org/wiki/Utah_Data_Center
Re. quantum computing: no chance, the scientific and engineering breakthroughs they would need are too outlandish, like claiming China already had a 2026-level frontier model back in 2016.
It's the backups. The backups aren't encrypted such that only the end-user has the key.
I wonder how these investigations go? Are they just asking them if it is true? Are they working with IT specialist to technically analyze the apps? Are they requesting the source code that can be demonstrated to be the same one that runs on the user devices and then analyze that code?
That will be step 1. Fear of being caught lying to the government is such that that is usually enough. Presumably at least a handful of people would have to know about it, and nobody likes their job at Facebook enough to go to jail over it.
But you never know.
Companies lie to governments and the public all the time. I doubt that even if something were found and the case were lost, it would lead to prison or any truly severe punishment. No money was stolen and no lives were put at risk. At worst, it would likely end in a fine, and then it would be forgotten, especially given Meta’s repeated violations of user trust.
The reality is that most users do not seem to care. For many, WhatsApp is simply “free SMS,” tied to a phone number, so it feels familiar and easy to understand, and the broader implications are ignored.
1 reply →
Anyone can audit the client binaries
Multiple governments will already know as they have analyzed and reverse engineered it.
I want whatsapp to decrypt the messages in a secure enclave and render the message content to the screen with a secure rendering pipeline, as is done with DRM'ed video.
Compromise of the client side application or OS shouldn't break the security model.
This should be possible with current API's, since each message could if needed simply be a single frame DRM'ed video if no better approach exists (or until a better approach is built).
Signal uses the DRM APIs to mitigate threats like Microsoft Recall, but it doesn't stop the app itself from reading its own data.
I don't really see how it's possible to mitigate client compromise. You can decrypt stuff on a secure enclave but at some point the client has to pull it out and render it.
> I don't really see how it's possible to mitigate client compromise
Easy: pass laws requiring chat providers to implement interoperability standards so that users can bring their own trusted clients. You're still at risk if your recipient is using a compromised client, but that's a problem that you have the power to solve, and it's much easier to convince someone to switch a secure client if they don't have to worry about losing their contacts.
9 replies →
>I don't really see how it's possible to mitigate client compromise.
You could of course offload plaintext input and output along with cryptographic operations and key management to separate devices that interact with the networked device unidirectionally over hardware data diodes, that prevent malware from getting in or getting the keys out.
Throw in some v3 Onion Services for p2p ciphertext routing, and decent ciphersuite and you've successfully made it to at least three watch lists just by reading this. Anyway, here's one I made earlier https://github.com/maqp/tfc
> don't really see how it's possible to mitigate client compromise.
Think of the way DRM'ed video is played. If the media player application is compromised, the video data is still secure. Thats because the GPU does both the decryption and rendering, and will not let the application read it back.
7 replies →
By avoiding untrustworthy clients. All Windows devices should be considered compromised after last year.
6 replies →
This. The gap in E2E is the point at which I type in clear text and the point at which I read clear text. Those can be exploited.
“I want whatsapp to decrypt the messages in a secure enclave and render the message content to the screen with a secure rendering pipeline, as is done with DRM'ed video.“
If you are sophisticated enough to understand, and want, these things (and I believe that you are) …
… then why would you want to use WhatsApp in the first place?
Because my goal isn't to have my communication secure - but to have everyone's communication secure.
And the network effect of whatsapp (3 billion users) seems currently the best route to that.
This is what a layman would assume happens from Meta’s WhatsApp advertising. They show the e2e process, and have the message entirely unreadable by anyone but the phone owner.
e2e means unreadable by a middleman. That is a small inconvenience if you can readily compromise an endpoint.
2 replies →
I said this in another recent HN thread but all encryption comes down to key management. If you don’t control the keys, something else does. Sometimes that’s a hardware enclave, sometimes it’s a key derivation algorithm, sometimes it’s just a locally generated key on the filesystem.
If you never give WhatsApp a cryptographic identity then what key is it using? How are your messages seamlessly showing up on another device when you authenticate? It’s not magic, and these convenience features always weaken the crypto in some way.
WhatsApp has a feature to verify the fingerprint of another party. How many people do you think use this feature, versus how many people just assume they're safe because they read that WhatsApp has E2EE?
I witnessed something recently that points unambiguously at Whatsapp chats being not private.
Not two months ago I sent a single photo to a friend of some random MacGyver kitchen contraption I made. Never described it, just a photo with the lol. He replied lol. He never reshared nor discussed it with anyone else. We never spoke about this before or after. Two days later he starts seeing ads on Facebook for a proper version of the same. There's virtually no other explanation except for Meta vacuuming and analyzing the photo. None.
It takes more than two days to develop and roll out a new product. That goes for kitchen appliances, too.
I don't think the claim was that the commercial device never existed but that it was too obscure for the friend to randomly independently get targeted ads about it..
But I don't think WhatsApp takes many steps to protect media and in many cases the user really wants to backup media or share in other apps, etc, over security for media.
It is a bit counter-intuitive because there'd be law enforcement lobby working very hard to make sure that they can read private WhatsApp chats. I don't think it is reasonable to treat the entity that literally runs a spy agency monitoring all digital communication as the arbiter and investigator of what is and isn't private. The incentives just aren't there.
It seems obvious that they can. It's my understanding for FB Messenger that the private key is stored encrypted with a key that is derived from the user's password. So it's not straightforward, but Meta is obviously in a position to grab the user's password when they authenticate and obtain their private key. This would probably leave traces, but someone working with company authorization could probably do it.
For WhatsApp they claim it is like Signal, with the caveat that if you have backups enabled it works like Messenger. Although interestingly if you have backups enabled the key may be stored with Apple/Google rather than Meta, it might be the case that with backup enabled your phone vendor can read your WhatsApp messages but Facebook cannot.
So many people that strongly believe WhatsApp isn't E2EE!
Quick, someone set up a Kalshi or Polymarket or whatever claiming that WhatsApp isn't E2EE.
I'll gladly bet against the total volume of people that believe it isn't E2EE -- it'll be an easy 2x for you or me.
Whatsapp is considered insecure and banned from use for military in Russia. Telegram, on the other hand, is widely used. Of course that's not something definitive, but just a food for thought.
Telegram which famously didn't have _any_ end to end encryption for ages, and even now only has very limited opt-in "secret chats"?
Yeah Telegram only has 1:1 opt-in E2EE, that you can't use across your devices, so either you or your buddy quickly gets tired of whipping out their phone when they're sitting at their laptop, and just replies you through Telegram's non-E2EE cloud chats, and that's the backdoor. The user activated it. It's "their fault".
I'm not going to promote Telegram, just wanted to highlight that Whatsapp is not considered trustworthy by a geopolitical enemy of US. I don't think that Telegram is bad, and when your life depends on it, you can click "Secret Chat" button, it's not a big deal.
> but just a food for thought.
...that telegram is backdoored by the russians? The implication you're trying to make seems to be that russians must be choosing telegram because it's secure, but are ignoring the possibility that they're choosing telegram because they have access to it. After all, you think they want the possibility of their military scheming against them?
I guess their point was that Russian military doesn‘t care if Russian intelligence reads their messages
2 replies →
Is anybody using any open source, self-hosted solution with an UI on par to whatsapp? Asking for my wife
Matrix exists and really isn't too bad to self-host if you just want a small number of people. (If you federate with other servers, then you have more things to worry about -- increased attack surface, more visibility leading to more potential attackers, and the risk of unintentionally storing illegal content (e.g. CSAM) sent by people from other servers.)
The UI of Element (the most popular Matrix client) is more or less in line with any other chat app, but I guess it depends what you mean by "on par to whatsapp". Biggest downside I've found is that you can't search your messages on the mobile clients.
I know the default assumption with Telegram is that they can read all your messages, but unlike WhatsApp they seem less cooperative and I never got the notion that they ever read private messages until the Macron incident, and even then they do if the other party reports them. How come they are able to be this exception despite not having end to end encryption by default?
>I know the default assumption with Telegram is that they can read all your messages
The client is open source. It's trivial to verify this is 100% factually happening. They have access to every group message. Every desktop message. Every message by default. If you enable secret chats for 1:1 mobile chats, you are now disclosing to Telegram you're actively trying to hide something from them, and if there ever was metadata worth it for Keith Alexander to kill someone over, it's that.
>they seem less cooperative and I never got the notion that they ever read private messages until the Macron incident
We have no way to verify Telegram isn't a Russian OP. I'd love to say Pavel Durov fled for his life into exile https://www.nytimes.com/2014/12/03/technology/once-celebrate...
But the "fugitive" has since visited Russia over SIXTY times https://kyivindependent.com/kremlingram-investigation-durov/
Thus, I wouldn't be as much concerned about what they're handing EUROPOL, but what they're handing FSB/SVR.
Even if Telegram never co-operated with Russian intelligence, who here thinks Telegram team, that can't pull off the basic thing of "make everything E2EE" that ~all of its competition has successfully done, can harden their servers against Russian state sponsored hackers like Fancy Bear, who obviously would never make noise about successful breach and data exfiltration.
>How come they are able to be this exception despite not having end to end encryption by default?
They've pushed out lie about storing cloud chats across different servers in different jurisdictions. Maybe that scared some prosecutors off. Or maybe FVEY is inside TG's servers too, and they don't like the idea of going after users as that would incentivize deployment of usable E2EE.
Who knows. Just use Signal.
Currently, the Russian government is trying to squeeze people out of Telegram and move them over to MAX: https://caspianpost.com/regions/russia-tightens-telegram-res... WhatsApp also operates in Russia, despite Instagram and Facebook being banned. So I wouldn't count on its E2EE either. Signal still requires a phone number and proprietary Google blobs on mobile. Many third-party Telegram clients exist - Signal allows none.
> “We look forward to moving forward with those claims and note WhatsApp’s denials have all been carefully worded in a way that stops short of denying the central allegation in the complaint – that Meta has the ability to read WhatsApp messages, regardless of its claims about end-to-end encryption.”
My money is on the chats being end to end encrypted and separately uploaded to Facebook.
>being end to end encrypted and separately uploaded to Facebook
That's a cute loophole you thought up, but whatsapp's marketing is pretty unequivocal that they can't read your messages.
>With end-to-end encryption on WhatsApp, your personal messages and calls are secured with a lock. Only you and the person you're talking to can read or listen to them, and no one else, not even WhatsApp
https://www.whatsapp.com/
That's not to say it's impossible that they are secretly uploading your messages, but the implication that they could be secretly doing so while not running afoul of their own claims because of cute word games, is outright false.
> but whatsapp's marketing is pretty unequivocal that they can't read your messages.
well that's alright then
facebook's marketing and executives have always been completely above board and completely honest
1 reply →
The thing is, if they were uploading your messages, then they'd want to do something with the data.
And humans aren't great at keeping secrets.
So, if the claim is that there's a bunch of data, but everyone who is using it to great gain is completely and totally mum about it, and no one else has ever thought to question where certain inferences were coming from, and no employee ever questioned any API calls or database usage or traffic graph.
Well, that's just about the best damn kept secret in town and I hope my messages are as safe!
And I'm no fan of Meta...
2 replies →
I'm not saying they are sending the content back, but WhatsApp has to read your message or it couldn't display it, so I don't even know exactly what that particular claim means?
They most likely mean their service or their employees, but this appears to be marketing fluff and not an enforceable statement.
Are messages and calls data at rest or data in motion? The UI lock feature refers to 'chats' which could be their term for data at rest.
I wonder what the eula says.
I wonder if keyword/sentiment extraction on the user's device counts as reading "by WhatsApp"...
There's the conspiracy theory about mentioning a product near the phone and then getting ads for it (which I don't believe), but I feel like I've mentioned products on WhatsApp chats with friends and then got an ad for them on Instagram sometime after.
Also claiming "no one else can read it" is a bit brave, what if the user's phone has spyware that takes screenshots of WhatsApp... (Technically of course it's outside of their scope to protect against this, but try explaining that to a judge who sees their claim and the reality)
6 replies →
My guess is that they are end-to-end encrypted. And because of Facebook's scale that they're able to probabilisticly guess at what's in the encrypted messages (e.g.a message with X hash has Y probability of containing the word "shoes")
3 replies →
> That's a cute loophole you thought up, but whatsapp's marketing is pretty unequivocal that they can't read your messages.
If Facebook says it, then... Sorted!
"We can't read your messages! They are encrypted on disk and we don't store the keys!"
"What encryption do you use?"
"DES."
I really doubt this. Any such upload would be visible inside the WhatsApp application, which would make it the world's most exciting (and relatively straightforward) RE project. You can even start with a Java app, so it's extra easy.
If you claim REing a flagship FAANG application is "extra easy", either they need to be laughed out of the room or you do.
9 replies →
If this was happening en-masse, wouldn't this be discovered by the many people reverse engineering WhatsApp? Reverse engineering is hard sophisticated work, but given how popular WhatsApp is plenty of independent security researchers are doing it. I'm quite skeptical Meta could hide some malicious code in WhatsApp that's breaking the E2EE without it being discovered.
It would be trivial to discover and would be pretty big news in the security community.
I'd wager most of these comments are from nontechnical people, or technical people that are very far removed from security.
6 replies →
This was happening en masse, perhaps still does - the cloud backup was unencrypted. Originally it was encrypted. Then, one day, Google stopped counting it towards your storage quota, but it became unencrypted. But even before that, Meta had the encryption keys (and probably still does).
When you get a new phone, all you need is your phone number to retrieve the past chats from backup; nothing else. That proves, regardless of specifics, that Meta can read your chats - they can send it to any new phone.
So it doesn’t really matter that it is E2EE in transit - they just have to wait for the daily backup, and they can read it then.
Before that, Meta employees would know about it. Pretty convinced that someone would leak it.
Well they wouldn't be breaking e2ee, they'd be breaking the implicit promise of e2ee. The chats are still inaccessible to intermediaries, they'd just be stored elsewhere. Like Apple and Microsoft do.
I am not familiar with the state of app RE. But between code obfuscators and the difficulty of distinguishing between 'normal' phone home data and user chats when doing static analysis... I'd say it's not out of the question.
That’s because they have such a good track record wrt to privacy? https://www.docketalarm.com/cases/California_Northern_Distri...
That document is the dismissal of claims by an economist about Facebook’s privacy practices. I don’t see how it supports your argument.
> My money is on the chats being end to end encrypted and separately uploaded to Facebook.
If governments of various countries have compelled Meta to provide a backdoor and also required non-disclosure (e.g. a TCN secretly issued to Meta under Australia's Assistance and Access Act), this is how I imagined they would do it. It technically doesn't break encryption as the receiving device receives the encrypted message.
> My money is on the chats being end to end encrypted and separately uploaded to Facebook.
This is what I've suspected for a long time. I bet that's it. They can already read both ends, no need to b0rk the encryption. It's just them doing their job to protect you from fourth parties, not from themselves.
It should be detectable if it sends twice the data.
It encrypts it to all the keys with the phone number registered for that user. Because users are switching phones, but keep their number. But each new WhatsApp app gets a new private key, the old key is not shared. This feature was added later, so the old WhatsApp devs wouldn't know.
So it would be trivial to encrypt to the NSA key also, as done on Windows.
Facebook messenger similarly claims to be end to end encrypted, and yet if it thinks you are sending a link to a pirate site, it "fails to send". I imagine there are a great many blacklisted sites which they shadow block, despite "not being able to read your messages".
My pet conspiracy theory is that the "backup code" which "restores" encrypted messages is there to annoy you into installing the app instead of chatting on the web.
The client probably just downloads a blacklist of banned domains. That doesn't mean messages that are sent are not E2E encrypted.
2 replies →
I co-founded Gliph, which was one of the first commercial, cross platform messaging apps to provide end to end encrypt.
One area of exposure was push notifications. I wonder if the access described wasn’t to the messages themselves but content rich notifications.
If so, both parties could be ~correct. Except the contractors would have been seeing what is technically metadata.
I'm unfamiliar with Gliph. What were the protocols/constructions you used?
Both things cannot be true at the same time
- WhatsApp encryption is broken
- EU's and UK's Chat Control spooks demand Meta to insert backdoor because they cannot break the encryption
The Guardian has its own editorial flavour on tech news, so expect them to use any excuse to bash the subject.
Just because Adam has a back door doesn’t mean Eve also has a back door.
> EU's and UK's Chat Control spooks demand Meta to insert backdoor because they cannot break the encryption
Those are not law, so no the EU doesnt demand that
They’re just not sharing the back door with the EU?
Next time you use true real independently audited e2e communication channel, don’t forget to check who is the authority who says that the "other end" is "the end" you think it is
It's a proprietary, closed-source application. It can do whatever it wants, and it doesn't even need to "backdoor" encryption when all it has to do is just forward everything matching some criteria to their servers (and by extension anyone they comply to). It's always one update away from dumping your entire chat history into a remote bucket, and it would still not be in contradiction with their promise of E2EE. Furthermore, it already has the functionality to send messages when reporting [0]. Facebook's Messenger also has worked that way for years. [1] There were also rumors the on-device scanning practice would be expanded to comply with surveillance proposals such as ChatControl a couple years ago. This doesn't mean it's spying on each and every message now, but it would have potential to do so and it would be feasible today more than ever before, hence the importance of software the average person can trust and isn't as easily subject to their government's tantrums about privacy.
0. https://www.propublica.org/article/how-facebook-undermines-p...
1. https://archive.is/fe6zY
You are also using proprietary, closed-source hardware and operating system underneath the app that can do whatever they want. This line of reasoning ultimately leads to - unless you craft every atom and every bit yourself your data isn't secure. Which may be true, but is a pointless discussion.
No it means you calculate how much risk you're taking on, vendor by vendor. Do all companies have the same reputation before your eyes?
1 reply →
That's a bad take because the vendors there are different; they're not Meta. As such, it's not pointless.
This reads like a nothingburger. Couple of quotes from the article:
> the idea that WhatsApp can selectively and retroactively access the content of [end-to-end encrypted] individual chats is a mathematical impossibility
> Steven Murdoch, professor of security engineering at UCL, said the lawsuit was “a bit strange”. “It seems to be going mostly on whistleblowers, and we don’t know much about them or their credibility,” he said. “I would be very surprised if what they are claiming is actually true.”
No one apart from the firm filing the lawsuit is actually supporting this claim. A lot of people in this thread seem very confident that it's true, and I'm not sure what precisely makes them so confident.
I find this wording also "a bit strange".
It is not a mathematical impossibility in any way.
For example they might be able to read the backups, the keys might be somehow (accidentaly or not) leaked...
And then the part about Telegram not having end2end encryption? What's this all about?
Telegram defaults to not e2ee; you have to initiate a "secret" chat to get e2ee.
Meanwhile Apple has always been able to read encrypted iMessage messages and everyone decided to ignore that fact. https://james.darpinian.com/blog/apple-imessage-encryption
And it's worse if you live in the UK:
https://support.apple.com/en-us/122234
In fact on this page they still claim iMessage is end-to-end encrypted.
>has always been able to read encrypted iMessage messages
...assuming you have icloud backups enabled, which is... totally expected? What's next, complaining about bitlocker being backdoored because microsoft can read your onedrive files?
If you read the link you would know that contrary to your expectation other apps advertising E2EE such as Google's Messages app don't allow the app maker to read your messages from your backups. And turning off backups doesn't help when everyone else has them enabled. Apple doesn't respect your backup settings on other people's accounts. Again, other apps address this problem in various ways, but not iMessage.
5 replies →
Absolutly, they intentionally make stuff sound secure and private while keeping full access.
I remember reading this recently. Not saying it’s true but it got my attention
TUESDAY, NOVEMBER 25, 2025 Blind Item #7 The celebrity CEO says his new chat system is so secure that even he can't read the messages. He is lying. He reads them all the time.
It was my understanding that the backups are unencrypted. Is that still the case?
On Android, if you allow it to backup to your Google cloud storage, it will say the backups are encrypted. That was my experience when I set it up a few weeks ago.
Exactly who has the ability to decrypt the backup is not totally clear.
It may be a different situation for non-Android users, Android users who are not signed in with a Google account, Android users who are not using Google Play Services, etc.
You can explore your Google Cloud's Application Storage part via Rsync, AFAIK. So you can see whether your backups are encrypted or not.
I remember that you had to extract at least two keys from the android device to be able to read "on-device" chat storage in the days of yore, so the tech is there.
If you don't have the keys' copies in the Google Drive side, we can say that they are at least "superficially" encrypted.
I feel fairly confident an oddly-shaped donation from Mark Z’s foundation will make this go away.
I'd bet that shape would look like a tube with a cap on.
It's vulnerable to man-in-the-middle attacks, and the man-in-the-middle happens to be Meta.
The tricky part would be doing it and not getting caught though.
Thank God for Signal. And by God I mean all the smart men and women who made Signal possible. Not God. God didn't do shit. As usual.
WhatsApp belongs to Meta.
Why would anyone believe those chats are private?
The issue here is that WhatsApp doesn't work with third-party clients (outside of EU anyway). It does now in EU via BirdyChat and Haiket, but the features are too limiting: https://about.fb.com/news/2025/11/messaging-interoperability...
Ideally, WhatsApp would fully support third-party open-source clients that can ensure that the mathematics are used as intended.
yes/no? Can't they just say that?
Lots of uninformed conspiratorial comments with zero proof in here, but I'd really like WhatsApp to get their encryption audited by a reliable, independent 3rd party.
I always assumed this to be true, to be honest.
Nowadays all of the messaging pipeline on my phone is closed source and proprietary, and thus unverifiable at all.
The iPhone operating system is closed, the runtime is closed, the whatsapp client is closed, the protocol is closed… hard to believe any claim.
And i know that somebody’s gonna bring up the alleged e2e encryption… a client in control of somebody else might just leak the encryption keys from one end of the chat.
Closed systems that do not support third party clients that connect through open protocols should ALWAYS be assumed to be insecure.
>Closed systems that do not support third party clients that connect through open protocols should ALWAYS be assumed to be insecure.
So you're posting this from an open core CPU running on an open FPGA that you fabricated yourself, right? Or is this just a game of one-upmanship where people come with increasingly high standards for what counts as "secure" to signal how devoted to security they are?
it doesn't need to be open source for us to know what it's doing. its properties are well understood by the security community because it's been RE'd.
> a client in control of somebody else might just leak the encryption keys from one end of the chat.
has nothing to do with closed/open source. preventing this requires remote attestation. i don't know of any messaging app out there that really does this, closed or open source.
also, ironically remote attestation is the antithesis of open source.
For context, the U.S. is also currently investigating whether Donald Trump actually won the 2020 presidential election (he didn’t), whether aspirin causes autism (it doesn’t), and whether transgenic research is woke (it’s not).
“The U.S. investigates” unfortunately does not mean as much as it used to. That said, I would rest easy in the knowledge that someone deep in the NSA already knows with absolute certainty whether the WhatsApp client app is doing anything weird. But they’re not likely to talk to a reporter or plaintiffs lawyer.
I am not into conspiracy theories, but I find it very unlikely that our governments can’t read all our messages across platforms.
“Fox has investigated whether henhouse is secure” News at 11.
Who do they expect to fall for the claims that a Facebook owned messenger couldn't read your "encrypted" messages? It's truly funny.
Any large scale provider with headquarters in the USA will be subject to backdoors and information sharing with the government when they want to read or know what you are doing.
Me? I'd be very surprised if they can actually read encrypted messages (without pushing a malicious client update). The odds that no one at Meta would blow the whistle seem low, and a backdoor would likely be discovered by independent security researchers.
I'd be surprised as well. I know people who've worked on the WhatsApp apps specifically for years. It feels highly unlikely that they wouldn't have come across this backdoor and they wouldn't have mentioned it to me.
Happy to bet $100 that this lawsuit goes nowhere.
If there is such a back door, it would hardly follow it's widely known within the company. From the sparse reports on why Facebook/Meta has been caught doing this in the past, it's for favor trading and leverage at the highest levels.
That was my reaction on reading the headline. Of course Meta can read them, they own the entire stack. The question would really be do they?
Is there an independent audit of the Whatsapp client and of the servers?
> Any large scale provider with headquarters in the USA will be subject to backdoors and information sharing with the government when they want to read or know what you are doing.
Not just the USA. This is basically universal.
It's not guaranteed or by default.
This type of generalized defeatism does more harm than not.
4 replies →
[dead]
I have reached the point that I think even the chat control discussion might be a distraction because essentially they can already get anything. Yeah government needs to fill in a form to request, but that’s mostly automated I believe
>I have reached the point that I think even the chat control discussion might be a distraction because essentially they can already get anything.
Then why are politicians wasting time and attracting ire attempting pushing it through? Same goes for UK demanding backdoors. If they already have it, why start a big public fight over it?
Such initiatives are likely trying to make it easier.
I think you can safely remove “in the USA” from that sentence.
> Any large scale provider with headquarters in the USA will be subject to backdoors
Wonder what large scale provider outside USA won’t do that?
> Any large scale provider with headquarters in the USA will be subject to backdoors and information sharing with the government when they want to read or know what you are doing.
Thats just wrong. Signal for example is headquartered in the US and does not even have this capability (besides metadata)
They're only concerned someone at meta, they don't already control, could read their personal messages.
I do not believe them either. The swift start of the investigation by U.S. authorities only suggests there was no obstacle to opening one, not that nothing could be found. By “could not,” I mean it is not currently possible to confirm, not that there is necessarily nothing there.
Personally, I would never trust anyone big enough that it(in this case Meta) need and want to be deeply entangled in politics.
I always assumed Meta has backdoor that at least allows them to compromise key individuals if men in black ask, but law firm representing NSO courageously defending the people? Come the fuck on.
> Our colleagues’ defence of NSO on appeal has nothing to do with the facts disclosed to us and which form the basis of the lawsuit we brought for worldwide WhatsApp users.
> I always assumed Meta has backdoor that at least allows them to compromise key individuals if men in black ask
According to Meta's own voluntarily published official statements, they do not.
* FAQ on encryption: https://faq.whatsapp.com/820124435853543
* FAQ for law enforcement: https://faq.whatsapp.com/444002211197967
These representations are legally binding. If Meta were intentionally lying on these, it would invite billions of dollars of liability. They use similar terminology as Signal and the best private VPN companies: we can't read and don't retain message content, so law enforcement can't ask for it. They do keep some "meta" information and will provide it with a valid subpoenoa.
The latter link even clarifies Meta's interpretation of their responsibilities under "National Security Letters", which the US Government has tried to use to circumvent 4th amendment protections in the past:
> We interpret the national security letter provision as applied to WhatsApp to require the production of only two categories of information: name and length of service.
I guess we'll see if this lawsuit goes anywhere or discovery reveals anything surprising.
This was slid off the first page of HN so quickly.
As someone wisely pointed out in this thread, the reason Facebook is doing this is: "it's for favor trading and leverage at the highest levels."
It set off the flamewar detector, which is the usual reason that happens.
We'll either turn off that software penalty or merge the thread into a submission of the original Bloomberg source - these things take a bit of time to sort through!
Edit: thread merged from https://news.ycombinator.com/item?id=46836487 now.
It does have an amplifying effect when issues such as this happen to where users who don't read in time won't see this due to the amount of other threads.
Thank you for the insight as to why it happened.
Just came here after seeing it in the Guardian and really disappointed it's not on the front page. Telling.
Telling in what way?
If your personal threat model at this point is not literally:
“everything I ever do can be used against me in court”
…then you are not up-to-date with the latest state of society
Privacy is the most relevant when you are in a position where that information is the difference between your life or your death
The average person going through their average day breaks dozens of laws because the world is a Kafkaesque surveillance capitalist society.
The amount of information that exists about there average consumer is so unbelievably godly such that any litigator could make an argument against nearly any human on the planet that they are in violation of something if there is enough pressure
If you think you’re safe in this society because you “don’t do anything wrong“ then you’re compromised and don’t even realize it
I trust Telegram more: Putin never had any problems with Whatsapp, only with Telegram.
No end-to-end encryption by default. WhatsApp has.
No end-to-end encryption for groups. WhatsApp has.
No end-to-end encryption on desktop. WhatsApp has.
No break-in key-recovery. WhatsApp has.
Inferring Telegram's security from public statements of *checks notes* former KGB officer and FSB director -- agencies that wrote majority of the literature in maskirovka, isn't exactly reliable, wouldn't you agree?
Telegram has private chats. I don't pay attention to his words, indeed. Way before the Ukrainian war, Russia had a massive campaign trying to block Telegram and they failed on a technical level. This has never happened with WhatsApp.
The reality that most encryption enthusiasts need to accept is that true E2EE where keys don’t leave on-device HSMs leads to terrible UX — your messages are bound to individual devices. You’re forced to do local backups. If you lose your phone, your important messages are gone. Lay users don’t like this and don’t want this, generally.
Everything regarding encrypted messaging is downstream of the reality that it’s better for UX for the app developer to own the keys. Once developers have the keys, they’re going to be compelled by governments to provide them when warrants are issued. Force and violence, not mathematical proofs, are the ultimate authority.
It’s fun to get into the “conspiratorial” discussions, like where the P-256 curve constants came from or whether the HSMs have backdoors. Ultimately, none of that stuff matters. Users don’t want their messages to go poof when their phone breaks, and governments will compel you to change whatever bulletproof architecture you have to better serve their warrants.
Frankly the wrench-attack is easier.
> US reportedly investigate claims that Meta can read encrypted WhatsApp messages
Lol, Fox guarding the hen house.
I mean at the very least if their clients can read it then they can at least read it through their clients, right? And if their clients can read it’ll be because of some private key stored on the client device that they must be able to access, so they could always get that. And this is just assuming that they’ve been transparent about how it’s built, they could just have backdoors on their end.
they can also just .. brute force passwords. the pin to encrypt fb messenger chat is 6 digits for example.
but that is a pin and can be rate limited / denied, not a cryptograhpic key that can be used to brute force and compare hash generations (?)
7 replies →
What even are these low effort, uninformed conspiratorial comments saturating the comment section?
Sure, Meta can obviously read encrypted messages in certain scenarios:
- you report a chat (you're just uploading the plaintext)
- you turn on their AI bot (inference runs on their GPUs)
Otherwise they cannot read anything. The app uses the same encryption protocol as Signal and it's been extensively reverse engineered. Hell, they worked with Moxie's team to get this done (https://signal.org/blog/whatsapp-complete/).
The burden of proof is on anyone that claims Meta bypassing encryption is "obviously the case."
I am really tired of HN devolving into angry uninformed hot takes and quips.
I mean no shit, right?
Zuck didn't buy it in good faith. It wasn't "we'll grow you big by using our resources but be absolutely faithful to the privacy terms you dictate". Evidence: Brian Acton very publically telling people that they (Zuck, possibly Sandberg) reneged
Zuck thinks we're "dumb fucks". That's his internet legacy. Copying products, buying them up, wiping out competition
I'm shocked, shocked! that there's gambling going on here ...
[dead]
Anyone trusting Facebook to follow basic human decency and, yes, laws, is a fool.
Maybe so, but please don't post unsubstantive comments to Hacker News. We're trying for something different here.
Point taken, but I feel like going into details at this stage is redundant. There have been probably hundreds of discussions on this site regarding this topic. Books have been written about Facebook's and Zuckerberg's absent moral compass. To wit, from three days ago:
https://www.msn.com/en-in/money/news/meta-ceo-mark-zuckerber...
"While Zuckerberg reportedly wanted to prevent "explicit" conversations with younger teens, a February 2024 meeting summary shows he believed Meta should be "less restrictive than proposed" and wanted to "allow adults to engage in racier conversation on topics like sex." He also rejected parental controls that would have let families disable the AI feature entirely. Nick Clegg, Meta's former head of global policy, questioned the approach in internal emails, asking if the company really wanted these products "known for" sexual interactions with teens, warning of "inevitable societal backlash."
Anyone blindly believing every random allegation is also a fool, especially when the app in question has been thoroughly reverse engineered and you can freely check for yourself that it's using the same protocol as Signal for encryption
Allegations against a company who circumvented Android's security to track users?
I don't have any proof that Meta stores WhatsApp messages but I feel it in my bones that at the very least tried to do so. And if ever that comes to light, precisely nobody will be surprised.
https://cybersecuritynews.com/track-android-users-covertly/
2 replies →
That raises the question of why not just use Signal and avoid a company whose founder thinks we're all "dumbfucks" and has a long history of scandals and privacy violations?
The evidence is pretty clear that Facebook wants to do everything they legally can to track and monitor people, and they're perfectly okay crossing the line and going to court to find the boundaries.
Using a company like that for encrypted messaging seems like an unnecessary risk. Maybe they're not decrypting it, but they're undoubtedly tracking everything else about the conversation because that's what they do.
They got caught torrenting unbelievable amounts of content, an act that committed even just a few times can get my home Internet shut down with no recourse (best outcome). Literally nothing happened. Combine the fact that nothing legally significant ever happens to them with zuckerburg’s colossal ego and complete lack of ethical foundation, and you have quite the recipe.
And I’m not even getting into the obvious negative social/political repercussions that have come directly from Facebook and their total lack of accountability/care. They make the world worse. Aside from the inconvenience for hobbyist communities and other groups, all of which should leave Facebook anyway, we would lose nothing of value if Facebook was shut down today. The world would get slightly better.
>an act that committed even just a few times can get my home Internet shut down with no recourse (best outcome).
No, the best (and also most likely) outcome is you using a VPN and nothing happens, like 99.9% of pirates out there.
>Literally nothing happened.
Isn't there a lawsuit in the works?
4 replies →
> Literally nothing happened.
The true wealthy live by an entirely different set of rules than the rest of us, especially when they are willing to prostrate themselves to the US President.
This has always been true to some degree, but is both more true than ever (there used to be some limits based on accepted decorum) plus they just dont even try to hide it anymore.
1 reply →
Surprised pikachu face
Of course they can. Why wouldn't you assume this to be the case?
if anybody believes that Facebook would allow people to send a totally encrypted message to somebody, they're out of their mind. they're pretty much in bed with law enforcement at this point. I mean I don't know how many people have been killed in Saudi Arabia this year for writing Facebook messages to each other that were against what the government wanted but it's probably a large number.
This reads like another low effort conspiratorial comment.
WhatsApp has been reverse engineered extensively, they worked with Moxie's team to implement the same protocol as Signal, and you can freely inspect the client binaries yourself!
If you're confident this is the case, you should provide a comment with actual technical substance backing your claims.
This should surprise nobody. Do you really think that the intelligence agencies of the US etc would allow mainstream E2E encryption? Please stop being so naive
yes, this is a very known fact that it is not E2EE but Client2Server Encrypted. Otherwise your message history wouldn't work.
I guess I owe a clarification: Otherwise your message history wouldn't be available the moment you log in with your credentials*.
Might be a rookie question. But exactly why would chat history not work?
It would, just not on new devices without moving keys via already-trusted device. This is what WhatsApp presumably does
1 reply →
This is a total misunderstanding of how E2EE works.
I need to either enter my password or let the app access my iCloud Keychain to let it derive the backup encryption key.
It's also well known that they worked with the Moxie's team to implement the same E2EE protocol as Signal. So messages are E2EE as well.