Comment by dvngnt_

12 hours ago

> nobody should believe for a second that WhatsApp or FB messages are truly E2EE.

Meta still tracks analytics which isn't good for privacy, but I'm not aware of any news of them or 3rd parties reading messages without consent of one of the 1st parties? Signal is probably much better though

5 comments

dvngnt_

Reply
chimeracoder  9 hours ago

> Meta still tracks analytics which isn't good for privacy, but I'm not aware of any news of them or 3rd parties reading messages without consent of one of the 1st parties? Signal is probably much better though

Correct. WhatsApp uses the Signal protocol, and there is zero evidence of them reading message contents except with the consent of one of the users involved (such as a user reporting a message for moderation purposes).

(And before anyone takes issue with that last qualifier, consent from at least one party is the bar for secure communications on any platform, Signal included. If you don't trust the person you are communicating with, no amount of encryption will protect you).

Discovering a backdoor in WhatsApp for Facebook/Meta to read messages would be a career-defining finding for a security researcher, so it's not like this is some topic nobody has ever thought to investigate.

pixl97  12 hours ago

>I'm not aware of any news of them

Yet. Until they say "We delete these messages after X time and they are gone gone, and we're not reading them" Assume they are reading them, or will read them and the information just hasn't got out yet.

I mean we keep finding more and more cases where companies like FB and Google were reading messages years ago and it wasn't till now we found out.

  • nindalf  10 hours ago

    > We delete these messages after X time

    They never had the plaintext of the messages in the first place, so they don't need to delete them. That's what end-to-end encrypted means.

    • hogwasher  9 hours ago

      Whether Facebook/Meta can read the plain text of the messages or not depends on whether that encryption is "zero knowledge" or not, aka: does Facebook generate and retain the private encryption key, or does it stay on the users' devices only, never visible to Facebook or stored on Facebook servers?

      In the former case, Facebook can decrypt the messages at will, and the e2ee only protects against hackers, not Facebook itself, nor against law enforcement, since if Facebook has the decryption key they can be legally compelled to hand it over (and probably would voluntarily, going by their history).

    • pixl97  6 hours ago

      They don't need the plaintext if they have your key. Since they wrote the application you have zero clue if they do or not.