Comment by throwawayffffas
2 days ago
The whole point of end to end encryption is that providers cannot comply with police request to access conversations. A properly secured system would make it impossible without compromise of your device. Now i don't know what signal does, but I am almost certain WhatsApp can just lie about your contacts keys and man in the middle the connection.
> Now i don't know what signal does
That makes me question how much you know about end-to-end encrypted messengers, because Signal is the gold standard.
> I am almost certain WhatsApp can just lie about your contacts keys and man in the middle the connection.
The problem there is that WhatsApp is not open source, so you can't check. So obviously you have to trust. But there are many, many employees who have access to the WhatsApp sources, so if it was not implementing what it says it is, chances are that someone would have said it. Also thanks to the EU DMA we have some protocol published by WhatsApp.
> But there are many, many employees who have access to the WhatsApp sources, so if it was not implementing what it says it is, chances are that someone would have said it.
No one in Microsoft, Yahoo, Google, Facebook, AOL, Skype, or Apple said anything about PRISM. We had to wait for the NSA whistleblower. So the argument someone would say something does not really stand up to historical precedent.
I looked a bit into it and yeah they have a key transparency mechanism where they store a blockchain on s3.
So supposedly they can't just add a key for a user in secret. But still what if they do it in public does the client refuse to send messages to new keys?
It's not like we are all spending all our time going over a random s3 bucket to say `Aha, I am sure Bob didn't add this new key because he logged in from his desktop. It has to be a man in the middle`
Can they just siphon keys of your device? Can they just deploy a special version to just your device without the vast majority of engineers in meta even knowing about the compromised version? No one knows. Well no one in public.
The gold standard would be personally managed keys, exchanged and signed by your contacts in person, open source software that is not auto-updating, distributed over a channel that does not know your identity.
> It's not like we are all spending all our time going over a random s3 bucket to say `Aha, I am sure Bob didn't add this new key because he logged in from his desktop. It has to be a man in the middle`
That's not how key transparency works. The whole point of key transparency is that you don't have to do that.
If you are into manually checking that you have the right key, you can do it by scanning a QR code (or exchanging the key manually through some trusted channel), both on Signal and WhatsApp.
> Can they just siphon keys of your device?
Whoever hacks your device can read the messages, end-to-end encryption protects the data in transit, not at rest.
> Can they just deploy a special version to just your device
If you get WhatsApp through the Play Store, they would need to collude with Google to do that. But it is technically possible. If you get WhatsApp on the web it's a lot easier though: they can just serve you a different codebase this one time. BTW ProtonMail can do that too, or any webapp. Which I assume is why Signal doesn't have a web version.
> The gold standard would be personally managed keys, exchanged and signed by your contacts in person, open source software that is not auto-updating, distributed over a channel that does not know your identity.
You can get the sources of Signal, audit them yourself, compile them yourself, and verify the key with your contacts through a trusted channel (in person if you like). That is already possible.
> No one in Microsoft, Yahoo, Google, Facebook, AOL, Skype, or Apple said anything about PRISM
I think it is pretty different. Was PRISM available in the code source in the mono repo of all those companies? WhatsApp is.
[dead]