For open source messengers, you can check whether they actually encrypt your messages and whether the server has access to your encryption keys but what about WhatsApp? Since it’s not open source, you can’t be sure that the encryption keys aren’t sent to the server, right? Has there been a case where a government was able to access WhatsApp chats without reading them from the phone itself?
I feel like this needs some sort of citation for it. I know some suspect the claims about E2EE are bogus but I haven’t seen actual proof about it.
I mean, they definitely use end to end encryption. The problem is that they’ve done nothing would convince people they’re not harvesting the content of the messages in the app before it’s encrypted and sent. And there is a long history of them handing over decrypted information to law enforcement upon request, without warrant.
I assumed it was a more solid case than just that it’s technically possible. I was hoping for cases where we know they’ve done it.
Does that include message content though? That’s sorta the crux of what we’re talking about. Metadata for sure, but whether we know that they can read our message content, that’s afaik still unclear.
Yes, what’s app messaging specifically has a long history under Facebook of giving away user data like candy to anyone who wants it, including the content of private messages. It’s been shown repeatedly and is common knowledge yet they still have yet to do anything to prevent it. this here is a declassified internal document from the FBI highlighting what they have access to and what level of legal request they need for what. Notably message content requires no legal request to access
I think that photo goes against the claim that WhatsApp can decrypt or otherwise easily get access to message content
Also was that before the full encryption of the backups? Someone else posted a study about their backup encryption where they concluded that it at least seemed secure (with the caveat of it being a proprietary app).
It’s not enough to have it be E2E-encrypted; E2E means nothing if the decryption keys are not stored locally.
And aren’t they?
They are not.
As far as I know the private keys are kept on the device and the app generates them. That’s how Signal protocol works afaik. Do you have something to show that it’s not the case for WhatsApp since stuff I searched for seemed to claim that’s the case.
So, I looked it up and according to the official Whatsapp FAQ, the keys are indeed stored locally.
Still, considering WhatsApp is owned by Facebook, I wouldn’t trust them. Their whole business model has always been about harvesting as much data as they can. I wouldn’t be surprised if this turns out to be a total lie.
For sure they’re not trustworthy and can’t really verify either since it’s proprietary app. But I mean more that unless they’ve specifically made some changes, the keys are stored locally. And afaik we don’t really know of cases proving that they are lying about that.
Fair enough, I guess. Still, in my honest opinion, it’s not worth it. They’ve already long since betrayed my trust, so they could say the sky is blue and I still wouldn’t trust them. Lol.