For open source messengers, you can check whether they actually encrypt your messages and whether the server has access to your encryption keys but what about WhatsApp? Since it’s not open source, you can’t be sure that the encryption keys aren’t sent to the server, right? Has there been a case where a government was able to access WhatsApp chats without reading them from the phone itself?

  • Kusimulkku@lemm.ee
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    I feel like this needs some sort of citation for it. I know some suspect the claims about E2EE are bogus but I haven’t seen actual proof about it.

          • Kusimulkku@lemm.ee
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            1 year ago

            As far as I know the private keys are kept on the device and the app generates them. That’s how Signal protocol works afaik. Do you have something to show that it’s not the case for WhatsApp since stuff I searched for seemed to claim that’s the case.

            • EveryMuffinIsNowEncrypted
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              So, I looked it up and according to the official Whatsapp FAQ, the keys are indeed stored locally.

              WhatsApp has no ability to see the content of messages or listen to calls that are end-to-end encrypted. That’s because the encryption and decryption of messages sent and received on WhatsApp occurs entirely on your device. Before a message ever leaves your device, it’s secured with a cryptographic lock, and only the recipient has the keys. In addition, the keys change with every single message that’s sent.

              Still, considering WhatsApp is owned by Facebook, I wouldn’t trust them. Their whole business model has always been about harvesting as much data as they can. I wouldn’t be surprised if this turns out to be a total lie.

              • Kusimulkku@lemm.ee
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                For sure they’re not trustworthy and can’t really verify either since it’s proprietary app. But I mean more that unless they’ve specifically made some changes, the keys are stored locally. And afaik we don’t really know of cases proving that they are lying about that.

                • EveryMuffinIsNowEncrypted
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  edit-2
                  1 year ago

                  Fair enough, I guess. Still, in my honest opinion, it’s not worth it. They’ve already long since betrayed my trust, so they could say the sky is blue and I still wouldn’t trust them. Lol.

    • megopie
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I mean, they definitely use end to end encryption. The problem is that they’ve done nothing would convince people they’re not harvesting the content of the messages in the app before it’s encrypted and sent. And there is a long history of them handing over decrypted information to law enforcement upon request, without warrant.

      • Kusimulkku@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        The problem is that they’ve done nothing would convince people they’re not harvesting the content of the messages in the app before it’s encrypted and sent.

        I assumed it was a more solid case than just that it’s technically possible. I was hoping for cases where we know they’ve done it.

        And there is a long history of them handing over decrypted information to law enforcement upon request, without warrant.

        Does that include message content though? That’s sorta the crux of what we’re talking about. Metadata for sure, but whether we know that they can read our message content, that’s afaik still unclear.