- cross-posted to:
- privacy@programming.dev
- cross-posted to:
- privacy@programming.dev
A 10-month Commerce Department probe concluded Meta could view all WhatsApp messages in unencrypted form
A 10-month Commerce Department probe concluded Meta could view all WhatsApp messages in unencrypted form
I can’t help but notice that in response to people’s concern that Meta may be able to read people’s messages, the Meta spokesperson responds that WhatsApp can’t read them. A little bit of administrative juggling on Meta’s end so that the team with access to the messages doesn’t fall within the WhatsApp department, and both claims could be true.
It’s likely the cloud backups they can read. Encrypted archives are hard to sync across devices while still keeping the same level of security. I always advise against it if you don’t have a good reason to do it.
It’s also all but confirmed that they use on-device keyword recognition for targeted advertising. So if the app can phone home for some keywords, then it can phone home for anything.
But Facebook/“Meta” would never lie.
Oopsie! Hang on, they even lie to lawmakers in case buying them off fails? Bummer!
Seriously: this company needs to be scoured from the face of the earth.
Classic
Profit made from yet more abuse of user data: 500m EUR
Cost of
misleadinglying to lawmakers: 110m EURNet profit: 390m EUR
“We got 'em good, boys! I’m sure they’re never going to try that again!”
Yeah, there are lots of ways for this to be true but misleading:
The communications are not encrypted if they have the keys.
The encrypted communications are not the people’s. By the TOS everything is the property of WhatsApp and they can access their own ‘Business Records’ perfectly legally.
A third party, like a federal agency, isn’t WhatsApp. (WhatsApp can also voluntarily give their ‘Business Records’ to said agencies without warrant or subpoena.)
Meta isn’t WhatsApp.
An internal project with an undisclosed codename isn’t WhatsApp.
Nitpicking; even if they have the keys, the messages can be encrypted. It’s just worthless as they can now decrypt them.
Sure, when they say WhatsApp can’t access the encrypted messages they could mean that Meta/another internal group has access to the encrypted messages and they decrypt them in order to provide them to WhatsApp/whoever.
(Obviously, as someone pointed out, this is all assuming that he’s telling the truth in some legalistic way and not just flat out lying.)
My favorite option is that they don’t access the encrypted communications, they access messages before encryption takes place and send copies home for safe keeping. With a closed source client they can do anything they want to the plaintext even if they handle the ciphertext appropriately.
Yeah, that or either of the ends is compromised by one of the various commercial spyware which offers zero-click installation of their software or the person you’re talking to is intentionally recording the messages.
End-to-End encryption only protects you from someone eavesdropping on the communication on the line. It doesn’t secure the endpoints or make the participants trustworthy.
Which end is the encrypted end lmao
Are you telling me that the company that hosts “free” not propaganda services and has been caught repeatedly stealing all possible data including data about women and presumably girls’ periods and has been caught in one of the largest data manipulation scandals this century could be betraying my trust with their “vawwy vawwy pwivate and vawwy vawwy encwypted” closed source and again operated by the most sinister motherfuckers of all time messaging app???
I. Am. Shocked.
I’m also looking for a bridge on the cheap if you guys have any leads.
C’mon. It’s not that hard. You’re making the assumption that Andy Stone is telling the truth, with a gotchya astrict.
What if…the big business just…LIES???
The best lies have some kind of truth in them. Half truths are way more effective than complete falsehoods.
Asterisk? This little fella? *
Nah, probably meant the other little fella - Asterix the Gaul.
Then they might get in trouble for false advertising.
In what world do you live where billionsires face actual consequences?
Worst case scenario, Meta pays a small fine, and doesn’t even blink. The day just goes on.
I mean yeah, but they’d usually not pay even a small fine (or pay for legal proceedings), so it’s a lot more efficient to use conveniently placed loopholes.
GDPR has entered the chat
…assuming the EU representatives have some balls
Let’s hope!!