- cross-posted to:
- privacy@programming.dev
- cross-posted to:
- privacy@programming.dev
A 10-month Commerce Department probe concluded Meta could view all WhatsApp messages in unencrypted form
A 10-month Commerce Department probe concluded Meta could view all WhatsApp messages in unencrypted form
Yeah, there are lots of ways for this to be true but misleading:
The communications are not encrypted if they have the keys.
The encrypted communications are not the people’s. By the TOS everything is the property of WhatsApp and they can access their own ‘Business Records’ perfectly legally.
A third party, like a federal agency, isn’t WhatsApp. (WhatsApp can also voluntarily give their ‘Business Records’ to said agencies without warrant or subpoena.)
Meta isn’t WhatsApp.
An internal project with an undisclosed codename isn’t WhatsApp.
Nitpicking; even if they have the keys, the messages can be encrypted. It’s just worthless as they can now decrypt them.
Sure, when they say WhatsApp can’t access the encrypted messages they could mean that Meta/another internal group has access to the encrypted messages and they decrypt them in order to provide them to WhatsApp/whoever.
(Obviously, as someone pointed out, this is all assuming that he’s telling the truth in some legalistic way and not just flat out lying.)
My favorite option is that they don’t access the encrypted communications, they access messages before encryption takes place and send copies home for safe keeping. With a closed source client they can do anything they want to the plaintext even if they handle the ciphertext appropriately.
Yeah, that or either of the ends is compromised by one of the various commercial spyware which offers zero-click installation of their software or the person you’re talking to is intentionally recording the messages.
End-to-End encryption only protects you from someone eavesdropping on the communication on the line. It doesn’t secure the endpoints or make the participants trustworthy.
Which end is the encrypted end lmao