- cross-posted to:
- privacy@programming.dev
- cross-posted to:
- privacy@programming.dev
A 10-month Commerce Department probe concluded Meta could view all WhatsApp messages in unencrypted form
A 10-month Commerce Department probe concluded Meta could view all WhatsApp messages in unencrypted form
The easiest implementation of this is that the recipient of an infringing message flags it from its local client. At that point it’s not encrypted if their claim of e2ee is true.
It also means that only parties involved in the message exchange can flag / report them.
Corporations are often not so monolithic ; the guys doing abuse are likely not the one who try to milk users (looking at you marketing).
I don’t want to defend whatsapp, but if messages are actually properly end to end encrypted, but one of the recipients (one of the ends) knowingly shares it (e.g. with the report function), that is still end to end encryption.
don’t be surprised if signal or matrix implements this. I’m strongly against scanning messages, but if the recipient willfully decides so, they should be able to share a message with moderators. that would be an actual tool against actual pedophiles, and scammers.
but this can only work safely if the client is not sending the decrypted message, because it could modify it, but instead it sends the decryption keys for it. both signal and matrix are regularly rotating the keys, so it wouldn’t grant the moderators to read all messages, but it would grant them the ability to see what was actually sent. with that the client should also show how far into the past messages will be revealed to moderators, so they can decide if that’s ok for them.
Yup we agree on that. This pattern is actually the most sensible approach to support privacy. Whatever happens in transmission.