pull down to refresh

203 sats \ 6 replies \ @ek 27 Jan \ on: Lawsuit Alleges That WhatsApp Has No End-to-End Encryption news tech

As much as I’d love this to be true, I have to be very critical of any evidence claiming that WhatsApp is not secure.

The lawsuit does not provide any technical details to back up the rather sensational claims.

Is their implementation of the Signal protocol broken? Are they not using the Signal protocol?

Without answers to these questions, I have to assume that anybody could make these claims. Plausible, but without substance.

The same applies to this:

Pavel Durov, CEO of rival messaging app Telegram, also weighed in-. "You’d have to be braindead to believe WhatsApp is secure in 2026," he tweeted. "When we analyzed how WhatsApp implemented its 'encryption,' we found multiple attack vectors."

Ok, cool, guy from messenger, which doesn’t even encrypt chats by default. Where’s your analysis?

write
preview
some territories are moderated
152 sats \ 1 reply \ @anon 27 Jan

Sure, the content is encrypted in transit, but not at the endpoints

If you control the app (or the device, eg for non graphene phones) you see everything in cleartext

reply
102 sats \ 0 replies \ @ek 27 Jan

Fair! This should be another question then: Is this lawsuit implying that Meta is using client-side scanning?

reply
100 sats \ 2 replies \ @Scoresby OP 27 Jan

You make a fair point. Words are wind, as they say. When I read the description in the article describing workers at Meta requesting access from "engineering," I did wonder: how come this is the first we are hearing of this? Meta's a big company. Nobody was gossiping about the fact that employees could read users' messages? Seems like we would have heard about it by now if it was true.

On the other hand: isn't WhatsApp closed source? Aren't users already playing trust me bro with them?

reply
169 sats \ 1 reply \ @ek 27 Jan
isn't WhatsApp closed source? Aren't users already playing trust me bro with them?

Yes and yes.

My main argument is, or was, that the burden of proof that WhatsApp is not secure should be on the one claiming it’s not.

But now that I have written this out, I’m not so sure anymore. ¯\_(ツ)_/¯

reply
0 sats \ 0 replies \ @kepford 28 Jan

Its closed source and that is why people should not trust it. Even if it wasn't a Meta product.

reply
0 sats \ 0 replies \ @kepford 28 Jan

Yeah, what @ek said. But... I'm not using WhatsApp or Telegram.

reply