top | item 45174478

(no title)

wordofx | 5 months ago

So much for that e2e encryption that HN claimed was so good and that META couldn’t possibly use what’s app messages to do advertising from.

discuss

alaq|5 months ago

Messages are e2e and WA doesn't have access to them. We're talking about the metadata here.

From the article: > including contact information, IP addresses and profile photos

I can confirm this, I used to work at WhatsApp.

const_cast|5 months ago

> Messages are e2e and WA doesn't have access to them. We're talking about the metadata here.

You're still just blindly trusting this is the case. You can't verify the encryption or any of the code.

It would be trivial to actually encrypt the message and send it out and then store an unecrypted version locally and quietly exfiltrate it later.

They have to already be storing an unecrypted version locally, because you can see the messages. So unless your analyzing packets on the scale of months or years, you cannot possibly know that it isn't being exfiltrate at some point.

Take it a step further: put the extiltration behind a flag, and then when the NSA asks, turn on the flag for that person. Security researchers will never find it.

roelschroeven|5 months ago

We don't really know that messages really are end-to-end encrypted though, do we? Is there a way to actually check that the messages in transit are encrypted in a way that only the other end can decrypt them? If not, we have to take Meta's word for it, which frankly doesn't carry much weight.

wordofx|5 months ago

Meta/WA. Same thing. Might have worked at WhatsApp but FB still advertises based on conversation content.

tamimio|5 months ago

HN isn’t monolith, I personally never said WhatsApp is good, and I’m telling you from now avoid Signal too till they remove the phone number requirement AND you can deploy your own server.