Conversation

Notices

1. Embed this notice
   翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Friday, 14-Feb-2025 10:15:30 JST 翠星石

   in reply to

   • Dave Lane :flag_tino: 🇳🇿
   • EVERYTHING'S COMPUTER
   @lightweight @be It's end-to-end encrypted, except probably with a mistake in the e2e implementation and there's meta's backdoor at each end, so yes meta can see all the messages after they get decrypted.
   • Embed this notice
     Dave Lane :flag_tino: 🇳🇿 (lightweight@mastodon.nzoss.nz)'s status on Friday, 14-Feb-2025 10:15:33 JST Dave Lane :flag_tino: 🇳🇿

     in reply to

     • EVERYTHING'S COMPUTER

     @be bingo - I suspect that because Meta controls both ends of every communication via WhatsApp, there're ways they could 'legitimately' claim 'E2EE' while still having full knowledge of the content of each communication (e.g. having 2 streams of data going via their central server, one E2EE, the other split at the server). & yes, I believe Signal has fewer negative incentives plus there seem to be possible alternate llibre clients (but the central server code is proprietary as I understand it).

   • Embed this notice
     EVERYTHING'S COMPUTER (be@floss.social)'s status on Friday, 14-Feb-2025 10:15:34 JST EVERYTHING'S COMPUTER

     in reply to

     • Dave Lane :flag_tino: 🇳🇿

     @lightweight I completely agree. I never recommend WhatsApp.

     Even if the Signal Protocol is still working the same as they implemented it in 2016, there are so many other privacy concerns with a proprietary client that make the E2EE nearly irrelevant. E2EE is only as secure as the ends.

   • Embed this notice
     Dave Lane :flag_tino: 🇳🇿 (lightweight@mastodon.nzoss.nz)'s status on Friday, 14-Feb-2025 10:15:35 JST Dave Lane :flag_tino: 🇳🇿

     in reply to

     • EVERYTHING'S COMPUTER

     @be in any case, as I say in https://davelane.nz/proprietary, if we're dealing with proprietary clients that we can't build ourselves with a full tool change we can verify ourselves, we're forced to put our trust in 3rd parties with every interest in betraying us if that increases shareholder value. That, to me, is an oppressive liability, which is why, to the extend I can, I avoid being subjected to it.

   • Embed this notice
     Dave Lane :flag_tino: 🇳🇿 (lightweight@mastodon.nzoss.nz)'s status on Friday, 14-Feb-2025 10:15:36 JST Dave Lane :flag_tino: 🇳🇿

     in reply to

     • EVERYTHING'S COMPUTER

     @be yes, I guess my point is that, unless we can see the code that's gone into the actual clients we're using, at both ends, it's impossible to say with confidence that the encryption is sound... The real evidence it's *not* sound is hard to determine for sure, but over time, the weight of evidence might prove it's not (or Meta might be sitting on their knowledge of what's being sent via their messenger for some very high-value situation, e.g. global power dynamics)...

   • Embed this notice
     EVERYTHING'S COMPUTER (be@floss.social)'s status on Friday, 14-Feb-2025 10:15:37 JST EVERYTHING'S COMPUTER

     in reply to

     • Dave Lane :flag_tino: 🇳🇿

     @lightweight There's this, from 2016: https://signal.org/blog/whatsapp-complete/

     Has WhatsApp removed or altered the cryptographic protocol they use since then? I don't think anyone can answer that outside of WhatsApp.

   • Embed this notice
     Dave Lane :flag_tino: 🇳🇿 (lightweight@mastodon.nzoss.nz)'s status on Friday, 14-Feb-2025 10:15:39 JST Dave Lane :flag_tino: 🇳🇿

     The conventional wisdom suggests that WhatsApp provides 'fully encrypted' messaging between parties. I know that the Fediverse has a disproportionately high population of folk with a credible understanding of advanced cryptography... Can any of you tell me whether we can *prove* that the code running in the actual proprietary WhatsApp client is implementing uncompromised end-to-end encryption that only the sending & receiving part(y|ies) can decrypt? Or are we just taking Meta's word for it?