A 10-month Commerce Department probe concluded Meta could view all WhatsApp messages in unencrypted form
“The claim that WhatsApp can access people’s encrypted communications is patently false,” Meta spokesperson Andy Stone said. He added that the bureau had already “disavowed this purported investigation, calling its own employee’s allegations unsubstantiated.”
I can’t help but notice that in response to people’s concern that Meta may be able to read people’s messages, the Meta spokesperson responds that WhatsApp can’t read them. A little bit of administrative juggling on Meta’s end so that the team with access to the messages doesn’t fall within the WhatsApp department, and both claims could be true.
Yeah, there are lots of ways for this to be true but misleading:
The communications are not encrypted if they have the keys.
The encrypted communications are not the people’s. By the TOS everything is the property of WhatsApp and they can access their own ‘Business Records’ perfectly legally.
A third party, like a federal agency, isn’t WhatsApp. (WhatsApp can also voluntarily give their ‘Business Records’ to said agencies without warrant or subpoena.)
Meta isn’t WhatsApp.
An internal project with an undisclosed codename isn’t WhatsApp.
C’mon. It’s not that hard. You’re making the assumption that Andy Stone is telling the truth, with a gotchya astrict.
What if…the big business just…LIES???
The best lies have some kind of truth in them. Half truths are way more effective than complete falsehoods.
a gotchya astrict
Asterisk? This little fella? *
Then they might get in trouble for false advertising.
In what world do you live where billionsires face actual consequences?
Worst case scenario, Meta pays a small fine, and doesn’t even blink. The day just goes on.
I mean yeah, but they’d usually not pay even a small fine (or pay for legal proceedings), so it’s a lot more efficient to use conveniently placed loopholes.
If you can’t see the code (closed source) then treat it as they’re lying and it isn’t end to end encrypted
The most important question to ask when evaluating end-to-end encryption: who manages the keys?
If Facebook manages all of the keys and is responsible for telling which public key belongs to who, then of course Facebook can read every message.
oh lol. the trust chain is harder and harder to verify these days. i miss the good old days where I would write emails in vi and encrypt with gpg.
I still write emails with vi. but I lost touch with the one other friend I had who how to use gpg 😂😂😂
There are dozens of us! Dozens!
Cory Doctorow still uses pgp if you email him, I think his key is on his website, IIRC
even better - as far as I am aware the client isn’t open (and even if it were, is your installed build from the same source?).
so, even if the keys are local only, who says there isn’t a hidden API that simply sends locally decrypted content back to a remotely calling endpoint?
thought it was proper e2e
https://signal.org/blog/whatsapp-complete/
but if whatsapp owns both ends, what is stopping them from just reading the decrypted text? i duno crypto good enough
That, and if WhatsApp has the keys, then no amount of encryption is going to help.
If I remember, the allegation was that they did keep all the keys and many employees could request them to decrypt specific sessions.
If you still use faecesbook products, you’re an idiot.
