even better - as far as I am aware the client isn’t open (and even if it were, is your installed build from the same source?).
so, even if the keys are local only, who says there isn’t a hidden API that simply sends locally decrypted content back to a remotely calling endpoint?
The most important question to ask when evaluating end-to-end encryption: who manages the keys?
If Facebook manages all of the keys and is responsible for telling which public key belongs to who, then of course Facebook can read every message.
oh lol. the trust chain is harder and harder to verify these days. i miss the good old days where I would write emails in vi and encrypt with gpg.
I still write emails with vi. but I lost touch with the one other friend I had who how to use gpg 😂😂😂
There are dozens of us! Dozens!
Cory Doctorow still uses pgp if you email him, I think his key is on his website, IIRC
even better - as far as I am aware the client isn’t open (and even if it were, is your installed build from the same source?).
so, even if the keys are local only, who says there isn’t a hidden API that simply sends locally decrypted content back to a remotely calling endpoint?
thought it was proper e2e
https://signal.org/blog/whatsapp-complete/
but if whatsapp owns both ends, what is stopping them from just reading the decrypted text? i duno crypto good enough
That, and if WhatsApp has the keys, then no amount of encryption is going to help.
If I remember, the allegation was that they did keep all the keys and many employees could request them to decrypt specific sessions.