This is a most excellent place for technology news and articles.
Call me old fashioned but I really think that for real E2EE the vendor of the encryption and the vendor of the infrastructure should be two different entities.
For example PGP/GPG on … great! Proton? Not great
Jabber/XMMP with e2ee encryption great! WhatsApp/Telegram/signal… less so (sure I take signal over the other two every day… but it’s enough to compromise a single entity for accessing the data)
Okay Old Fashioned, but doesn't open source encryption audited by a third party solve this problem? Signal protocol for example? Also proton, I'm guessing, but I'm too lazy to check
Unfortunately even the best intentioned and best audited project can be compromised. So that is not a guarantee (sure, much better than closed source but that is a given)
You may be forced by a rubber hose attack (or legal one) to insert vulnerabilities in your code… and you have the traffic… a single point to attack… signal/proton/etc
Is it possible with two different vendors? Sure it is but it is way more complicated
Cynical me would say they don't have to use the code they put up on GitHub in production.
By this logic, can we trust any open source software, even if they claim to use some third party encryption? They could say they're using a super secure encryption, even show it implemented in their open source code base, then just put the other, secret evil backdoor code base in production? Is there a way for any open source project to prove that the code in their open source repo is the code in production?
If you can self host it, yes. Like matrix
But only if you self-host right? Otherwise who ever hosts the matrix instance can tinker with it.
Correct.
Yep
why
insert pikachushockedface
WhatsApp client is closed source. Any claims around E2EE is pointless, since it's impossible to verify.
For Facebook it doesn't matter if its e2e. They control the client on both sides. They can just let the client sent the clear text data to them.
TMBE
Trust me bro encryption
It's E2EE alright. Just, don't ask what "ends" we're talking about.
Their mouth and Zuckerberg's ass
It would not be surprising if found to be true. Difficult to see how the current business model operates at a profit. Their long term goal is the usual loss leader model until a monopoly is achieved and then slug us with ads, sell all the data, hike the price, etc. Sickening to watch them cosy up to fascists. They are probably supplying any and all the agencies with intelligence scraped from their user base. If Facebook were a person they would be a psychopath.
If Facebook were a person they would be a psychopath.
I mean, Mark Zuckerberg kind of is Facebook, and he's a psycho.
A lot of victim blaming in this thread. Why can't you just be mad for someone who was deceived?
I would argue that the vast majority of users don't use WhatsApp for privacy. In the UK at least, it's just the app everyone has and it works. I've actively tried to move friends over to signal, to limited success, but honestly it can be escaped how encryption is not it's killer IP.
Yup. I use Whatsapp to text my girlfriend and my work uses it as a group chat for road conditions or just shit talking.
If you're using it for secure purposes, you're part of the problem.
What?!! No. The owner of WhatsApp would never lie to us.
