Stories

Lawsuit Alleges That WhatsApp Has No End-to-End Encryption

from the sensational-claims dept.
Longtime Slashdot reader schwit1 shares a report from PCMag: A lawsuit claims that WhatsApp's end-to-end encryption is a sham, and is demanding damages, but the app's parent company, Meta, calls the claims "false and absurd." The lawsuit was filed in a San Francisco US district court on Friday and comes from a group of users based in countries such as Australia, Mexico, and South Africa, according to Bloomberg.

As evidence, the lawsuit cites unnamed "courageous whistleblowers" who allege that WhatsApp and Meta employees can request to view a user's messages through a simple process, thus bypassing the app's end-to-end encryption. "A worker need only send a 'task' (i.e., request via Meta's internal system) to a Meta engineer with an explanation that they need access to WhatsApp messages for their job," the lawsuit claims. "The Meta engineering team will then grant access -- often without any scrutiny at all -- and the worker's workstation will then have a new window or widget available that can pull up any WhatsApp user's messages based on the user's User ID number, which is unique to a user but identical across all Meta products."

"Once the Meta worker has this access, they can read users' messages by opening the widget; no separate decryption step is required," the 51-page complaint adds. "The WhatsApp messages appear in widgets commingled with widgets containing messages from unencrypted sources. Messages appear almost as soon as they are communicated -- essentially, in real-time. Moreover, access is unlimited in temporal scope, with Meta workers able to access messages from the time users first activated their accounts, including those messages users believe they have deleted." The lawsuit does not provide any technical details to back up the rather sensational claims.
Posted by BeauHD a day ago
104
Comments
Help

Comment Moderation

Comments on Slashdot are moderated by users. You may randomly be assigned moderation points as you use the site. If you are, moderate! Read comments (preferably at a low threshold) and when you see comments that are very insightful, or perhaps just plain off topic, select the appropriate option. Moderation is like jury duty: You never know when you'll be selected, and when you get it, you only do it for a little bit.

Show Comments...

  • 5 only
  • 4 and higher
  • 3 and higher
  • 2 and higher
  • 1 and higher
  • 0 and higher
  • -1 and higher
  • Not the first time (+1)

    NotEmmanuelGoldstein a day ago

    Filtered due to preferences.
    We know media corporations are spying on their users: This isn't the first story to reveal one of them pretends to use end-to-end encryption to hide their power over the users and their greed.
    • Re: Not the first time (+2)

      ls671 a day ago

      Filtered due to preferences.

      Just use gpg to send an email, run your mail clients locally and call it a day. We already had this decades ago.

      Of course, it's too complicated for the mere mortals so we need big corporation to come to the rescue.

      • Re: Not the first time (+1)

        gweihir 19 hours ago

        Filtered due to preferences.

        Yes. Run it locally on some OS that does not spy on you and generally prioritizes security and the effort to get into your messages goes through the roof. Unless you are really wanted by somebody with pretty deep pockets, you will be secure.

        • Re: Not the first time (+1)

          angel'o'sphere 18 hours ago

          Filtered due to preferences.

          Perhaps you once should use a chat program.

          For example google "irc" or if you like to run stuff only locally, try "talk", cough cough ...

          Hint: an email is not a chat message.
          EMails are not chatting.

          And: the problem of "end to end encryption" is not solved with eMail ... or are your mails on "what ever your device is" encrypted? Likely they are not ...

          No idea why the internet is full with idiots that propose a solution to a problem, that is completely different.

          q) Hey mate, how can I can pay with my mobile phone via QR codes?

          a) Use cash, idiot!

          Oh, thanks you moron ...

          • Re: Not the first time (+1)

            ls671 17 hours ago

            Filtered due to preferences.

            I am glad you mentioned it. I regularly chat with my team members using ssh to a server running a irc client which is the login shell and the client connects to the local irc server running on the same said server.

            For a quicker and dirtier solution, you mentioned it again, just use talk to avoid setting up a irc server.

            Believe me here, I am not bragging in any way, just sharing my own experience while realizing people will come up with all kinds of no-no and I am willing to accept any objections. In other words, I am just saying. Not trying to convince anybody.

      • Meta? Abusing private data and the lying about it? (+5, Funny)

        spazmonkey a day ago

        Filtered due to preferences.

        Gee, what would lead anyone think they were capable of doing such a thing?

        • The Great Zuck. (+3, Informative)

          geekmux a day ago

          Filtered due to preferences.

          Gee, what would lead anyone think they were capable of doing such a thing?

          I believe the great Harvard-educated philosopher Mark Zuckerberg said it best when he summized to say one fine day, maybe in May..

          ”Dumb fucks.” - Zuck

          • Re: The Great Zuck. (+2)

            gweihir 19 hours ago

            Filtered due to preferences.

            While Zuck-the-Fuck is wrong on many things, on this one he is spot-on.

          • Re: Meta? Abusing private data and the lying about (+1)

            Anonymous Coward a day ago

            Filtered due to preferences.

            Well, the summary says the claims are "sensational". Maybe it was written by Meta

          • End-to-End

            Anonymous Coward a day ago

            Filtered due to preferences.

            Yeah, from your computer to their server and then from their server to the other user's computer. That's what Meta meant by end-to-end encryption. It's not their fault you interpreted it they way you did.

            • Jokes aside: End-to-end (+5, Interesting)

              DrYak a day ago

              Filtered due to preferences.

              Jokes aside:

              - WhatsApp supposedly uses the Signal protocol(*), which is as good as is gets with regards to E2EE

              BUT!...

              - End to end is only as good as the said end-points. In addition to being closed source, the WhatsApp has multiple problems: an AI functionality that needs to send all your chats back to Meta's cloud unencrypted (as it's not relying on locally running models) so the AI can summarize and whatever else shit they are advertising; WhatsApp by default backs its data up onto the cloud, so if you lose your phone you can still recover instead of needing to start a new account from scratch.

              So I presume it's a lawsuit where both parties are technically right:
              - Meta is technically right in affirming that they use the current best standard for E2EE (they mostly are)
              - The plaintiff are right that the clients (Android app, web app, etc.) are completely leaking data in a zillion different ways (what's the point in having the best E2EE if said End is going to blast that precious private information in all possible directions?!)

              ---

              (*): Minus a couple of bits. WhatsApp doesn't use Signal's implementation (sealed sender) to hide the meta data of who is chatting with whom AFAIK they only encrypt the message body; the protocol can work without ever needing phone numbers, Signal client is getting there eventually, WhatsApp isn't touching that either.

              • Re: Jokes aside: End-to-end (+2)

                Pinky's Brain a day ago

                Filtered due to preferences.

                End to end is only as trustworthy as the directory of the public keys. Whatsapp doesn't let you in person verify or notify you when they changed, so Meta can trivially easily MitM.

                • Verifcation (+2)

                  DrYak 21 hours ago

                  Filtered due to preferences.

                  Whatsapp doesn't let you in person verify

                  Tap a user to get their profile.
                  Tap "Encryption"
                  You have the option to scan a QR code or compare key fingerprints.

                  or notify you when they changed,

                  "Your security code with {nickname} change. Tap to learn more."

                  Meta can trivially eawsily MitM

                  Why MitM when they already have plenty of side channels (cloud-based AI; cloud-based backups; and its closed-source so they could probably just inject a backdoor in the next upgrade and nobody can notice, etc.)

                  • Re: Jokes aside: End-to-end (+1)

                    Zero__Kelvin 20 hours ago

                    Filtered due to preferences.
                    You might want to look into how asymmetric public key encryption actually works.
                    • Re: Jokes aside: End-to-end (+2)

                      swillden 19 hours ago

                      Filtered due to preferences.

                      You might want to look into how asymmetric public key encryption actually works.

                      Encryption isn't the problem, it's authentication.

                      Say Bob wants to talk to Alice through WhatsApp. They've never corresponded before. To encrypt a message to Alice, Bob needs Alice's public key. How does he get it? There are two options. Either he looks up Alice's public key on WhatsApp's server, or he sends a request to Alice through WhatsApp's server for her public key. In either case, he gets Alice's public key from WhatsApp.

                      Or, rather, he gets a key that WhatsApp tells him is Alice's public key. How does he know? That is, how does he authenticate the key? Alice has the same problem. She needs Bob's public key. However she gets it, how does she know it's Bob's?

                      WhatsApp can send its own public key to both Bob and Alice, then when Bob sends a message to Alice, encrypted with WhatsApp's public key (which Bob thinks is Alice's), WhatsApp can decrypt the message and re-encrypt it with Alice's public key, and forward the result on.

                      In practice, though, none of that matters because WhatsApp also writes the app. So they can just act as an honest broker of public keys and then have the app forward copies of everything to WhatsApp. I don't know if they're actually doing that, but it seems like that's what's being alleged.

                      BTW, my description above is for "public key encryption", but that's not what anyone actually does any more. What we use instead (and what Signal, and therefore WhatsApp, use) is "hybrid encryption". Specifically, ephemeral-key hybrid encryption. With that, Alice and Bob don't use public keys for encryption at all, and the public keys they advertise to the world are only used for creating digital signatures. Call these "identity keys", because they identify the user. When Bob wants to send Alice a message he generates an ephemeral key pair, signs the ephemeral public key with his identity key and sends it to Alice. Alice verifies the signature so she knows it came from Bob (because she got Bob's identity key from WhatsApp, so she's still fundamentally trusting WhatsApp). Then she generates her own ephemeral key pair, signs the public key, and uses her ephemeral private key with Bob's ephemeral public key to "encapsulate" one or more symmetric keys. Then she sends the signed public key and the encapsulated symmetric key(s) to Bob, who verifies the public key signature and uses Alice's ephemeral public key with his ephemeral private key to de-encapsulate the symmetric key(s). Then, Bob encrypts messages to Alice using a symmetric key and she does the same back. Public/private keys aren't used after the symmetric keys are set up. Oh, and both Alice and Bob discard their ephemeral key pairs and, per the Signal protocol, every time they use a symmetric key they derive a new one from it and discard the old one. All of this discarding of keys provides "forward secrecy", which means that if at any point in time Alice's phone is compromised and all of the keys extracted, the attacker can't decrypt any of the past messages.

                      Very nice security... unless WhatsApp is just caching a copy of all the message plaintext on their servers.

                      • Re: Jokes aside: End-to-end (+1)

                        Zero__Kelvin 17 hours ago

                        Filtered due to preferences.
                        I'm going to assume you didn't read the post to which I replied.
                        • Re: Jokes aside: End-to-end (+1)

                          swillden 16 hours ago

                          Filtered due to preferences.

                          I'm going to assume you didn't read the post to which I replied.

                          I certainly did. Pinky's Brain made an excellent point about how Meta can trivially MITM end to end encryption unless there's a way to authenticate the other person's public key. He was entirely correct, and you were incorrect to dismiss his comment, which was the point of my reply -- to educate you (and anyone else interested) on why he was right.

                          • Re: Jokes aside: End-to-end (+1)

                            Zero__Kelvin 16 hours ago

                            Filtered due to preferences.
                            If they don't have my private key and the recipients private key then how exactly do you expect them to MITM it? If what you are saying was true then the entire banking industry would collapse. You do know that having the wrong public key doesn't allow you to decrypt the message, right? This is literally why PKI works.
                            • Re: Jokes aside: End-to-end (+1)

                              swillden 14 hours ago

                              Filtered due to preferences.

                              If they don't have my private key and the recipients private key then how exactly do you expect them to MITM it? If what you are saying was true then the entire banking industry would collapse. You do know that having the wrong public key doesn't allow you to decrypt the message, right? This is literally why PKI works.

                              You need to read my previous post, and understand it.

                              The reason MITM isn't a problem for online banking (and TLS in general) is certificate authorities. As I said, it's an authentication problem. For web servers (and other TLS uses) what you need to verify (authenticate!) is that the public key the server handed you belongs to the site your browser thinks it's talking to. To make that work, the public key comes in a certificate that (a) contains the domain name of the server and (b) is signed by a trusted certificate authority. Your browser comes with a pre-installed list of trusted CA public keys, which it can use to verify those signatures.

                              So, as long as CAs only sign certs when they've verified that the private key is owned by the same entity that controls the server, it's secure. And with a few significant exceptions, they have been quite good about that, at least to the extent of it not being possible for entities other than nation-state intelligence agencies to subvert the CAs. I don't know that nation-state intelligence agencies do this, but I'm pretty sure they could. But they have no interest in your bank account, at least not enough interest to be willing to divulge the fact that they can MITM TLS connections. There are also some other mitigations in use that make this harder and riskier for them (notably, Certificate Transparency; Google it if you're interested).

                              At the risk of appearing to argue from authority, I've been a professional cryptographic security engineer for over 30 years, the last 15 of which were as a crypto security engineer at Google, designing and building a lot of the stuff that makes the net work, including widely-used international standards that have stood up to academic cryptanalysis. I'm always happy to answer questions and explain things, but your starting assumption should be that I know what I'm talking about. I certainly make mistakes, but this stuff is super basic.

                              • Re: Jokes aside: End-to-end (+1)

                                Zero__Kelvin 12 hours ago

                                Filtered due to preferences.
                                I see where you are coming from on this, and I misspoke failing to consider that in the WhatsGarbage scenario Meta functions as their own CA. It's no excuse but I read Schneier's "Secrets and Lies" circa 2000 and was apparently misremembering. I could have sworn there was a way to do key negotiation without a CA.
                    • Re: Jokes aside: End-to-end (+1)

                      swillden 19 hours ago

                      Filtered due to preferences.

                      End to end is only as trustworthy as the directory of the public keys. Whatsapp doesn't let you in person verify or notify you when they changed, so Meta can trivially easily MitM.

                      This is true, but DrYak's point is that doesn't matter if the two ends are just uploading all of the data back to Meta after the safely-encrypted copy is received. They don't need to MITM the connection. If WhatsApp allows out-of-band fingerprint verification, MITM wouldn't even work.

                    • Re: Jokes aside: End-to-end (+2)

                      Pinky's Brain a day ago

                      Filtered due to preferences.

                      Signal is never letting go of phonenumbers, it's why they glow in the dark.

                      The encryption is secure, but they do no traffic obfuscation and with a little traffic analysis and the phonenumber requirement it's trivial for NSA to build a social network with real names.

                      If you can't do traffic analysis near Signal's servers and don't have widerange access to mobile phone IP/number/name data, it's very secure ... the NSA can and for them Signal is a treasure trove of metadata (see the paper "I still know what you did last summer" for instance). Funny how that worked out.

                    • Re: End-to-End (+1)

                      flyingfsck a day ago

                      Filtered due to preferences.
                      It is a new innovation: End to end to end encryption.
                    • Couldn't happen to a nicer mob

                      Anonymous Coward a day ago

                      Filtered due to preferences.

                      TFS does not surprise me in the least.

                      When marketing say "end-to-end encryption" they usually mean that the apps use TLS to communicate with the backend servers, or that the data is encrypted at rest in Azure/S3 blobs/buckets (and the keys are accessible to... who?). The data is not actually end-to-end encrypted or it would be a lot more difficult to establish communications with new users.

                      • Re: Couldn't happen to a nicer mob (+3, Insightful)

                        Anonymous Coward a day ago

                        Filtered due to preferences.

                        Define "end".

                        • Re: Couldn't happen to a nicer mob (+2, Interesting)

                          Anonymous Coward a day ago

                          Filtered due to preferences.
                          The point though is that the original WhatsApp, before it was acquired by Facebook/Meta, did claim true end-to-end encryption. So Zuckerberg had to deliberately order that the safeguards be removed without announcing it to the users.
                          • Re: Couldn't happen to a nicer mob (+3, Informative)

                            Midnight_Falcon a day ago

                            Filtered due to preferences.
                            I don't think that's how it happened at all. Original WhatsApp didn't have E2E encryption. After it's 2014 acquisition, in 2016 they implemented the Open Whisper systems E2E protocol.
                            • Re: Couldn't happen to a nicer mob (+1)

                              thegarbz a day ago

                              Filtered due to preferences.

                              Facebook acquired WhatsApp 2 years before (2014) WhatsApp added End to End encryption (2016).

                              Please stop spreading conspiracy nonsense that is easily disproven.

                              • Re: Couldn't happen to a nicer mob (+1)

                                angel'o'sphere 18 hours ago

                                Filtered due to preferences.

                                The "original" Whats App was not encrypted at all.

                                Did not even use SSL or similar.

                              • Re: Couldn't happen to a nicer mob (+2)

                                ghinckley68 a day ago

                                Filtered due to preferences.

                                I write medical billing software,EMR, and EHR. even in that industry encryption is a joke.
                                1. end to end TLS 1.2 check its end to end encrypted.
                                2. encrypted at rest some type of bult in disc encryption check.

                                With in that world i have in 40 years seen nothing encrypted any were. I work for fortune 10 companies that do not even hash passwords. If they encrypt credit cards good luck. The we only save the last 4 bullshit. the we only save the token no one saves the token they save the whole danm card and the pin.

                                I pull credit and insurance info and send medical data every were and they is not incline encrytpion or at disc in any of it. and if is there it is only used as vendor lock in. I sse that a lot, if some one leaves one these comanies they will send it all encrypted them hold it for ransom till a payment comes to get the keys. Cause its always when whatever cancled- expried your keey went also and we cont store those. but we can decrypt it for oyu for a but ton of money.

                                shit you not i have seen that non sense so many times. but never once even at the top 10 medical centers in the us and my sofware runs in 4 of them as any hting been encrypted at rest.

                                • Re: Couldn't happen to a nicer mob (+1)

                                  Midnight_Falcon a day ago

                                  Filtered due to preferences.
                                  End to end doesn't mean TLS encapsulated. For the purpose of HIPAA and HITRUST, it means "encryption in transit." That's because data is going to the EMR server/db. In messaging, end to end encryption means encrypted on senders device for decryption only on the receiver's device. So no, having TLS doesn't give you end to end encryption and was never what was meant by WhatsApp when they said they had E2E, you can look at the specs of the Open Whisper Systems and later Signal protocol to see why.
                                • Re: Couldn't happen to a nicer mob (+4, Interesting)

                                  itsme1234 a day ago

                                  Filtered due to preferences.

                                  it would be a lot more difficult to establish communications with new users
                                   

                                  No, encryption between any two (initially unknown) parties is a solved cryptographical problem (and when well implemented it would survive any sniffing or even active attacks). AUTHENTICATING the other party is the problem and of course you need in this workflow to trust Whatsapp on that, and nobody ever claimed or thought otherwise I bet. It goes without saying that it's on them to insure you are talking to the one who has that phone number - not great security but at least not a random attacker, you also trust it to be that app at the other end not Whatsapp themselves ...

                                  • Not TLS, but still flawed (+3)

                                    DrYak a day ago

                                    Filtered due to preferences.

                                    When marketing say "end-to-end encryption" they usually mean that the apps use TLS to communicate with the backend servers,

                                    That's not the case here. Supposedly (but hard to check as its closed source) WhatsApp uses the Signal protocol for end-2-end encryption which is as good as it gets. BUT the app is still leaking the chat in a zillion different ways.

                                    E.g.: Meta-AI gets CC'd every message because once someone in that group used the "AI summary" functionnality which automatically adds Meta's cloudd as a party to this group.

                                    E.g.: Out of the box, the App backs all its data to the cloud so you can recover your account even if your phone is lost.

                                    • Re: Couldn't happen to a nicer mob (+1)

                                      thegarbz a day ago

                                      Filtered due to preferences.

                                      I take it you can't visit Slashdot because it happens to be an encrypted communication? Of course you can, you're here aren't you. There's a difference between encrypting a message in flight between two parties, and verifying who the parties on either end are. You can easily get two random people to start communicating in an encrypted way without a 3rd party listening in to that conversation. What is not prevented is having a new conversation with that 3rd party.

                                      Encryption != authentication.

                                    • I'm inclined to believe it (+5, Insightful)

                                      sinkskinkshrieks a day ago

                                      Filtered due to preferences.
                                      I worked there. Although there were safeguards against rando engineers stalking celebs or spying for nation states without approval, there were a lot of deceptive practices and attitudes. More details will emerge since this isn't just a news story but a lawsuit which will require proof.
                                      • Re: I'm inclined to believe it (+3, Interesting)

                                        TheMiddleRoad a day ago

                                        Filtered due to preferences.

                                        The backdoor was probably mandated by the feddy gov.

                                        • Re: I'm inclined to believe it (+1)

                                          thegarbz a day ago

                                          Filtered due to preferences.

                                          The backdoor was probably mandated by the feddy gov.

                                          Interestingly Facebook very much went back to feddy gov in front of a judge and told them they can't do this. I hope they can, that way we can throw Zuckerburg in jail for perjury for lying to both the FBI and a federal court.

                                          • Re: I'm inclined to believe it (+2)

                                            illogicalpremise a day ago

                                            Filtered due to preferences.

                                            If they are breaking encrypted chats under an NSA gag order (quite probable) then they are required to lie, even in court or any (public) statements to the FBI. Homeland Security has special courts just for this kind of stuff but nothing that goes on in them is made public. So even if cooperation with the government is proven absolutely nobody is going to jail except the whistleblower.

                                            Honestly, I thought everyone knew this stuff. It's why "canaries" used to be a thing.

                                            Long story short: nothing you send on the internet is truly encrypted unless you do it yourself and even then there are no guarantees. Poisoning encryption standards is also also a known thing the government has been caught doing more than once. Encryption might stop your neighbour snooping on your WIFI but when it comes to what governments are capable of, all bets are off.

                                            Having said that they're not going waste valuable resources like secret encryption backdoors going through your browser history and etsy shopping list. You need to be a pretty big fish for most of this to actually matter. I think a lot of people confuse capability with intent.

                                            • Re: I'm inclined to believe it (+1)

                                              thegarbz a day ago

                                              Filtered due to preferences.

                                              If they are breaking encrypted chats under an NSA gag order (quite probable) then they are required to lie, even in court or any (public) statements to the FBI.

                                              No. The NSA can tell you not to let others know you did something for them, but they can't compel you to lie about your own capabilities to a court or federal agents. They are two different things with different scopes. There was never a question of what the NSA did or didn't ask anyone. The only question was whether Facebook had a certain capability for the FBI and they claimed they did not.

                                              • Re: I'm inclined to believe it (+1)

                                                illogicalpremise a day ago

                                                Filtered due to preferences.

                                                The waters are pretty muddy here. Tangential to whether Meta can be compelled to lie is the unanswered question of whether such compulsion is even required. For all we know Meta would be perfectly happy with that kind of arrangement since it would give them cover for that thing they already wanted to do but got told they weren't allowed (ie, Cambridge Analytica). Maybe they're not afraid to lie to a court because even if the truth came out they can just use national security as a cover story and failing that buy some Trump pardons.

                                              • Lack of information.... (+2)

                                                FrankSchwab a day ago

                                                Filtered due to preferences.

                                                >>> You need to be a pretty big fish for most of this to actually matter.
                                                Ya know, two years ago I would have agreed with you. But today in the USA, it seems like all it requires is voicing an opinion that is contrary to the Government's "Truth":

                                                https://newrepublic.com/post/2...
                                                https://www.nbcnews.com/politi...
                                                https://www.foxnews.com/us/fbi...
                                                https://www.reddit.com/r/polit...
                                                https://www.reddit.com/r/polit...

                                                • Re: I'm inclined to believe it (+1)

                                                  swillden 18 hours ago

                                                  Filtered due to preferences.

                                                  If they are breaking encrypted chats under an NSA gag order (quite probable) then they are required to lie

                                                  Cite? My understanding is that multiple Supreme Court rulings have found that the Free Speech Clause prohibits compelled speech. The government can order you to be silent, but not order you to say things you don't want to say.

                                                  even in court or any (public) statements to the FBI.

                                                  That's a really, really strong claim. Do you have correspondingly-strong evidence?

                                                  Honestly, I thought everyone knew this stuff. It's why "canaries" used to be a thing.

                                                  AFAIK, warrant canaries are still a thing. Some prominent organizations who had them have stopped publishing them, or have modified them to reduce their scope, but the cause of this appears to be that those organizations can no longer claim not to have been served by warrants. They can't be compelled to keep them up, so they have taken them down. The real problem with warrant canaries is that a global canary is only useful until the first warrant is served.

                                            • Re: I'm inclined to believe it (+1)

                                              ghinckley68 a day ago

                                              Filtered due to preferences.

                                              see my post about medical hipaa stuff. but yea any encryption i have evern had to do was because some on the inside did something bad.

                                              • Re: I'm inclined to believe it (+1)

                                                bradley13 a day ago

                                                Filtered due to preferences.
                                                The proof will be interesting - do they have any? It could equally be that they are just hoping for a fat settlement, without going to court...
                                                • Re: I'm inclined to believe it

                                                  Anonymous Coward a day ago

                                                  Filtered due to preferences.

                                                  More details will emerge since this isn't just a news story but a lawsuit which will require proof.

                                                  The threat of discovery will provoke a quick settlement, no proof needed, everybody has a price

                                                  • Re: I'm inclined to believe it (+1)

                                                    gweihir 19 hours ago

                                                    Filtered due to preferences.

                                                    I would have been surprised if they did not have that capability. None of the "Big IT" companies are trustworthy in any way. They are also time and again doing really incompetent stuff.

                                                  • closed (+5, Insightful)

                                                    markdavis a day ago

                                                    Filtered due to preferences.

                                                    >"The lawsuit does not provide any technical details to back up the rather sensational claims."

                                                    That is an inherent problem with closed code and closed platforms. They can claim anything they want and there isn't much way we can verify their claims. I admit, this story seems really sensational (a little hard to believe), but it is plausible.

                                                    Also, there can be word-trickery here. It is possible things can be claimed to be "end-to-end encrypted" and yet still have ways for the mothership to decrypt anything at will (by having intentional secret holes/weaknesses, by storing your or another key, or a method they can pull the key from your device through their own control over the app, or by having master keys present at the start). I think that would be a misuse of the term "end-to-end encryption", yet term use/definitions mutate all the time. Anyway this can backfire spectacularly if discovered and lead to a lot of legal issues- if they had denied law enforcement/courts access in the past with the excuse that they can't decrypt it and then it is discovered they could.

                                                    • Re: closed (+2)

                                                      h33t l4x0r a day ago

                                                      Filtered due to preferences.
                                                      No, I'm sorry... There's no room for word trickery here, end-to-end encryption means only the sender and receiver can read that communication.
                                                      Otherwise it would be end-to-middle-to-end encryption, wouldn't it?
                                                      • Re: closed (+4, Insightful)

                                                        markdavis a day ago

                                                        Filtered due to preferences.

                                                        >"Otherwise it would be end-to-middle-to-end encryption, wouldn't it?"

                                                        Nope, that would imply it is being decrypted and then re-encrypted in the middle. That doesn't have to happen. It would still have stayed encrypted from one end (sender) to the other end (receiver). The middle can just store the message and decrypt it later, if needed, if they have access to the keys (now or later) or a weakness/backdoor.

                                                        • Re: closed (+2, Funny)

                                                          Anonymous Coward a day ago

                                                          Filtered due to preferences.

                                                          Here we are, arguing about end-to-end-to-man-in-the-middle word trickery, when the real issue is that they use ROT13 encryption.

                                                          • Re: closed (+1)

                                                            Anonymous Coward a day ago

                                                            Filtered due to preferences.

                                                            Here we are, arguing about end-to-end-to-man-in-the-middle word trickery, when the real issue is that they use ROT13 encryption.

                                                            No, they do a little better than that. They use ROT13 TWICE to make the encryption just that little bit harder to break...

                                                          • Re: closed (+2)

                                                            h33t l4x0r a day ago

                                                            Filtered due to preferences.
                                                            You're saying what if they secretly upload everyone's private keys? They could no longer claim end-to-end but that's probably the least of their problems if they got caught.
                                                            • Re: closed (+1)

                                                              fluffernutter a day ago

                                                              Filtered due to preferences.

                                                              If it's just tls then you only have a public key, which is not "having the key". Having the private key is what qualifies and for TLS that remains on the server side.

                                                              • Re: closed (+3, Interesting)

                                                                thegarbz a day ago

                                                                Filtered due to preferences.

                                                                I can't imagine this is a "secret" activity. Rather it's a logical follow on from the fact that WhatsApp backs up your data to Google Drive. When you lose your phone or factory reset it you can recover it from Google Drive. What other possible way is there to do this other than having the private key *NOT* stored on your device?

                                                                • Re: closed (+1)

                                                                  h33t l4x0r 18 hours ago

                                                                  Filtered due to preferences.
                                                                  By backing up the decrypted chats but not the private key? I imagine you need to create new keys at that point.
                                                                  • Re: closed (+1)

                                                                    thegarbz 6 hours ago

                                                                    Filtered due to preferences.

                                                                    A distinction without a difference. Your chats are available somewhere, and Google explicitly state they store your data encrypted but maintain decryption keys themselves. But I suspect you're right about new key generation, one thing that happens when you transfer your device is all your sessions linked to apps on other devices need to be renewed. That said I'm curious as to how this works for existing chats. It's not like my friends explicitly get told about a new key.

                                                                    I'm more inclined to think that this works a bit more like the way Meta "encrypts" your data on Messenger. They claim to use the same end-to-end encryption in Messenger as in Whatsapp, yet on any device you want you can log into Facebook and access your messenger chats without the need to interact with your primary device. I hope the implementation is different, but overall I'm skeptical of the level of access they have to your encrypted data.

                                                              • Re: closed

                                                                Anonymous Coward a day ago

                                                                Filtered due to preferences.

                                                                Nope, that would imply it is being decrypted and then re-encrypted in the middle. That doesn't have to happen.

                                                                Right, but the only thing that matters is what they are claiming.

                                                                Before meta bought it, it both only encrypted between client and server, and they stated it only encrypted between client and server.
                                                                There is nothing wrong with that claim, regardless if it was a poor way to do it or not.

                                                                Now if meta is claiming end to end and it isn't, that is a big problem.
                                                                If they aren't, and they say its between client and server, it's fine. If it is end to end and the lawsuit is simply wrong, that's fine too.

                                                                It's only if they are lying about it is there a problem.

                                                              • Re: closed (+1)

                                                                serafean a day ago

                                                                Filtered due to preferences.

                                                                and then there's GMail with it's version of "encrypted email", which only indicates that the first SMTP connection in the chain was secured by TLS.
                                                                Wording does matter, but wording is the trickery.

                                                                • Re: closed

                                                                  Anonymous Coward a day ago

                                                                  Filtered due to preferences.

                                                                  I'm mostly with you on that, but consider group chats for a moment. In a group chat of 3 people, there are 3 end points. Each can decrypt the messages, and it's still considered end-to-end encryption.

                                                                  Hypothetically, the service provider could add a party to all chats. Your 2 party chats would have a 3rd end point under their control. It's still end-to-end encrypted, just like a properly end-to-end encrypted 3 party chat, but they're lying to you about the number of parties and violating their promises. FWIW, I don't think this is happening, but it's technically feasible without requiring decryption/re-encryption in the middle.

                                                                • Re: closed (+1)

                                                                  waveformwafflehouse a day ago

                                                                  Filtered due to preferences.
                                                                  When you send a message in WhatsApp: âoeMessages and calls are end-to-end encrypted. Only people in this chat can read, listen to, or share them. Learn more (link)â. The second part makes the loopholes more difficult to defend in court.
                                                                Load More
                                                                There are no comments

                                                                Hello world. I'm a bubble.