Does user privacy when using WhatsApp Web (https://web.whatsapp.com) differ substantially from using WhatsApp on Android? WhatsApp on Android has end-to-end encryption and (optional) encrypted backups. If I use WhatsApp Web, will Meta be able to see the contents of my WhatsApp messages?

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    24
    arrow-down
    4
    ·
    edit-2
    1 year ago

    WhatsApp is closed source. Meta can always see your messages. It might be end-to-end encrypted and they might make a copy for meta. And that would still satisfy the end-to-end promise. You can’t trust closed source for end-to-end encryption.

    • itchy_lizard@feddit.it
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      You literally missed the definition of end-to-end encryption.

      If Meta can see the messages, then that’s not e2ee

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        1 year ago

        I’m trying to illustrate that corporations will use weasel language entirely to their advantage.

        I have to fight spammers and scammers, I need to be able to inspect message contents. But customers also went into an encryption. So I offer them end to end encryption but I also make a copy for myself. So it’s closed source and in public I can just say hey you’ve got end to end encryption. And be truthful about it, but I also have an administrative side channel where I get a copy of the message.

        Or it might be end-to-end encrypted but a copy of the key is preserved for administrative purposes that WhatsApp controls. We just don’t know

        Weasel language is something we have to defend against, and the only real defense is open source, so we can’t trust WhatsApp to protect your end-to-end privacy