| ▲ | foresto 2 days ago |
| > I assume that Meta has a backdoor into WhatsApp conversations They don't need a back door when they control the front door: the app. End-to-end encryption doesn't protect the endpoints. (In other words, your concern is warranted.) |
|
| ▲ | pentagrama 2 days ago | parent | next [-] |
| You're absolutely right. End-to-end encryption protects message content, but WhatsApp still collects metadata, which is incredibly valuable. Even though they can't read your messages, they know who you talk to, how often, when, and for how long. They also track your device info, IP address (which can reveal your location), network details, and app usage patterns. And this data isn’t just sitting there—Meta uses it. For example, if you chat with a business on WhatsApp, you might start seeing ads for that business on Instagram or Facebook. They don’t need to read your messages when they can infer so much just from how you use the app. Disclaimer: Comment translated from Spanish and corrected by Chat GPT. |
| |
| ▲ | ItsBob a day ago | parent [-] | | > Even though they can't read your messages I've long wondered if this is actually true. If I have a closed-source app and claim (and can verify!) E2EE, surely I could still read every message from my closed-source app, within the app itself, and you'd never know. I've never been a mobile app developer but I've been a desktop and web developer since the 90s so I don't know what apps can and cannot see but in a desktop app or web app, if it's on the screen, it's decrypted and I can put code in to read/steal it. Am I missing something here? | | |
| ▲ | floralhangnail a day ago | parent | next [-] | | At about 2:33:15 here, Zuckerberg somewhat alludes that Meta can take screenshots of WhatsApp messages. https://youtu.be/7k1ehaE0bdU?t=9189 | | |
| ▲ | ItsBob an hour ago | parent | next [-] | | Does it even need to be screenshots? Surely when I open up a chat in Whatsapp it would be as easy as doing a foreach on every msgElement.text value on screen and copying it to the mothership in plain text. After all, when I am reading them, they're decrypted. Or, when I send a message, as soon as I press the "Send" button, send a copy to the mothership. Perhaps I'm not seeing it right but it must be this simple. Right? At least with an open source app you can inspect the "Send" code and see if it calls "SendToMothership" when it also calls "SendToRecipient". | |
| ▲ | nothrabannosir 12 hours ago | parent | prev [-] | | What I got from your comment and from that interview were very different. He starts that bit with “when I text you on WhatsApp”. The “we” refers to Mark and Joe (Alice and Bob), not Meta (Eve). |
| |
| ▲ | robertlagrant a day ago | parent | prev [-] | | It's true in a sense - using an iPhone or an Android phone Apple/Google could be streaming your screen contents constantly, so even e2ee wouldn't help. I just don't know if that is actually true, or if meta doing e2ee and then pinging your messages around from the app after they're delivered is true. I've no reason to believe either is. |
|
|
|
| ▲ | ranger_danger 2 days ago | parent | prev [-] |
| And the default/largest homeserver, matrix.org, uses cloudflare, so all your data belongs to them as well. |
| |
| ▲ | foresto 2 days ago | parent [-] | | It is disappointing that they use Cloudflare, especially since most Matrix metadata hasn't yet been moved to the end-to-end encrypted channel. (Arathorn: is e2ee metadata still on the roadmap?) But no, not all your data is exposed. The e2ee parts, like message content in encrypted rooms, are opaque to Cloudflare. | | |
|
