| ▲ | roelschroeven 3 days ago | ||||||||||||||||
We don't really know that messages really are end-to-end encrypted though, do we? Is there a way to actually check that the messages in transit are encrypted in a way that only the other end can decrypt them? If not, we have to take Meta's word for it, which frankly doesn't carry much weight. | |||||||||||||||||
| ▲ | varenc 3 days ago | parent | next [-] | ||||||||||||||||
Not trivially. But with painstaking reverse engineering you could prove this. And people have, so you're not exclusively just taking Meta's word. The fact that Pegasus malware relied on remote code execution vuln to run malware on your phone to extract WhatsApp messages, really suggests that the E2EE works. If it wasn't E2EE, then the makers of Pegasus could have just intercepted traffic to get your messages. Academics have also reverse engineered it as well, and though there are some weakness it's not a lie that WhatsApp is E2EE. Here's some I just found: - https://eprint.iacr.org/2025/794.pdf - https://i.blackhat.com/USA-19/Wednesday/us-19-Zaikin-Reverse... | |||||||||||||||||
| |||||||||||||||||
| ▲ | lioeters 3 days ago | parent | prev [-] | ||||||||||||||||
How can we call it "E2E encryption" in any meaningful sense of the term when the ends run proprietary code, and at least one of the ends has proven themselves unworthy of trust time and again. | |||||||||||||||||