| ▲ | palata 3 days ago |
| I hate Meta as much as the next person, but it feels like "endangering billions of users" is exagerating here. The complaint is pretty much that WhatsApp engineers can access metadata (NOT the content of the messages). This said, WhatsApp is not open source, so it's impossible for users to verify how the encryption works, so users have to trust that it's properly end-to-end encrypted. If you care about privacy (and you should), then you should use Signal instead of WhatsApp. |
|
| ▲ | ryandrake 3 days ago | parent | next [-] |
| The metadata of someone's communications can be almost as damning as the content. I would guess that if the FBI could merely have a list of who their suspect contacted over an app, and when, they'd have 90% of what they wanted. |
| |
| ▲ | rhizome 3 days ago | parent | next [-] | | My understanding is that in the vast majority of investigations law enforcement will be satisfied in learning only who you're talking to, i.e. "just metadata" is fine, and dangerous. | | |
| ▲ | 3eb7988a1663 3 days ago | parent [-] | | It seems reasonable. Even those who are sloppy with their opsec probably do not detail the entirety of the plan via digital mechanisms. Being able to identify likely collaborators is probably sufficient to infer some specifics of an activity. |
| |
| ▲ | palata 3 days ago | parent | prev [-] | | > I would guess that if the FBI could merely have a list of who their suspect contacted over an app, and when Well with WhatsApp they most definitely can, but it has never been a secret. WhatsApp always had access to the metadata (whereas Signal makes a lot of effort to reduce the metadata they have access to). In ~2016 WhatsApp integrated the Signal protocol to add end-to-end encryption, but did nothing about the metadata. Again: if you care about privacy, use Signal. |
|
|
| ▲ | mynameisash 3 days ago | parent | prev | next [-] |
| > The complaint is pretty much that WhatsApp engineers can access metadata (NOT the content of the messages). I don't even take this statement at face value. It's trivially easy to include models on client side that can do some message classification and treat that as "metadata" that would give insight into the content of the message. |
|
| ▲ | alehlopeh 3 days ago | parent | prev [-] |
| Metadata includes notifications, which often include the text of the message. |
| |
| ▲ | palata 3 days ago | parent [-] | | Pretty sure this is wrong, at least in the case of WhatsApp. If an app sends the message content in clear through the notifications, then it is badly designed, period. | | |
| ▲ | varenc 3 days ago | parent [-] | | Agreed. As I recall the way notifications work on Signal/WhatsApp is the app receives some silent notification that wakes it up, then the app does its crypto thing, and then it locally triggers the notification with the decrypted content you see. In iOS land your app needs a special entitlement to work this way. It also means if you're on very heavy group chats your battery will drain faster. If WhatsApp central servers could push a notification to your phone that contained your actual message content, it couldn't be E2EE. | | |
| ▲ | alehlopeh 3 days ago | parent [-] | | Fair point. For E2EE messaging apps, metadata often includes encrypted message content. As others have stated, the unencrypted metadata (eg. message recipient) can be potentially be damning enough on its own. |
|
|
|
