- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
To the surprise of no one…
You must log in or register to comment.
Is that new? I remember reading about this years ago.
yes communication is encrypted end to end which means no one could evedrop but once the information arrive to your app and get saved to your device there is nothing preventing whatsapp from sending to its parent company,
E2E encryption doesnt mean whatsapp is trustworthy
It’a still end-to-end encryption when they have backdoored both ends.
I don’t know if they still do it but they actively gaslight you into believing you have e2e even with peers you have not scanned the public key of.
I get your point but E2E is independent from public key validation. Public key validation is basically being a bit more slightly sure that the E2E communication happens with who you think, although… It’s never a guarantee. Keys can be stolen.
“Your honor, end to end encryption is a marketing term that we have trademarked and we would like to counter sue anyone using it”
Correct, WhatsApp fails to include a libre software license text file. We do not control it. So, it has never been secure.
Being FOSS is not a prerequisite of E2EE but a prerequisite of knowing it’s E2EE for sure. Like, I can give you a black box that prints PGP key pairs and says “includes RPGP, MIT-licensed PGP library” but you can’t trust that the machine doesn’t use modified, low-entropy RNG or exfiltrate the results. The communication you do with these PGP keys is technically E2EE − a third party server relaying your messages will not be able to read them, unless I provide them with the potentially not-so-secret “random” data my box generated.
But you’re right: if my black boxes are also used to encrypt/decrypt the messages with “your” keys (made by them) and I run a non-transparent ssrvice that delivers the messages, there is a case for not calling it E2EE.
