Given that WhatsApp uses the signal protocol for its E2EE messages https://signal.org/blog/whatsapp-complete/ the details in the lawsuit are not particularly compelling. I suppose if it has merit...
The lawsuit does not provide any technical details to back up the rather sensational claims.
Given that WhatsApp uses the signal protocol for its E2EE messages https://signal.org/blog/whatsapp-complete/ the details in the lawsuit are not particularly compelling. I suppose if it has merit it will come out in discovery.
E2EE is pointless if the implementation is a secret. WhatsApp can have perfect E2EE and still send messages (and anything else it has access to) over a completely different channel. Even if you...
E2EE is pointless if the implementation is a secret. WhatsApp can have perfect E2EE and still send messages (and anything else it has access to) over a completely different channel. Even if you analyze the traffic, it's probably very easy to disguise the leak as harmless telemetry.
My question is: If WA has E2EE, where are my pricvate keys? When I buy a new phone WA just works and I can see all the messages sent and received, thus they must be decrypted. Where did the keys...
My question is: If WA has E2EE, where are my pricvate keys? When I buy a new phone WA just works and I can see all the messages sent and received, thus they must be decrypted. Where did the keys come from then? If I'm not sole owner of the keys what is E2EE good for then?
There are absolutely procedures involved in switching WhatsApp to a new phone if you want access to your chat history. They have a few different ways to do this, but it absolutely is non-trivial...
There are absolutely procedures involved in switching WhatsApp to a new phone if you want access to your chat history. They have a few different ways to do this, but it absolutely is non-trivial for almost certainly this exact reason. According to Whatsapp's FAQs, there are three ways to do this on Android:
Account transfer
Google Account backups
Chat transfer
Both transferring the full account and transferring just the chat history require both phones being physically close together and having Wi-Fi on (but they don't need to be connected to a network to transfer chat history) and your scanning a QR code with the old phone. Presumably the encryption key already on your old phone would be used as needed in that process and the history and encryption key appear to be directly transferred between the devices in this case. Google Account backups can be (but apparently aren't necessarily) end-to-end encrypted, and when they are encrypted they require a password, encryption key, or passkey that you set up in advance.
I'll hold out on further evidence as this case progresses, as I don't think the currently available information is super convincing on its own. I'm very willing to believe Meta would do something shady on this front. But I don't think this particular argument is a good one.
I certainly fon't know how it goes in the background. But I would bet some money on the fact that you don't have control over your private encryption keys. I think Meta has them as well. If that...
I certainly fon't know how it goes in the background. But I would bet some money on the fact that you don't have control over your private encryption keys. I think Meta has them as well. If that really is the case then the question stands - what is E2EE good for then?
Or I'm in the wrong here and my question isn't valid. That may also be the case.
The crux of the lawsuit is that employees at WhatsApp can easily request access to chats. If it’s true, then yeah, Meta has access to those keys as well. But speaking without hiding my bias - for...
The crux of the lawsuit is that employees at WhatsApp can easily request access to chats. If it’s true, then yeah, Meta has access to those keys as well.
But speaking without hiding my bias - for me, Facebook (Meta) is the antithesis of privacy. I don’t trust that they would respect the privacy of their users in any of their products.
I dunno, it would be a pointless own-goal because you are already giving practically anything interesting away already in the form of your social graph and who you are talking to. I mean I...
I dunno, it would be a pointless own-goal because you are already giving practically anything interesting away already in the form of your social graph and who you are talking to.
I mean I wouldn't be shocked either way but the juice doesn't seem worth the squeeze (unless the squeeze was regulatory, which I guess it might well have been initially).
Actually, I don't use WA. I have been that "expert" who set up the new phones a few times. If I recall correctly, you just input your phone number and the chats comes from the WA itself (cloud...
Actually, I don't use WA. I have been that "expert" who set up the new phones a few times. If I recall correctly, you just input your phone number and the chats comes from the WA itself (cloud backup on their side I presume).
I see, well I can tell you if you don't want to transfer accounts / retain messages it's really easy. Just don't set it up. There is no automatic restore without the user taking some action. Ofc...
I see, well I can tell you if you don't want to transfer accounts / retain messages it's really easy. Just don't set it up. There is no automatic restore without the user taking some action. Ofc that doesn't block meta from harvesting all the social graph / messaging meta data and the rest of it, but your keys / messages aren't leaving the device without user action, afaik.
Given that WhatsApp uses the signal protocol for its E2EE messages https://signal.org/blog/whatsapp-complete/ the details in the lawsuit are not particularly compelling. I suppose if it has merit it will come out in discovery.
E2EE is pointless if the implementation is a secret. WhatsApp can have perfect E2EE and still send messages (and anything else it has access to) over a completely different channel. Even if you analyze the traffic, it's probably very easy to disguise the leak as harmless telemetry.
My question is: If WA has E2EE, where are my pricvate keys? When I buy a new phone WA just works and I can see all the messages sent and received, thus they must be decrypted. Where did the keys come from then? If I'm not sole owner of the keys what is E2EE good for then?
There are absolutely procedures involved in switching WhatsApp to a new phone if you want access to your chat history. They have a few different ways to do this, but it absolutely is non-trivial for almost certainly this exact reason. According to Whatsapp's FAQs, there are three ways to do this on Android:
Both transferring the full account and transferring just the chat history require both phones being physically close together and having Wi-Fi on (but they don't need to be connected to a network to transfer chat history) and your scanning a QR code with the old phone. Presumably the encryption key already on your old phone would be used as needed in that process and the history and encryption key appear to be directly transferred between the devices in this case. Google Account backups can be (but apparently aren't necessarily) end-to-end encrypted, and when they are encrypted they require a password, encryption key, or passkey that you set up in advance.
I'll hold out on further evidence as this case progresses, as I don't think the currently available information is super convincing on its own. I'm very willing to believe Meta would do something shady on this front. But I don't think this particular argument is a good one.
I certainly fon't know how it goes in the background. But I would bet some money on the fact that you don't have control over your private encryption keys. I think Meta has them as well. If that really is the case then the question stands - what is E2EE good for then?
Or I'm in the wrong here and my question isn't valid. That may also be the case.
The crux of the lawsuit is that employees at WhatsApp can easily request access to chats. If it’s true, then yeah, Meta has access to those keys as well.
But speaking without hiding my bias - for me, Facebook (Meta) is the antithesis of privacy. I don’t trust that they would respect the privacy of their users in any of their products.
I dunno, it would be a pointless own-goal because you are already giving practically anything interesting away already in the form of your social graph and who you are talking to.
I mean I wouldn't be shocked either way but the juice doesn't seem worth the squeeze (unless the squeeze was regulatory, which I guess it might well have been initially).
I don't trust them either, which I probably already gave away.
Do you have a cloud backup for your messages? I don't, when I switch phones I have nothing.
Actually, I don't use WA. I have been that "expert" who set up the new phones a few times. If I recall correctly, you just input your phone number and the chats comes from the WA itself (cloud backup on their side I presume).
I see, well I can tell you if you don't want to transfer accounts / retain messages it's really easy. Just don't set it up. There is no automatic restore without the user taking some action. Ofc that doesn't block meta from harvesting all the social graph / messaging meta data and the rest of it, but your keys / messages aren't leaving the device without user action, afaik.