Technology

84352 readers

4069 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

536

A federal agent said WhatsApp's encryption is a lie. Then the investigation was shut down (www.techspot.com)

submitted 5 days ago by throws_lemy@reddthat.com to c/technology@lemmy.world

102 comments fedilink hide all child comments

A 10-month Commerce Department probe concluded Meta could view all WhatsApp messages in unencrypted form

you are viewing a single comment's thread
view the rest of the comments

[–] theunknownmuncher@lemmy.world 39 points 5 days ago* (last edited 5 days ago) (3 children)

The most important question to ask when evaluating end-to-end encryption: who manages the keys?

If Facebook manages all of the keys and is responsible for telling which public key belongs to who, then of course Facebook can read every message.

[–] lemonhead2@lemmy.world 26 points 5 days ago (2 children)

oh lol. the trust chain is harder and harder to verify these days. i miss the good old days where I would write emails in vi and encrypt with gpg.

I still write emails with vi. but I lost touch with the one other friend I had who how to use gpg 😂😂😂

[–] deegeese@sopuli.xyz 17 points 5 days ago (1 children)

There are dozens of us! Dozens!

[–] Flagstaff@programming.dev 1 points 4 days ago

Is there an ELI5, foolproof, step-by-step tutorial? I tried Kleopatra on my own and was so completely befuddled; why is that, like, literally the only app out there in the whole world for PGP or GPG or whatever? Shouldn't there be dozens of such encoders?

[–] SnotFlickerman@lemmy.blahaj.zone 10 points 5 days ago

Cory Doctorow still uses pgp if you email him, I think his key is on his website, IIRC

[–] qprimed@lemmy.ml 6 points 5 days ago (1 children)

even better - as far as I am aware the client isn't open (and even if it were, is your installed build from the same source?).

so, even if the keys are local only, who says there isn't a hidden API that simply sends locally decrypted content back to a remotely calling endpoint?

[–] Valmond@lemmy.dbzer0.com 3 points 5 days ago

Or steganographically leaks back the keys ...

[–] Eyekaytee@aussie.zone 1 points 5 days ago (1 children)

thought it was proper e2e

https://signal.org/blog/whatsapp-complete/

but if whatsapp owns both ends, what is stopping them from just reading the decrypted text? i duno crypto good enough

[–] logi@piefed.world 5 points 5 days ago

That, and if WhatsApp has the keys, then no amount of encryption is going to help.

If I remember, the allegation was that they did keep all the keys and many employees could request them to decrypt specific sessions.