135
you are viewing a single comment's thread
view the rest of the comments
[-] tsonfeir@lemm.ee 31 points 11 months ago
[-] Kusimulkku@lemm.ee 4 points 11 months ago
[-] CaptainSpaceman@lemmy.world 5 points 11 months ago

Moxie helped WhatsApp integrate the Signal protocol for e2ee, but I dont trust thatt they never implemented any backdoors in their protocol after Moxie was done helping them.

IMO, just use Signal anyways. Fuck Meta

[-] tsonfeir@lemm.ee -1 points 11 months ago
[-] Kusimulkku@lemm.ee 1 points 11 months ago
[-] tsonfeir@lemm.ee 0 points 11 months ago

Do you believe everything you hear a company say who has proven themselves to be untrustworthy?

End to end doesn’t necessarily mean that the middle can’t read it, it just means strangers listening can’t read it. WhatsApp isn’t open source, and auditing that encryption on a binary level would prove difficult.

As we have seen, companies can also bow to the wills of governments, and if enough pressure is applied they often agree to backdoors.

If it’s not open source, it’s a scam.

[-] Kusimulkku@lemm.ee 1 points 11 months ago

End to end doesn’t necessarily mean that the middle can’t read it, it just means strangers listening can’t read it.

I thought it meant nobody between the two ends can read it.

[-] tsonfeir@lemm.ee 1 points 11 months ago* (last edited 11 months ago)

End->(public network)->WhatsApp->(public network)->End

So, no stranger can read it.

The key word is stranger. WhatsApp made the encryption you’re using and could (and I’m sure does) have the ability to decrypt it.

True end to end is where you and your partner have keys and you both encrypt on the client side, and don’t tell the middle man. That way no malicious intent from the server could ever decrypt the actual message.

[-] Kusimulkku@lemm.ee 0 points 11 months ago

True end to end is where you and your partner have keys and you both encrypt on the client side, and don’t tell the middle man. That way no malicious intent from the server could ever decrypt the actual message.

That's how the Signal protocol they're using is working

[-] selokichtli@lemmy.ml 1 points 11 months ago

Can we verify they are still using the Signal protocol?

[-] tsonfeir@lemm.ee 1 points 11 months ago

If they are, they’ve probably modified it.

[-] Kusimulkku@lemm.ee 1 points 11 months ago

Not realiably, afaik

[-] tsonfeir@lemm.ee 1 points 11 months ago

WhatsApp is not peer to peer.

[-] Kusimulkku@lemm.ee 0 points 11 months ago
[-] tsonfeir@lemm.ee 1 points 11 months ago

What is it you thought they were saying?

[-] Kusimulkku@lemm.ee 1 points 11 months ago

You seem confused. E2EE doesn't mean peer-to-peer. Signal protocol isn't peer-to-peer. You don't need to be peer-to-peer to have secure communication because E2EE makes it so that the server can't read what the two ends are writing.

[-] tsonfeir@lemm.ee 1 points 11 months ago

Can you prove to me that WhatsApp actually encrypts the message on the phone in such a way that WhatsApp can’t see the message when it’s on their server?

Do you truly believe a company owned by Meta would provide that kind of security from THEM? A company whose income is profiting on DATA supplied by users?

Tell me you believe this.

[-] Kusimulkku@lemm.ee 1 points 11 months ago

We know they certainly implemented it at one point. So it's not a big ask to do that for Messenger. And like someone said, would probably benefit them too since don't have to give info they don't have. But with it being closed source, it can't be verified if they're using it now.

[-] tsonfeir@lemm.ee 1 points 11 months ago

Do you believe that Meta, if given the opportunity, would choose personal privacy over making money? It’s an easy yes, or no question to answer. 

[-] Kusimulkku@lemm.ee 1 points 11 months ago
[-] tsonfeir@lemm.ee 1 points 11 months ago
[-] Kusimulkku@lemm.ee 1 points 11 months ago

I need to know what your question means to answer it. What money are we talking about?

[-] tsonfeir@lemm.ee 1 points 11 months ago* (last edited 11 months ago)

I’m not Meta, so I can’t give you a detailed breakdown of how they use the data they collect to make money. So, let’s assume by money I just mean money from their many sources. It’s a pretty easy question with only one answer.

[-] Kusimulkku@lemm.ee 1 points 11 months ago

I’m not Meta, so I can’t give you a detailed breakdown of how they use the data they collect to make money.

But you are talking about what sort of money, something they'd get from not using E2EE?

[-] tsonfeir@lemm.ee 1 points 11 months ago

Something they’d get from being able to read messages.

[-] Kusimulkku@lemm.ee 1 points 11 months ago

I guess it depends how much. If they'll net like a billion from not doing E2EE then yeah absolutely. If it's significantly less they'd might still go with E2EE for the PR and not having to comply with shit. It's not like they'd lose all the metadata anyway.

[-] tsonfeir@lemm.ee 1 points 11 months ago* (last edited 11 months ago)

Let me be sure I know what you’re saying. You feel it’s perfectly fine if their encryption is done in such a way that they can read the encrypted information on the server as long as they don’t make a lot of money on it?

[-] Kusimulkku@lemm.ee 1 points 11 months ago

You are way off. For reference, here's what you asked

Do you believe that Meta, if given the opportunity, would choose personal privacy over making money?

And my answer

I guess it depends how much. If they’ll net like a billion from not doing E2EE then yeah absolutely. If it’s significantly less they’d might still go with E2EE for the PR and not having to comply with shit. It’s not like they’d lose all the metadata anyway.

[-] tsonfeir@lemm.ee 1 points 11 months ago

Ahhh going way back to the start. Got it. Glad we’re on the same page now.

[-] Kusimulkku@lemm.ee 1 points 11 months ago

Well yeah, I just wanted to know first what you were asking before answering

this post was submitted on 07 Dec 2023
135 points (90.4% liked)

Technology

59081 readers
3109 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS