And if so, why exactly? It says it’s end-to-end encrypted. The metadata isn’t. But what is metadata and is it bad that it’s not? Are there any other problematic things?

I think I have a few answers for these questions, but I was wondering if anyone else has good answers/explanations/links to share where I can inform myself more.

  • BraveSirZaphod
    link
    fedilink
    3
    edit-2
    1 year ago

    That your messages are encrypted at all
    That your encryption keys are kept on-device, and not plainly available to a centralized party
    That the encryption the application is using is securely implemented

    This is true, but something that should be noted is that, to my knowledge, no law enforcement agency has ever received the supposedly encrypted content of WhatsApp messages. Facebook Messenger messages are not E2E encrypted by default, and there have been several stories about Facebook being served a warrant for message content and providing it. This has, as I understand, not occurred for WhatsApp messages. It is possible, of course, that they do have some kind of access and only provide it to very high-level intelligence agencies, but there’s no direct evidence of that.

    I would personally say that it’s more likely than not that WhatsApp message content is legitimately private, but I’d also agree that you should use something like Signal if you’re genuinely concerned about this.

    • @[email protected]
      link
      fedilink
      11 year ago

      If you log into WhatsApp on another device, does your history show up?

      If it does, that means they hold your encryption keys on their server. It’s the only way this could work.

      It’s why with Signal you need to maintain your keys and keep backups. No one else has your keys, so logging in to other devices won’t get history without that backup and the keys.

      Works this way with encrypted XMPP too, of course.

    • @[email protected]
      link
      fedilink
      11 year ago

      They would better hide those evidences as best as they can, or they would lose a useful source of informations.

      That’s the whole game of intelligence: to be a step ahead of the opponent, it must believe its safe so you can steal useful informations. As soon as the breach is discovered, it ceases to be useful.

      • BraveSirZaphod
        link
        fedilink
        11 year ago

        Sure. My point is that, as far as I believe anyone is currently aware, there is no evidence that any law enforcement agency has ever accessed the content of encrypted WhatsApp messages. That does not mean that it has never happened either, but anyone positively claiming so is doing it without actual evidence, which is something we should probably avoid doing.

        • @[email protected]
          link
          fedilink
          11 year ago

          We can assess the security of the app though. And we should. And we should also bring awareness to the problems of closed sources.