[beagle3]

Backup works android->android and iOS->iOS but not if you want to cross the lines; guess you don’t care about that... but:

If you use Google’s backup for WhatsApp, it is NOT encrypted. Your local backup IS encrypted. It’s not your data - you can’t have it except through the app. But google can (and does) have that data for likely 95% of android WhatsApp users; E2E with this state of affairs is not very useful. (I assume the iOS situation is similar, but don’t know for sure)

Also, a copy of your phone book, continuous IP (and likely location) and all your conversation metadata is stored on Facebook’s servers even if you don’t use the google drive backup.

Yes, WhatsApp is useful and works well, But the E2E aspect is false safety. For many practical purposes, you should assume there’s No encryption. For the purposes that inconvenience you, it’s obviously there.

[hutzlibu]

They say, back-up encryption is supposed to work soon.

https://www.digitalinformationworld.com/2020/03/whatsapp-tes...

But even if, WhatsApp remains a closed source app, owned by Facebook. I really see no reason to trust them. Zuckerbergs privacy policy seems unchanged, since he called his user dumb fucs for trusting him with their data, while at the same time, buying the surrounding houses of his Villa, to protect his own privacy.

The only thing holding them back is a bit public image, but the general population do not care much and maybe breaking of privacy laws. But since the governments also really do not want real encryption for everyone, I would rather imagine "gentlements agreement" behind doors, than real investigations, in case for example WhatsApp would secretly send also the key for the backup to someone else.

[GekkePrutser]

Yeah the backup is really bad... WhatsApp put so much effort into the E2E encryption and then just dumped the backups on Google. It was all just window dressing.

I bet this is also why the intelligence agencies aren't pounding on them for having E2E encryption, obviously Google is an open book to them. And Google has access to all your history for their own purposes.

Of course you can choose to turn off the backups, but you can't be sure all your contacts are doing the same.

[zzzcpan]

The idea of end-to-end encryption is just too broken. You always need to make sure that the implementation of the idea isn't controlled by the vendor from which it is supposed to protect you. But it is pretty much never the case, all the WhatsApps, Signals, etc. control implementations, updates and openly fight against attempts to decentralize or weaken that control, making sure that ultimately they are the ones deciding whether they get access to your data or not. At best it's just acts as a regular encryption with the vendor.

And while there is definitely no hope for binary blob consumer software to ever have real end-to-end encryption, there is hope that it could happen for open source software, distribution of which is not controlled by software vendors with many competing parties that package and ship it and an incentive not to sneak anything in because of that.

[est31]

> The idea of end-to-end encryption is just too broken. You always need to make sure that the implementation of the idea isn't controlled by the vendor from which it is supposed to protect you. But it is pretty much never the case, all the WhatsApps, Signals, etc. control implementations, updates and openly fight against attempts to decentralize or weaken that control, making sure that ultimately they are the ones deciding whether they get access to your data or not.

Note that the client side apps are available for researchers to study. If they find a back door, it will be a big publicity issue for the app vendor.

Your concern is still valid though. Both Whatsapp and Signal could announce tomorrow that they drop E2EE or add some feature (like a default on non-disable-able cloud based spellchecker) and there is nothing you could do to protect your correspondence.

Matrix is different here that it encourages independent implementations as well as end to end encryption.

[niklasrde]

Whilst it does not work natively, there are working 3rd party products that let you backup on Android and restore on iPhone. Or at least there were 2.5 years ago.