[cranekam]

> Their infra is generating those encryption certificates, so WhatsApp can very well decode the message and store it for further processing.

This is incorrect. The sender's device generates the key with which it encrypts outgoing messages. WhatsApp's infra cannot see the content of any messages sent.

(Source: ex-WhatsApp employee)

[cookiengineer]

The issue I have with that statement is that it cannot be proven. There is no source code of whatsapp, so this could have been changed anytime.

I mean, it's certainly possible to have an administrative backdoor that just shares the local keys. Even when that wasn't the case when you worked there, and even if we believe that you say the truth: we still cannot be certain that this won't change on February 8th.

I mean, whatsapp was remotely exploitable for more than 5 years before it was discovered (just to make a point).

[cranekam]

Yes, of course this can't be proven. I'm reasonably confident what I stated still holds but I can't be certain. If that's enough of a turn off for you then your best bet is to not use the service.

[nly]

Encryption is useless is the remote party can silently rekey and be re-authenticated as legitimate silently.

WhatsApp could almost certainly perform active MITM

[panta]

There is no need to rekey or do anything similar. Chats are available locally on the device, WhatsApp may simply implement a side channel to access those (they could already have one to satisfy agencies btw)

[cesarb]

There's a configuration option you can enable which shows a message whenever the remote party changes their key (usually meaning they bought a new phone, in my limited experience), so it's not that silent. Yes, it's unfortunate that on WhatsApp this option defaults to disabled (to not confuse the newbies?), while on Signal (which uses the same protocol) this options defaults to enabled.

[sufehmi]

3 years ago, my friend, an Indian fact-checker, showed me a screenshot of a WhatsApp screen, showing warning from WhatsApp that a message contains a dangerous link

This (the warning) is only possible if WhatsApp can read your messages

I'm guessing that they read your message on the app. So their claim (end-to-end encryption) is indeed true and correct.

But their app can and indeed has been reading your messages, for the past, at least, 3 years

Which I personally don't mind, when it's done fully automatically (no humans involved) and only for this kind of uses (to warn users of dangers)

[bonzini]

WhatsApp (the app) can obviously read the messages. It can hash the links and check them the same way that browsers do. It doesn't have to happen server-side.

[martinko]

While true, you're being very generous.

[bonzini]

It's how Google's safe browsing API works, so it's not unlikely.

[jannes]

Link previews are generated server-side, I think.

The app sends a request to a Facebook API for every link that you send/receive. Usually this returns the little image + text snippet that you see in the app, but obviously this could also return a message that the link is considered dangerous.

As a site owner you can probably see a request from a Facebook bot when a link to your site is shared on WhatsApp. (not sure how long they cache this)

[extropy]

Not buying this. There must be a backdoor for lawful access or the government's would have been after WhatsApp long time ago.

[baq]

it doesn't matter. whatsapp client sees the plaintext (duh). nothing stopping the ad arm of FB to process this.

[cranekam]

Clearly. As with any encryption, at some point it needs to be decrypted for human consumption, and since someone else wrote the code/maintains to do this it's not impossible something naughty/distasteful will happen with the content. I'm just correcting the notion that the encryption is all orchestrated centrally and that viewing the messages in transit is trivial.

[boredatworkme]

Appreciate your response. As a layman, if the service I'm using does not have access to any of the content of my messages, how would you (Whatsapp) be sharing my data? If whatsapp cannot read texts, images, location etc., then what gets shared with FB?

[cranekam]

As https://www.whatsapp.com/legal/privacy-policy says, it's things like contact, status, profile pic, name, and so on.

[gilloh]

How can you guarantee this? And how about received messages? How can you retrieve all your old messages/conversations when you install the app on a new device? Don't they come from WhatsApp servers? Just curious, not doubting that you are actually an ex-WhatsApp employee.

[cranekam]

> How can you guarantee this?

I mean, I can't guarantee it. As others have said, it's not impossible that things have changed since I left or will change in the future. But I doubt it — e2e encryption is a big selling point for WA and something that is dear to the company's heart.

> And how about received messages?

It's the same deal — the sender encrypts the message with the the recipient's public key, and the recipient decrypts it with their private key (which was generated locally and never goes over the network).

> How can you retrieve all your old messages/conversations when you install the app on a new device? Don't they come from WhatsApp servers?

No, you can only get old messages from your old device or from a backup that went to the cloud somewhere (e.g. iCloud or Google backup). The messages on your phone are stored locally in a DB, so if you copy that DB to a new phone it'll have the new messages. WhatsApp doesn't store messages — they are only present on WA infra until acknowledged as received by the destination.