| WhatsApp (which is owned by Facebook) employs end-to-end encryption between individuals for its 1on1 and group conversations, and no one else in the world besides those parties (or possibly backup companies those parties decide to use) has access to the message contents that WhatsApp says are protected by E2EE. It uses the Signal Protocol. Facebook has started efforts to roll out end-to-end encryption for its Messenger as well, using the same protocol as WhatsApp, which Signal blogged about: https://signal.org/blog/facebook-messenger/#:~:text=Facebook.... Posts and other content on your "wall" or "timeline" are intended to be relatively public, according to whatever privacy settings you have set up on your account, and won't be similarly encrypted; but the content will only be available to the people that you allow to see your account and post. That's more of a permission set described by a database like you describe. But you can share different posts with different groups of people you define; or participate in public or private/secret/invite only groups where content is only accessibly by those people. Yes, that content would be accessible as plaintext by certain FB employees, just like your Gmail account's contents could be accessed by certain employees at Google. However, there are very strict policies around not accessing user content at FB by employees unless required for the function of the employee's job (e.g. investigating spamming, child pornography, and other abuse like that I would imagine; or assisting law enforcement with subpoenas or court orders for the content). Notably WhatsApp has no ability to hand over message contents between individuals whose conversations are protected by end-to-end encryption even if it receives a court order to do so, because the encryption keys protecting that content truly live only on the user's devices, and the plaintext content never touches WhatsApp servers today. As long as you don't back up your message history outside your device in plaintext (and what WhatsApp stores on the device might be encrypted now too; I'm not sure), the only way for anyone to obtain the message history is to get their hands on your phone and the encryption keys & message history it contains. So if your phone is protected by a strong passcode and a security vendor hasn't found a way to bypass iPhone login security, as long as your iPhone is locked even the US government won't be able to get at your data. I believe their was a court ruling that passwords to your phone are protected by the 5th Amendment against testifying against yourself, so I don't believe a court can compel you to reveal the phone password, but I'm not up to speed on the current case law. So if you lock your phone before an attacker seizes it, they can't get the contents even if the attacker is a government (unless they're willing to use physical coercion as in XKCD 538 [1], or indirect physical coercion such as ordering revelation of the password under threat of contempt of court, if that's permissible). WhatsApp is also allowing businesses onto the platform, to use it to communicate with those customers, and some of those conversations may be regularly encrypted, not end-to-end encrypted. Those conversations are displayed differently in the UX of WhatsApp when the conversation begins, to clarify that they're not protected by E2EE. (It's arguably impractical to have real E2EE between a customer and a large business with, e.g., many customer service agents. What would that really mean? I personally think E2EE is most meaningful between individual people who personally know each other, not between people and businesses which are anonymously-defined, constantly-changing groups of people.) I'm not a spokesperson for any company and these are my own opinions based on what I've read from public news sources. [1] https://xkcd.com/538/ |