[shawnz]

Facebook doesn't have access to WhatsApp messages. WhatsApp uses the same end-to-end encryption protocol as Signal. We know this is true because the app has been extensively reverse engineered to create these third party clients among other reasons.

[NoImmatureAdHom]

WhatsApp is closed source, so you have no idea what it's doing. And they can push an update doing whatever they wish to you at any moment. You have to rely on Facebook pinky-swearing that it is what they say it is. And I promise you it isn't what they say it is.

[shawnz]

Being open source isn't necessary or sufficient to be able to audit a piece of software. Software can be audited even if it's closed source (for example by reverse engineering, although it's more difficult), and even if it's open source it might still be impractically difficult for non-experts to audit.

[NoImmatureAdHom]

"more difficult" is an understatement!

I agree that FOSS doesn't solve all ills. It's a necessary step, though.

[ignoramous]

A 5B install-base would invite all sorts of experts to review an OSS codebase, I'm sure.

[gentleman11]

You can’t promise things like that without having good references or proof. “Promise” might be a stronger word than you meant

[baq]

WhatsApp client is made by Facebook. It must see plaintext so it can put it on the screen. If it doesn’t send it anywhere yet, good - but it’s borrowed time.

[ekianjo]

> Facebook doesn't have access to WhatsApp messages. WhatsApp uses the same end-to-end encryption protocol as Signal.

Everything is closed source, and you have no idea what is running on their servers, etc, so all your suppositions are worth basically nothing.

[shawnz]

Check my reply to the other comment. WhatsApp has been extensively reverse engineered.