[fooker]

Law enforcement has access to a list of people who forwarded particular links or media. This indicates that e2e has some bypasses or exceptions. It would be pretty much impossible to unearth the details though.

[tgragnato]

I would be pretty shocked if Facebook was not doing this.

It’s probably done on the device, with suspicious links and media sent to the servers for further inspection.

We are also sure some of their engineers worked on methods to detect bypasses on the checks.

It’s a leak of data and metadata, a privacy invasion for sure, but not comparable to a MITM.