[skoskie]

> Also that apparently Facebook stores the conversations in plain (or easily decryptable) text.

This. Even with E2EE enabled, that only protects your conversations as they travel between you and facebook's servers. It does not mean that the messages are protected from facebook being able to see them. People should have zero expectation of privacy on facebook's platform(s).

[ahahahahah]

That is not true. For both messenger and whatsapp, e2ee messages are not only encrypted between you and facebook servers, they are encrypted end-to-end and only decryptable on the devices. Please reconsider your level of confidence in your understanding of this.

[utucuro]

I do not have any information about the current state of messenger, so I cannot comment.

Here is my issue with WhatsApp though:

How will I know that Meta is still shipping an application based on an uncompromised version of the Signal protocol, without malicious modifications? Auditing is the normal answer.

Sadly, Meta is not ISO27001 certified, so there's no trustworthy external audit trail.

Barring that, who is capable of auditing Meta to confirm this? Who can see the client and server sources to confirm that there is no MITM? Only Meta, on both counts.

I have to trust their word for it and I'm incapable of trusting them.

[jtms]

What a joke them calling it E2EE, but they have the private keys?

[ahahahahah]

The parent commenter lied (most likely due to them having no clue wtf they are talking about, what a surprise on HN).

[srmarm]

I don't think they claim that Facebook messages are end to end encrypted. They say WhatsApp are but not ones sent via Facebook.

[eitland]

But aren't they sending the message to Facebook first before sending it end-to-end encrypted? To make sure it isn't anything harmful /s

Or was that feature scrapped or did I misremember?

[ahahahahah]

No, you 100% don't understand what you are talking about.

[eitland]

I absolutely understand what I am talking about.

I only don't remember exactly.