Is it really? I always assumed it was like Zoom end to end encryption where one of the “ends” is a Facebook data center. How can a user prove the claim of end to end encryption?
Almost all of WhatsApp has been E2EE for years, based on the same protocol Signal uses. This goes for text messages (personal and groups) and calls. Cloud backups are not encrypted by default, but encryption can be enabled.
WhatsApp doesn't have an open source client so verification is difficult. However, if someone were able to break the encryption, I'm sure it'd be in the headlines of most newspapers.
One exception is WhatsApp business: I don't know the details, but Facebook offers a service where they will do some chat automation for your business which means they must receive the keys.
In terms of security: key changes are automatically accepted. They are hidden by default, but by toggling a setting every time a user updates their keys, a message will be introduced into the chat. QR code key validation has been in the app for years now, though I doubt many users are using the feature.
How do you tell the difference between true E2EE and Zoom E2EE where FB decrypts the message in the middle? Or otherwise backdoors the exchange, perhaps outside the Signal protocol? Ultimately you are trusting Facebook to tell the truth here.
There was a bit of a song and dance when Whatsapp adopted the Signal protocol. Certainly if you choose not to back up your Whatsapp messages, your old messages aren't available when you switch phones.
If they're not end-to-end encrypted, they're engaging in a lot of deception to indicate that they are.
Thanks, I don’t have much experience with WhatsApp. I don’t have a lot of faith in Facebook. Especially post-Snowden.
If you think you need E2EE you can really only achieve that on an open system you control and have intimate knowledge of. You can’t trust precompiled binaries.
Something something trusting trust.
This isn’t a problem technology can solve. Women shouldn’t need to be information security experts just to ask questions about their own bodies.
Except you provide the key to the app and the app is controlled by FB. There’s really no way to prove the key stays on your device. Or that your messages aren’t just forwarded without encryption to a FB datacenter.
WhatsApp doesn't have an open source client so verification is difficult. However, if someone were able to break the encryption, I'm sure it'd be in the headlines of most newspapers.
One exception is WhatsApp business: I don't know the details, but Facebook offers a service where they will do some chat automation for your business which means they must receive the keys.
In terms of security: key changes are automatically accepted. They are hidden by default, but by toggling a setting every time a user updates their keys, a message will be introduced into the chat. QR code key validation has been in the app for years now, though I doubt many users are using the feature.