Hacker News new | ask | show | jobs
by WinstonSmith84 1048 days ago
Also security. WhatsApp end-to-end encryption or even better, Signal where messages can't be replicated to any other device is more reassuring than a custom implementation ...

But it looks like this lawsuit is exactly about the opposite, that messages cannot be accessed and reviewed easily. It's also easy to understand why banks prefer using secured applications like Signal when discussing secret deals rather than taking the risk that such conversations leak to e.g. competitors...
3 comments
Zak 1048 days ago
Signal is not designed for situations where an intended recipient is intentionally aiding an eavesdropper. It does not prevent an intended recipient from making copies of messages via the regular clipboard even with disappearing messages turned on, and even if it did, could not stop someone from taking a video of their screen.
link
denimnerd42 1048 days ago
that’s different than cryptographic proof someone sent the message. anyone can fake the above.
link
mrighele 1048 days ago
I doubt that more than 1% of people using WhatsApp actually care about E2E encryption
link
prmoustache 1048 days ago
Yes, most people are using whatsapp because it was one of the first to use phone number as account handle and to dig into your contacts to find. No risk of mispelling a complicated account name, auto discovery + group chats. The rest is inertia helped by the additions of features like voice messages, video calls, stickers way way way before encryption in order to stay current with the competitions.

If you ask most people how can they be sure that meta is really encrypting end to end, most shrug off saying that meta already knows everything about their lives through FB, Instagram anyway.

link
bombolo 1048 days ago
> WhatsApp end-to-end encryption or even better

so they claim… not that fb has ever given us a reason to trust them.

link
mihaic 1048 days ago
Why risk lying about something like this? It makes no business sense, and I can't imagine the Facebook employees being so loyal as not to spill the beans here.
link
prmoustache 1048 days ago
I am still waiting for someone to explain me why you can forward medias (image or videos) in whatsapp to new recipients without uploading it again completely if those images and videos are encrypted with the public keys of your recipients.

Since the forward is instantaneous and not involve a reupload, it looks to me the files are cached on the servers. If the recipient can see thee files and they are encrypted, it means that the server itself encrypted it using their public cryptographic key. If the server can do that, it means it either: - can decrypt your own files - cache them unencrypted

Correct me if I am wrong.

It is easy to test by sending a large video recording over a crappy connection, then forwarding it to another recipient. First upload can literally take a minute or more, the second action is immediate.

link
bryan_w 1048 days ago
Consider the following:

You encrypt and upload the media to the storage server.

You share the download URL and key with person #1

Now how long would it take to forward that same message with the url and key to person #2...n?

link
prmoustache 1048 days ago
Are you saying they would be using symmetric encryption?
link
bryan_w 1048 days ago
Not necessarily, sender generates a private key for the piece of media, and shares the public key for that media item along with the download location to person 1&2 over their encrypted chat channels.
link
ablated_maquis 1048 days ago
Zoom risked lying out this.

https://theintercept.com/2020/03/31/zoom-meeting-encryption/

link
EGreg 1048 days ago
Really? Then explain this:

https://newatlas.com/computers/facebook-not-secretly-listeni...

And this:

https://www.pcmag.com/news/facebook-app-caught-activating-ph...

And this:

https://www.wired.com/story/whatsapp-facebook-data-share-not...

And of course this:

https://www.propublica.org/article/how-facebook-undermines-p...

link
everybodyknows 1048 days ago
Buried in the Propublica piece (2021) is the ELI5 of the fundamental uncloaking mechanism:

>WhatsApp reviewers gain access to private content when users hit the “report” button on the app, identifying a message as allegedly violating the platform’s terms of service. This forwards five messages — the allegedly offending one along with the four previous ones in the exchange ...

This may not have much to do with the more specific abuse case of criminal financial conspiracies.

link
EGreg 1048 days ago
That’s not the point. The issue is whether Facebook has surreptitiously gotten data you don’t think they’d be getting, and get caught doing it. With regard to video audio and metadata the answer is YES. Will you now trust them with your “encrypted” conversation content?
link
phyrex 1048 days ago
You don’t need to trust Meta, there’s tons of regulatory oversight
link