[FabHK]

> For example, WhatsApp sells itself as fully encrypted, etc. but if you’re in a group chat thars not true anymore. That information is available to WhatsApp and they almost certainly make it available to several governments (hopefully in a judicially protected way but we can’t know that).

Source? It could well be that the sender e2ee it to each of the recipients, no? (Trivial to add the government or WhatsApp itself to the recipients, then, but that is a different claim.)

[bostik]

OP reads like something I have played devil's advocate for. In an earlier discussion about WA vulnerabilities, one of the reported bugs was that as implemented, Facebook could have added themselves silently to any group chat, thus receiving with plaintext copies of all messages sent in the group from that point onwards. I then extrapolated that if they so chose, they could change their plumbing enough to make all chats group chats - even when they were between two people.

To be absolutely clear, there was not - neither back then, nor since - evidence of this being the case. But the technical capability and potential for such subversion was there at the time. I have not followed the domain news enough to know whether this is still the case.

What is available to WA and thus to governments, is the traffic pattern part. Who communicates with whom, when, how large the messages approximately are, and so on. The stuff our industry and journalists at large have chosen to call metadata[tm].

I stubbornly call the whole thing for what it is: traffic analysis. Old-school style.