And I think you can do more about E2E encrypting it. Or at least trying to. At some point, people don't want plaintext journals floating around stored permanently. Although I know it starts as cleartext on whatsapp's servers
Easy to say, very difficult to implement it right (and implementing it not right is diffcult AND useless). Also, let's be clear here, whatsapp E2EE is a joke.
My guess is since its closed source, no one beside them can verify that the supposedly e2e is even true, or exist in current latest binary. Sort of telling everyone that I've got a mountain of gold inside my house but the door is locked, no one beside me could verify my claim. Security and/or privacy via obscurity is moot.
You can always go ahead and decompile the apps and then show everyone that they’re in fact lying, that story would be huge. That alone doesn’t make it true, but there have so far not been hints of them pulling weird stuff with their e2ee, unlike telegram, for example.
They’re even working on improving the default mode 99% of users use e2ee chat apps with - trust on first use (TOFU): https://engineering.fb.com/2023/04/13/security/whatsapp-key-...
They probably do all kinds of horrible stuff with the metadata. I’m honestly too lazy to read the privacy policy. But I have yet to see critique of their e2ee that’s actually backed up by substance instead of people’s imaginations.
If debunking security and/or privacy claims, and indirectly, to prove security and/or privacy claims is as simple as reverse engineering binaries then the very concept of open source for better privacy and/or security itself would be moot. Its outrageous to even suggest that.
this is facebook. they're data-mining pictures of your dog for money. I don't think privacy/safety is expectable with meta