[roelschroeven]

We don't really know that messages really are end-to-end encrypted though, do we? Is there a way to actually check that the messages in transit are encrypted in a way that only the other end can decrypt them? If not, we have to take Meta's word for it, which frankly doesn't carry much weight.

[varenc]

Not trivially. But with painstaking reverse engineering you could prove this. And people have, so you're not exclusively just taking Meta's word. The fact that Pegasus malware relied on remote code execution vuln to run malware on your phone to extract WhatsApp messages, really suggests that the E2EE works. If it wasn't E2EE, then the makers of Pegasus could have just intercepted traffic to get your messages.

Academics have also reverse engineered it as well, and though there are some weakness it's not a lie that WhatsApp is E2EE. Here's some I just found:

- https://eprint.iacr.org/2025/794.pdf

- https://i.blackhat.com/USA-19/Wednesday/us-19-Zaikin-Reverse...

[wordofx]

This does not prove that Meta does not have the ability to decrypt the messages.

[varenc]

Eh, well painstaking reverse engineering is like having the source code, just 10000x more work. With that I feel like it should be possible to ensure this, or at least with some high level of confidence.

[lioeters]

How can we call it "E2E encryption" in any meaningful sense of the term when the ends run proprietary code, and at least one of the ends has proven themselves unworthy of trust time and again.