[netdur]

there are two sides, such as how photos can stress citizens and act as propaganda, making them harmful to state interests, ultimately it is their country and their rules, not yours, regardless of how much you disagree with it

you are also missing the elephant in the room, whatsapp's claim of end-to-end encryption is a lie

[chasil]

The actual text from the article implies that OS exploits compromised the device.

"The UAE government owns majority holdings in telecom companies Etisalat and Du. This gives security services the power to observe all communications on their networks.

"The Arab state has also used the Israeli-developed software Pegasus which allows agents to listen into private calls and read messages, even if they are shared on encrypted apps like WhatsApp,.

"The spyware can infect a device even without the user activating a link - such as via a WhatsApp call, even if it isn't answered.

"Once inside, it can access all WhatsApp messages, logos and contacts."

[ufmace]

I don't think that means anything as the author of the article almost certainly has no clue about anything but what the Government there told him. They're just quoting general knowledge and speculation by other equally-uninformed third parties.

[chasil]

Well, how would you a) obtain the incriminating photo, then b) determine that it had been transmitted?

An OS exploit and stat() for an atime would do it.

[netdur]

By asking Meta polity

[fc417fc802]

That only works if you assume that Meta is lying about the E2EE. But earlier you took this very event as evidence of that fact, hence it seems you're begging the question.

Someone else has pointed out that it isn't legal to offer E2EE services in the UAE and so Meta intentionally compromises it in that market one way or another. They don't seem to be hiding that fact though so it's hardly an elephant.

[chasil]

polity - a political organization

politely - courteous, socially correct, or refined manner

[alephnerd]

> you are also missing the elephant in the room, whatsapp's claim of end-to-end encryption is a lie

Not exactly.

E2E is illegal in the UAE, and Meta has only advertised E2E in countries where it can operate E2E freely.

All chat apps that operate in the UAE need to store data locally with full access given to the UAE's Telecom and Interior Ministries.

[fwn]

> E2E is illegal in the UAE, and Meta has only advertised E2E in countries where it can operate E2E freely.

From my experience, the no-advertisement claim is untrue. I've used WhatsApp with several users in the UAE. The end-to-end encryption notice appeared on my side (as always in user-to-user communication).

> All chat apps that operate in the UAE need to store data locally with full access given to the UAE's Telecom and Interior Ministries.

Do you have a source for that claim?

Compromised endpoints, monitoring accounts or unencrypted cloud backups are far more likely to be the source than hidden deals or large conspiracies where many people need to keep a secret.

[alephnerd]

> Do you have a source for that claim?

The UAE's Personal Data Protection Law (PDPL) passed in 2021.

Any internet service that is used by UAE residents has to store data domestically within UAE borders.

Assuming zero days are being used to enable mass surveillance is much more conspiratorially minded - once a zero day is used, it's often detected within days and patched.

[fwn]

But wait, you sourced the trivial part of your claim (a law exists), but not that WhatsApp breaks E2E. The encryption part is the important part, right?

I'm no expert in the UAEs data protection law, but I did not immediately find any reference for a mandate for government backdoor access to encrypted content.

Also: compromising endpoints obviously does not require zero-day exploits. Otherwise, I'd assume, the services of the surveillance industry (Pegasus, Cellebrite, etc.) would be far more expensive.

There is probably no large conspiracy where Meta breaks E2E for a government and nobody involved ever leaks it. The more traditional threat is probably service blocking where users get pushed to less secure alternatives that the government can more easily monitor, like Russias new government messenger.

[adjejmxbdjdn]

Group chats are openly not E2E encrypted.

Even personal chats are publicly not E2E encrypted.

There are other insidious ways you can publicly and openly end E2E encryption (I think backups might do that).

Essentially, while WhatsApp may not be lying their default 1 to 1 chats are E2E encrypted, it makes sense to use it as if it weren’t because it’s so easy to disable it even with their publicly disclosed information.

[Tepix]

Wrong. Both WhatsApp and Signal group chats are E2EE.

Telegram group chats are not. Even 1on1 chats aren‘t E2EE on Telegram by default.

Also, reporting is an issue: If a member of the group "Reports" a message to WhatsApp, a copy of the recent messages in that chat is decrypted and sent to WhatsApp for review to check for terms-of-service violations.