[alephnerd]

> you are also missing the elephant in the room, whatsapp's claim of end-to-end encryption is a lie

Not exactly.

E2E is illegal in the UAE, and Meta has only advertised E2E in countries where it can operate E2E freely.

All chat apps that operate in the UAE need to store data locally with full access given to the UAE's Telecom and Interior Ministries.

[fwn]

> E2E is illegal in the UAE, and Meta has only advertised E2E in countries where it can operate E2E freely.

From my experience, the no-advertisement claim is untrue. I've used WhatsApp with several users in the UAE. The end-to-end encryption notice appeared on my side (as always in user-to-user communication).

> All chat apps that operate in the UAE need to store data locally with full access given to the UAE's Telecom and Interior Ministries.

Do you have a source for that claim?

Compromised endpoints, monitoring accounts or unencrypted cloud backups are far more likely to be the source than hidden deals or large conspiracies where many people need to keep a secret.

[alephnerd]

> Do you have a source for that claim?

The UAE's Personal Data Protection Law (PDPL) passed in 2021.

Any internet service that is used by UAE residents has to store data domestically within UAE borders.

Assuming zero days are being used to enable mass surveillance is much more conspiratorially minded - once a zero day is used, it's often detected within days and patched.

[fwn]

But wait, you sourced the trivial part of your claim (a law exists), but not that WhatsApp breaks E2E. The encryption part is the important part, right?

I'm no expert in the UAEs data protection law, but I did not immediately find any reference for a mandate for government backdoor access to encrypted content.

Also: compromising endpoints obviously does not require zero-day exploits. Otherwise, I'd assume, the services of the surveillance industry (Pegasus, Cellebrite, etc.) would be far more expensive.

There is probably no large conspiracy where Meta breaks E2E for a government and nobody involved ever leaks it. The more traditional threat is probably service blocking where users get pushed to less secure alternatives that the government can more easily monitor, like Russias new government messenger.