| Feels AI generated ("linkedin-style" short sentences, blob of malformated text towards the bottom), so I'll give myself the permission to skim and take shortcuts. The most interesting claim is the weakness of groups (the article claims the server controls who is a group member, without cryptographically secured authorization by an existing member). The other key points are correct to my knowledge but unsurprising to anyone knowledgeable and partially apply to Signal too (backups are a weak point, you securing/disabling them properly doesn't protect you, metadata is unprotected and sensitive, participants in the conversation might upload the chat to Meta's AI, endpoints are attackable either through WhatsApp or other apps, the general trust issue - which isn't really resolved by being open source unless someone actually checks the reproducible builds AND someone reviews the code). I thought that claim about the backup password hash was wrong, but https://www.nccgroup.com/media/fzwdxklh/_ncc_group_whatsapp_... suggests that Meta thought that 100k iterations of PBKDF2 are a reasonable choice for the key derivation, so it might actually be accurate. AFAIK WhatsApp backups are, by default, encrypted with a key escrowed to WhatsApp (which means that an attacker using warrants now has to subpoena both the cloud provider and whatsapp - probably the best you can get while keeping backups usable for the 99% of people who can't be expected to write down a passphrase and still have it when asked). But IMO the reality is that WhatsApp is the most secure messenger that you can expect normal people to actually use (mostly due to market share/network effect), and the only secure-ish messenger aside from Signal, so I'd be careful with the messaging towards "normies": "Signal is a much better choice, but out of the other options, Whatsapp is by far the least bad". Otherwise, you end up with people picking something like Telegram because "it's all bad anyways" or "I've heard Telegram is secure". |