this post was submitted on 30 Apr 2026
726 points (98.9% liked)

Technology

84256 readers
3675 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
726
A federal agent said WhatsApp's encryption is a lie. Then the investigation was shut down (www.techspot.com)
submitted 1 day ago by throws_lemy@reddthat.com to c/technology@lemmy.world
84 comments fedilink hide all child comments
 

A 10-month Commerce Department probe concluded Meta could view all WhatsApp messages in unencrypted form

you are viewing a single comment's thread
view the rest of the comments
[–] Treczoks@lemmy.world 31 points 1 day ago (12 children)

I never assumed that this presumed "end to end encryption" was secure in any way. The key exchange either runs over Meta servers, and they just log them, or the client software simply surrenders the key (maybe always, maybe on demand) together with the data stream that still runs over Meta servers.

[–] zergtoshi@lemmy.world -2 points 23 hours ago (10 children)

They can log anything they want and have nothing useful, if the encryption protocol is sound.
Have a look at how TLS is designed, if you want to know more.

[–] dependencyinjection@discuss.tchncs.de 15 points 23 hours ago (8 children)

You can have the soundest encryption in the world but if they have access to the keys it doesn’t matter, they can see everything.

[–] zergtoshi@lemmy.world 6 points 23 hours ago (1 children)

But the key exchange is not the issue then.
Access to private keys is.
If the host system, on which the key exchange runs, is compromised, you're toast.

[–] Railcar8095@lemmy.world 7 points 22 hours ago (2 children)

Where's the private key? I can get a new phone, log with WhatsApp and download all the historical messages without intruducing any additional password or key.

I assume they have all the required data too.

[–] MalMen@masto.pt 2 points 21 hours ago

@Railcar8095 @zergtoshi actually is not my exlerience with whatsapp, since I have the backups disable, everytime I change phones I lost all my conversations. But since whatsapp is closed source, the app can indeed use encryption to comunicate p2p, but I will allways assume that the key is logged by meta, "just in case"

[–] zergtoshi@lemmy.world 1 points 21 hours ago (1 children)

Sounds like a compromised phone in the sense that it doesn't protect (and instead transmit) the private key.

[–] Railcar8095@lemmy.world 5 points 20 hours ago (1 children)

That's not the phones fault, but how WhatsApp works

[–] zergtoshi@lemmy.world -2 points 18 hours ago (2 children)

How is a phone not compromised if it hosts apps that play into the hands of evil actors?

[–] WhyJiffie@sh.itjust.works 1 points 14 hours ago

it is not, unless the app can exfiltrate data from other apps

[–] Railcar8095@lemmy.world 0 points 16 hours ago

I undersrstand my threat model and how to limit exposure.

load more comments (6 replies)
load more comments (7 replies)
load more comments (8 replies)