this post was submitted on 27 Jan 2026
1207 points (99.7% liked)

Technology

79674 readers
3393 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
1207
Lawsuit Alleges That WhatsApp Has No End-to-End Encryption (it.slashdot.org)
submitted 3 days ago by technocrit@lemmy.dbzer0.com to c/technology@lemmy.world
279 comments fedilink hide all child comments
 

As evidence, the lawsuit cites unnamed "courageous whistleblowers" who allege that WhatsApp and Meta employees can request to view a user's messages through a simple process, thus bypassing the app's end-to-end encryption. "A worker need only send a 'task' (i.e., request via Meta's internal system) to a Meta engineer with an explanation that they need access to WhatsApp messages for their job," the lawsuit claims. "The Meta engineering team will then grant access -- often without any scrutiny at all -- and the worker's workstation will then have a new window or widget available that can pull up any WhatsApp user's messages based on the user's User ID number, which is unique to a user but identical across all Meta products."

"Once the Meta worker has this access, they can read users' messages by opening the widget; no separate decryption step is required," the 51-page complaint adds. "The WhatsApp messages appear in widgets commingled with widgets containing messages from unencrypted sources. Messages appear almost as soon as they are communicated -- essentially, in real-time. Moreover, access is unlimited in temporal scope, with Meta workers able to access messages from the time users first activated their accounts, including those messages users believe they have deleted." The lawsuit does not provide any technical details to back up the rather sensational claims.

top 50 comments
sorted by: hot top controversial new old
[–] lavander@lemmy.dbzer0.com 34 points 2 days ago (4 children)

Call me old fashioned but I really think that for real E2EE the vendor of the encryption and the vendor of the infrastructure should be two different entities.

For example PGP/GPG on … great! Proton? Not great

Jabber/XMMP with e2ee encryption great! WhatsApp/Telegram/signal… less so (sure I take signal over the other two every day… but it’s enough to compromise a single entity for accessing the data)

[–] phtheven@lemmy.world 12 points 1 day ago* (last edited 1 day ago) (2 children)

Okay Old Fashioned, but doesn't open source encryption audited by a third party solve this problem? Signal protocol for example? Also proton, I'm guessing, but I'm too lazy to check

[–] lavander@lemmy.dbzer0.com 5 points 1 day ago (1 children)

Unfortunately even the best intentioned and best audited project can be compromised. So that is not a guarantee (sure, much better than closed source but that is a given)

You may be forced by a rubber hose attack (or legal one) to insert vulnerabilities in your code… and you have the traffic… a single point to attack… signal/proton/etc

Is it possible with two different vendors? Sure it is but it is way more complicated

[–] Quexotic@infosec.pub 2 points 1 day ago

That's a really good point. All we'd need is for signal devs to be compromised in some way and the next update ends security for signal.

[–] BoJackHorseman@lemmy.world 8 points 1 day ago* (last edited 1 day ago) (10 children)

Cynical me would say they don't have to use the code they put up on GitHub in production.

load more comments (10 replies)
load more comments (3 replies)
[–] darkmogool@feddit.org 23 points 2 days ago

insert pikachushockedface

[–] Jyek@sh.itjust.works 28 points 2 days ago (21 children)

A lot of victim blaming in this thread. Why can't you just be mad for someone who was deceived?

load more comments (21 replies)
[–] BilboBargains@lemmy.world 15 points 2 days ago (2 children)

It would not be surprising if found to be true. Difficult to see how the current business model operates at a profit. Their long term goal is the usual loss leader model until a monopoly is achieved and then slug us with ads, sell all the data, hike the price, etc. Sickening to watch them cosy up to fascists. They are probably supplying any and all the agencies with intelligence scraped from their user base. If Facebook were a person they would be a psychopath.

[–] drmoose@lemmy.world 4 points 1 day ago

Obligatory

[–] Amroth@feddit.it 14 points 2 days ago

If Facebook were a person they would be a psychopath.

I mean, Mark Zuckerberg kind of is Facebook, and he's a psycho.

[–] BanMe@lemmy.world 114 points 3 days ago (2 children)

Well if I can't trust Meta with my information, who CAN I trust

[–] chemicalprophet@slrpnk.net 57 points 3 days ago (4 children)

Me

[–] usernameusername@sh.itjust.works 45 points 2 days ago (9 children)

Oh okay. My location is 55.752121, 37.617664, my full name is Jeremy, and my password is hunter9. I trust you not to tell this to anybody

load more comments (9 replies)
load more comments (3 replies)
load more comments (1 replies)
[–] myfunnyaccountname@lemmy.zip 15 points 2 days ago

What?!! No. The owner of WhatsApp would never lie to us.

[–] Delilah@lemmy.blahaj.zone 72 points 2 days ago (2 children)

Wait, you are telling me that the company whos entire business is collecting personal information, including people who don't sign up for their services, to leverage for advertising, is keeping their platforms unsecured they can continually grab more information rather than secure it?

I for one am shocked, absolutely shocked.

load more comments (2 replies)
[–] skisnow@lemmy.ca 57 points 2 days ago* (last edited 2 days ago) (1 children)

15 years ago I’d have called this a conspiracy theory given how the evidence seems to be anecdotal, but given literally every single other thing we’ve learned in recent times about how cartoonishly evil and lying the tech bros truly are, it seems entirely likely.

load more comments (1 replies)
[–] just_another_person@lemmy.world 159 points 3 days ago (3 children)

DUH

[–] sexy_peach@feddit.org 122 points 3 days ago (43 children)

No if this is proven it would be a real scandal and would bring a lot of users to better alternatives.

If it's false that's good too, since then WA has e2e encryption

[–] MrSoup@lemmy.zip 98 points 3 days ago (7 children)

would bring a lot of users to better alternatives.

Most users of whatsapp don't care about e2e. They hardly even know what it is.

load more comments (7 replies)
load more comments (42 replies)
load more comments (2 replies)
[–] Lucidlethargy@sh.itjust.works 25 points 2 days ago

You gatta be real stupid to not realize that Facebook is harvesting your data.

[–] roserose56@lemmy.zip 31 points 2 days ago

No surprised at all tbf.

[–] clav64@lemmy.world 10 points 2 days ago (1 children)

I would argue that the vast majority of users don't use WhatsApp for privacy. In the UK at least, it's just the app everyone has and it works. I've actively tried to move friends over to signal, to limited success, but honestly it can be escaped how encryption is not it's killer IP.

load more comments (1 replies)
[–] bjoern_tantau@swg-empire.de 96 points 3 days ago (2 children)

The biggest news is that Slashdot is still alive.

load more comments (2 replies)
[–] wuffah@lemmy.world 76 points 3 days ago (1 children)

Assume the same for Telegram and pretty much any chat platform that controls your private keys.

load more comments (1 replies)
[–] sefra1@lemmy.zip 12 points 2 days ago

Only a tech illiterate can expect privacy from a closed source program, open source is a requirement for both privacy and security.

[–] socsa@piefed.social 58 points 3 days ago (5 children)

It is end to end encrypted but they can just pull the decrypted message from the app. This has been assumed for years, since they said they could parse messages for advertising purposes.

load more comments (5 replies)
[–] matlag@sh.itjust.works 27 points 2 days ago

Proposed line of defense: "With all respect, M. Judge, with all the different times we fucked our users, lied to them, tricked them, experimented on them, ignored them, we already sold private discussions on Facebook in the past, our CEO and founder most famous quote is «They trust me, dumbfucks!», the list goes on and on: no one in their sane mind would genuinely believe we were not spying on Whatsapp! They try to play dumb, they could not possibly believe we were being fair and honest THIS time?!"

load more comments
view more: next ›