If that is the case though, its not E2E it’s client server encryption and then server client encryption back. thats just deceptive marketing at that point.
Comment on Lawsuit Alleges That WhatsApp Has No End-to-End Encryption
arcterus@piefed.blahaj.zone 12 hours ago
So, is it basically treating every message as a “group” message where it sends it to some system WhatsApp account and then also to your intended receiver? This is what I’m assuming based on them supposedly being able to see deleted messages. Also would let them say it’s technically still “E2EE” since it’s indeed E2EE to your receiver, but it’s also E2EE to them as well.
Pika@sh.itjust.works 10 hours ago
arcterus@piefed.blahaj.zone 10 hours ago
Obviously it’s deceptive. But if you individually encrypt the messages you’re sending, the one you send to the receiver still can’t be decrypted by Meta, only the copy sent directly to Meta can, so the copy sent to your intended receivers is still “E2EE.”
Pika@sh.itjust.works 10 hours ago
I don’t agree that would fit the protocol of end to end, E2E by design means that it’s encrypted from the sender to the intended recipient. When you send a message the intended recipient isn’t the server, it’s the user you are sending to. That type of system would be called a encrypt in transit or a server client encryption not E2E. If they are classifying it as E2E that would be incorrect.
arcterus@piefed.blahaj.zone 2 hours ago
Except it is still encrypted to the intended recipient. As the other commenter said, WhatsApp is just another “member” of the group that you can’t see. Basically all they’d have to do is have a server somewhere functioning as a WhatsApp client. Your client sends the message to your intended recipient. It also then sends the message to their “client.” The routing server for the messages can’t decrypt the messages. All the messages are still encrypted per-member of the group and can’t be decrypted until it hits the ends, but WhatsApp is basically a mole siphoning all your messages and storing them.
baronvonj@piefed.social 9 hours ago
An e2ee group chat would need every member to have every other member’s public key. So for 5 people, your client would sign with your private key and send 4 unique messages encrypted each with 1 other person’s public key. Each of them would decrypt their copy of the message with their private key and verify the signature with your public key. So I think what arcterus was saying was that employee who requests access to a user’s messages then becomes just another member of a group chat, but the UI just doesn’t show it as such. Every message you send is then secretly encrypted, on your client, with their special public key and sent to them to be decrypted. That would still be E2EE.
Paranoidfactoid@lemmy.world 10 hours ago
I used to store GPG encrypted files in google drive. But then I noticed bitrot in the stored files which made them impossible to decrypt. So I started adding CRC redundancy through DVDisaster. Which worked but became a PITA. So I finally gave up.
They really want your data.
axx@slrpnk.net 12 hours ago
Ah yes, good old E2E AWA3E.
“End to end, and we are also an end”.
lando55@lemmy.zip 11 hours ago
The E is for “Everyone”
Rooster326@programming.dev 10 hours ago
The S is for Security.
Mr_Dr_Oink@lemmy.world 7 hours ago
I guessed you meant “end to end, as well as 3rd end” before reading on.