Comment on Lawsuit Alleges That WhatsApp Has No End-to-End Encryption
RIotingPacifist@lemmy.world 13 hours agoJust because it’s centralized doesn’t mean that it falls under this risk sector.
The attack as described almost certainly involves the server sending a message to your client and then having the messages replicated via a side channel to Whatsapp without breaking E2E encryption (it could be adding them as a desktop client or adding them as a hidden participant in all chats, that isn’t clear in the article)
If you could run Whatsapp without connecting to Meta, you would be safe from this attack, but as you’ve pointed out a secure client is a better solution.
Pika@sh.itjust.works 12 hours ago
Fully agree that in this case if the claim is true (they have had a few of these claims), it’s likely whatsapp either making itself a companion app that’s hidden, or has some form of escrow in place to allow deciphering the messages.
I was just mentioning that this isn’t a fault of it being centralized, this is a design choice by the company when implementing e2e encryption, and that a properly functioning system would never give the server the ability to decipher the messages in the first place.