Comment on Lawsuit Alleges That WhatsApp Has No End-to-End Encryption
Pika@sh.itjust.works 9 hours agoIf that is the case though, its not E2E it’s client server encryption and then server client encryption back. thats just deceptive marketing at that point.
arcterus@piefed.blahaj.zone 8 hours ago
Obviously it’s deceptive. But if you individually encrypt the messages you’re sending, the one you send to the receiver still can’t be decrypted by Meta, only the copy sent directly to Meta can, so the copy sent to your intended receivers is still “E2EE.”
Pika@sh.itjust.works 8 hours ago
I don’t agree that would fit the protocol of end to end, E2E by design means that it’s encrypted from the sender to the intended recipient. When you send a message the intended recipient isn’t the server, it’s the user you are sending to. That type of system would be called a encrypt in transit or a server client encryption not E2E. If they are classifying it as E2E that would be incorrect.
arcterus@piefed.blahaj.zone 42 minutes ago
Except it is still encrypted to the intended recipient. As the other commenter said, WhatsApp is just another “member” of the group that you can’t see. Basically all they’d have to do is have a server somewhere functioning as a WhatsApp client. Your client sends the message to your intended recipient. It also then sends the message to their “client.” The routing server for the messages can’t decrypt the messages. All the messages are still encrypted per-member of the group and can’t be decrypted until it hits the ends, but WhatsApp is basically a mole siphoning all your messages and storing them.
baronvonj@piefed.social 7 hours ago
An e2ee group chat would need every member to have every other member’s public key. So for 5 people, your client would sign with your private key and send 4 unique messages encrypted each with 1 other person’s public key. Each of them would decrypt their copy of the message with their private key and verify the signature with your public key. So I think what arcterus was saying was that employee who requests access to a user’s messages then becomes just another member of a group chat, but the UI just doesn’t show it as such. Every message you send is then secretly encrypted, on your client, with their special public key and sent to them to be decrypted. That would still be E2EE.
Pika@sh.itjust.works 7 hours ago
Yea, I do agree with that POV on it. A ghost key like that would be within spec, cause yea at that point it would just be another member. I wasn’t taking it as an additional group member though, since the whistleblower is stating that they can put in any user id and have access to all messages live, that would mean they would have a ghost user on all messages period regardless of if its a group chat or not.
Paranoidfactoid@lemmy.world 8 hours ago
I used to store GPG encrypted files in google drive. But then I noticed bitrot in the stored files which made them impossible to decrypt. So I started adding CRC redundancy through DVDisaster. Which worked but became a PITA. So I finally gave up.
They really want your data.