Comment on Lawsuit Alleges That WhatsApp Has No End-to-End Encryption
Pika@sh.itjust.works 9 hours agoYea, I do agree with that POV on it. A ghost key like that would be within spec, cause yea at that point it would just be another member. I wasn’t taking it as an additional group member though, since the whistleblower is stating that they can put in any user id and have access to all messages live, that would mean they would have a ghost user on all messages period regardless of if its a group chat or not.
baronvonj@piefed.social 9 hours ago
I will say, not too long ago there was some question if I had setup a WhatsApp account with my number due to some emails I was receiving. Not wanting to install the app and unwittingly create an account just by checking if I had one, my wife created a group chat with just her and my number, sent a message, and then we saw it get marked as read by all. Which in an E2EE system should not have been possible without me having the app setup. so I did go ahead and wiped an old and setup the app to make sure I was in control of any account for my number, and I did then receive that group chat. But still, very sketchy.