Comment

Comment on Ping! The WhatsApps that should have been an email

CameronDev@programming.dev ⁨3⁩ ⁨days⁩ ago

Them including themselves as a participant still does not make it “like https”.

Being sued also doesn’t mean anything, anyone can be sued at any time, and there does not need to be a basis in reality for it to go ahead. It is not proof of anything.

They control the app, they can obviously steal the messages if they wanted to, but you are making very strong claims with zero evidence.

I don’t like meta any more than you do, but if you are going to make claims of “like https”, bring actual evidence.

source

Sort:hotnew top

DomeGuy@lemmy.world ⁨3⁩ ⁨days⁩ ago
If you don’t like meta any more than I do, why are you arguing so strongly that they deserve the benefit of the doubt?

And, more interestingly, what precisely do you mean that Meta including themselves as a recipient in every WhatsApp chat would not render their E2E encryption equivalent to HTTPS?

AFAIK both are in-transit encryption that prevents casual monitoring by other entries along the network path between you and the person you’re chatting with, but expose you to undetectable monitoring on the part of the service provider.

source
- CameronDev@programming.dev ⁨3⁩ ⁨days⁩ ago
  Just because they are a distasteful company, doesn’t give us free reign to spread lies about them. There is plenty of verifiable true things to say.
  
  The signal protocol and encryption explicitly prevents the transit server decrypting messages. That a theoretical hidden third person (who may or may not be part of meta) in the chat doesn’t change that is e2e encrypted.
  
  Simplifying it down to "they might have a hidden back-door, therefore it’s https is a dishonest framing in my opinion.
  
  source
  - DomeGuy@lemmy.world ⁨3⁩ ⁨days⁩ ago
    
    Just because they are a distasteful company, doesn’t give us free reign to spread lies about them.
    
    To be pedantic, I’m spreading alarmist rumors at worst. In English a “lie” has to be something the speaker doesn’t actually believe. And I honestly believe that users of WhatsApp should assume that Meta can read their messages.
    
    The signal protocol and encryption explicitly prevents the transit server decrypting messages. That a theoretical hidden third person … in the chat doesn’t change that is e2e encrypted.
    
    You’re splitting a hair that’s not even worth curling.
    
    If I ship you a locked box via courier, and the courier can get a copy of the key without talking to either of us, we should presume that the courier may have looked inside and take appropriate measures. Like, inventorying the contents of said box before and after, and not shipping things we don’t want the courier to know about.
    
    It doesn’t matter if the courier keeps the box locks, doesn’t habitually carry a key, or even promises that they won’t get a key. We don’t even have to assume that they actually looked in the box, or use a slower or more-expensive courier.
    
    If there’s a plausible way they can open the box, we should start with the presumption that they did and then go from there.
    
    source