Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

WhatsApp provides no cryptographic management for group messages

⁨0⁩ ⁨likes⁩

Submitted ⁨⁨1⁩ ⁨year⁩ ago⁩ by ⁨themachinestops@lemmy.dbzer0.com⁩ to ⁨technology@lemmy.world⁩

https://arstechnica.com/security/2025/05/whatsapp-provides-no-cryptographic-management-for-group-messages/

source

Comments

Sort:hotnewtop
  • Sandbar_Trekker@lemmy.today ⁨1⁩ ⁨year⁩ ago

    Highlighting the main issue here (from the article):

    “This means that it is possible for the WhatsApp server to add new members to a group,” Martin R. Albrecht, a researcher at King’s College in London, wrote in an email. “A correct client—like the official clients—will display this change but will not prevent it. Thus, any group chat that does not verify who has been added to the chat can potentially have their messages read.”

    source
  • ouch@lemmy.world ⁨1⁩ ⁨year⁩ ago

    If you want your group memberships to be known only by the group members, use Signal.

    source
    • unexposedhazard@discuss.tchncs.de ⁨1⁩ ⁨year⁩ ago

      Or P2P stuff like Briar :)

      source
    • coconut@programming.dev ⁨1⁩ ⁨year⁩ ago

      Just use signal is not a valid statement in a world where vast majority of people aren’t using (and won’t use) it. I have been trying to get people to install it and have a total of 6 over several years. They only use it to communicate with me.

      source
    • ParetoOptimalDev@lemmy.today ⁨1⁩ ⁨year⁩ ago

      Or simplex.chat where there are no identifiers like phone numbers or any other identifier.

      Security review was done by trail of bits.

      source
    • sykaster@feddit.nl ⁨1⁩ ⁨year⁩ ago

      Just be sure to add only the people you want to be there. I’ve heard someone people add others and it’s a bit messy

      source
      • tias@discuss.tchncs.de ⁨1⁩ ⁨year⁩ ago

        How bad can it be, it’s not like we’re sharing state secrets

        source
        • -> View More Comments
    • Bahnd@lemmy.world ⁨1⁩ ⁨year⁩ ago

      Or Matrix (warning some assembly required)

      source
      • Vanilla_PuddinFudge@infosec.pub ⁨1⁩ ⁨year⁩ ago

        I actually found xmpp to be a breeze compared to most Matrix solutions.

        Synapse is bloated, dendrite sucks and conduit is in perpetual beta and the uwu forks die too fast.

        XMPP:

        1. Install Snikket
        2. Reverse proxy
        3. Done
        source
      • new_guy@lemmy.world ⁨1⁩ ⁨year⁩ ago

        WhatsApp isn’t the only messenger lacking cryptographic assurances for new group members. In 2022, a team that included some of the same researchers that analyzed WhatsApp found that Matrix—an open source and proprietary platform for chat and collaboration clients and servers—also provided no cryptographic means for ensuring only authorized members join a group. The Telegram messenger, meanwhile, offers no end-to-end encryption for group messages, making the app among the weakest for ensuring the confidentiality of group messages.

        source
        • -> View More Comments
  • lIlIlIlIlIlIl@lemmy.world ⁨1⁩ ⁨year⁩ ago

    Duh, how else is Zuckerberg going to spy on you and sell your data back to you?

    source
    • wischi@programming.dev ⁨1⁩ ⁨year⁩ ago

      It’s not called Meta data by accident 🤣

      source