Question about Whatsapp

Regime6045 · June 11, 2023, 8:32am

I have a question about Whatsapp. Of course we know that it’s owned by Facebook and that they get all the metadata (who talks to whom) and your address book’s phone numbers. But the messages themselves are end-to-end encrypted.

Question 1: Given that WA is closed source, is there any way to prove whether it’s actually end to end encrypted? I mean from a business logic, it should be, because if a whistleblower comes out it would be quite the scandal, and also because of stuff like Facebook telling the UK government that they’ll quit the UK market if the E2EE ban comes. But is there any technical way of proving it?

Question 2: Are the chat backups (Google Drive, iCloud) end to end encrypted by default? I know they used to be unencrypted (just “encrypted at rest” with Google/Apple having the keys) and then I think they wanted to add the possibility of E2EE but not sure if that really happened and if so, if it is optional or default?

Because if (1) can be confirmed and (2) is E2EE by default, then actually Whatsapp isn’t that bad of a product, as long as you only care about your messages and not the metadata. It would make Whatsapp better than SMS or unencrypted Telegram/Viber/Facebook Messenger chats at least.

noClaps · June 11, 2023, 8:45am

You can MITM the device and monitor the data WhatsApp is sending back and forth. WhatsApp have also published a whitepaper on their end-to-end encryption.
I’m not sure if encrypted backups is on by default, but they do give you the option to turn it on when you first register for WhatsApp.

Jimo · June 11, 2023, 8:46am

1: As far as I know there’s no way to confirm unless its auditing their source code, and even if its encrypted, since its saved indefinitely it the encryption could be broken at some point in the future.

2: No idea

Anonymous49 · June 11, 2023, 9:04am

I believe WhatsApp’s encryption is flawed. There are 1000 content moderators employed for whatsapp. So, how can they access E2EE messages? This news is from 2021, and I am sure the numbers increased this year.

Regime6045 · June 11, 2023, 1:15pm

Hm then there is the inherent risk that you conversation partner can still leak the messages via Google/Apple clouds (only really relevant if your threat is the government in which case I guess you wouldn’t use Whatsapp anyway?)

Gunther · June 11, 2023, 4:06pm

When a WhatsApp user reports a comment in a chat, they are sending the decrypted message from their phone to WhatsApp’s moderation team. Not saying this is a privacy-respecting feature, but it’s hardly evidence of any flaw in WhatsApp’s e2ee.

InternetGhost · June 13, 2023, 1:29am

100%. It’s the same as the recipient of your message emailing a screenshot to Facebook. It only works if someone in the chat choose to reveal the contents, with is a risk with this feature or without it.

Topic		Replies	Views
How secure is WhatsApp E2EE? Questions	23	1255	December 8, 2023
Whatsapp vs sms+cell Privacy software	4	378	December 24, 2024
Thoughts on this WhatsApp encryption discussion? Questions	2	232	November 10, 2024
WhatsApp account suspended after using unofficial Android app Questions	15	1026	November 22, 2023
WhatsApp Threatens To Remove 500 Million Users From App Privacy article	2	946	April 28, 2024

Question about Whatsapp

Related topics