The loophole in WhatsApp’s end-to-end encryption is simple: The recipient of any WhatsApp message can flag it. Once flagged, the message is copied on the recipient’s device and sent as a separate message to Facebook for review.
That practically applies to every form of digital communication. Sender/recipient has it on their end unencrypted and passes/leaks it on elsewhere
Once a review ticket arrives in WhatsApp’s system, it is fed automatically into a “reactive” queue for human contract workers to assess. AI algorithms also feed the ticket into “proactive” queues that process unencrypted metadata—including names and profile images of the user’s groups, phone number, device fingerprinting, related Facebook and Instagram accounts, and more.
Just indicating that the steps taken that you mentioned are far beyond what most people would imagine as expected behavior for encrypted messaging software. Assuming your quote was published somewhere, as being about WhatsApp. I might’ve misunderstood.
Pretty, sure the more user / privacy friendly options prevent screenshots or copying from an encrypted chat, and also allow the participants to delete their messages after they were read or even a set time.
prevent screenshots or copying from an encrypted chat
Aside from the obvious analog hole, that’s only possible if the user’s device cooperates, which is never guaranteed.
There is no way to send messages to someone’s device and guarantee they won’t provide them to a third party. Technology can’t force an untrustworthy person to keep your secrets.
Signal does not attempt to stop me from taking screenshots, and all chats on Signal are encrypted.
You have some good points. I’m curious about the scenario where you need encrypted communications with an untrusted party.
I guess if you are leaking insider information to the press and need to be anonymous, but then use an anonymous account. Why would you need to send information to someone but not trust them to use the information responsibly?
Restricting screenshots is laughable security. If you can read a message then you can take a picture with a second device, there isn’t any software that can stop that.
Preventing screenshots can stop accidents and make someone think twice about it, and disappearing messages prevents returning later and looking them up, but that’s it.
Well yes obviously nobody can prevent the recipient from taking a picture of the screen with a second device or writing down manually what the message said.
No system is foolproof, but those features are definitely miles ahead of anything meta provides, since they dont actually want those chats to be encrypted. They want that data, it is their business model.
Author recommends a meta owned company for text messaging.
Lol.
https://arstechnica.com/gadgets/2021/09/whatsapp-end-to-end-encrypted-messages-arent-that-private-after-all/
That practically applies to every form of digital communication. Sender/recipient has it on their end unencrypted and passes/leaks it on elsewhere
Does this also happen?
Fucking woof…
Please elucidate.
Just indicating that the steps taken that you mentioned are far beyond what most people would imagine as expected behavior for encrypted messaging software. Assuming your quote was published somewhere, as being about WhatsApp. I might’ve misunderstood.
It’s from the article I posted in my comment above. The same article I the comment above me cherry picked their comment from.
It was just a variant of “woah!”, in response to what you posted. I apologize if it came off as something different.
No problem. Your other comments seemed thoughtful and educated so it didn’t seem hostile once I looked.
Otherwise I’d have been a little more…unfriendly.
Pretty, sure the more user / privacy friendly options prevent screenshots or copying from an encrypted chat, and also allow the participants to delete their messages after they were read or even a set time.
Aside from the obvious analog hole, that’s only possible if the user’s device cooperates, which is never guaranteed.
There is no way to send messages to someone’s device and guarantee they won’t provide them to a third party. Technology can’t force an untrustworthy person to keep your secrets.
Signal does not attempt to stop me from taking screenshots, and all chats on Signal are encrypted.
You have some good points. I’m curious about the scenario where you need encrypted communications with an untrusted party.
I guess if you are leaking insider information to the press and need to be anonymous, but then use an anonymous account. Why would you need to send information to someone but not trust them to use the information responsibly?
Restricting screenshots is laughable security. If you can read a message then you can take a picture with a second device, there isn’t any software that can stop that.
Preventing screenshots can stop accidents and make someone think twice about it, and disappearing messages prevents returning later and looking them up, but that’s it.
Well yes obviously nobody can prevent the recipient from taking a picture of the screen with a second device or writing down manually what the message said.
No system is foolproof, but those features are definitely miles ahead of anything meta provides, since they dont actually want those chats to be encrypted. They want that data, it is their business model.