this post was submitted on 23 Oct 2023
76 points (89.6% liked)

Privacy

31837 readers
131 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

And if so, why exactly? It says it's end-to-end encrypted. The metadata isn't. But what is metadata and is it bad that it's not? Are there any other problematic things?

I think I have a few answers for these questions, but I was wondering if anyone else has good answers/explanations/links to share where I can inform myself more.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 106 points 1 year ago* (last edited 1 year ago) (4 children)

It says it's end-to-end encrypted.

Whatsapp is closed source and made by a advertising company. Wouldnt really count on that

Edit: Formatting

[–] [email protected] 25 points 1 year ago* (last edited 1 year ago) (1 children)

Saying they do E2EE but not doing it would be a literal massive scale fraud. Can't say I put Meta past those behaviors to be fair though lol

But as the other guy said, metadata is already a lot.

[–] [email protected] 26 points 1 year ago (1 children)

They would just say that they have a different definition of E2EE, or quietly opt you out of it and bury something in their terms of service that says you agree to that. You might even win in court, but that will be a wrist slap years later if at all.

[–] [email protected] 10 points 1 year ago* (last edited 1 year ago)

No single individual will beat a corporation as large as Facebook in a court battle. You could have all the evidence in the world and they'll still beat you in court and destroy your life in the process. It took a massive class action lawsuit to hold them accountable for the Cambridge Analytica case, and the punishment was still pennies to them.

Look at the DuPont case. There was abundant evidence that they were knowingly poisoning the planet, and giving people cancer, and they still managed to drag that case on for 30 years before a judgement. In the end they were fined less than 3% of their profit from a single year. That was their punishment for poisoning 99% of all life on planet earth, knowingly killing factory workers, bribing government agencies, lying, cheating, and just all around being evil fucks. 3% of their profit from a single year.

[–] [email protected] 19 points 1 year ago (1 children)

“We just capture what you wrote and to whom before it gets encrypted and sent; we see nothing wrong with that” —Mark Zuckerberg, probably

[–] [email protected] 15 points 1 year ago* (last edited 1 year ago) (2 children)

They don't really need the actual contents of your messages if they have the associated metadata, since it is not encrypted, and provides them with plenty of information.

So idk, I honestly don't see why I shouldn't believe them. Don't get me wrong though, I fully support the scepticism.

[–] [email protected] 5 points 1 year ago (1 children)

All they need is the encryption key for the message, and it's not the message itself.

[–] [email protected] 6 points 1 year ago

If they keys are held by them, they have access.

When you log into another device, if all your chat history shows up, then their servers have your encryption key.

[–] [email protected] -1 points 1 year ago* (last edited 1 year ago) (1 children)

It can be fully end to end encrypted and still drop keyword-based metadata into the envelope. But also, I am pretty sure that the feds can access the keys if they need to. It's e2e encrypted, but that doesn't mean the key stays on your device.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

That too, yeah. Actually, look at Matrix Bridges. Any one of your contacts can give access to this third-party to decrypt your chats, so... yeah.

[–] [email protected] 5 points 1 year ago

This is what I came to express as well. Unless the software is open source, both client and server, what they say is unverifiable and it's safest to assume it's false. Moreover, the owning company has a verifiable and well known history of explicitly acting against user privacy. There is no reason to trust them and every reason not to.