Comment by prakashn27 14 hours ago
Ex-WhatsApp engineer here. WhatsApp team makes so much effort to make this end to end encrypted messages possible. From the time I worked I know for sure it is not possible to read the encrypted messages.
From business standpoint they don’t have to read these messages, since WhatsApp business API provide the necessary funding for the org as a whole.
Nice! Hey, question: I noticed Signal at one point had same address on Google Play Store as WA. Can you tell us if Signal devs shared office space with WA during integration of the Signal protocol? Related to that, did they hold WA devs' hand during the process, meaning at least at the time it was sort of greenlighted by Moxie or something. If this is stuff under NDA I fully understand but anything you can share I'd love to hear.
According to Kristeligt Dagblad in Denmark, he was using Snapchat: https://www.kristeligt-dagblad.dk/tidligere-superligaspiller...
From what you know about WA, is it possible for the servers to MitM the connection between two clients? Is there a way for a client to independently verify the identity of the other client, such as by comparing keys (is it even possible to view them?), or comparing the contents of data packets sent from one client with the ones received on the other side?
Thanks.
No.
Whatsapp uses key transparency. Anyone can check what the current published keys for a user are, and be sure they get the same value as any other user. Specifically, your wa client checks that these keys are the right key.
Whatsapp has a blog post with more details available.
It only takes one engineer in all the teams at Whatsapp that has different directives to make all your privacy work completely useless.
The legal and liability protection these messaging services get from E2EE is far too big to break it.
Besides I get the feeling we're so cooked these days from marketing that when I get freaked out that an advert is what I was thinking about. It's probably because they made me think about it.
Or maybe I need to update my meds?
How would you hide that? Unless you’re assuming nobody ever has to try and fix bugs or audit code to find it, and there’s some kind of closed off area of code that nobody thinks is suspicious. Or you maintain a complete second set of the app core libs that a few clandestine folks can access, and then hope nobody notices that the binaries don’t line up and crash logs are happening in obscured places.
Assuming there's no code review or audit, I suppose.
I would be surprised if the code was hidden from other people engineers.
> Ex-WhatsApp engineer here. WhatsApp team makes so much effort to make this end to end encrypted messages possible. From the time I worked I know for sure it is not possible to read the encrypted messages.
None of this makes the point you want to make. Being a former engineer. The team making "so much effort". You "knowing for sure". Like many in security, a single hole is all it takes for your privacy to pour out of your metaphorical bag of sand.
It’s not even “a single hole,” it’s that companies can change their mind at any time.
That person doesn’t work there anymore. For all we know Zuck could wake up one day and say “that’s it, we need the data and revenue from reading WhatsApp chats. Change our policy in the most low key way possible.”
Honestly, it’s too tempting isn’t it? They have the largest conversation network out there.
It doesn’t help that the company has just about zero trust built up among their customers. The whole dang company changed their name arguably to try to shed the “Facebook” baggage.
The backups are either unencrypted by default or have keys held by Meta / your backup provider. I think this means three-letter agencies can see your chats, just with a slight delay.
Another comment above mentions that you can recover conversation histories with just your phone number--if that's true then yup. The E2EE is all smoke and mirrors.
I have no doubt that that rank and file engineers were not aware of the underlying functionality that allowed for plain text content to be read.
Nobody would ever create a SendPlainTextToZuck() function that had to be called on every message.
It would be as simple as using a built in PRNG for client side key generation and then surreptitiously leaking the initial state (dozens of bytes) once in a nonce signing or something when authenticating with the server.
I’ve often thought one of Zuck’s superpowers is in finding ways to get smart and moral people to do truly evil things. Sometimes it’s mind games. Sometimes it’s careful layers of obfuscation.
Here it might be: This analytics package is dynamically loaded at runtime because reasons. This abuse flagging and review system is bundled with analytics because reasons. This add on for reconfiguring how the analytics package behaves at runtime, and has a bunch of switches nobody remembers why they’re here but don’t touch them they’re fragile.
Facebook has never been satisfied with direct funding. The value is in selling attention and influencing users’ behavior.