Because they say they do and nobody’s yet proven that they don’t. But your point is of course valid: closed source security is nothing more than trust me bro.
WhatsApp’s main resource is that they grabbed more than a billion users before Facebook took over. Saying “look how secure we are” makes the casual user think there’s no need to change.
It should be provable they use the protocol. That’s what goes over the wire and it can be observed.
What’s not provable is that there isn’t a backdoor in the app that allows specific users to be targeted.
Similarly, it’s not provable that there isn’t some client side scanning technology.
Furthermore, it would be difficult to prove that Whatsapp doesn’t send some data back to Meta for all users masked as part of some other network operation.
I suspect any backdoor that happens for all users or regularly would’ve been detected, but that still doesn’t mean it’s safe.
Why are people always saying this when we have absolutely no way to verify that that’s true?
Because they say they do and nobody’s yet proven that they don’t. But your point is of course valid: closed source security is nothing more than trust me bro.
Apart from that I don’t get why they make that argument. If that sounds good to you, use Signal.
WhatsApp’s main resource is that they grabbed more than a billion users before Facebook took over. Saying “look how secure we are” makes the casual user think there’s no need to change.
It should be provable they use the protocol. That’s what goes over the wire and it can be observed.
What’s not provable is that there isn’t a backdoor in the app that allows specific users to be targeted.
Similarly, it’s not provable that there isn’t some client side scanning technology.
Furthermore, it would be difficult to prove that Whatsapp doesn’t send some data back to Meta for all users masked as part of some other network operation.
I suspect any backdoor that happens for all users or regularly would’ve been detected, but that still doesn’t mean it’s safe.