For open source messengers, you can check whether they actually encrypt your messages and whether the server has access to your encryption keys but what about WhatsApp? Since it’s not open source, you can’t be sure that the encryption keys aren’t sent to the server, right? Has there been a case where a government was able to access WhatsApp chats without reading them from the phone itself?

  • Reversed Cookie@feddit.de
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    It’s uses the Signal Encryption Protocol as far we know. So they shouldn’t be possible too, Signals Encryption Protocol is even quantum resistant.

    • ninchuka@lemmy.one
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      They only recently made it quantum resistant, so I don’t think that whatsapp is using that version

    • Knusper@feddit.de
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      Problem is that they can still compromise it. Simplest method would be to just take what you’ve typed into the UI and send it two times. One time to your communication partners and one time unencrypted / decryptable for themselves.

      But even if they’re exclusively sending via Signal’s library and not tampering with it or anything, they can still instruct Signal’s library to add another member to a group chat. And that ‘member’ can be their server. It will be sent, fully end-to-end-encrypted, but to an end you don’t know about.