Just a moment...
www.techspot.com

A 10-month Commerce Department probe concluded Meta could view all WhatsApp messages in unencrypted form

  • theunknownmuncher@lemmy.worldEnglish
    0·
    18 days ago

    The most important question to ask when evaluating end-to-end encryption: who manages the keys?

    If Facebook manages all of the keys and is responsible for telling which public key belongs to who, then of course Facebook can read every message.

    • lemonhead2@lemmy.worldEnglish
      0·
      18 days ago

      oh lol. the trust chain is harder and harder to verify these days. i miss the good old days where I would write emails in vi and encrypt with gpg.

      I still write emails with vi. but I lost touch with the one other friend I had who how to use gpg 😂😂😂

        • Flagstaff@programming.devEnglish
          0·
          17 days ago

          Is there an ELI5, foolproof, step-by-step tutorial? I tried Kleopatra on my own and was so completely befuddled; why is that, like, literally the only app out there in the whole world for PGP or GPG or whatever? Shouldn’t there be dozens of such encoders?

      • logi@piefed.worldEnglish
        0·
        18 days ago

        That, and if WhatsApp has the keys, then no amount of encryption is going to help.

        If I remember, the allegation was that they did keep all the keys and many employees could request them to decrypt specific sessions.

    • qprimed@lemmy.mlEnglish
      0·
      18 days ago

      even better - as far as I am aware the client isn’t open (and even if it were, is your installed build from the same source?).

      so, even if the keys are local only, who says there isn’t a hidden API that simply sends locally decrypted content back to a remotely calling endpoint?