this post was submitted on 30 Apr 2026
833 points (99.3% liked)

Technology

85574 readers
3850 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
833
A federal agent said WhatsApp's encryption is a lie. Then the investigation was shut down (www.techspot.com)
submitted 1 month ago by throws_lemy@reddthat.com to c/technology@lemmy.world
108 comments fedilink hide all child comments
 

A 10-month Commerce Department probe concluded Meta could view all WhatsApp messages in unencrypted form

you are viewing a single comment's thread
view the rest of the comments
[–] yetAnotherUser@lemmy.ca -2 points 1 month ago (3 children)

What I don't understand yet is why there haven't been any independent cybersecurity experts capable of finding a backdoor in WhatsApp. How hard would it be for an expert without access to the source code to find one? Are any independent entities monitoring WhatsApp's security at all??

[–] daniskarma@lemmy.dbzer0.com 5 points 1 month ago (1 children)

It's not about being vulnerable. It's probably a very tight software.

It's just that Meta stores the private keys of the e2e encryption. So they can decrypt any and all chats if they want to.

[–] yetAnotherUser@lemmy.ca 1 points 1 month ago

Ooh, I see. Thanks.

[–] fodor@lemmy.zip 5 points 1 month ago (2 children)

The clients are one question, but the servers are another. If the backdoor is on the server end, which it sure looks like, then your experts won't find anything by examining the client.

[–] yetAnotherUser@lemmy.ca 1 points 1 month ago

I see. I thought that the backdoor had to be in the client, because I thought that could be the only place where the private keys are stored, but I've since realized that it could be on the server. Thanks for the insight.

[–] nibbler@discuss.tchncs.de 0 points 1 month ago

If the client was open source, it could be verified by inspecting this source alone. To my understanding, the clients do real end to end encryption. This is the good part. They also have some functionality to re-encrypt the data or export the secret key to let new peers take part, or so i guess. This is how your web browser can also read them after you peer it up. Now there might or might not be a function in the client, where meta can request the private key or re-encryption. This is really hard to figure out without having the source code.

[–] R00bot@lemmy.blahaj.zone 2 points 1 month ago (1 children)

Hey I work in cyber security. Just because an app has a backdoor doesn't mean that the backdoor can be accessed by anyone. Accessing this backdoor would likely mean compromising meta themselves, not just the app or its communications.

[–] yetAnotherUser@lemmy.ca 1 points 1 month ago

I'm sure you must receive lots of annoying questions because of the work you do, so thanks a lot for the insight!