this post was submitted on 27 Jan 2026
1288 points (99.6% liked)

Technology

80503 readers
3838 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
1288
Lawsuit Alleges That WhatsApp Has No End-to-End Encryption (it.slashdot.org)
submitted 1 week ago by technocrit@lemmy.dbzer0.com to c/technology@lemmy.world
310 comments fedilink hide all child comments
 

As evidence, the lawsuit cites unnamed "courageous whistleblowers" who allege that WhatsApp and Meta employees can request to view a user's messages through a simple process, thus bypassing the app's end-to-end encryption. "A worker need only send a 'task' (i.e., request via Meta's internal system) to a Meta engineer with an explanation that they need access to WhatsApp messages for their job," the lawsuit claims. "The Meta engineering team will then grant access -- often without any scrutiny at all -- and the worker's workstation will then have a new window or widget available that can pull up any WhatsApp user's messages based on the user's User ID number, which is unique to a user but identical across all Meta products."

"Once the Meta worker has this access, they can read users' messages by opening the widget; no separate decryption step is required," the 51-page complaint adds. "The WhatsApp messages appear in widgets commingled with widgets containing messages from unencrypted sources. Messages appear almost as soon as they are communicated -- essentially, in real-time. Moreover, access is unlimited in temporal scope, with Meta workers able to access messages from the time users first activated their accounts, including those messages users believe they have deleted." The lawsuit does not provide any technical details to back up the rather sensational claims.

top 50 comments
sorted by: hot top controversial new old
[–] just_another_person@lemmy.world 168 points 1 week ago (3 children)

DUH

[–] sexy_peach@feddit.org 130 points 1 week ago (44 children)

No if this is proven it would be a real scandal and would bring a lot of users to better alternatives.

If it's false that's good too, since then WA has e2e encryption

[–] MrSoup@lemmy.zip 109 points 1 week ago (6 children)

would bring a lot of users to better alternatives.

Most users of whatsapp don't care about e2e. They hardly even know what it is.

[–] dependencyinjection@discuss.tchncs.de 44 points 1 week ago (4 children)

Right. This place sometimes forget that we are tiny community of techies that hate the system. Makes me see this place as a bit of a circlejerk at times.

load more comments (4 replies)
load more comments (5 replies)
load more comments (43 replies)
[–] Sunspear@piefed.social 41 points 1 week ago

Shocked, I tell you

load more comments (1 replies)
[–] BanMe@lemmy.world 120 points 1 week ago (2 children)

Well if I can't trust Meta with my information, who CAN I trust

[–] chemicalprophet@slrpnk.net 61 points 1 week ago (4 children)

Me

[–] usernameusername@sh.itjust.works 49 points 1 week ago (4 children)

Oh okay. My location is 55.752121, 37.617664, my full name is Jeremy, and my password is hunter9. I trust you not to tell this to anybody

[–] boonhet@sopuli.xyz 1 points 6 days ago

Hi Vova

[–] rmuk@feddit.uk 41 points 1 week ago (5 children)

Your full name is "Jeremy"?

[–] usernameusername@sh.itjust.works 32 points 1 week ago (2 children)

Oh god damnit chemicalprofet why did you tell this guy i thougjt i could trust you :((

load more comments (2 replies)
load more comments (4 replies)
[–] Doomsider@lemmy.world 27 points 1 week ago* (last edited 1 week ago) (1 children)

Your secret is safe with us and our 36,893 affiliates.

load more comments (1 replies)
load more comments (1 replies)
load more comments (3 replies)
load more comments (1 replies)
[–] bjoern_tantau@swg-empire.de 100 points 1 week ago (1 children)

The biggest news is that Slashdot is still alive.

[–] RIotingPacifist@lemmy.world 67 points 1 week ago (1 children)

+5 insightful

load more comments (1 replies)
[–] wuffah@lemmy.world 84 points 1 week ago (2 children)

Assume the same for Telegram and pretty much any chat platform that controls your private keys.

[–] zeca@lemmy.ml 45 points 1 week ago (4 children)

Telegram doesnt even pretend to be end to end encrypted.

load more comments (4 replies)
load more comments (1 replies)
[–] Delilah@lemmy.blahaj.zone 75 points 1 week ago (2 children)

Wait, you are telling me that the company whos entire business is collecting personal information, including people who don't sign up for their services, to leverage for advertising, is keeping their platforms unsecured they can continually grab more information rather than secure it?

I for one am shocked, absolutely shocked.

load more comments (2 replies)
[–] socsa@piefed.social 62 points 1 week ago (5 children)

It is end to end encrypted but they can just pull the decrypted message from the app. This has been assumed for years, since they said they could parse messages for advertising purposes.

load more comments (5 replies)
[–] skisnow@lemmy.ca 61 points 1 week ago* (last edited 1 week ago) (1 children)

15 years ago I’d have called this a conspiracy theory given how the evidence seems to be anecdotal, but given literally every single other thing we’ve learned in recent times about how cartoonishly evil and lying the tech bros truly are, it seems entirely likely.

load more comments (1 replies)
[–] Rusty@lemmy.ca 58 points 1 week ago (5 children)

If I am not adding my own private key to the app, like in Tox, I don't trust their encryption.

[–] wallabra@lemmy.eco.br 43 points 1 week ago* (last edited 1 week ago) (19 children)

Tox also isn't that great security wise. It's hard to beat Signal when it comes to security messengers. And Signal is open source so, if it did anything weird with private keys, everyone would know

load more comments (19 replies)
load more comments (4 replies)
[–] herseycokguzelolacak@lemmy.ml 56 points 1 week ago (14 children)

WhatsApp client is closed source. Any claims around E2EE is pointless, since it's impossible to verify.

load more comments (14 replies)
[–] PierceTheBubble@lemmy.ml 46 points 1 week ago* (last edited 1 week ago) (4 children)

E2EE isn't really relevant, when the "ends" have the functionality, to share data with Meta directly: as "reports", "customer support", "assistance" (Meta AI); where a UI element is the separation.

Edit: it turns out cloud backups aren't E2E encrypted by default... meaning: any backup data, which passes through Meta's servers, to the cloud providers (like iCloud or Google Account), is unobscured to Meta; unless E2EE is explicitly enabled. And even then, WhatsApp's privacy policy states: "if you use a data backup service integrated with our Services (like iCloud or Google Account), they will receive information you share with them, such as your WhatsApp messages." So the encryption happens on the server side, meaning: Apple and Google still have full access to the content. It doesn't matter if you, personally, refuse to use the "feature": if the other end does, your interactions will be included in their backups.

load more comments (4 replies)
[–] arcterus@piefed.blahaj.zone 43 points 1 week ago (10 children)

So, is it basically treating every message as a "group" message where it sends it to some system WhatsApp account and then also to your intended receiver? This is what I'm assuming based on them supposedly being able to see deleted messages. Also would let them say it's technically still "E2EE" since it's indeed E2EE to your receiver, but it's also E2EE to them as well.

[–] axx@slrpnk.net 53 points 1 week ago (3 children)

Ah yes, good old E2E AWA3E.

"End to end, and we are also an end".

load more comments (3 replies)
load more comments (9 replies)
[–] lavander@lemmy.dbzer0.com 38 points 1 week ago (17 children)

Call me old fashioned but I really think that for real E2EE the vendor of the encryption and the vendor of the infrastructure should be two different entities.

For example PGP/GPG on … great! Proton? Not great

Jabber/XMMP with e2ee encryption great! WhatsApp/Telegram/signal… less so (sure I take signal over the other two every day… but it’s enough to compromise a single entity for accessing the data)

load more comments (17 replies)
[–] roserose56@lemmy.zip 33 points 1 week ago

No surprised at all tbf.

[–] Jyek@sh.itjust.works 30 points 1 week ago (21 children)

A lot of victim blaming in this thread. Why can't you just be mad for someone who was deceived?

load more comments (21 replies)
[–] matlag@sh.itjust.works 30 points 1 week ago

Proposed line of defense: "With all respect, M. Judge, with all the different times we fucked our users, lied to them, tricked them, experimented on them, ignored them, we already sold private discussions on Facebook in the past, our CEO and founder most famous quote is «They trust me, dumbfucks!», the list goes on and on: no one in their sane mind would genuinely believe we were not spying on Whatsapp! They try to play dumb, they could not possibly believe we were being fair and honest THIS time?!"

[–] Lucidlethargy@sh.itjust.works 27 points 1 week ago

You gatta be real stupid to not realize that Facebook is harvesting your data.

load more comments
view more: next ›