Technology

DUH

Well if I can't trust Meta with my information, who CAN I trust

The biggest news is that Slashdot is still alive.

Assume the same for Telegram and pretty much any chat platform that controls your private keys.

Wait, you are telling me that the company whos entire business is collecting personal information, including people who don't sign up for their services, to leverage for advertising, is keeping their platforms unsecured they can continually grab more information rather than secure it?

I for one am shocked, absolutely shocked.

It is end to end encrypted but they can just pull the decrypted message from the app. This has been assumed for years, since they said they could parse messages for advertising purposes.

15 years ago I’d have called this a conspiracy theory given how the evidence seems to be anecdotal, but given literally every single other thing we’ve learned in recent times about how cartoonishly evil and lying the tech bros truly are, it seems entirely likely.

If I am not adding my own private key to the app, like in Tox, I don't trust their encryption.

WhatsApp client is closed source. Any claims around E2EE is pointless, since it's impossible to verify.

E2EE isn't really relevant, when the "ends" have the functionality, to share data with Meta directly: as "reports", "customer support", "assistance" (Meta AI); where a UI element is the separation.

Edit: it turns out cloud backups aren't E2E encrypted by default... meaning: any backup data, which passes through Meta's servers, to the cloud providers (like iCloud or Google Account), is unobscured to Meta; unless E2EE is explicitly enabled. And even then, WhatsApp's privacy policy states: "if you use a data backup service integrated with our Services (like iCloud or Google Account), they will receive information you share with them, such as your WhatsApp messages." So the encryption happens on the server side, meaning: Apple and Google still have full access to the content. It doesn't matter if you, personally, refuse to use the "feature": if the other end does, your interactions will be included in their backups.

So, is it basically treating every message as a "group" message where it sends it to some system WhatsApp account and then also to your intended receiver? This is what I'm assuming based on them supposedly being able to see deleted messages. Also would let them say it's technically still "E2EE" since it's indeed E2EE to your receiver, but it's also E2EE to them as well.

Call me old fashioned but I really think that for real E2EE the vendor of the encryption and the vendor of the infrastructure should be two different entities.

For example PGP/GPG on … great! Proton? Not great

Jabber/XMMP with e2ee encryption great! WhatsApp/Telegram/signal… less so (sure I take signal over the other two every day… but it’s enough to compromise a single entity for accessing the data)

No surprised at all tbf.

A lot of victim blaming in this thread. Why can't you just be mad for someone who was deceived?

Proposed line of defense: "With all respect, M. Judge, with all the different times we fucked our users, lied to them, tricked them, experimented on them, ignored them, we already sold private discussions on Facebook in the past, our CEO and founder most famous quote is «They trust me, dumbfucks!», the list goes on and on: no one in their sane mind would genuinely believe we were not spying on Whatsapp! They try to play dumb, they could not possibly believe we were being fair and honest THIS time?!"

You gatta be real stupid to not realize that Facebook is harvesting your data.