A 10-month Commerce Department probe concluded Meta could view all WhatsApp messages in unencrypted form

  • theunknownmuncher@lemmy.world
    link
    fedilink
    English
    arrow-up
    56
    arrow-down
    1
    ·
    edit-2
    2 months ago

    The most important question to ask when evaluating end-to-end encryption: who manages the keys?

    If Facebook manages all of the keys and is responsible for telling which public key belongs to who, then of course Facebook can read every message.

    • lemonhead2@lemmy.world
      link
      fedilink
      English
      arrow-up
      34
      ·
      edit-2
      2 months ago

      oh lol. the trust chain is harder and harder to verify these days. i miss the good old days where I would write emails in vi and encrypt with gpg.

      I still write emails with vi. but I lost touch with the one other friend I had who knew how to use gpg 😂😂😂

        • Flagstaff@programming.dev
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 months ago

          Is there an ELI5, foolproof, step-by-step tutorial? I tried Kleopatra on my own and was so completely befuddled; why is that, like, literally the only app out there in the whole world for PGP or GPG or whatever? Shouldn’t there be dozens of such encoders?

    • screaming in digital@lemmy.ml
      link
      fedilink
      English
      arrow-up
      8
      ·
      2 months ago

      even better - as far as I am aware the client isn’t open (and even if it were, is your installed build from the same source?).

      so, even if the keys are local only, who says there isn’t a hidden API that simply sends locally decrypted content back to a remotely calling endpoint?

      • logi@piefed.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        2 months ago

        That, and if WhatsApp has the keys, then no amount of encryption is going to help.

        If I remember, the allegation was that they did keep all the keys and many employees could request them to decrypt specific sessions.