A 10-month Commerce Department probe concluded Meta could view all WhatsApp messages in unencrypted form

  • floofloof@lemmy.ca
    link
    fedilink
    English
    arrow-up
    191
    arrow-down
    1
    ·
    edit-2
    2 months ago

    “The claim that WhatsApp can access people’s encrypted communications is patently false,” Meta spokesperson Andy Stone said. He added that the bureau had already “disavowed this purported investigation, calling its own employee’s allegations unsubstantiated.”

    I can’t help but notice that in response to people’s concern that Meta may be able to read people’s messages, the Meta spokesperson responds that WhatsApp can’t read them. A little bit of administrative juggling on Meta’s end so that the team with access to the messages doesn’t fall within the WhatsApp department, and both claims could be true.

    • FauxLiving@lemmy.world
      link
      fedilink
      English
      arrow-up
      60
      arrow-down
      1
      ·
      edit-2
      2 months ago

      Yeah, there are lots of ways for this to be true but misleading:

      The communications are not encrypted if they have the keys.

      The encrypted communications are not the people’s. By the TOS everything is the property of WhatsApp and they can access their own ‘Business Records’ perfectly legally.

      A third party, like a federal agency, isn’t WhatsApp. (WhatsApp can also voluntarily give their ‘Business Records’ to said agencies without warrant or subpoena.)

      Meta isn’t WhatsApp.

      An internal project with an undisclosed codename isn’t WhatsApp.

      • Valmond@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        23
        arrow-down
        1
        ·
        2 months ago

        Nitpicking; even if they have the keys, the messages can be encrypted. It’s just worthless as they can now decrypt them.

        • FauxLiving@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 months ago

          Sure, when they say WhatsApp can’t access the encrypted messages they could mean that Meta/another internal group has access to the encrypted messages and they decrypt them in order to provide them to WhatsApp/whoever.

          (Obviously, as someone pointed out, this is all assuming that he’s telling the truth in some legalistic way and not just flat out lying.)

      • trailee@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        11
        ·
        2 months ago

        My favorite option is that they don’t access the encrypted communications, they access messages before encryption takes place and send copies home for safe keeping. With a closed source client they can do anything they want to the plaintext even if they handle the ciphertext appropriately.

        • FauxLiving@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          2 months ago

          Yeah, that or either of the ends is compromised by one of the various commercial spyware which offers zero-click installation of their software or the person you’re talking to is intentionally recording the messages.

          End-to-End encryption only protects you from someone eavesdropping on the communication on the line. It doesn’t secure the endpoints or make the participants trustworthy.

    • Lost_My_Mind@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      2
      ·
      2 months ago

      C’mon. It’s not that hard. You’re making the assumption that Andy Stone is telling the truth, with a gotchya astrict.

      What if…the big business just…LIES???

    • Whostosay@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      2 months ago

      Are you telling me that the company that hosts “free” not propaganda services and has been caught repeatedly stealing all possible data including data about women and presumably girls’ periods and has been caught in one of the largest data manipulation scandals this century could be betraying my trust with their “vawwy vawwy pwivate and vawwy vawwy encwypted” closed source and again operated by the most sinister motherfuckers of all time messaging app???

      I. Am. Shocked.

      I’m also looking for a bridge on the cheap if you guys have any leads.

    • socsa@piefed.social
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      It’s likely the cloud backups they can read. Encrypted archives are hard to sync across devices while still keeping the same level of security. I always advise against it if you don’t have a good reason to do it.

      It’s also all but confirmed that they use on-device keyword recognition for targeted advertising. So if the app can phone home for some keywords, then it can phone home for anything.