A 10-month Commerce Department probe concluded Meta could view all WhatsApp messages in unencrypted form
They own the (closed source) app, which has full access to your decrypted messages. The messages might be e2ee in transit, but they must be decrypted for you to read. This means that they also have access to them in this state, the same as you, and there is nothing preventing them from resending those decrypted messages back to their servers while you send them (before they encrypt) or after your receive them (after they decrypt).
If you think ANYTHING owned by FB is “secure” you had this coming
Anyone who thinks Facebook would give you end to end encryption is a fucking fool.
I never trusted it and gave up WhatsApp before I even gave up Facebook. Mark Zuckerberg has no values and when you realize that basic fact, you’ll never trust him with anything.
The fact that Trump’s own goon uses Signal and not WhatsApp should probably tell you all you need to know about using WhatsApp.
Yes, not to mention that their security breach on Signal was of their own making. Some moron invited a member of the press to their chat. XD
I work at Meta and interface with WhatsApp enough to know a couple things. First of all, data is encrypted at rest; that’s not even a WhatsApp thing, that’s literally how our infra works (it’s actually an efficiency thing, since deletions requires only deleting the key). So the “source” of the article saying
“Meta can and does view and store all the text messages, photographs, audio and video recordings” in an unencrypted format.
Is either lying or wrong.
Second of all, the encryption is legit. The only time “Meta employees” and “Contractors” are seeing your message content is when someone reports your message; because the person reporting it is sending a decrypted copy.
It may be true that there is some sort of device-level backdoor on your phone, or possibly that there’s a remote switch of some sort to send a second copy of the message in decrypted format for some targets, but I have not heard or seen this.
Fyi I use Signal and not WhatsApp, but in general I don’t think this article holds much weight
Well who creates the keys and who stores them? That’s all you need to have a back door.
The client does, AKA your phone
I dont believe you.
Ok
Here’s the original reporting, instead of another website’s summary of Bloomberg’s actual report:
So it sounds like the agent was investigating allegations, from content moderation contractors, that Meta could access the contents of WhatsApp messages, and came to the conclusion that yes, Meta could.
There are a few possibilities here.
- Meta does have full plain text access to all Whatsapp messages, but guards that access very closely. Although the clients seem to generate E2EE keys for each session, somehow they’re leaking those keys to Meta’s servers somewhere, and the closed source code sufficiently hides that so that there’s no whistleblower or security researcher able to detect this definitively.
- Meta has a secret wiretap functionality where they can compromise the E2EE keys somehow, but uses it only for narrow cases. This helps keep the functionality secret, because security researchers and other reviewers may never see the functionality in action.
- Meta allows users to report objectionable content in the threads they’re already part of. The reporting function either forwards the E2EE key itself, or all the plaintext data, that gives content moderators access to the underlying message contents. The contractor whistleblowers and the federal agent investigating these allegations simply got it wrong, and misunderstood the technical process of how the plaintext messages end up in the content moderator’s possession.
Meta claims that it’s #3. They acknowledge they have plaintext access to messages when a party to the thread presses the report button.
This unnamed federal agent believes it’s #1, after 10 months of investigation, and sent out an email to other investigators that they should look into that possibility.
I’m skeptical of #1, simply because I don’t believe that conspiracies to keep that kind of stuff secret can be maintained. It’s not just that there would be technically skilled whistleblowers who have actual access to the code (not the non-technical content moderator contractors who review the content), but a weakness in such an important and widely used protocol would attract all sorts of hackers, state sponsored or otherwise.
But option #2 might explain everything we’ve seen so far. Full wiretap capability that is rarely used and very tightly controlled.
Thanks for the sane interpretation of the situation!
“The claim that WhatsApp can access people’s encrypted communications is patently false,” Meta spokesperson Andy Stone said. He added that the bureau had already “disavowed this purported investigation, calling its own employee’s allegations unsubstantiated.”
I can’t help but notice that in response to people’s concern that Meta may be able to read people’s messages, the Meta spokesperson responds that WhatsApp can’t read them. A little bit of administrative juggling on Meta’s end so that the team with access to the messages doesn’t fall within the WhatsApp department, and both claims could be true.
Yeah, there are lots of ways for this to be true but misleading:
The communications are not encrypted if they have the keys.
The encrypted communications are not the people’s. By the TOS everything is the property of WhatsApp and they can access their own ‘Business Records’ perfectly legally.
A third party, like a federal agency, isn’t WhatsApp. (WhatsApp can also voluntarily give their ‘Business Records’ to said agencies without warrant or subpoena.)
Meta isn’t WhatsApp.
An internal project with an undisclosed codename isn’t WhatsApp.
Nitpicking; even if they have the keys, the messages can be encrypted. It’s just worthless as they can now decrypt them.
My favorite option is that they don’t access the encrypted communications, they access messages before encryption takes place and send copies home for safe keeping. With a closed source client they can do anything they want to the plaintext even if they handle the ciphertext appropriately.
Yeah, that or either of the ends is compromised by one of the various commercial spyware which offers zero-click installation of their software or the person you’re talking to is intentionally recording the messages.
End-to-End encryption only protects you from someone eavesdropping on the communication on the line. It doesn’t secure the endpoints or make the participants trustworthy.
C’mon. It’s not that hard. You’re making the assumption that Andy Stone is telling the truth, with a gotchya astrict.
What if…the big business just…LIES???
But Facebook/“Meta” would never lie.
Oopsie! Hang on, they even lie to lawmakers in case buying them off fails? Bummer!
Seriously: this company needs to be scoured from the face of the earth.
Mergers: Commission fines Facebook €110 million for providing misleading information about WhatsApp takeover - Brussels, 18 May 2017
Classic
Profit made from yet more abuse of user data: 500m EUR
Cost ofmisleadinglying to lawmakers: 110m EUR
Net profit: 390m EUR
“We got 'em good, boys! I’m sure they’re never going to try that again!”:’( poor general public
No. Shit.
People who say Facebook (now Meta) paid $21 billion (with a B) for WhatsApp to be charitable. Even though the original creators have distanced themselves from it after the acquisition.
Fun fact: every forum running phpBB, Invision, or vBulletin (as in, traditional Internet forums) can read your DMs in plaintext. They’re unencrypted in the SQL database. However, the forum’s Admin Control Panel (ACP) does not provide this functionality. All three have mods that add it in. So imagine you run a forum. You have a hidden forum where only your mods and admins can interact. No one else can even see it. You could have a whole other one that is just all the DMs. I’m not sure about social networks. But I know if you have command-line access to the SQL database, you can query a user and see everything that user has put in the database. Public messages… and private ones. So a lot of the forums started saying “Personal messages” or “Direct messages” instead of “Private messages” because they were never private.
Disbelieve anyone who says they can’t see your private or personal messages.
I can confirm this, I used to run several phpbb and (pirated) vbulletin juggalo forums and when I found out this was possible I read everyone’s DMs for funzies.
Lotttts of requests for noodz.
Pirated vBulletin. I sure didn’t have the sack for that. I figure, pirated software running on a server, especially if it’s not your hardware (and self hosting wasn’t an option for me back then) is kind of dangerous.
When I found out I could get at the DMs in an Invision board I was running for a minute, I made a post letting everyone know, and worked it into the thing you agree to when you sign up. I made it clear that I wasn’t good with SQL and it wasn’t easy to read them, but that I did have that access and to not use our DMs for anything you wouldn’t want someone to be able to see.
I assume most of the noods requests were from the juggaloes to the juggalettes exclusively? Or did it go both ways? Never cared much for ICP, though “The Amazing Jekyll Brothers” had some cool songs on it (“Everybody Rize,” “I Stab People,” “Mad Professor,” and maybe a couple others)… but the fandom? Absolutely wild. Even if I thought ICP straight up sucked, I’d have to admit the fandom is awesome.
I sorta recently (couple years ago) learned that some US states actually brand juggaloes a gang. Like it’s illegal to be one. That’s wild to me. I don’t think Deadheads ever got the same treatment, and, same thing, different genre.
Just assume anything you’re writing online, on any app, any website, any social media platform… ANYTHING is being tracked now.
We learned from the FBI’s disclosure of the Guthrie kidnapping video that every camera and microphone are surveilling you and feeding that data into a government database without a warrant, so why would you think your apps are doing anything different?
I’m just here to satisfy my confirmation bias, but my question all along has been this: how does Meta simultaneously satisfy their claims of both E2EE and content moderation on WhatsApp? I can’t say that I’ve done anything even close to a deep dive on the topic, but those two things seem mutually exclusive.
You can actually report a message to WhatsApp within the app. If you report the message it then the full text gets sent to WhatsApp.
That’s a little disingenuous…
- You receive an encrypted message.
- You decrypt the message.
- You report the message.
- You forward the decrypted message.
When you send a message, no E2EE scheme can prevent your recipient from forwarding the decrypted message to a third party.
It’s really important for people to understand that E2EE cannot protect the message portions that aren’t between the ends themselves. The best encryption in the world can’t help you if the person you’re talking to is an undercover cop, because that “end” can do with the plaintext whatever they want, including record/store/forward the plaintext of any messages they then encrypt and send, or any messages they receive and then decrypt.
That’s not a flaw of the E2EE protocol itself, but is a limit to the scope of protection that E2EE provides.
Well, yeah, you can’t control other people. Even if you use a walkie-talkie, they can still record your voice with a device. Ideally you should only be talking about safely publishable content, or with mature-enough individuals. We ultimately must settle for good-enough…
So… anyone with access to the report API can read any message they want?
Any reported message ? Back when I was doing anti spam at my ISP we could read reported spam from our customers. Obviously not all mails from / to the customers. That would be way disproportionate.
If this is true:
If you report the message it then the full text gets sent to WhatsApp.
That means there’s a software switch that dumps a plaintext copy of a supposedly encrypted message when flipped.
Therefore, all you need to read any WhatsApp message is the ability to flag the message as “reported”, and access to wherever the plaintext copies get sent.
Considering how often security is an afterthought for corporations, the access part is probably easy.
That means there’s a software switch that dumps a plaintext copy of a supposedly encrypted message when flipped.
Kinda, sorta, but no, not really. What’s happening is that the recipient is decrypting the message. When you report the message, you include a cleartext copy with your report.
The “switch” you are talking about is in the same app that is doing the decryption. For the bad actor to toggle that “switch”, they would have to control the app.
For the bad actor to toggle that “switch”, they would have to control the app.
Are you talking about physical control? Regardless, it’s closed-source… There is nothing that says they can’t also generate the keys on the other end that they had your devices generate. Outside of open source code that’s buildable from source, they can claim whatever they want about lack of access to switches.
Technically true.
However, doing so would be perpetrating a fraud. If they denied the capability you’re talking about in response to a warrant or subpoena, someone would be in contempt.
I don’t know if any corpo actually cares about such things, but I know that if you or I were to do this, we’d quickly find ourselves broke and possibly in prison.
It’s decided. No more arms deals on Whatsapp for this guy.
So the truth is they store messages encrypted. But what they also do is storing the private keys for those messages.
Meaning they technically do it. But it’s like locking the door for someone who also has the keys.
I never assumed that this presumed “end to end encryption” was secure in any way. The key exchange either runs over Meta servers, and they just log them, or the client software simply surrenders the key (maybe always, maybe on demand) together with the data stream that still runs over Meta servers.
The most important question to ask when evaluating end-to-end encryption: who manages the keys?
If Facebook manages all of the keys and is responsible for telling which public key belongs to who, then of course Facebook can read every message.
oh lol. the trust chain is harder and harder to verify these days. i miss the good old days where I would write emails in vi and encrypt with gpg.
I still write emails with vi. but I lost touch with the one other friend I had who knew how to use gpg 😂😂😂
Cory Doctorow still uses pgp if you email him, I think his key is on his website, IIRC
There are dozens of us! Dozens!
Is there an ELI5, foolproof, step-by-step tutorial? I tried Kleopatra on my own and was so completely befuddled; why is that, like, literally the only app out there in the whole world for PGP or GPG or whatever? Shouldn’t there be dozens of such encoders?
If you still use faecesbook products, you’re an idiot.
I guess you don’t live in Europe, you can’t escape it here.
