Technology

84277 readers

3447 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

809

A federal agent said WhatsApp's encryption is a lie. Then the investigation was shut down (www.techspot.com)

submitted 2 days ago by throws_lemy@reddthat.com to c/technology@lemmy.world

105 comments fedilink hide all child comments

A 10-month Commerce Department probe concluded Meta could view all WhatsApp messages in unencrypted form

you are viewing a single comment's thread
view the rest of the comments

[–] theunknownmuncher@lemmy.world 60 points 2 days ago* (last edited 2 days ago) (3 children)

The most important question to ask when evaluating end-to-end encryption: who manages the keys?

If Facebook manages all of the keys and is responsible for telling which public key belongs to who, then of course Facebook can read every message.

[–] lemonhead2@lemmy.world 38 points 2 days ago* (last edited 1 day ago) (2 children)

oh lol. the trust chain is harder and harder to verify these days. i miss the good old days where I would write emails in vi and encrypt with gpg.

I still write emails with vi. but I lost touch with the one other friend I had who knew how to use gpg 😂😂😂

[–] deegeese@sopuli.xyz 24 points 2 days ago (1 children)

There are dozens of us! Dozens!

[–] Flagstaff@programming.dev 2 points 1 day ago (1 children)

Is there an ELI5, foolproof, step-by-step tutorial? I tried Kleopatra on my own and was so completely befuddled; why is that, like, literally the only app out there in the whole world for PGP or GPG or whatever? Shouldn't there be dozens of such encoders?

[–] somenonewho@feddit.org 1 points 1 day ago

It heavily depends in your usecase but if you want to use gpg to encrypt emails and dont want to do it all in the terminal i really recommend using Thunderbird it integrates gpg very well and makes it mostly seamless.

Other than that afaik Kleopatra is the only standalone GUI for gpg simply because most of the time gpg is integrated in workflows (simply using the cli interface vor gpg libraries) and plain gpg for simple tex/file encryption/signing is just not a usecase.many people have

[–] SnotFlickerman@lemmy.blahaj.zone 14 points 2 days ago

Cory Doctorow still uses pgp if you email him, I think his key is on his website, IIRC

[–] qprimed@lemmy.ml 8 points 2 days ago (1 children)

even better - as far as I am aware the client isn't open (and even if it were, is your installed build from the same source?).

so, even if the keys are local only, who says there isn't a hidden API that simply sends locally decrypted content back to a remotely calling endpoint?

[–] Valmond@lemmy.dbzer0.com 4 points 1 day ago

Or steganographically leaks back the keys ...

[–] Eyekaytee@aussie.zone 4 points 2 days ago (1 children)

thought it was proper e2e

https://signal.org/blog/whatsapp-complete/

but if whatsapp owns both ends, what is stopping them from just reading the decrypted text? i duno crypto good enough

[–] logi@piefed.world 6 points 2 days ago

That, and if WhatsApp has the keys, then no amount of encryption is going to help.

If I remember, the allegation was that they did keep all the keys and many employees could request them to decrypt specific sessions.