this post was submitted on 24 Feb 2024
731 points (98.4% liked)

Technology

59605 readers
3434 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] bamboo@lemmy.blahaj.zone 2 points 9 months ago (1 children)

Sounds like you used Whatsapp pre Signal which happened in 2016: https://signal.org/blog/whatsapp-complete/

With regard to private key, for backups, this relies on the HSM in Apple and Android devices, so the private key is engineered to never be accessible by Facebook. Here's how they say they use the HSM to encrypt the backups: https://engineering.fb.com/2021/09/10/security/whatsapp-e2ee-backups/

There's no way to be 100% certain, but if Whatsapp were found to have access to the private keys, it would be huge damaging news, so why would they risk it? Security researchers can watch the traffic going to/from the app and the OS APIs being called, and can see the HSM being invoked. Despite it being closed source, that doesn't mean it's less secure and there's no one verifying the security claims.

[โ€“] h_ramus@lemm.ee 0 points 9 months ago

Thanks for explaining. It's interesting and outside metadata there could be a case for data being secure. However, this is the same company that lied and got fined in the EU when they asserted that they wouldn't be able to link WhatsApp and Facebook identities. This allowed the merger to happen. Security and privacy being something that the average Joe doesn't care that much, it wouldn't be too much of a negative impact when they already have so much bad press on other matters. Finally, from an ethical perspective, I'll give this corp a miss. Values don't really align with my personal ones even if privacy and security were beyond reproach.