Shocking lawsuit slams WhatsApp encryption, claims employees can access complete user data without a hassle

[Redaktion]

A recently filed lawsuit claims that WhatsApp's end-to-end encryption is practically useless, since Meta engineers can allegedly gain access to customer data with a single request which is approved more often than not.

https://www.notebookcheck.net/Shocking-lawsuit-slams-WhatsApp-encryption-claims-employees-can-access-complete-user-data-without-a-hassle.1215488.0.html

[Swizzy]

To the surprise of absolutely no one.

[Admiral Snackbar]

I actually wrote a Java application that uses 128-bit AES public-key encryption to send text messages between connected parties. There's no middleman, two or more parties connect directly via IP address. One party sets their instance to "Host" and the connectees to "Client". The clients type in the host IP address and connect, specifying an optional password.

A person could, for example, setup their own server running an instance of @Chat set to host then give the IP address and password out to their friends and family.

@Chat can also be used to send files between connected parties, but these are not encrypted unless the user manually encrypts them on their end. It's also 100% open source.

[correct]

@Swizzy
Correct, I was gonna say that.
Reminds of a recent discussion here where 2 nubs debated how to prevent the Bitlocker key leaking to MICORSOFT (can't prevent).
Assume that any company, by law, must not allow unencrytbable chats.

[Admiral Snackbar]

@Swizzy
Correct, I was gonna say that.
Reminds of a recent discussion here where 2 nubs debated how to prevent the Bitlocker key leaking to MICORSOFT (can't prevent).
Assume that any company, by law, must not allow unencrytbable chats.

That is the appropriate debate. Not whether or not a company is required by a nation's law to unencrypt data or enable that nation's law enforcement to do so, but whether or not that should be said nation's law.

History shows that, while these laws are certainly used to peer into the lives of criminals, they are, in fact, often used to by political leaders to target their political opponents who've committed no actual crimes.

That is to say, not that a company should try to circumvent their laws, but that organizations should not be required by law to provide encryption keys.

[Admiral Snackbar]

Also, in regards to my last post here. It would not be possible for a law enforcement organization to require anyone to hand over @Chat encryption keys. @Chat generates new public/private key pairs for each connection. The private key is never shared or stored anywhere outside of local system memory.

In order to obtain a private decryption key one would have to have direct access to the system memory of a sytem running an active instance of @Chat. Once a connection is closed and the memory address overwritten or powered off, the keys are lost forever.

It seems to me that WhatsApp could be doing things this way, but must have been intentionally designed so that encryption keys are available to Facebook employees.

[Care factor]

It's almost impossible to navigate through social circles or settings without being on it in this day age. Even if you try to actively avoid it, the sad reality is you've a friend, loved one, associate/colleagues that do and are part of some kind of group chat. If you're not part of this group chat, people look at you like you're the odd one out.

These lawsuits can keep coming, doubt it's going to move a needle on their 3+ billion user base. It's just too embedded / entrenched within the core fabric of society now.

[Admiral Snackbar]

It's almost impossible to navigate through social circles or settings without being on it in this day age. Even if you try to actively avoid it, the sad reality is you've a friend, loved one, associate/colleagues that do and are part of some kind of group chat. If you're not part of this group chat, people look at you like you're the odd one out.

These lawsuits can keep coming, doubt it's going to move a needle on their 3+ billion user base. It's just too embedded / entrenched within the core fabric of society now.

If you're the odd one out because your social group uses Meta products and you don't, you probably need to reevaluate whether you're hangin' with the right crowd or not.

There's nothing on social media worth my attention. It's mostly just an addiction anyway. The point of social media, much like television, is to put ads in your face. They say the best form of advertisement is word of mouth. This is because people trust those in their social group more than they do paid actors and funny pizza puns.

Social media was designed around this concept. Sure you have the addition of actual ads on the page, I think; I haven't been on social media in a very long time, but a lot of what people share is where they're dining out, what shoes they just bought, what tourist trap they visited on vacation.

Plus, when people follow a movie star, who's getting paid to wear certain clothes and use certain headphones, they tend to feel like they're friends with this person. They feel as though the paid product spokesperson is a member of their social group thereby elevating their paid product advice to word of mouth advertisement.

The addiction comes from the "likes." Likes and shares are a form of validation for people who need reassurance that their existence is worthwhile. Facebook is really more of an opium den where people spend their time getting high on likes and shares.

In reality the interactions on social media are shallow, one dimentional at their best. People don't sign into Facebook to have deep meaningful existential discussions. They sign in to share pictures of their toddler who they're really just exploiting for what, quite frankly, amounts to a drug addiction.

These really aren't people with which you should be spending a whole lot of time. I very highly recommend you break the addiction and remove negative influences from your life to the best of your ability.

Outside of that, I agree; this lawsuit will accomplish nothing. The best you'll see of this is a class action lawsuit that Meta will drag out for seven years only to payout twenty bucks to each recipient.

[correct]

The private key is never shared or stored anywhere outside of local system memory.

It doesn't matter, because by law, assume it must be decryptable (read: decryption backdoors for the 3-letter agencies exist). Private individuals may be save from other private individuals trying the decrypt it.

[pepeg]

Peter Files must be very upset about this news xD

[Admiral Snackbar]

It doesn't matter, because by law, assume it must be decryptable (read: decryption backdoors for the 3-letter agencies exist). Private individuals may be save from other private individuals trying the decrypt it.

I can tell you that no one from any three letter agency has ever asked me to make @Chat decryptable. If there were backdoors baked into these decryption methods they wouldn't need microsoft or meta to hand over decryption keys.

It's not possible for anyone to give out a decryption key from @Chat, no one has the keys. Not even the user.