undefined | Better HN

0 pointsjusepal1y ago0 comments

My guess is since its closed source, no one beside them can verify that the supposedly e2e is even true, or exist in current latest binary. Sort of telling everyone that I've got a mountain of gold inside my house but the door is locked, no one beside me could verify my claim. Security and/or privacy via obscurity is moot.

0 comments

ylk1y ago

You can always go ahead and decompile the apps and then show everyone that they’re in fact lying, that story would be huge. That alone doesn’t make it true, but there have so far not been hints of them pulling weird stuff with their e2ee, unlike telegram, for example. They’re even working on improving the default mode 99% of users use e2ee chat apps with - trust on first use (TOFU): https://engineering.fb.com/2023/04/13/security/whatsapp-key-...

They probably do all kinds of horrible stuff with the metadata. I’m honestly too lazy to read the privacy policy. But I have yet to see critique of their e2ee that’s actually backed up by substance instead of people’s imaginations.

jusepalOP1y ago

If debunking security and/or privacy claims, and indirectly, to prove security and/or privacy claims is as simple as reverse engineering binaries then the very concept of open source for better privacy and/or security itself would be moot. Its outrageous to even suggest that.

ylk1y ago

It’s certainly not outrageous. It’s how people regularly find vulnerabilities in all kinds of closed-source software.

1 more reply

meiraleal1y ago

They also handle and store users backup unencrypted by default so they have access to all messages in plaintext in multiple opportunities.

ylk1y ago

Meta has access to the backups that are stored on each individual’s Google Drive/iCloud? How does that work exactly? Please elaborate.

meiraleal1y ago

> Meta has access to the backups that are stored on each individual’s Google Drive/iCloud?

Why the surprise?

Meta has access to the folder it manages in the user's Google Drive. That's obvious, otherwise they wouldn't be able to write to it.

1 more reply

j / k navigate · click thread line to collapse

0 comments

ylk1y ago

jusepalOP1y ago

ylk1y ago

It’s certainly not outrageous. It’s how people regularly find vulnerabilities in all kinds of closed-source software.

1 more reply

meiraleal1y ago

They also handle and store users backup unencrypted by default so they have access to all messages in plaintext in multiple opportunities.

ylk1y ago

Meta has access to the backups that are stored on each individual’s Google Drive/iCloud? How does that work exactly? Please elaborate.

meiraleal1y ago

> Meta has access to the backups that are stored on each individual’s Google Drive/iCloud?

Why the surprise?

Meta has access to the folder it manages in the user's Google Drive. That's obvious, otherwise they wouldn't be able to write to it.

1 more reply

j / k navigate · click thread line to collapse