• GadgeteerZA@beehaw.org
    link
    fedilink
    arrow-up
    7
    ·
    2 years ago

    The vulnerability is on the user end. If you infiltrate the user device, or just get another receiver of the messages to expose them, the content is clear to read. Wonderful thing for law enforcement about WhatsApp, is they bleed out metadata about who contacted whom, and when, and where they were at the time. WhatsApp even provides that to Facebook, and from there the data used to be able to be bought for “research”. The metadata can be used to zoom in to identify individuals if you match their patterns of behaviour with locations.

    • vord@beehaw.org
      link
      fedilink
      arrow-up
      3
      ·
      2 years ago

      Thing is, it’s not just Whatsapp. It’s literally every single server-based mechanism to exchange data. You have to trust that the server in question wipes logs on the regular and is not under some secret data collection warrant.

      And ultimately, anything that you can just sign into another device with and retain your messgae history is not fully e2e encrypted…it means a server holds your encryption key for you.

      • GadgeteerZA@beehaw.org
        link
        fedilink
        arrow-up
        3
        ·
        2 years ago

        The easy test is to see if the service has a password reset option - if so, they can reset the password. If not, you know, only your password or encryption key can unlock it. For example, Signal won’t restore chat history to a new device. So yes Telegram will, but for secret chats no that data is not synced and will be lost.