• miss_brainfart@lemmy.ml
    link
    fedilink
    arrow-up
    6
    ·
    edit-2
    1 year ago

    WhatsApp is E2EE in theory

    Didn’t Signal even work together with them, to implement their protocol?

    But anyway, as far as I know, WhatsApp only encrypts message contents, not the associated metadata. So they’re still able to learn a lot about you.

    • vector_zero@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      I believe WhatsApp uses the same protocol (or at least the same crypto algorithms), though I’m not sure if they were involved in its development.

      Good point on the metadata. Signal has the “sealed sender” thing, which (I think) helps with the metadata problem somewhat.

      • Monkey With A Shell@lemmy.socdojo.com
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Metadata and the comm endpoints is one of the hardest parts to deal with. If an intermediary doesn’t have a pointer to a destination then delivering a message becomes problematic, envelopes without an address tend to sit in bins. It would be possible to simply store messages and allow recipients to poll for them but that gets really inefficient at scale. Plus it creates a central repo where messages sit until retrieved which is a liability in itself.

        Things like OTR encryption are interesting as a transient system ad-hoc type encryption for things that don’t need or even want absolute assurance of identity, but if I want to talk to Alice and be sure it’s not Eve then it’s not ideal.