For open source messengers, you can check whether they actually encrypt your messages and whether the server has access to your encryption keys but what about WhatsApp? Since it’s not open source, you can’t be sure that the encryption keys aren’t sent to the server, right? Has there been a case where a government was able to access WhatsApp chats without reading them from the phone itself?

  • xad@lemmy.ml
    link
    fedilink
    arrow-up
    9
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Open source can make it easier to audit software, but we’re long past the point where we can’t audit unfree and/or closed source software. Open source is great and important, but the debate around open source regarding trust and security is often a sideshow.

    If 1. all participating devices are sufficiently secure and will be sufficiently secure in the future, 2. no participating device backs up your conversations to the cloud or only does so in a sufficiently encrypted manner, and 3. no participating user leaks your information in any other way, then yes, the general expectation is that your WhatsApp chats with people are encrypted. Keep in mind that defaults, nudges, and people work against you in this long list of requirements.

    Oh, and… more importantly… metadata. But that’s a separate issue. WhatsApp’s encryption claim could be entirely true, but still work against user privacy, simply because those conditions are almost never true …and also, again, meta data.

    Users conscientious enough to consistently meet all of these requirements could simply use a platform deemed less hostile to user privacy, such as Matrix or Signal.