"Your honor, end to end encryption is a marketing term that we have trademarked and we would like to counter sue anyone using it"
Thanks, I'm saving that.
It'a still end-to-end encryption when they have backdoored both ends.
Why is it called a one way street when you can drive both ways?
Correct, WhatsApp fails to include a libre software license text file. We do not control it. So, it has never been secure.
Being FOSS is not a prerequisite of E2EE but a prerequisite of knowing it's E2EE for sure. Like, I can give you a black box that prints PGP key pairs and says "includes RPGP, MIT-licensed PGP library" but you can't trust that the machine doesn't use modified, low-entropy RNG or exfiltrate the results. The communication you do with these PGP keys is technically E2EE − a third party server relaying your messages will not be able to read them, unless I provide them with the potentially not-so-secret "random" data my box generated.
But you're right: if my black boxes are also used to encrypt/decrypt the messages with "your" keys (made by them) and I run a non-transparent ssrvice that delivers the messages, there is a case for not calling it E2EE.
I don’t know if they still do it but they actively gaslight you into believing you have e2e even with peers you have not scanned the public key of.
I get your point but E2E is independent from public key validation. Public key validation is basically being a bit more slightly sure that the E2E communication happens with who you think, although... It's never a guarantee. Keys can be stolen.
Stolen? That's a harsh term. We prefer "backed up to our cloud for your security"!
Is that new? I remember reading about this years ago.
yes communication is encrypted end to end which means no one could evedrop but once the information arrive to your app and get saved to your device there is nothing preventing whatsapp from sending to its parent company,
E2E encryption doesnt mean whatsapp is trustworthy
[deleted]
E2EE isn’t really relevant, when the “ends” have the functionality, to share data with Meta directly: as “reports”, “customer support”, “assistance” (Meta AI); where a UI element is the separation.
Edit: it turns out cloud backups aren’t E2E encrypted by default… meaning: any backup data, which passes through Meta’s servers, to the cloud providers (like iCloud or Google Account), is unobscured to Meta; unless E2EE is explicitly enabled. And even then, WhatsApp’s privacy policy states: “if you use a data backup service integrated with our Services (like iCloud or Google Account), they will receive information you share with them, such as your WhatsApp messages.” So the encryption happens on the server side, meaning: Apple and Google still have full access to the content. It doesn’t matter if you, personally, refuse to use the “feature”: if the other end does, your interactions will be included in their backups.
Cross-posting my comment from the cross-posted post
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)