And if so, why exactly? It says it’s end-to-end encrypted. The metadata isn’t. But what is metadata and is it bad that it’s not? Are there any other problematic things?

I think I have a few answers for these questions, but I was wondering if anyone else has good answers/explanations/links to share where I can inform myself more.

  • ɐɥO@lemmy.ohaa.xyz
    link
    fedilink
    arrow-up
    109
    arrow-down
    3
    ·
    edit-2
    1 year ago

    It says it’s end-to-end encrypted.

    Whatsapp is closed source and made by a advertising company. Wouldnt really count on that

    Edit: Formatting

    • folkrav@lemmy.world
      link
      fedilink
      arrow-up
      28
      arrow-down
      3
      ·
      edit-2
      1 year ago

      Saying they do E2EE but not doing it would be a literal massive scale fraud. Can’t say I put Meta past those behaviors to be fair though lol

      But as the other guy said, metadata is already a lot.

      • BitSound@lemmy.world
        link
        fedilink
        arrow-up
        27
        arrow-down
        1
        ·
        1 year ago

        They would just say that they have a different definition of E2EE, or quietly opt you out of it and bury something in their terms of service that says you agree to that. You might even win in court, but that will be a wrist slap years later if at all.

        • SokathHisEyesOpen@lemmy.ml
          link
          fedilink
          English
          arrow-up
          10
          ·
          edit-2
          1 year ago

          No single individual will beat a corporation as large as Facebook in a court battle. You could have all the evidence in the world and they’ll still beat you in court and destroy your life in the process. It took a massive class action lawsuit to hold them accountable for the Cambridge Analytica case, and the punishment was still pennies to them.

          Look at the DuPont case. There was abundant evidence that they were knowingly poisoning the planet, and giving people cancer, and they still managed to drag that case on for 30 years before a judgement. In the end they were fined less than 3% of their profit from a single year. That was their punishment for poisoning 99% of all life on planet earth, knowingly killing factory workers, bribing government agencies, lying, cheating, and just all around being evil fucks. 3% of their profit from a single year.

    • ultratiem@lemmy.ca
      link
      fedilink
      arrow-up
      21
      arrow-down
      2
      ·
      1 year ago

      “We just capture what you wrote and to whom before it gets encrypted and sent; we see nothing wrong with that” —Mark Zuckerberg, probably

    • miss_brainfart@lemmy.ml
      link
      fedilink
      arrow-up
      15
      ·
      edit-2
      1 year ago

      They don’t really need the actual contents of your messages if they have the associated metadata, since it is not encrypted, and provides them with plenty of information.

      So idk, I honestly don’t see why I shouldn’t believe them. Don’t get me wrong though, I fully support the scepticism.

      • bouh@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        All they need is the encryption key for the message, and it’s not the message itself.

        • BearOfaTime@lemm.ee
          link
          fedilink
          arrow-up
          6
          ·
          1 year ago

          If they keys are held by them, they have access.

          When you log into another device, if all your chat history shows up, then their servers have your encryption key.

      • freagle@lemmygrad.ml
        link
        fedilink
        arrow-up
        3
        arrow-down
        4
        ·
        edit-2
        1 year ago

        It can be fully end to end encrypted and still drop keyword-based metadata into the envelope. But also, I am pretty sure that the feds can access the keys if they need to. It’s e2e encrypted, but that doesn’t mean the key stays on your device.

        • miss_brainfart@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 year ago

          That too, yeah. Actually, look at Matrix Bridges. Any one of your contacts can give access to this third-party to decrypt your chats, so… yeah.

    • MiddledAgedGuy@beehaw.org
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      This is what I came to express as well. Unless the software is open source, both client and server, what they say is unverifiable and it’s safest to assume it’s false. Moreover, the owning company has a verifiable and well known history of explicitly acting against user privacy. There is no reason to trust them and every reason not to.