this post was submitted on 09 Jul 2023
962 points (96.2% liked)
Technology
59092 readers
6622 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
To be fair, if the mother/daughter communicated through WhatsApp they'd not be caught, because it's an end-to-end encrypted messaging platform. But as they chose FB Messenger, they got vulnerable to a court order forcing Facebook to hand over data.
Is WhatsApp open source? Even Signal I'm a bit on edge, why would you trust WhatsApp which is owned by Facebook?
WhatsApp was not created by Facebook. It used to be an independent company which major selling point was offering free ~~encrypted~~ messaging to the masses, which was mostly relevant to non-US users as they're charged for SMS usage more directly (it doesn't come free and unlimited on most plans).
It was bought by Facebook but they kept the encryption technology intact. There's already various cases of courts around the world trying to compel WhatsApp to hand over messages but they didn't because they simply don't store the messages on their servers, and when the messages pass through their servers they're encrypted by design.
no, their major point was offering free messaging in regions were you were being charged per SMS sent. end-to-end encryption has been introduced in 2016 (https://en.wikipedia.org/wiki/WhatsApp#End-to-end_encryption), seven years after it's been founded and two years after Facebook acquisition.
Ops, my bad. I was under the impression the only reason WhatsApp is encrypted today is because they already were by the time FB bought them.
They paid US$ 20B to buy WhatsApp, and encryption is a major deterrent for them scanning all messages to enhance their targeted advertising business.
they have access to the metadata, which can be as valuable as the content of the messages.
Maybe you're right, but I'd be hesitant to say WhatsApp user's contacts list would be worth US$ 20B.
My theory is they bought WhatsApp just because it was organically growing to be the dominant messaging app, and Facebook didn't want to lose this marked and bought them to squash the competition.
contact list? not really.
knowing who they talk to, how often, where from, for how long on average, and, in case of the countries where Whatsapp for Business is popular, what businesses do they spend money at? probably quite worth it.
The WhatsApp Business stuff is a more recent development. When FB bought them they had very little to work with.
That said, the messages are stored locally on the device or in a cloud backup unless you disable that. If the device is unlocked, the messages are available to whoever has the device.
At this point we're discussing the mother/daughter screen locking policy. It doesn't matter what messaging app they use, if they rely solely on Face/Touch ID, the police may force then to unlock their phone anyway.
Signal should check out as safe and private, considering even after getting multiple warrants from various governments they've given up next to no data on any of said requests- because they dont store it, the only thing they had is 'time of account creation, time of last connected to service'.
E2E only protects data in transit. Unless the pair also encrypted their data at rest, their messages will still be easily accessed in plain text by their cloud backup.
It supports encrypted backups. Plus that adds legal complication of knowing to and getting data from Google/Apple/etc.
they actually do e2e encrypted backups nowadays.
By default or is it opt-in? Glad to hear that they have taken steps to remediate the biggest weakness of their service.
IIRC it asks if you want to enable backup, and when turning on backup it's an option to encrypt it with a key or password. So by default there's no backup at all.