this post was submitted on 09 Sep 2021
3 points (100.0% liked)
Privacy
31265 readers
959 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
From the article:
It should be no surprise that messages reported by users are forwarded to Facebook's moderators as plaintext so they can evaluate whether the report is legitimate or not. It should also be pretty straightforward that once an encrypted message reaches the receiver's device, the client has access to the plaintext data to show to the user (and can do whatever it wants with it as long as nobody notices). We didn't need this investigation to know these two claims are true.
However, the article brings up some interesting details about how this data is handled and packed together with users' metadata:
It is no news that WhatsApp can access a ludicrous amount of metadata and can share them with Facebook (in non-European countries), but it's interesting to see this practical usage being disclosed for the first time. More on this:
Well, in my opinion, it kind of does, since it doesn't notify the user that their messages are being forwarded.
Oh, I'm sure, that never caused any problems in the past. Just like it never caused problems at other companies like Apple or three letter agencies like the NSA.
That's more than Signal does. This is not a typical feature; I can't think of an end-to-end encrypted messenger that does do this. If you want to make this argument, all end-to-end-encrypted messengers must be broken because the person who receives the message can then send it to anyone else without your knowledge, or take a photo. It's trivial.
The thing is that this can be triggered externally. It's not the user forwarding to another user, it's the company having a spy feature built in.
well it seems like they track the unencrypted metadata and share it with law enforcement. i wouldn't necessarily consider this breaking end to end encryption...
there is a separate issue with the "reporting" feature where the other end can voluntarily send your (decrypted) messages to facebook for content moderation. i dont think the article claimed that decrypted messages were being automatically sent...