this post was submitted on 02 Oct 2022
20 points (100.0% liked)

Technology

37734 readers
37 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] GadgeteerZA 7 points 2 years ago (2 children)

The vulnerability is on the user end. If you infiltrate the user device, or just get another receiver of the messages to expose them, the content is clear to read. Wonderful thing for law enforcement about WhatsApp, is they bleed out metadata about who contacted whom, and when, and where they were at the time. WhatsApp even provides that to Facebook, and from there the data used to be able to be bought for "research". The metadata can be used to zoom in to identify individuals if you match their patterns of behaviour with locations.

[–] vord 3 points 2 years ago (1 children)

Thing is, it's not just Whatsapp. It's literally every single server-based mechanism to exchange data. You have to trust that the server in question wipes logs on the regular and is not under some secret data collection warrant.

And ultimately, anything that you can just sign into another device with and retain your messgae history is not fully e2e encrypted...it means a server holds your encryption key for you.

[–] GadgeteerZA 3 points 2 years ago

The easy test is to see if the service has a password reset option - if so, they can reset the password. If not, you know, only your password or encryption key can unlock it. For example, Signal won't restore chat history to a new device. So yes Telegram will, but for secret chats no that data is not synced and will be lost.